weave: Upgrade to 2.4.0

Upstream Changes:

-   weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0)
-   Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924)
-   Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305)
-   Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317)

Our Changes:

-   Revamp weave-net.yml.j2 with upstream changes
-   Add more variables for customization
-   Replace WEAVE_PASSWORD with k8s secret
-   Remove hard-corded seed mode support, in favor of variables customization

roles/network_plugin/weave/templates/weave-net.yml.j2

@@ -15,7 +15,6 @@ items:
       name: weave-net
       labels:
         name: weave-net
-      namespace: kube-system
     rules:
       - apiGroups:
           - ''
@@ -35,13 +34,19 @@ items:
           - get
           - list
           - watch
+      - apiGroups:
+          - ''
+        resources:
+          - nodes/status
+        verbs:
+          - patch
+          - update
   - apiVersion: rbac.authorization.k8s.io/v1beta1
     kind: ClusterRoleBinding
     metadata:
       name: weave-net
       labels:
         name: weave-net
-      namespace: kube-system
     roleRef:
       kind: ClusterRole
       name: weave-net
@@ -94,7 +99,6 @@ items:
       name: weave-net
       labels:
         name: weave-net
-        version: v{{ weave_version }}
       namespace: kube-system
     spec:
       minReadySeconds: 5
@@ -106,31 +110,56 @@ items:
           containers:
             - name: weave
               command:
-{% if weave_mode_seed == true %}
-                - /bin/sh
-                - -c
-                - export EXTRA_ARGS=--name=$(cat /sys/class/net/{{ ansible_default_ipv4['interface'] }}/address) && /home/weave/launch.sh
-{% else %}
                 - /home/weave/launch.sh
-{% endif %}
               env:
                 - name: HOSTNAME
                   valueFrom:
                     fieldRef:
                       apiVersion: v1
                       fieldPath: spec.nodeName
-                - name: WEAVE_MTU
-                  value: "{{ weave_mtu }}"
-                - name: IPALLOC_RANGE
-                  value: {{ kube_pods_subnet }}
-{% if weave_mode_seed == true %}
-                - name: KUBE_PEERS
-                  value: {{ peers }}
-                - name: IPALLOC_INIT
-                  value: seed={{ seed }}
-{% endif %}
                 - name: WEAVE_PASSWORD
-                  value: {{ weave_password }}
+                  valueFrom:
+                    secretKeyRef:
+                      name: weave-net
+                      key: WEAVE_PASSWORD
+                - name: CHECKPOINT_DISABLE
+                  value: "{{ weave_checkpoint_disable | bool | int }}"
+                - name: CONN_LIMIT
+                  value: "{{ weave_conn_limit | int }}"
+                - name: HAIRPIN_MODE
+                  value: "{{ weave_hairpin_mode | bool }}"
+                - name: IPALLOC_RANGE
+                  value: "{{ weave_ipalloc_range }}"
+                - name: EXPECT_NPC
+                  value: "{{ weave_expect_npc | bool | int }}"
+{% if weave_kube_peers %}
+                - name: KUBE_PEERS
+                  value: "{{ weave_kube_peers }}"
+{% endif %}
+{% if weave_ipalloc_init %}
+                - name: IPALLOC_INIT
+                  value: "{{ weave_ipalloc_init }}"
+{% endif %}
+{% if weave_expose_ip %}
+                - name: WEAVE_EXPOSE_IP
+                  value: "{{ weave_expose_ip }}"
+{% endif %}
+{% if weave_metrics_addr %}
+                - name: WEAVE_METRICS_ADDR
+                  value: "{{ weave_metrics_addr }}"
+{% endif %}
+{% if weave_status_addr %}
+                - name: WEAVE_STATUS_ADDR
+                  value: "{{ weave_status_addr }}"
+{% endif %}
+                - name: WEAVE_MTU
+                  value: "{{ weave_mtu | int }}"
+                - name: NO_MASQ_LOCAL
+                  value: "{{ weave_no_masq_local | bool | int }}"
+{% if weave_extra_args %}
+                - name: EXTRA_ARGS
+                  value: "{{ weave_extra_args }}"
+{% endif %}
               image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
               imagePullPolicy: {{ k8s_image_pull_policy }}
               livenessProbe:
@@ -141,11 +170,7 @@ items:
                 initialDelaySeconds: 30
               resources:
                 requests:
-                  cpu: {{ weave_cpu_requests }}
-                  memory: {{ weave_memory_requests }}
-                limits:
-                  cpu: {{ weave_cpu_limits }}
-                  memory: {{ weave_memory_limits }}
+                  cpu: 10m
               securityContext:
                 privileged: true
               volumeMounts:
@@ -175,11 +200,7 @@ items:
               imagePullPolicy: {{ k8s_image_pull_policy }}
               resources:
                 requests:
-                  cpu: {{ weave_cpu_requests }}
-                  memory: {{ weave_memory_requests }}
-                limits:
-                  cpu: {{ weave_cpu_limits }}
-                  memory: {{ weave_memory_limits }}
+                  cpu: 10m
               securityContext:
                 privileged: true
               volumeMounts:
@@ -216,7 +237,15 @@ items:
             - name: xtables-lock
               hostPath:
                 path: /run/xtables.lock
+                type: FileOrCreate
       updateStrategy:
         rollingUpdate:
           maxUnavailable: {{ serial | default('20%') }}
         type: RollingUpdate
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: weave-net
+      namespace: kube-system
+    data:
+      WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}"