migration

package

v1.30.5 Latest Latest Go to latest Published: Aug 4, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tigera/operator

Links

Open Source Insights

Documentation ¶

Index ¶

func AddBindingForKubeSystemNode(crb *rbacv1.ClusterRoleBinding)
func ClusterRoleBindingForKubeSystemNode() *rbacv1.ClusterRoleBinding
func ClusterRoleForKubeSystemNode() *rbacv1.ClusterRole
func LimitDaemonSetToMigratedNodes(ds *appsv1.DaemonSet)
func SetTyphaAntiAffinity(d *appsv1.Deployment)
type Converter
type CoreNamespaceMigration
type NamespaceMigration
- func NewCoreNamespaceMigration(cfg *rest.Config) (NamespaceMigration, error)
type StringPatch

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddBindingForKubeSystemNode ¶

func AddBindingForKubeSystemNode(crb *rbacv1.ClusterRoleBinding)

AddBindingForKubeSystemNode updates the ClusterRoleBinding passed in to also bind the service account in the kube-system namespace to the Role. Without this, when the new ClusterRoleBinding overwrites the previous role binding the kube-system calico-node account would lose permissions for accessing the datastore.

func ClusterRoleBindingForKubeSystemNode ¶ added in v1.30.3

func ClusterRoleBindingForKubeSystemNode() *rbacv1.ClusterRoleBinding

We create a cluster role and cluster role binding to give the kube-system calico-node permissions to create serviceaccount tokens. This is needed to make sure that the down-level calico-node maintains the permissions it needs in order to launch, since the calico-node clusterrole is shared with the operator resource and the operator removes this permission on upgrade (instead delegating this power to the cni-plugin in the calico-system namespace).

This logic can likely be removed after Calico v3.35, as we'll no longer need to support upgrading from versions where calico-node needed this permission.

func ClusterRoleForKubeSystemNode ¶ added in v1.30.3

func ClusterRoleForKubeSystemNode() *rbacv1.ClusterRole

func LimitDaemonSetToMigratedNodes ¶

func LimitDaemonSetToMigratedNodes(ds *appsv1.DaemonSet)

LimitDaemonSetToMigratedNodes updates the ds DaemonSet passed in with a nodeSelector that will only allow pods to be schedueled on nodes with the key:value projectcalico.org/operator-node-migration:migrated. This is to ensure that only one kube-system calico-node or the new calico-node pod will attempt to run on one node at a time.

func SetTyphaAntiAffinity ¶

func SetTyphaAntiAffinity(d *appsv1.Deployment)

SetTyphaAntiAffinity updates the Deployment passed in with a PodAntiAffinity to ensure the new typha pods will not be scheduled to the same nodes as the 'old' typha pods.

Types ¶

type Converter ¶ added in v1.12.0

type Converter interface {
	Convert() (*operatorv1.Installation, error)
}

Converter converts an unmanaged Calico install into an Installation resource which represents said install. It will return an error if the unmanaged install cannot be represented by an Installation resource.

type CoreNamespaceMigration ¶

type CoreNamespaceMigration struct {
	// contains filtered or unexported fields
}

func (*CoreNamespaceMigration) CleanupMigration ¶

func (m *CoreNamespaceMigration) CleanupMigration(ctx context.Context) error

CleanupMigration ensures all labels used during the migration are removed and any migration resources are stopped.

func (*CoreNamespaceMigration) NeedCleanup ¶

func (m *CoreNamespaceMigration) NeedCleanup() bool

NeedCleanup returns if the migration has been marked completed or not. If cleanup is needed then we need to make sure that all our labels have been removed from the nodes. We could check if the label is present on any nodes but it is almost the same operation to call the remove so we'll assume there are labels if we have not removed them previously.

func (*CoreNamespaceMigration) NeedsCoreNamespaceMigration ¶

func (m *CoreNamespaceMigration) NeedsCoreNamespaceMigration(ctx context.Context) (bool, error)

NeedsCoreNamespaceMigration returns true if any components still exist in the kube-system namespace. It checks the following in the kube-system namespace: calico-kube-controllers deployment, typha deployment, or calico-node deployment

func (*CoreNamespaceMigration) Run ¶

func (m *CoreNamespaceMigration) Run(ctx context.Context, log logr.Logger) error

Run will update old deployments and daemonsets, label nodes, migrate the calio-node pods on each node from the old pod to the new one, then clean up. The expectation is that this function will do the majority of the migration before returning (the exception being label clean up on the nodes), if there is an error it will be returned and the

type NamespaceMigration ¶ added in v1.14.0

type NamespaceMigration interface {
	NeedsCoreNamespaceMigration(ctx context.Context) (bool, error)
	Run(ctx context.Context, log logr.Logger) error
	NeedCleanup() bool
	CleanupMigration(ctx context.Context) error
}

func NewCoreNamespaceMigration ¶

func NewCoreNamespaceMigration(cfg *rest.Config) (NamespaceMigration, error)

NewCoreNamespaceMigration initializes a CoreNamespaceMigration and returns a handle to it.

type StringPatch ¶

type StringPatch struct {
	Op    string `json:"op"`
	Path  string `json:"path"`
	Value string `json:"value"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cni
convert

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL