kubespray icon indicating copy to clipboard operation
kubespray copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

kubespray don't install calico-kube-controller

Open cyclinder opened this issue 2 years ago • 7 comments

Environment:

  • Cloud provider or hardware configuration:

  • OS (printf "$(uname -srm)\n$(cat /etc/os-release)\n"):

  • Version of Ansible (ansible --version):

  • Version of Python (python --version):

Kubespray version (commit) (git rev-parse --short HEAD):

Network plugin used: calico

Full inventory with variables (ansible -i inventory/sample/inventory.ini all -m debug -a "var=hostvars[inventory_hostname]"):

Command used to invoke ansible:

Anything else do we need to know:

Why kubespray will not install calico-kube-controller , is this deliberate?

https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/calico.yaml

cyclinder avatar Sep 20 '22 10:09 cyclinder

Why are you saying that calico-kube-controller is not installed ? https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml

floryut avatar Sep 20 '22 11:09 floryut

In our environment, calico-kube-controller was not installed, but everything was fine with calico, so I felt strange 🤔

cyclinder avatar Sep 20 '22 12:09 cyclinder

Are there some conditions needed for calico-kube-controller to be installed?

cyclinder avatar Sep 20 '22 12:09 cyclinder

Only real one is https://github.com/kubernetes-sigs/kubespray/blob/2acdc33aa17c17e4b883862c4b10bef0c6dcb2fc/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml#L24 which is set in https://github.com/kubernetes-sigs/kubespray/blob/680293e79c6a1b2eefc86470a83c8369fd6b2e76/roles/kubespray-defaults/defaults/main.yaml#L471

floryut avatar Sep 20 '22 12:09 floryut

Thanks. I will check these values. Why put calico-kube-controller into kubenetesn-apps instead of network-plugin? What is the reason for this?

cyclinder avatar Sep 20 '22 12:09 cyclinder

@floryut I checked these values was right. Is there anything else that might cause these tasks to not be executed?

cyclinder avatar Sep 21 '22 03:09 cyclinder

@floryut I checked these values was right. Is there anything else that might cause these tasks to not be executed?

Did you check the ansible output ? are you running with only some tags ?

floryut avatar Sep 21 '22 15:09 floryut

Seems like I'm having the same problem on kubespray 2.20. Worked fine with kubespray 2.19, no inventory changes since that time. My config is:

authorization_modes: ["Node", "RBAC", "Webhook"]

wayfrro avatar Oct 03 '22 11:10 wayfrro

This seems to be the root cause: https://github.com/kubernetes-sigs/kubespray/commit/2de5c4821cbbea903c4add7f98111590024b526c#diff-c94700ab11e60a92e9706fb87b3a61796ff8b2a7a36e18fd465e173203d6574dL14 , specifically:

+++ b/roles/kubernetes-apps/policy_controller/meta/main.yml
@@ -4,13 +4,13 @@ dependencies:
     when:
       - kube_network_plugin == 'calico'
       - enable_network_policy
-      - calico_datastore != "kdd" or calico_policy_version is version('v3.6.0', '>=')
+     - calico_datastore != "kdd"
     tags:
       - policy-controller

The result is that when using calico with kubernetes data store, policy controller will not be installed at all. Here's the fix: https://github.com/kubernetes-sigs/kubespray/pull/9358

wayfrro avatar Oct 04 '22 07:10 wayfrro