Support new version of Calico (2.0)

With new Golang version of `calicoctl` (v.1.0.0-beta
and older), command line interface was changed.
Modified tests, so both old and new versions are
supported.

Change-Id: Id33089d3b184a04624b99a160467e860fa1e0556
This commit is contained in:
Artem Panchenko 2016-11-15 18:23:23 +02:00
parent 39dbbf5f56
commit 28b1e600c0
1 changed files with 60 additions and 7 deletions

View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
from distutils import version
import requests
from devops.helpers import helpers
@ -183,6 +184,30 @@ NETCHECKER_DS_CFG = [
}
]
NETCHECKER_BLOCK_POLICY = {
"kind": "policy",
"spec": {
"ingress": [
{
"action": "allow"
},
{
"action": "deny",
"destination": {
"ports": [
NETCHECKER_SERVICE_PORT
]
},
"protocol": "tcp"
}
]
},
"apiVersion": "v1",
"metadata": {
"name": "deny-netchecker"
}
}
def start_server(k8s, namespace=None,
pod_spec=NETCHECKER_POD_CFG,
@ -270,17 +295,45 @@ def wait_check_network(kube_host_ip, works=True, timeout=120, interval=5):
def calico_block_traffic_on_node(underlay, target_node):
if is_calico_version_new(calico_get_version(underlay, target_node)):
cmd = "echo '{0}' | calicoctl create -f -".format(
NETCHECKER_BLOCK_POLICY)
else:
cmd = ('calicoctl profile calico-k8s-network rule add --at=1 outbound '
'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT))
underlay.sudo_check_call(cmd, node_name=target_node)
LOG.info('Blocked traffic to the network checker service from '
'containers on node "{}".'.format(target_node))
underlay.sudo_check_call(
'calicoctl profile calico-k8s-network rule add --at=1 outbound '
'deny tcp to ports {0}'.format(NETCHECKER_SERVICE_PORT),
node_name=target_node)
def calico_unblock_traffic_on_node(underlay, target_node):
if is_calico_version_new(calico_get_version(underlay, target_node)):
cmd = "echo '{0}' | calicoctl delete -f -".format(
NETCHECKER_BLOCK_POLICY)
else:
cmd = ('calicoctl profile calico-k8s-network '
'rule remove outbound --at=1')
underlay.sudo_check_call(cmd, node_name=target_node)
LOG.info('Unblocked traffic to the network checker service from '
'containers on node "{}".'.format(target_node))
underlay.sudo_check_call(
'calicoctl profile calico-k8s-network rule remove outbound --at=1',
node_name=target_node)
def calico_get_version(underlay, target_node):
raw_version = underlay.sudo_check_call('calicoctl version',
node_name=target_node)
assert raw_version['exit_code'] == 0 and len(raw_version['stdout']) > 0, \
"Unable to get calico version!"
if len(raw_version['stdout']) > 1:
ctl_version = raw_version['stdout'][0].split()[1].strip()
else:
ctl_version = raw_version['stdout'][0].strip()
LOG.debug("Calico (calicoctl) version on '{0}': '{1}'".format(target_node,
ctl_version))
return ctl_version
def is_calico_version_new(calico_version):
return version.LooseVersion(calico_version) >= version.LooseVersion('v1')