From 73b3e9b557fc3066ebe36156e77f74d5c77a8f0e Mon Sep 17 00:00:00 2001 From: Anshuman Agarwala Date: Thu, 22 May 2025 13:40:36 +0530 Subject: [PATCH] Removed weave support (#12230) --- .github/ISSUE_TEMPLATE/bug-report.yaml | 1 - README.md | 4 - contrib/terraform/openstack/README.md | 2 +- docs/CNI/weave.md | 79 ----- docs/_sidebar.md | 1 - docs/advanced/arch.md | 1 - docs/ansible/ansible.md | 1 - docs/operations/upgrades.md | 3 +- .../group_vars/k8s_cluster/k8s-cluster.yml | 2 +- .../group_vars/k8s_cluster/k8s-net-weave.yml | 64 ---- .../network_plugin/meta/main.yml | 5 - .../network_plugin/weave/tasks/main.yml | 21 -- .../tasks/0050-create_directories.yml | 3 +- .../defaults/main/download.yml | 23 -- .../kubespray_defaults/defaults/main/main.yml | 7 +- roles/network_plugin/meta/main.yml | 5 - roles/network_plugin/weave/defaults/main.yml | 64 ---- roles/network_plugin/weave/meta/main.yml | 3 - roles/network_plugin/weave/tasks/main.yml | 12 - .../weave/templates/10-weave.conflist.j2 | 16 - .../weave/templates/weave-net.yml.j2 | 297 ------------------ roles/reset/tasks/main.yml | 2 - roles/validate_inventory/tasks/main.yml | 2 +- scripts/collect-info.yaml | 6 - scripts/readme_versions.md.j2 | 1 - 25 files changed, 6 insertions(+), 619 deletions(-) delete mode 100644 docs/CNI/weave.md delete mode 100644 inventory/sample/group_vars/k8s_cluster/k8s-net-weave.yml delete mode 100644 roles/kubernetes-apps/network_plugin/weave/tasks/main.yml delete mode 100644 roles/network_plugin/weave/defaults/main.yml delete mode 100644 roles/network_plugin/weave/meta/main.yml delete mode 100644 roles/network_plugin/weave/tasks/main.yml delete mode 100644 roles/network_plugin/weave/templates/10-weave.conflist.j2 delete mode 100644 roles/network_plugin/weave/templates/weave-net.yml.j2 diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml index 107deb004..39411ce99 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yaml +++ b/.github/ISSUE_TEMPLATE/bug-report.yaml @@ -108,7 +108,6 @@ body: - meta - multus - ovn4nfv - - weave validations: required: true diff --git a/README.md b/README.md index 9a051e552..63b1a122a 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,6 @@ Note: - [kube-ovn](https://github.com/alauda/kube-ovn) 1.12.21 - [kube-router](https://github.com/cloudnativelabs/kube-router) 2.1.1 - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) 4.1.0 - - [weave](https://github.com/rajch/weave) 2.8.7 - [kube-vip](https://github.com/kube-vip/kube-vip) 0.8.0 - Application - [cert-manager](https://github.com/jetstack/cert-manager) 1.15.3 @@ -183,9 +182,6 @@ You can choose among ten network plugins. (default: `calico`, except Vagrant use - [cilium](http://docs.cilium.io/en/latest/): layer 3/4 networking (as well as layer 7 to protect and secure application protocols), supports dynamic insertion of BPF bytecode into the Linux kernel to implement security services, networking and visibility logic. -- [weave](docs/CNI/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. - (Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)). - - [kube-ovn](docs/CNI/kube-ovn.md): Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network Fabric for Enterprises. - [kube-router](docs/CNI/kube-router.md): Kube-router is a L3 CNI for Kubernetes networking aiming to provide operational diff --git a/contrib/terraform/openstack/README.md b/contrib/terraform/openstack/README.md index 8162a9f94..73f8e39c8 100644 --- a/contrib/terraform/openstack/README.md +++ b/contrib/terraform/openstack/README.md @@ -624,7 +624,7 @@ Edit `inventory/$CLUSTER/group_vars/k8s_cluster/k8s_cluster.yml`: - **calico** requires [configuring OpenStack Neutron ports](/docs/cloud_controllers/openstack.md) to allow service and pod subnets ```yml -# Choose network plugin (calico, weave or flannel) +# Choose network plugin (calico or flannel) # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing kube_network_plugin: flannel ``` diff --git a/docs/CNI/weave.md b/docs/CNI/weave.md deleted file mode 100644 index 30fa49444..000000000 --- a/docs/CNI/weave.md +++ /dev/null @@ -1,79 +0,0 @@ -# Weave - -Weave 2.0.1 is supported by kubespray - -Weave uses [**consensus**](https://www.weave.works/docs/net/latest/ipam/##consensus) mode (default mode) and [**seed**](https://www.weave.works/docs/net/latest/ipam/#seed) mode. - -`Consensus` mode is best to use on static size cluster and `seed` mode is best to use on dynamic size cluster - -Weave encryption is supported for all communication - -* To use Weave encryption, specify a strong password (if no password, no encryption) - -```ShellSession -# In file ./inventory/sample/group_vars/k8s_cluster.yml -weave_password: EnterPasswordHere -``` - -This password is used to set an environment variable inside weave container. - -Weave is deployed by kubespray using a daemonSet - -* Check the status of Weave containers - -```ShellSession -# From client -kubectl -n kube-system get pods | grep weave -# output -weave-net-50wd2 2/2 Running 0 2m -weave-net-js9rb 2/2 Running 0 2m -``` - -There must be as many pods as nodes (here kubernetes have 2 nodes so there are 2 weave pods). - -* Check status of weave (connection,encryption ...) for each node - -```ShellSession -# On nodes -curl http://127.0.0.1:6784/status -# output on node1 -Version: 2.0.1 (up to date; next check at 2017/08/01 13:51:34) - - Service: router - Protocol: weave 1..2 - Name: fa:16:3e:b3:d6:b2(node1) - Encryption: enabled - PeerDiscovery: enabled - Targets: 2 - Connections: 2 (1 established, 1 failed) - Peers: 2 (with 2 established connections) - TrustedSubnets: none - - Service: ipam - Status: ready - Range: 10.233.64.0/18 - DefaultSubnet: 10.233.64.0/18 -``` - -* Check parameters of weave for each node - -```ShellSession -# On nodes -ps -aux | grep weaver -# output on node1 (here its use seed mode) -root 8559 0.2 3.0 365280 62700 ? Sl 08:25 0:00 /home/weave/weaver --name=fa:16:3e:b3:d6:b2 --port=6783 --datapath=datapath --host-root=/host --http-addr=127.0.0.1:6784 --status-addr=0.0.0.0:6782 --docker-api= --no-dns --db-prefix=/weavedb/weave-net --ipalloc-range=10.233.64.0/18 --nickname=node1 --ipalloc-init seed=fa:16:3e:b3:d6:b2,fa:16:3e:f0:50:53 --conn-limit=30 --expect-npc 192.168.208.28 192.168.208.19 -``` - -## Consensus mode (default mode) - -This mode is best to use on static size cluster - -### Seed mode - -This mode is best to use on dynamic size cluster - -The seed mode also allows multi-clouds and hybrid on-premise/cloud clusters deployment. - -* Switch from consensus mode to seed/Observation mode - -See [weave ipam documentation](https://www.weave.works/docs/net/latest/tasks/ipam/ipam/) and use `weave_extra_args` to enable. diff --git a/docs/_sidebar.md b/docs/_sidebar.md index 324a546cf..caffd809f 100644 --- a/docs/_sidebar.md +++ b/docs/_sidebar.md @@ -32,7 +32,6 @@ * [Kube-router](/docs/CNI/kube-router.md) * [Macvlan](/docs/CNI/macvlan.md) * [Multus](/docs/CNI/multus.md) - * [Weave](/docs/CNI/weave.md) * CRI * [Containerd](/docs/CRI/containerd.md) * [Cri-o](/docs/CRI/cri-o.md) diff --git a/docs/advanced/arch.md b/docs/advanced/arch.md index 0c91f5c92..d78f0981e 100644 --- a/docs/advanced/arch.md +++ b/docs/advanced/arch.md @@ -9,7 +9,6 @@ The following table shows the impact of the CPU architecture on compatible featu | kube_network_plugin | amd64 | arm64 | amd64 + arm64 | |---------------------|-------|-------|---------------| | Calico | Y | Y | Y | -| Weave | Y | Y | Y | | Flannel | Y | N | N | | Canal | Y | N | N | | Cilium | Y | Y | N | diff --git a/docs/ansible/ansible.md b/docs/ansible/ansible.md index 5b537a251..f0c73f254 100644 --- a/docs/ansible/ansible.md +++ b/docs/ansible/ansible.md @@ -153,7 +153,6 @@ The following tags are defined in playbooks: | upgrade | Upgrading, f.e. container images/binaries | | upload | Distributing images/binaries across hosts | | vsphere-csi-driver | Configuring csi driver: vsphere | -| weave | Network plugin Weave | | win_nodes | Running windows specific tasks | | youki | Configuring youki runtime | diff --git a/docs/operations/upgrades.md b/docs/operations/upgrades.md index eaf44ce8c..3b3bf6ab9 100644 --- a/docs/operations/upgrades.md +++ b/docs/operations/upgrades.md @@ -13,7 +13,6 @@ versions. Here are all version vars for each component: * etcd_version * calico_version * calico_cni_version -* weave_version * flannel_version > **Warning** @@ -356,7 +355,7 @@ follows: * Containerd * etcd * kubelet and kube-proxy -* network_plugin (such as Calico or Weave) +* network_plugin (such as Calico) * kube-apiserver, kube-scheduler, and kube-controller-manager * Add-ons (such as KubeDNS) diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml index 7d9c60f2c..22ff3172b 100644 --- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml @@ -62,7 +62,7 @@ credentials_dir: "{{ inventory_dir }}/credentials" # kube_webhook_authorization_url: https://... # kube_webhook_authorization_url_skip_tls_verify: false -# Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin) +# Choose network plugin (cilium, calico, kube-ovn or flannel. Use cni for generic cni plugin) # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing kube_network_plugin: calico diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-weave.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-weave.yml deleted file mode 100644 index 269a77c93..000000000 --- a/inventory/sample/group_vars/k8s_cluster/k8s-net-weave.yml +++ /dev/null @@ -1,64 +0,0 @@ -# see roles/network_plugin/weave/defaults/main.yml - -# Weave's network password for encryption, if null then no network encryption. -# weave_password: ~ - -# If set to 1, disable checking for new Weave Net versions (default is blank, -# i.e. check is enabled) -# weave_checkpoint_disable: false - -# Soft limit on the number of connections between peers. Defaults to 100. -# weave_conn_limit: 100 - -# Weave Net defaults to enabling hairpin on the bridge side of the veth pair -# for containers attached. If you need to disable hairpin, e.g. your kernel is -# one of those that can panic if hairpin is enabled, then you can disable it by -# setting `HAIRPIN_MODE=false`. -# weave_hairpin_mode: true - -# The range of IP addresses used by Weave Net and the subnet they are placed in -# (CIDR format; default 10.32.0.0/12) -# weave_ipalloc_range: "{{ kube_pods_subnet }}" - -# Set to 0 to disable Network Policy Controller (default is on) -# weave_expect_npc: "{{ enable_network_policy }}" - -# List of addresses of peers in the Kubernetes cluster (default is to fetch the -# list from the api-server) -# weave_kube_peers: ~ - -# Set the initialization mode of the IP Address Manager (defaults to consensus -# amongst the KUBE_PEERS) -# weave_ipalloc_init: ~ - -# Set the IP address used as a gateway from the Weave network to the host -# network - this is useful if you are configuring the addon as a static pod. -# weave_expose_ip: ~ - -# Address and port that the Weave Net daemon will serve Prometheus-style -# metrics on (defaults to 0.0.0.0:6782) -# weave_metrics_addr: ~ - -# Address and port that the Weave Net daemon will serve status requests on -# (defaults to disabled) -# weave_status_addr: ~ - -# Weave Net defaults to 1376 bytes, but you can set a smaller size if your -# underlying network has a tighter limit, or set a larger size for better -# performance if your network supports jumbo frames (e.g. 8916) -# weave_mtu: 1376 - -# Set to 1 to preserve the client source IP address when accessing Service -# annotated with `service.spec.externalTrafficPolicy=Local`. The feature works -# only with Weave IPAM (default). -# weave_no_masq_local: true - -# set to nft to use nftables backend for iptables (default is iptables) -# weave_iptables_backend: iptables - -# Extra variables that passing to launch.sh, useful for enabling seed mode, see -# https://www.weave.works/docs/net/latest/tasks/ipam/ipam/ -# weave_extra_args: ~ - -# Extra variables for weave_npc that passing to launch.sh, useful for change log level, ex --log-level=error -# weave_npc_extra_args: ~ diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index 112831241..e53aebca5 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -15,11 +15,6 @@ dependencies: tags: - kube-ovn - - role: kubernetes-apps/network_plugin/weave - when: kube_network_plugin == 'weave' - tags: - - weave - - role: kubernetes-apps/network_plugin/kube-router when: kube_network_plugin == 'kube-router' tags: diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml deleted file mode 100644 index 587b652a5..000000000 --- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -- name: Weave | Start Resources - kube: - name: "weave-net" - kubectl: "{{ bin_dir }}/kubectl" - filename: "{{ kube_config_dir }}/weave-net.yml" - resource: "ds" - namespace: "kube-system" - state: "latest" - when: inventory_hostname == groups['kube_control_plane'][0] - -- name: Weave | Wait for Weave to become available - uri: - url: http://127.0.0.1:6784/status - return_content: true - register: weave_status - retries: 180 - delay: 5 - until: "weave_status.status == 200 and 'Status: ready' in weave_status.content" - when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml index d34028ad5..0ce1758a8 100644 --- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -77,13 +77,12 @@ - "/etc/cni/net.d" - "/opt/cni/bin" when: - - kube_network_plugin in ["calico", "weave", "flannel", "cilium", "kube-ovn", "kube-router", "macvlan"] + - kube_network_plugin in ["calico", "flannel", "cilium", "kube-ovn", "kube-router", "macvlan"] - ('k8s_cluster' in group_names) tags: - network - cilium - calico - - weave - kube-ovn - kube-router - bootstrap_os diff --git a/roles/kubespray_defaults/defaults/main/download.yml b/roles/kubespray_defaults/defaults/main/download.yml index 2bfa13ccb..8acef92d6 100644 --- a/roles/kubespray_defaults/defaults/main/download.yml +++ b/roles/kubespray_defaults/defaults/main/download.yml @@ -110,7 +110,6 @@ calico_apiserver_enabled: false flannel_version: 0.22.0 flannel_cni_version: 1.1.2 -weave_version: 2.8.7 cni_version: "{{ (cni_binary_checksums['amd64'] | dict2items)[0].key }}" cilium_version: "1.17.3" @@ -250,10 +249,6 @@ netcheck_agent_image_tag: "v{{ netcheck_version }}" netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server" netcheck_server_image_tag: "v{{ netcheck_version }}" netcheck_etcd_image_tag: "v3.4.17" -weave_kube_image_repo: "{{ docker_image_repo }}/rajchaudhuri/weave-kube" -weave_kube_image_tag: "{{ weave_version }}" -weave_npc_image_repo: "{{ docker_image_repo }}/rajchaudhuri/weave-npc" -weave_npc_image_tag: "{{ weave_version }}" cilium_image_repo: "{{ quay_image_repo }}/cilium/cilium" cilium_image_tag: "v{{ cilium_version }}" cilium_operator_image_repo: "{{ quay_image_repo }}/cilium/operator" @@ -806,24 +801,6 @@ downloads: groups: - kube_control_plane - weave_kube: - enabled: "{{ kube_network_plugin == 'weave' }}" - container: true - repo: "{{ weave_kube_image_repo }}" - tag: "{{ weave_kube_image_tag }}" - checksum: "{{ weave_kube_digest_checksum | default(None) }}" - groups: - - k8s_cluster - - weave_npc: - enabled: "{{ kube_network_plugin == 'weave' }}" - container: true - repo: "{{ weave_npc_image_repo }}" - tag: "{{ weave_npc_image_tag }}" - checksum: "{{ weave_npc_digest_checksum | default(None) }}" - groups: - - k8s_cluster - kube_ovn: enabled: "{{ kube_network_plugin == 'kube-ovn' }}" container: true diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml index 1c2039c56..bd9332964 100644 --- a/roles/kubespray_defaults/defaults/main/main.yml +++ b/roles/kubespray_defaults/defaults/main/main.yml @@ -199,7 +199,7 @@ kube_external_ca_mode: false # Cluster Loglevel configuration kube_log_level: 2 -# Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin) +# Choose network plugin (cilium, calico, kube-ovn or flannel. Use cni for generic cni plugin) # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing kube_network_plugin: calico kube_network_plugin_multus: false @@ -606,11 +606,6 @@ local_volume_provisioner_storage_classes: | } } -# weave's network password for encryption -# if null then no network encryption -# you can use --extra-vars to pass the password in command line -weave_password: EnterPasswordHere - ssl_ca_dirs: |- [ {% if ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] -%} diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index e60c11c86..da0cf75ef 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -18,11 +18,6 @@ dependencies: tags: - flannel - - role: network_plugin/weave - when: kube_network_plugin == 'weave' - tags: - - weave - - role: network_plugin/macvlan when: kube_network_plugin == 'macvlan' tags: diff --git a/roles/network_plugin/weave/defaults/main.yml b/roles/network_plugin/weave/defaults/main.yml deleted file mode 100644 index 337d8e799..000000000 --- a/roles/network_plugin/weave/defaults/main.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- - -# Weave's network password for encryption, if null then no network encryption. -weave_password: ~ - -# If set to 1, disable checking for new Weave Net versions (default is blank, -# i.e. check is enabled) -weave_checkpoint_disable: false - -# Soft limit on the number of connections between peers. Defaults to 100. -weave_conn_limit: 100 - -# Weave Net defaults to enabling hairpin on the bridge side of the veth pair -# for containers attached. If you need to disable hairpin, e.g. your kernel is -# one of those that can panic if hairpin is enabled, then you can disable it by -# setting `HAIRPIN_MODE=false`. -weave_hairpin_mode: true - -# The range of IP addresses used by Weave Net and the subnet they are placed in -# (CIDR format; default 10.32.0.0/12) -weave_ipalloc_range: "{{ kube_pods_subnets }}" - -# Set to 0 to disable Network Policy Controller (default is on) -weave_expect_npc: "{{ enable_network_policy }}" - -# List of addresses of peers in the Kubernetes cluster (default is to fetch the -# list from the api-server) -weave_kube_peers: ~ - -# Set the initialization mode of the IP Address Manager (defaults to consensus -# amongst the KUBE_PEERS) -weave_ipalloc_init: ~ - -# Set the IP address used as a gateway from the Weave network to the host -# network - this is useful if you are configuring the addon as a static pod. -weave_expose_ip: ~ - -# Address and port that the Weave Net daemon will serve Prometheus-style -# metrics on (defaults to 0.0.0.0:6782) -weave_metrics_addr: ~ - -# Address and port that the Weave Net daemon will serve status requests on -# (defaults to disabled) -weave_status_addr: ~ - -# Weave Net defaults to 1376 bytes, but you can set a smaller size if your -# underlying network has a tighter limit, or set a larger size for better -# performance if your network supports jumbo frames (e.g. 8916) -weave_mtu: 1376 - -# Set to 1 to preserve the client source IP address when accessing Service -# annotated with `service.spec.externalTrafficPolicy=Local`. The feature works -# only with Weave IPAM (default). -weave_no_masq_local: true - -# set to nft to use nftables backend for iptables (default is iptables) -weave_iptables_backend: ~ - -# Extra variables that passing to launch.sh, useful for enabling seed mode, see -# https://www.weave.works/docs/net/latest/tasks/ipam/ipam/ -weave_extra_args: ~ - -# Extra variables for weave_npc that passing to launch.sh, useful for change log level, ex --log-level=error -weave_npc_extra_args: ~ diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml deleted file mode 100644 index 9b7065f18..000000000 --- a/roles/network_plugin/weave/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -dependencies: - - role: network_plugin/cni diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml deleted file mode 100644 index ccb431352..000000000 --- a/roles/network_plugin/weave/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Weave | Create manifest - template: - src: weave-net.yml.j2 - dest: "{{ kube_config_dir }}/weave-net.yml" - mode: "0644" - -- name: Weave | Fix nodePort for Weave - template: - src: 10-weave.conflist.j2 - dest: /etc/cni/net.d/10-weave.conflist - mode: "0644" diff --git a/roles/network_plugin/weave/templates/10-weave.conflist.j2 b/roles/network_plugin/weave/templates/10-weave.conflist.j2 deleted file mode 100644 index 9aab7e98c..000000000 --- a/roles/network_plugin/weave/templates/10-weave.conflist.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{ - "cniVersion": "0.3.0", - "name": "weave", - "plugins": [ - { - "name": "weave", - "type": "weave-net", - "hairpinMode": {{ weave_hairpin_mode | bool | lower }} - }, - { - "type": "portmap", - "capabilities": {"portMappings": true}, - "snat": true - } - ] -} diff --git a/roles/network_plugin/weave/templates/weave-net.yml.j2 b/roles/network_plugin/weave/templates/weave-net.yml.j2 deleted file mode 100644 index 3a3886510..000000000 --- a/roles/network_plugin/weave/templates/weave-net.yml.j2 +++ /dev/null @@ -1,297 +0,0 @@ ---- -apiVersion: v1 -kind: List -items: - - apiVersion: v1 - kind: ServiceAccount - metadata: - name: weave-net - labels: - name: weave-net - namespace: kube-system - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: weave-net - labels: - name: weave-net - rules: - - apiGroups: - - '' - resources: - - pods - - namespaces - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - networkpolicies - verbs: - - get - - list - - watch - - apiGroups: - - 'networking.k8s.io' - resources: - - networkpolicies - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - nodes/status - verbs: - - patch - - update - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: weave-net - labels: - name: weave-net - roleRef: - kind: ClusterRole - name: weave-net - apiGroup: rbac.authorization.k8s.io - subjects: - - kind: ServiceAccount - name: weave-net - namespace: kube-system - - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: weave-net - namespace: kube-system - labels: - name: weave-net - rules: - - apiGroups: - - '' - resources: - - configmaps - resourceNames: - - weave-net - verbs: - - get - - update - - apiGroups: - - '' - resources: - - configmaps - verbs: - - create - - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: weave-net - namespace: kube-system - labels: - name: weave-net - roleRef: - kind: Role - name: weave-net - apiGroup: rbac.authorization.k8s.io - subjects: - - kind: ServiceAccount - name: weave-net - namespace: kube-system - - apiVersion: apps/v1 - kind: DaemonSet - metadata: - name: weave-net - labels: - name: weave-net - namespace: kube-system - spec: - # Wait 5 seconds to let pod connect before rolling next pod - selector: - matchLabels: - name: weave-net - minReadySeconds: 5 - template: - metadata: - labels: - name: weave-net - spec: - initContainers: - - name: weave-init - image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - command: - - /home/weave/init.sh - env: - securityContext: - privileged: true - volumeMounts: - - name: cni-bin - mountPath: /host/opt - - name: cni-bin2 - mountPath: /host/home - - name: cni-conf - mountPath: /host/etc - - name: lib-modules - mountPath: /lib/modules - - name: xtables-lock - mountPath: /run/xtables.lock - readOnly: false - containers: - - name: weave - command: - - /home/weave/launch.sh - env: - - name: INIT_CONTAINER - value: "true" - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: WEAVE_PASSWORD - valueFrom: - secretKeyRef: - name: weave-net - key: WEAVE_PASSWORD - - name: CHECKPOINT_DISABLE - value: "{{ weave_checkpoint_disable | bool | int }}" - - name: CONN_LIMIT - value: "{{ weave_conn_limit | int }}" - - name: HAIRPIN_MODE - value: "{{ weave_hairpin_mode | bool | lower }}" - - name: IPALLOC_RANGE - value: "{{ weave_ipalloc_range }}" - - name: EXPECT_NPC - value: "{{ weave_expect_npc | bool | int }}" -{% if weave_kube_peers %} - - name: KUBE_PEERS - value: "{{ weave_kube_peers }}" -{% endif %} -{% if weave_ipalloc_init %} - - name: IPALLOC_INIT - value: "{{ weave_ipalloc_init }}" -{% endif %} -{% if weave_expose_ip %} - - name: WEAVE_EXPOSE_IP - value: "{{ weave_expose_ip }}" -{% endif %} -{% if weave_metrics_addr %} - - name: WEAVE_METRICS_ADDR - value: "{{ weave_metrics_addr }}" -{% endif %} -{% if weave_status_addr %} - - name: WEAVE_STATUS_ADDR - value: "{{ weave_status_addr }}" -{% endif %} -{% if weave_iptables_backend %} - - name: IPTABLES_BACKEND - value: "{{ weave_iptables_backend }}" -{% endif %} - - name: WEAVE_MTU - value: "{{ weave_mtu | int }}" - - name: NO_MASQ_LOCAL - value: "{{ weave_no_masq_local | bool | int }}" -{% if weave_extra_args %} - - name: EXTRA_ARGS - value: "{{ weave_extra_args }}" -{% endif %} - image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - readinessProbe: - httpGet: - host: 127.0.0.1 - path: /status - port: 6784 - resources: - requests: - cpu: 50m - securityContext: - privileged: true - volumeMounts: - - name: weavedb - mountPath: /weavedb - - name: dbus - mountPath: /host/var/lib/dbus - readOnly: true - - mountPath: /host/etc/machine-id - name: cni-machine-id - readOnly: true - - name: xtables-lock - mountPath: /run/xtables.lock - readOnly: false - - name: weave-npc - env: - - name: HOSTNAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName -{% if weave_npc_extra_args %} - - name: EXTRA_ARGS - value: "{{ weave_npc_extra_args }}" -{% endif %} - image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - resources: - requests: - cpu: 50m - securityContext: - privileged: true - volumeMounts: - - name: xtables-lock - mountPath: /run/xtables.lock - readOnly: false - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - hostPID: false - restartPolicy: Always - securityContext: - seLinuxOptions: {} - serviceAccountName: weave-net - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - volumes: - - name: weavedb - hostPath: - path: /var/lib/weave - - name: cni-bin - hostPath: - path: /opt - - name: cni-bin2 - hostPath: - path: /home - - name: cni-conf - hostPath: - path: /etc - - name: cni-machine-id - hostPath: - path: /etc/machine-id - - name: dbus - hostPath: - path: /var/lib/dbus - - name: lib-modules - hostPath: - path: /lib/modules - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - priorityClassName: system-node-critical - updateStrategy: - rollingUpdate: - maxUnavailable: {{ serial | default('20%') }} - type: RollingUpdate - - apiVersion: v1 - kind: Secret - metadata: - name: weave-net - namespace: kube-system - data: - WEAVE_PASSWORD: "{{ weave_password | default("") | b64encode }}" diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 18e962257..3c4365a3a 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -304,7 +304,6 @@ - /etc/NetworkManager/conf.d/calico.conf - /etc/NetworkManager/conf.d/dns.conf - /etc/NetworkManager/conf.d/k8s.conf - - /etc/weave.env - /opt/cni - /etc/dhcp/dhclient.d/zdnsupdate.sh - /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate @@ -332,7 +331,6 @@ - "{{ bin_dir }}/calicoctl" - "{{ bin_dir }}/calicoctl.sh" - "{{ bin_dir }}/calico-upgrade" - - "{{ bin_dir }}/weave" - "{{ bin_dir }}/crictl" - "{{ bin_dir }}/nerdctl" - "{{ bin_dir }}/netctl" diff --git a/roles/validate_inventory/tasks/main.yml b/roles/validate_inventory/tasks/main.yml index d513b487b..3d6c2cb63 100644 --- a/roles/validate_inventory/tasks/main.yml +++ b/roles/validate_inventory/tasks/main.yml @@ -155,7 +155,7 @@ - name: Stop if unsupported options selected assert: that: - - kube_network_plugin in ['calico', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'kube-ovn', 'kube-router', 'macvlan', 'custom_cni', 'none'] + - kube_network_plugin in ['calico', 'flannel', 'cloud', 'cilium', 'cni', 'kube-ovn', 'kube-router', 'macvlan', 'custom_cni', 'none'] - dns_mode in ['coredns', 'coredns_dual', 'manual', 'none'] - kube_proxy_mode in ['iptables', 'ipvs', 'nftables'] - cert_management in ['script', 'none'] diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml index 272fb724b..16b661aaa 100644 --- a/scripts/collect-info.yaml +++ b/scripts/collect-info.yaml @@ -41,12 +41,6 @@ - name: calico_pool_info cmd: "{{ bin_dir }}/calicoctl get ippool -o wide" when: '{{ kube_network_plugin == "calico" }}' - - name: weave_info - cmd: weave report - when: '{{ kube_network_plugin == "weave" }}' - - name: weave_logs - cmd: "{{ docker_bin_dir }}/docker logs weave" - when: '{{ kube_network_plugin == "weave" }}' - name: kube_describe_all cmd: "{{ bin_dir }}/kubectl describe all --all-namespaces" - name: kube_describe_nodes diff --git a/scripts/readme_versions.md.j2 b/scripts/readme_versions.md.j2 index 5a6b43771..5941bb778 100644 --- a/scripts/readme_versions.md.j2 +++ b/scripts/readme_versions.md.j2 @@ -12,7 +12,6 @@ - [kube-ovn](https://github.com/alauda/kube-ovn) {{ kube_ovn_version }} - [kube-router](https://github.com/cloudnativelabs/kube-router) {{ kube_router_version }} - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) {{ multus_version }} - - [weave](https://github.com/rajch/weave) {{ weave_version }} - [kube-vip](https://github.com/kube-vip/kube-vip) {{ kube_vip_version }} - Application - [cert-manager](https://github.com/jetstack/cert-manager) {{ cert_manager_version }}