Enable usage of calicoq utility

Also make previously mandatory requirement for exact match of calicoctl version and cluster version optional and set this verification as disabled by default. Image update commits: https://review.opendev.org/#/c/673915/ https://review.gerrithub.io/c/att-comdev/cicd/+/463828 Change-Id: I4dca1a4b075e5183ebf068c9aee59b55b0939881
2019-08-09 11:13:40 -05:00 · 2019-08-09 11:13:40 -05:00 · 413f2e2591
commit 413f2e2591
parent 9744eae699
4 changed files with 12 additions and 2 deletions
--- a/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
+++ b/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

-nobody ALL = (root) NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
+nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
  UNIX-RECV\:/dev/log\,reuseaddr stdout, \
  /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
  /usr/local/bin/calicoctl version
--- a/calicoctl-utility/templates/bin/_utilscli.tpl
+++ b/calicoctl-utility/templates/bin/_utilscli.tpl
@ -15,4 +15,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

-sudo /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
+sudo -E /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
--- a/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
+++ b/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
@ -94,7 +94,13 @@ spec:
          readinessProbe:
            exec:
              command:
+              {{- if .Values.conf.utility.match_versions }}
                - /usr/local/bin/version_check.sh
+              {{- else }}
+                - sudo
+                - calicoctl
+                - version
+              {{- end }}
            initialDelaySeconds: 5
            periodSeconds: 15
          livenessProbe:
--- a/calicoctl-utility/values.yaml
+++ b/calicoctl-utility/values.yaml
@ -170,6 +170,7 @@ conf:

      calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
      calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
+      calicoq_00: CommandFilter, calicoq, root
  calicoctl_rootwrap:
    DEFAULT:
      # Configuration for calicoctl-rootwrap
@ -197,6 +198,9 @@ conf:
    # Set to true for development sites,
    # Set to false otherwise
    always_log_user: true
+    # Specify whether we need to check for exact match of calicoctl and cluster
+    # versions during readiness probe
+    match_versions: false

 manifests:
  configmap_bin: true