From 23f81a5e8c4a975750beabc6f603a60a04621225 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sun, 17 Mar 2019 15:08:51 -0700
Subject: [PATCH] Upgrade Calico from v3.5.2 to v3.6.0

* Add calico-ipam CRDs and RBAC permissions
* Switch IPAM from host-local to calico-ipam!
  * `calico-ipam` subnets `ippools` (defaults to pod CIDR) into
`ipamblocks` (defaults to /26, but set to /24 in Typhoon)
  * `host-local` subnets the pod CIDR based on the node PodCIDR
field (set via kube-controller-manager as /24's)
* Create a custom default IPv4 IPPool to ensure the block size
is kept at /24 to allow 110 pods per node (Kubernetes default)
* Retaining host-local was slightly preferred, but Calico v3.6
is migrating all usage to calico-ipam. The codepath that skipped
calico-ipam for KDD was removed
*  https://docs.projectcalico.org/v3.6/release-notes/
---
 resources/calico/blockaffinities-crd.yaml     | 12 ++++++++++
 resources/calico/cluster-role.yaml            | 24 ++++++++++++++++++-
 resources/calico/config.yaml                  |  3 +--
 resources/calico/daemonset.yaml               |  8 ++-----
 resources/calico/default-ipv4-ippool.yaml     | 10 ++++++++
 resources/calico/felixconfigurations-crd.yaml |  2 +-
 resources/calico/ipamblocks.crd.yaml          | 12 ++++++++++
 resources/calico/ipamconfigs-crd.yaml         | 12 ++++++++++
 resources/calico/ipamhandles-crd.yaml         | 12 ++++++++++
 variables.tf                                  |  4 ++--
 10 files changed, 87 insertions(+), 12 deletions(-)
 create mode 100644 resources/calico/blockaffinities-crd.yaml
 create mode 100644 resources/calico/default-ipv4-ippool.yaml
 create mode 100644 resources/calico/ipamblocks.crd.yaml
 create mode 100644 resources/calico/ipamconfigs-crd.yaml
 create mode 100644 resources/calico/ipamhandles-crd.yaml

diff --git a/resources/calico/blockaffinities-crd.yaml b/resources/calico/blockaffinities-crd.yaml
new file mode 100644
index 00000000..27fcb054
--- /dev/null
+++ b/resources/calico/blockaffinities-crd.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: blockaffinities.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: BlockAffinity
+    plural: blockaffinities
+    singular: blockaffinity
diff --git a/resources/calico/cluster-role.yaml b/resources/calico/cluster-role.yaml
index c59b7b85..a9bff671 100644
--- a/resources/calico/cluster-role.yaml
+++ b/resources/calico/cluster-role.yaml
@@ -64,6 +64,7 @@ rules:
       - globalbgpconfigs
       - bgpconfigurations
       - ippools
+      - ipamblocks
       - globalnetworkpolicies
       - globalnetworksets
       - networkpolicies
@@ -81,4 +82,25 @@ rules:
     verbs:
       - create
       - update
-
+  # Calico may perform IPAM allocations (not yet used)
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - blockaffinities
+      - ipamblocks
+      - ipamhandles
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - ipamconfigs
+    verbs:
+      - get
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - blockaffinities
+    verbs:
+      - watch
diff --git a/resources/calico/config.yaml b/resources/calico/config.yaml
index 70c91149..84eae9d4 100644
--- a/resources/calico/config.yaml
+++ b/resources/calico/config.yaml
@@ -23,8 +23,7 @@ data:
           "nodename": "__KUBERNETES_NODE_NAME__",
           "mtu": __CNI_MTU__,
           "ipam": {
-            "type": "host-local",
-            "subnet": "usePodCidr"
+            "type": "calico-ipam"
           },
           "policy": {
             "type": "k8s"
diff --git a/resources/calico/daemonset.yaml b/resources/calico/daemonset.yaml
index ec12e07a..d0221972 100644
--- a/resources/calico/daemonset.yaml
+++ b/resources/calico/daemonset.yaml
@@ -99,9 +99,6 @@ spec:
               value: "autodetect"
             - name: IP_AUTODETECTION_METHOD
               value: "${network_ip_autodetection_method}"
-            # Enable IPIP
-            - name: CALICO_IPV4POOL_IPIP
-              value: "Always"
             # Enable IP-in-IP within Felix.
             - name: FELIX_IPINIPENABLED
               value: "true"
@@ -111,9 +108,8 @@ spec:
                 configMapKeyRef:
                   name: calico-config
                   key: veth_mtu
-            # The Calico IPv4 pool CIDR (should match `--cluster-cidr`).
-            - name: CALICO_IPV4POOL_CIDR
-              value: "${pod_cidr}"
+            - name: NO_DEFAULT_POOLS
+              value: "true"
             # Disable file logging so `kubectl logs` works.
             - name: CALICO_DISABLE_FILE_LOGGING
               value: "true"
diff --git a/resources/calico/default-ipv4-ippool.yaml b/resources/calico/default-ipv4-ippool.yaml
new file mode 100644
index 00000000..671c1ec3
--- /dev/null
+++ b/resources/calico/default-ipv4-ippool.yaml
@@ -0,0 +1,10 @@
+apiVersion: crd.projectcalico.org/v1
+kind: IPPool
+metadata:
+  name: default-ipv4-ippool
+spec:
+  blockSize: 24
+  cidr: ${pod_cidr}
+  ipipMode: Always
+  natOutgoing: true
+  nodeSelector: all()
diff --git a/resources/calico/felixconfigurations-crd.yaml b/resources/calico/felixconfigurations-crd.yaml
index 518ebd94..80e96215 100644
--- a/resources/calico/felixconfigurations-crd.yaml
+++ b/resources/calico/felixconfigurations-crd.yaml
@@ -1,7 +1,7 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-   name: felixconfigurations.crd.projectcalico.org
+  name: felixconfigurations.crd.projectcalico.org
 spec:
   scope: Cluster
   group: crd.projectcalico.org
diff --git a/resources/calico/ipamblocks.crd.yaml b/resources/calico/ipamblocks.crd.yaml
new file mode 100644
index 00000000..d2879ac0
--- /dev/null
+++ b/resources/calico/ipamblocks.crd.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamblocks.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMBlock
+    plural: ipamblocks
+    singular: ipamblock
diff --git a/resources/calico/ipamconfigs-crd.yaml b/resources/calico/ipamconfigs-crd.yaml
new file mode 100644
index 00000000..7277b47f
--- /dev/null
+++ b/resources/calico/ipamconfigs-crd.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamconfigs.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMConfig
+    plural: ipamconfigs
+    singular: ipamconfig
diff --git a/resources/calico/ipamhandles-crd.yaml b/resources/calico/ipamhandles-crd.yaml
new file mode 100644
index 00000000..9d53a86d
--- /dev/null
+++ b/resources/calico/ipamhandles-crd.yaml
@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamhandles.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMHandle
+    plural: ipamhandles
+    singular: ipamhandle
diff --git a/variables.tf b/variables.tf
index 2ec0f060..79dfd214 100644
--- a/variables.tf
+++ b/variables.tf
@@ -69,8 +69,8 @@ variable "container_images" {
   type        = "map"
 
   default = {
-    calico           = "quay.io/calico/node:v3.5.2"
-    calico_cni       = "quay.io/calico/cni:v3.5.2"
+    calico           = "quay.io/calico/node:v3.6.0"
+    calico_cni       = "quay.io/calico/cni:v3.6.0"
     flannel          = "quay.io/coreos/flannel:v0.11.0-amd64"
     flannel_cni      = "quay.io/coreos/flannel-cni:v0.3.0"
     kube_router      = "cloudnativelabs/kube-router:v0.2.5"