You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

Calico: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Giuseppe Lavagetto
No edit summary
imported>JMeybohm
(Updated the docs with new packaging instructions)
Line 1: Line 1:
[http://docs.projectcalico.org Calico] is a virtual network infrastructure that we use to manage kubernetes networking.
[http://docs.projectcalico.org Calico] is a virtual network infrastructure that we use to manage kubernetes networking.


== Building ==
== Packaging ==
{{note|<dist> below stands for one of the Debian distribution's codenames, e.g. jessie, stretch, buster, bullseye. Make sure you use the one you target}}We don't actually build calico but package it's components from upstream binary releases.


Following the [http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/integration integration guide] there are a few things we need to rebuild, in order to stick to our policy of "internal builds only":
Because of that, you will need to set [[HTTP proxy]] variables for internet access on the build host.


- the <tt>calico/node</tt> container
The general process to follow is:*Check out {{Gitweb|project=operations/debs/calico}} on your workstation
- the <tt>calicoctl</tt> cli tool (which gets built as part of the <tt>calico/node</tt> build pipeline)
*Decide if you want to package a new master (production) or future (potential next production) version
- the <tt>calico-cni</tt> CNI plugins
*Create a patch to bump the debian changelog
- the base <tt>cni</tt> plugins we'll be using
<syntaxhighlight lang="bash">
export NEW_VERSION=3.16.5 # Calico version you want to package
dch -v ${NEW_VERSION}-1 -D unstable "Update to v${NEW_VERSION}"
git commit debian/changelog


The next few sections will detail how to do each of these things.
# If you're packaging a new future version, make sure to submit the patch to the correct branch
git review future
</syntaxhighlight>


=== calicoctl (and calico/node) ===
* Merge
* Check out {{Gitweb|project=operations/debs/calico}} on the build host
* Build the packages:
<syntaxhighlight lang="bash">
git checkout future # If you want to build a new version not directly to be released to production


We keep a cloned/modified repository at [https://gerrit.wikimedia.org/r/#/admin/projects/operations/calico-containers operations/calico-containers]. Please note that calico has renamed their repo to "calicoctl" in the meanwhile.
# Ensure you allow networking in pbuilder
# This option needs to be in the file, an environment variable will *not* work!
echo "USENETWORKING=yes" >> ~/.pbuilderrc


Download the needed version using the debian/repack scipt, then import it using gbp<syntaxhighlight lang="bash">
# Build the package
# In the directory where you cloned calico-containers
https_proxy=http://webproxy.$(hostname -d):8080 DIST=<dist> pdebuild
/srv/calico $ debian/repack 1.2.1
</syntaxhighlight>
...
==Publishing==
/srv/calico $ gpb import-orig ../calico-containers-1.2.1.tar.xz
....
/srv/calico $ dch -v "1.2.1-1~wmf1"
/srv/calico $ git add debian/changelog && git commit -m "Updating debian version"
# Now build calicoctl; this will also apply the needed patches to the dockerfiles
/srv/calico $ gbp buildpackage
...
/srv/calico $ make calico-node node-test-containerized
</syntaxhighlight>The resulting calico-node container will need to be tagged appropriately and pushed to the registry.


=== calico-cni ===
=== The Debian Packages: ===
Download the needed version using the <code>debian/repack</code> script, then import it using <code>gbp</code><syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# In the directory where you cloned operations/calico-cni
# On apt1001, copy the packages from the build host
/srv/calico-cni $ debian/repack 1.8.3
rsync -vaz deneb.codfw.wmnet::pbuilder-result/<dist>-amd64/calico*<PACKAGE VERSION>* .
Downloading calico-cni-1.8.3
Repackaged in /srv/calico-cni-1.8.3.tar.xz
Cleaned up the working directory '/tmp/tmp.Yj51DNj'
/srv/calico-cni $ gbp import-orig ../calico-cni-1.8.3.tar.xz
What is the upstream version? [1.8.3]
gbp:info: Importing '../calico-cni-1.8.3.tar.xz' to branch 'upstream'...
gbp:info: Source package is calico-cni
gbp:info: Upstream version is 1.8.3
gbp:info: Merging to 'master'
gbp:info: Successfully imported version 1.8.3 of ../calico-cni-1.8.3.tar.xz
/srv/calico-cni $ dch -v "1.8.3-1~wmf1"
/srv/calico-cni $ git add debian/changelog
/srv/calico-cni $ git commit -m 'Updating debian version'
[master a9c31a1] Updating debian version
1 file changed, 6 insertions(+)
/srv/calico-cni $ gbp buildpackage
...
</syntaxhighlight>Please note that this will result in a "dirty" package as we're downloading all go dependencies directly and not "the debian way". This might change once the number of natively supported libraries becomes larger.


=== calico-k8s-policy-controller ===
# If you want to import a new production version, import to component main
Configure your repository to have an upstream to track the calico upstream:<syntaxhighlight lang="bash">
sudo -i reprepro -C main --ignore=wrongdistribution include <dist>-wikimedia /path/to/<PACKAGE>.changes
$ git remote show upstream
* remote upstream
  Fetch URL: https://github.com/projectcalico/k8s-policy.git
  Push  URL: https://github.com/projectcalico/k8s-policy.git
  HEAD branch: master


</syntaxhighlight>Then checkout a branch for the desired tag<syntaxhighlight lang="bash">
# If you want to import a test/pre-production version, import to component calico-future
git remote update
sudo -i reprepro -C component/kubernetes-future --ignore=wrongdistribution include <dist>-wikimedia /path/to/<PACKAGE>.changes
git checkout -b 0.6.0 v0.6.0
</syntaxhighlight>
# Fix the Dockerfile
 
git cherry-pick fbf840d180e4b70f56f02e9d616adf9ed9cd8523
=== The Docker Images: ===
git push origin 0.6.0
Calico also includes a bunch of docker images which need to be published into our docker registry. To simplify the process, the packaging generates a debian package named "calico-images" that includes the images as well as a script to publish them:<syntaxhighlight lang="bash">
</syntaxhighlight>Finally, rebuild the docker container (this can be managed via the build-calico script)
# On the build host, extract the calico-images debian package
tmpd=$(mktemp -d)
dpkg -x /var/cache/pbuilder/result/<dist>-amd64/calico-images_<PACKAGE_VERSION>_amd64.deb $tmpd
 
# Load and push the images
sudo CALICO_IMAGE_DIR=${tmpd}/usr/share/calico ${tmpd}/usr/share/calico/push-calico-images.sh
rm -rf $tmpd
</syntaxhighlight>

Revision as of 15:58, 17 November 2020

Calico is a virtual network infrastructure that we use to manage kubernetes networking.

Packaging

We don't actually build calico but package it's components from upstream binary releases.

Because of that, you will need to set HTTP proxy variables for internet access on the build host.

The general process to follow is:*Check out operations/debs/calico on your workstation

  • Decide if you want to package a new master (production) or future (potential next production) version
  • Create a patch to bump the debian changelog
export NEW_VERSION=3.16.5 # Calico version you want to package
dch -v ${NEW_VERSION}-1 -D unstable "Update to v${NEW_VERSION}"
git commit debian/changelog

# If you're packaging a new future version, make sure to submit the patch to the correct branch
git review future
git checkout future # If you want to build a new version not directly to be released to production

# Ensure you allow networking in pbuilder
# This option needs to be in the file, an environment variable will *not* work!
echo "USENETWORKING=yes" >> ~/.pbuilderrc

# Build the package
https_proxy=http://webproxy.$(hostname -d):8080 DIST=<dist> pdebuild

Publishing

The Debian Packages:

# On apt1001, copy the packages from the build host
rsync -vaz deneb.codfw.wmnet::pbuilder-result/<dist>-amd64/calico*<PACKAGE VERSION>* .

# If you want to import a new production version, import to component main
sudo -i reprepro -C main --ignore=wrongdistribution include <dist>-wikimedia /path/to/<PACKAGE>.changes

# If you want to import a test/pre-production version, import to component calico-future
sudo -i reprepro -C component/kubernetes-future --ignore=wrongdistribution include <dist>-wikimedia /path/to/<PACKAGE>.changes

The Docker Images:

Calico also includes a bunch of docker images which need to be published into our docker registry. To simplify the process, the packaging generates a debian package named "calico-images" that includes the images as well as a script to publish them:

# On the build host, extract the calico-images debian package
tmpd=$(mktemp -d)
dpkg -x /var/cache/pbuilder/result/<dist>-amd64/calico-images_<PACKAGE_VERSION>_amd64.deb $tmpd

# Load and push the images
sudo CALICO_IMAGE_DIR=${tmpd}/usr/share/calico ${tmpd}/usr/share/calico/push-calico-images.sh
rm -rf $tmpd