update ovn upgrade porcess (#4132)

Signed-off-by: zhangzujian <[email protected]>
kubeovn · Jun 17, 2024 · e0bcc29 · e0bcc29
1 parent 7fe3f6e
commit e0bcc29
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 36 deletions.
diff --git a/charts/kube-ovn/templates/_helpers.tpl b/charts/kube-ovn/templates/_helpers.tpl
@@ -54,3 +54,24 @@ Number of master nodes
     RollingUpdate
   {{- end -}}
 {{- end -}}
+
+{{- define "kubeovn.ovn.versionCompatibility" -}}
+  {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
+  {{- if $ds -}}
+    {{- $chartVersion := index $ds.metadata.annotations "chart-version" }}
+    {{- $newChartVersion := printf "%s-%s" .Chart.Name .Chart.Version }}
+    {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
+    {{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
+    {{- if and (ne $newChartVersion $chartVersion) (regexMatch $versionRegex $imageVersion) -}}
+      {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.13.0" -}}
+        24.03
+      {{- else if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
+        22.12
+      {{- else if regexFind $versionRegex $imageVersion | semverCompare ">= 1.11.0" -}}
+        22.03
+      {{- else -}}
+        21.06
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/kube-ovn/templates/central-deploy.yaml b/charts/kube-ovn/templates/central-deploy.yaml
@@ -82,10 +82,8 @@ spec:
               value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
             - name: ENABLE_COMPACT
               value: "{{ .Values.networking.ENABLE_COMPACT }}"
-            {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
             - name: OVN_VERSION_COMPATIBILITY
-              value: "21.06"
-            {{- end }}
+              value: '{{ include "kubeovn.ovn.versionCompatibility" . }}'
           resources:
             requests:
               cpu: {{ index .Values "ovn-central" "requests" "cpu" }}

diff --git a/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml b/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml
@@ -1,4 +1,4 @@
-{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }}
+{{- if include "kubeovn.ovn.versionCompatibility" . -}}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -24,6 +24,12 @@ metadata:
     "helm.sh/hook-delete-policy": hook-succeeded
   name: system:ovs-ovn-upgrade
 rules:
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+    verbs:
+      - list
   - apiGroups:
       - apps
     resources:
@@ -141,6 +147,8 @@ spec:
               value: "{{ .Values.networking.ENABLE_SSL }}"
             - name: OVN_DB_IPS
               value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
+            - name: OVN_VERSION_COMPATIBILITY
+              value: '{{ include "kubeovn.ovn.versionCompatibility" . }}'
           command:
             - bash
             - -eo
@@ -160,4 +168,4 @@ spec:
           secret:
             optional: true
             secretName: kube-ovn-tls
-{{ end }}
+{{- end -}}
diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base
@@ -37,11 +37,11 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o
     # modify src route priority
     curl -s https://github.com/kubeovn/ovn/commit/3dbceb75c5e23d8d5b555e5d87238d40cb557424.patch | git apply && \
     # fix reaching resubmit limit in underlay
-    curl -s https://github.com/kubeovn/ovn/commit/6bf6df6da5d6fefae742856e6f43dd672360e48d.patch | git apply && \
+    curl -s https://github.com/kubeovn/ovn/commit/37d093c99c4980696cf917a1ad47492881908c90.patch | git apply && \
     # ovn-controller: do not send GARP on localnet for Kube-OVN ports
-    curl -s https://github.com/kubeovn/ovn/commit/5fd40530728f98011d2cd852d09ee16d4907cc1d.patch | git apply && \
+    curl -s https://github.com/kubeovn/ovn/commit/35efb84d45d2598fc83fabaee8100987dcbc6795.patch | git apply && \
     # northd: add nb option version_compatibility
-    curl -s https://github.com/kubeovn/ovn/commit/066e2e7da6791327b75110b32c1e47f2bb01fcf8.patch | git apply && \
+    curl -s https://github.com/kubeovn/ovn/commit/ef92cdbc10ee247ea7db7803e86e1d51c9cdaddf.patch | git apply && \
     # add support for conditionally skipping conntrack
     curl -s https://github.com/kubeovn/ovn/commit/41b419e54ef5671214eb3b5dfb53301152ce6dd1.patch | git apply && \
     # northd: skip conntrack when access node local dns ip

diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh
@@ -138,7 +138,13 @@ function is_clustered {
 
 function set_nb_version_compatibility() {
     if [ -n "$OVN_VERSION_COMPATIBILITY" ]; then
-        if ! ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS get NB_Global . options | grep -qw version_compatibility=; then
+        if ! ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS get NB_Global . options | grep -q version_compatibility=; then
+            ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY}
+            return
+        fi
+        value=`ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS get NB_Global . options:version_compatibility | sed -e 's/^"//' -e 's/"$//'`
+        echo "ovn nb global option version_compatibility is set to $value"
+        if [ "$value" != "_$OVN_VERSION_COMPATIBILITY" ]; then
             ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY}
         fi
     fi

diff --git a/dist/images/upgrade-ovs.sh b/dist/images/upgrade-ovs.sh
@@ -5,6 +5,9 @@ set -ex
 OVN_DB_IPS=${OVN_DB_IPS:-}
 ENABLE_SSL=${ENABLE_SSL:-false}
 POD_NAMESPACE=${POD_NAMESPACE:-kube-system}
+OVN_VERSION_COMPATIBILITY=${OVN_VERSION_COMPATIBILITY:-}
+
+UPDATE_STRATEGY=`kubectl -n kube-system get ds ovs-ovn -o jsonpath='{.spec.updateStrategy.type}'`
 
 SSL_OPTIONS=
 function ssl_options() {
@@ -33,39 +36,46 @@ function gen_conn_str {
 
 nb_addr="$(gen_conn_str 6641)"
 while true; do
-  if [ x`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get nb . options | grep -o 'version_compatibility='` != "x" ]; then
-    echo "ovn nb global option version_compatibility is set to "`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get nb . options:version_compatibility`
-    break
+  if [ x`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get NB_Global . options | grep -o 'version_compatibility='` != "x" ]; then
+    value=`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get NB_Global . options:version_compatibility | sed -e 's/^"//' -e 's/"$//'`
+    echo "ovn NB_Global option version_compatibility is set to $value"
+    if [ "$value" = "$OVN_VERSION_COMPATIBILITY" -o "$value" = "_$OVN_VERSION_COMPATIBILITY" ]; then
+      break
+    fi
   fi
-  echo "waiting for ovn nb global option version_compatibility to be set..."
+  echo "waiting for ovn NB_Global option version_compatibility to be set..."
   sleep 3
 done
 
-kubectl -n $POD_NAMESPACE rollout status deploy ovn-central --timeout=60s
+kubectl -n $POD_NAMESPACE rollout status deploy ovn-central --timeout=120s
 
-dsChartVer=`kubectl get ds -n $POD_NAMESPACE ovs-ovn -o jsonpath={.spec.template.metadata.annotations.chart-version}`
-
-for node in `kubectl get node -o jsonpath='{.items[*].metadata.name}'`; do
-  pods=(`kubectl -n $POD_NAMESPACE get pod -l app=ovs --field-selector spec.nodeName=$node -o name`)
-  for pod in ${pods[*]}; do
-    podChartVer=`kubectl -n $POD_NAMESPACE get $pod -o jsonpath={.metadata.annotations.chart-version}`
-    if [ "$dsChartVer" != "$podChartVer" ]; then
-      echo "deleting $pod on node $node"
-      kubectl -n $POD_NAMESPACE delete $pod
-    fi
-  done
+if [ $UPDATE_STRATEGY = OnDelete ]; then
+  dsChartVer=`kubectl get ds -n $POD_NAMESPACE ovs-ovn -o jsonpath={.spec.template.metadata.annotations.chart-version}`
 
-  while true; do
+  for node in `kubectl get node -o jsonpath='{.items[*].metadata.name}'`; do
     pods=(`kubectl -n $POD_NAMESPACE get pod -l app=ovs --field-selector spec.nodeName=$node -o name`)
-    if [ ${#pods[*]} -ne 0 ]; then
-      break
-    fi
-    echo "waiting for ovs-ovn pod on node $node to be created"
-    sleep 1
-  done
+    for pod in ${pods[*]}; do
+      podChartVer=`kubectl -n $POD_NAMESPACE get $pod -o jsonpath={.metadata.annotations.chart-version}`
+      if [ "$dsChartVer" != "$podChartVer" ]; then
+        echo "deleting $pod on node $node"
+        kubectl -n $POD_NAMESPACE delete $pod
+      fi
+    done
 
-  echo "waiting for ovs-ovn pod on node $node to be ready"
-  kubectl -n $POD_NAMESPACE wait pod --for=condition=ready -l app=ovs --field-selector spec.nodeName=$node
-done
+    while true; do
+      pods=(`kubectl -n $POD_NAMESPACE get pod -l app=ovs --field-selector spec.nodeName=$node -o name`)
+      if [ ${#pods[*]} -ne 0 ]; then
+        break
+      fi
+      echo "waiting for ovs-ovn pod on node $node to be created"
+      sleep 1
+    done
+
+    echo "waiting for ovs-ovn pod on node $node to be ready"
+    kubectl -n $POD_NAMESPACE wait pod --for=condition=ready -l app=ovs --field-selector spec.nodeName=$node
+  done
+else
+  kubectl -n $POD_NAMESPACE rollout status ds/ovs-ovn
+fi
 
-ovn-nbctl --db=$nb_addr $SSL_OPTIONS set nb . options:version_compatibility=none
+ovn-nbctl --db=$nb_addr $SSL_OPTIONS set NB_Global . options:version_compatibility=_$OVN_VERSION_COMPATIBILITY