New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix calico vxlan tunnel resilience on ansible run #11097
Fix calico vxlan tunnel resilience on ansible run #11097
Conversation
Hi @MatthieuFin. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
if node.projectcalico.org already existe patch node to set asNumber instead of apply resource to prevent remove of existing fields feed by calico-node pods ✅ Closes: 11096
6605250
to
151723e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @MatthieuFin for the report and fix! Look at #11096, It seems when you re-run your calico tasks, the IP address of vxlan_calico in the node object was discarded, it causes your vxlan network is broken, right?
why did you consider run these tasks? These tasks are only for a fresh cluster(please let me know if I'm wrong), If you want to update the calico config, it would be better to run calicoctl or kubectl without running kubespray tasks.
Of course, if we can re-run these tasks without destroying the existing cluster, that's pretty nice too!
Hello, I have the habit of managing the deployment of calico with kubespray. Run kubespray to upgrade calico and kubespray version permit to manage rbac deployment per example, especially split of rbac with introduction of clusterrole "calico-cni-plugin" with calico version 3.26 in that case. I wanna prevent the case where someone run kubespray tags network and broken my vxlan network. The goal of this PR is to ensure that task is idempotent. |
@MatthieuFin thanks for the details, the changes look good to me, Are you testing your changes? |
Hi, yes I tested the changes, that's the workaround that I use on my production clusters. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work! Now LGTM.
/lgtm
/cc @yankay
Thanks @MatthieuFin |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cyclinder, MatthieuFin, yankay The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…11097) if node.projectcalico.org already existe patch node to set asNumber instead of apply resource to prevent remove of existing fields feed by calico-node pods ✅ Closes: 11096
…11097) if node.projectcalico.org already existe patch node to set asNumber instead of apply resource to prevent remove of existing fields feed by calico-node pods ✅ Closes: 11096
What type of PR is this?
/kind bug
What this PR does / why we need it:
When I run kubespray on existing cluster with calico cni, bird backend and vxlan tunnels, vxlan tunnel are dropped because calicoctl apply
Which issue(s) this PR fixes:
Fixes #11096
Special notes for your reviewer:
Does this PR introduce a user-facing change?: