-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update calico template #3803
Update calico template #3803
Conversation
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
signed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One version thing for you
@@ -494,7 +494,22 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri | |||
Version: fi.String(version), | |||
Selector: networkingSelector, | |||
Manifest: fi.String(location), | |||
KubernetesVersion: ">=1.6.0", | |||
KubernetesVersion: ">=1.6.0 <1.8.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
=1.8.0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what do you mean? is the selector wrong?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have an open branch with the changes I mentioned, and version matching like we're doing for Canal: https://github.com/kubernetes/kops/compare/master...blakebarnett:bdb/update_calico_for_k8s_1-8?expand=1
I didn't realize this PR was already in flight. Feel free to copy/use any of it.
cni_network_config: |- | ||
{ | ||
"name": "k8s-pod-network", | ||
"cniVersion": "0.3.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be 0.1.0 per: projectcalico/calico#742
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should I update the 1.6 template as well?
namespace: kube-system | ||
data: | ||
# The calico-etcd PetSet service IP:port | ||
etcd_endpoints: "{{ $cluster := index .EtcdClusters 0 -}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do this we should probably handle TLS too since that config can provide it now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you expand on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new etcd configuration supports TLS, if someone happens to enable it there, we'll blow up the cluster unless we support it here.
value: "kops,bgp" | ||
# Disable file logging so `kubectl logs` works. | ||
- name: CALICO_DISABLE_FILE_LOGGING | ||
value: "true" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add the FELIX defaults from the example configs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added the missing vars 👍
|
||
--- | ||
|
||
# This manifest deploys the Calico Kubernetes controllers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll need to add a manifest that scales down calico-policy-controller from the old version or they'll conflict.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's suboptimal tho, because people starting from scratch they will see a weird deployment scaled to 0 for no reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, but we'll have to just add it to to the release notes, or automatically delete it somehow (which seems potentially hairy)
/ok-to-test |
|
||
addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ | ||
Name: fi.String(key), | ||
Version: fi.String(version), | ||
Version: fi.String("2.4.1"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changing this from 2.4.1-kops.1
, was there a specific reason the version was different? can't find the code for that specific tag. if so, should it be kept and and are some changes to be done also for 2.6.2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't actually know why that version exists, I got rid of it in my branch but maybe @chrislovecnm or @justinsb can enlighten us.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be the version of calico. We have another PR going in, which will force a rebase. @itajaja are you able to update this afternoon?
no problem @chrislovecnm, I'll rebase, just ping back when the other pr is merged :) |
Ping |
🙌 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to get another PR in for the older manifests as well. Thanks!
/lgtm |
/lgtm cancel Is this still wip? |
you mean for 1.6? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be nice to have the clear version mapping like canal has: https://github.com/itajaja/kops/blob/3719d15c6b195aa58b2c4c8ff9e52c47dca71195/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go#L521
Otherwise LGTM
I guess the value there is just readability, since each field is accessed once? I think looking in the branch is pretty readable as well and makes the method shorter, but I can change it if you think the alternative is better 👍 |
Yeah just easier to see what versions map to what at a glance, and to be consistent. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
great! @chrislovecnm if you want to expand what you mean by "We need to get another PR in for the older manifests as well. Thanks!" I'll be happy to pr that as well |
/test all [submit-queue is verifying that this PR is safe to merge] |
@itajaja i assume you tested the PR Also we need the other calico manifests to have the new version of calico once them. Just bump the version in the manifest and in bootstrap - thanks for your help! |
@chrislovecnm I am not sure if there is an easy way to do more integration testing, the way I tested was to apply the template against my local toy cluster to see networking would work as expected. |
Automatic merge from submit-queue. |
You able to update the other manifests? That testing is perfect btw |
@chrislovecnm but then why creating a 1.8 if I could just update 1.6? Am I missing anything? |
the rbac stuff does not work in 1.6. On my phone so I could be wrong. Does the manifest work on 1.8 and 1.7? I thought we had 1.8 specific stuff |
I just followed the canal PR tbh. it might be that the 1.8 template works with 1.6 as is, but it's probably not strictly necessary because pre 1.8 there is no egress policy, which strictly requires the new calico version |
@itajaja yah I messed up 😞 I will move the 1.8 manifest to 1.6. Grumble. My mistake. We will need a 1.7+ manifest when we enable Calico to use the k8s api as a datasource |
lmk if I can help, I can replace the 1.6 with 1.8 manifest and remove 1.8. |
Can you do the pre 1.6 template and test k8s 1.5? I have the branch already moving the 1.8 file around. |
@itajaja problem is a bit more complicated - ran into a bug testing. k8s 1.6 is broken in master and in the last beta. The policy controller is not scheduling on the master. I am guessing that we need a toleration that works for ks8 1.6, and thus need a pre-1.6 manifest, a 1.6 manifest, and a 1.7+ manifest. It is late, so I going to address this tomorrow. If you want to upgrade the pre-1.6 yaml please do. |
# it isn't governed by policy that would prevent it from working. | ||
hostNetwork: true | ||
serviceAccountName: calico | ||
tolerations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So we should probably just change these to match what's in the current calico-node
so it works on all k8s versions:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
closes #3791
changes taken from https://docs.projectcalico.org/v2.6/getting-started/kubernetes/installation/hosted/hosted
just a POC. not sure if I should update the 1.6 template or create a new template for 1.8 (maybe 1.7?) as I did. Do you have any suggestions on how to test this?