feat(calico): add job tag calico_manifest to enable rollback

!17
2024-01-31 22:21:18 +09:30
parent bed1bf3095
commit 54f9ec0c95
2 changed files with 24 additions and 10 deletions
--- a/docs/projects/ansible/roles/kubernetes/release_notes.md
+++ b/docs/projects/ansible/roles/kubernetes/release_notes.md
@ -15,6 +15,10 @@ This document details any changes that have occured that may impact users of thi

    - All new cluster installations will be deployed with the operator

-    - Existing deployments will be required to run a deployment with job tag `operator_migrate_calico` to migrate their deployment to the operator
-    
-    - This tag will be removed in the future at no set date.
+        - Existing deployments will be required to run a deployment with job tag `operator_migrate_calico` to migrate their deployment to the operator
+        
+        - if an issue occurs with the migration it can be rolled back by `kubectl delete -f` for all manifests in the `/var/lib/rancher/k3s/ansible` directory and redeploying with job tag `calico_manifest`. This re-deploys calico using the current manifest.
+        
+        - This tag will be removed in the future at no set date.
+
+    - `ServiceLB` / `klipperLB` no longer deploys by default and to deploy it variable `nfc_kubernetes_enable_servicelb` must be set `true`
--- a/tasks/k3s/install.yaml
+++ b/tasks/k3s/install.yaml
@ -286,11 +286,15 @@
            kubernetes_config.cluster.prime.name == inventory_hostname
              and
            (
-              not file_calico_operator_yaml_metadata.stat.exists
-                and
-              file_calico_yaml_metadata.stat.exists
-                and
-              k3s_installed.rc == 0
+              (
+                not file_calico_operator_yaml_metadata.stat.exists
+                  and
+                file_calico_yaml_metadata.stat.exists
+                  and
+                k3s_installed.rc == 0
+              )
+                or
+              'calico_manifest' in ansible_run_tags
            )
          }}
      - src: k3s-registries.yaml.j2
@ -343,6 +347,8 @@
      not file_calico_yaml_metadata.stat.exists
    )
      and
+    'calico_manifest' not in ansible_run_tags
+      and
    kubernetes_config.cluster.prime.name == inventory_hostname


@ -416,9 +422,13 @@
    kubernetes_config.cluster.networking.encrypt | default(false) | bool
      and
    (
-      'operator_migrate_calico' not in ansible_run_tags
+      'calico_manifest' in ansible_run_tags
        or
-      'operator_calico' not in ansible_run_tags
+      (
+        'operator_migrate_calico' not in ansible_run_tags
+          or
+        'operator_calico' not in ansible_run_tags
+      )
    )