Update flannel

tasks/front.yaml

@@ -59,10 +59,14 @@
     when: add_kube_api_server_options is changed
 
   - name: wait Kube to start on "{{kube_wait_api_server_ip}}"
-    wait_for:
-      port: 6443
-      host: "{{kube_wait_api_server_ip}}"
-      delay: 5
+    uri:
+      url: "https://{{kube_wait_api_server_ip}}:6443/livez"
+      status_code: 200
+      validate_certs: false
+    register: result
+    until: result.status == 200
+    retries: 30
+    delay: 2
 
   - set_fact:
       KUBECONFIG: /etc/kubernetes/admin.conf

templates/flannel-net.j2

@@ -1,14 +1,25 @@
 ---
-kind: Namespace
 apiVersion: v1
+kind: Namespace
 metadata:
-  name: kube-flannel
   labels:
+    k8s-app: flannel
     pod-security.kubernetes.io/enforce: privileged
+  name: kube-flannel
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+  namespace: kube-flannel
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
+  labels:
+    k8s-app: flannel
   name: flannel
 rules:
 - apiGroups:
@@ -22,6 +33,7 @@ rules:
   resources:
   - nodes
   verbs:
+  - get
   - list
   - watch
 - apiGroups:
@@ -30,10 +42,19 @@ rules:
   - nodes/status
   verbs:
   - patch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - clustercidrs
+  verbs:
+  - list
+  - watch
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
+  labels:
+    k8s-app: flannel
   name: flannel
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -45,19 +66,6 @@ subjects:
   namespace: kube-flannel
 ---
 apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flannel
-  namespace: kube-flannel
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: kube-flannel-cfg
-  namespace: kube-flannel
-  labels:
-    tier: node
-    app: flannel
 data:
   cni-conf.json: |
     {
@@ -86,24 +94,35 @@ data:
         "Type": "vxlan"
       }
     }
+kind: ConfigMap
+metadata:
+  labels:
+    app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-cfg
+  namespace: kube-flannel
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: kube-flannel-ds
-  namespace: kube-flannel
   labels:
-    tier: node
     app: flannel
+    k8s-app: flannel
+    tier: node
+  name: kube-flannel-ds
+  namespace: kube-flannel
 spec:
   selector:
     matchLabels:
       app: flannel
+      k8s-app: flannel
   template:
     metadata:
       labels:
-        tier: node
         app: flannel
+        k8s-app: flannel
+        tier: node
     spec:
       affinity:
         nodeAffinity:
@@ -114,62 +133,15 @@ spec:
                 operator: In
                 values:
                 - linux
-      hostNetwork: true
-      priorityClassName: system-node-critical
-      tolerations:
-      - operator: Exists
-        effect: NoSchedule
-      serviceAccountName: flannel
-      initContainers:
-      - name: install-cni-plugin
-       #image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
-        image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
-        command:
-        - cp
-        args:
-        - -f
-        - /flannel
-        - /opt/cni/bin/flannel
-        volumeMounts:
-        - name: cni-plugin
-          mountPath: /opt/cni/bin
-      - name: install-cni
-       #image: flannelcni/flannel:v0.19.2 for ppc64le and mips64le (dockerhub limitations may apply)
-        image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.2
-        command:
-        - cp
-        args:
-        - -f
-        - /etc/kube-flannel/cni-conf.json
-        - /etc/cni/net.d/10-flannel.conflist
-        volumeMounts:
-        - name: cni
-          mountPath: /etc/cni/net.d
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
       containers:
-      - name: kube-flannel
-       #image: flannelcni/flannel:v0.19.2 for ppc64le and mips64le (dockerhub limitations may apply)
-        image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.2
-        command:
-        - /opt/bin/flanneld
-        args:
+      - args:
         - --ip-masq
         - --kube-subnet-mgr
 {% for arg in kube_flanneld_extra_args %}
         - {{ arg }}
 {% endfor %}
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
-        securityContext:
-          privileged: false
-          capabilities:
-            add: ["NET_ADMIN", "NET_RAW"]
+        command:
+        - /opt/bin/flanneld
         env:
         - name: POD_NAME
           valueFrom:
@@ -181,27 +153,70 @@ spec:
               fieldPath: metadata.namespace
         - name: EVENT_QUEUE_DEPTH
           value: "5000"
+        image: docker.io/flannel/flannel:v0.24.2
+        name: kube-flannel
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+          privileged: false
+        volumeMounts:
+        - mountPath: /run/flannel
+          name: run
+        - mountPath: /etc/kube-flannel/
+          name: flannel-cfg
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+      hostNetwork: true
+      initContainers:
+      - args:
+        - -f
+        - /flannel
+        - /opt/cni/bin/flannel
+        command:
+        - cp
+        image: docker.io/flannel/flannel-cni-plugin:v1.4.0-flannel1
+        name: install-cni-plugin
+        volumeMounts:
+        - mountPath: /opt/cni/bin
+          name: cni-plugin
+      - args:
+        - -f
+        - /etc/kube-flannel/cni-conf.json
+        - /etc/cni/net.d/10-flannel.conflist
+        command:
+        - cp
+        image: docker.io/flannel/flannel:v0.24.2
+        name: install-cni
         volumeMounts:
-        - name: run
-          mountPath: /run/flannel
-        - name: flannel-cfg
-          mountPath: /etc/kube-flannel/
-        - name: xtables-lock
-          mountPath: /run/xtables.lock
+        - mountPath: /etc/cni/net.d
+          name: cni
+        - mountPath: /etc/kube-flannel/
+          name: flannel-cfg
+      priorityClassName: system-node-critical
+      serviceAccountName: flannel
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
       volumes:
-      - name: run
-        hostPath:
+      - hostPath:
           path: /run/flannel
-      - name: cni-plugin
-        hostPath:
+        name: run
+      - hostPath:
           path: /opt/cni/bin
-      - name: cni
-        hostPath:
+        name: cni-plugin
+      - hostPath:
           path: /etc/cni/net.d
-      - name: flannel-cfg
-        configMap:
+        name: cni
+      - configMap:
           name: kube-flannel-cfg
-      - name: xtables-lock
-        hostPath:
+        name: flannel-cfg
+      - hostPath:
           path: /run/xtables.lock
-          type: FileOrCreate
+          type: FileOrCreate
+        name: xtables-lock

tests/test-crio.yml

@@ -3,7 +3,7 @@
   roles:
     - role: ansible-role-kubernetes
       kube_install_metrics: true
-      kube_cert_manager: true
+      kube_cert_manager: false
       kube_install_kubeapps: false
       kube_install_kyverno: false
       kube_deploy_dashboard: true

tests/test.yml

@@ -2,15 +2,15 @@
 - hosts: localhost
   roles:
     - role: ansible-role-kubernetes
-      kube_install_metrics: true
-      kube_cert_manager: true
+      kube_install_metrics: false
+      kube_cert_manager: false
       kube_install_kubeapps: false
       kube_install_kyverno: false
-      kube_deploy_dashboard: true
-      kube_install_ingress: true
+      kube_deploy_dashboard: false
+      kube_install_ingress: false
       kube_public_dns_name: test.domain.com
       kube_version: 1.27.3
       kube_cri_runtime: containerd
-      kube_install_docker_pip: true
+      kube_install_docker_pip: false
       kubelet_extra_args_dict: 
         node-labels: somelabel