WIP: Upgrade calico to 3.29

Makefile

@@ -537,8 +537,7 @@ generate-e2e-templates: $(KUSTOMIZE) ## Generate Azure infrastructure templates
 generate-addons: fetch-calico-manifests ## Generate metric-server, calico, calico-ipv6, azure cni v1 addons.
 	$(KUSTOMIZE) build $(ADDONS_DIR)/metrics-server > $(ADDONS_DIR)/metrics-server/metrics-server.yaml
 	$(KUSTOMIZE) build $(ADDONS_DIR)/calico > $(ADDONS_DIR)/calico.yaml
-	$(KUSTOMIZE) build $(ADDONS_DIR)/calico-ipv6 > $(ADDONS_DIR)/calico-ipv6.yaml
-	$(KUSTOMIZE) build $(ADDONS_DIR)/calico-dual-stack > $(ADDONS_DIR)/calico-dual-stack.yaml
+	$(KUSTOMIZE) build $(ADDONS_DIR)/metrics-server > $(ADDONS_DIR)/metrics-server/metrics-server.yaml
 	$(KUSTOMIZE) build $(ADDONS_DIR)/azure-cni-v1 > $(ADDONS_DIR)/azure-cni-v1.yaml
 
 .PHONY: generate-aso-crds
@@ -553,7 +552,7 @@ generate-aso-crds: $(YQ)
 		> $(ASO_CRDS_PATH)
 
 # When updating this, make sure to also update the Windows image version in templates/addons/windows/calico.
-export CALICO_VERSION := v3.26.1
+export CALICO_VERSION := v3.29.4
 # Where all downloaded Calico manifests are unpacked and stored.
 CALICO_RELEASES := $(ARTIFACTS)/calico
 # Path to manifests directory in a Calico release archive.

Tiltfile

@@ -469,15 +469,6 @@ def deploy_worker_templates(template, substitutions):
     echo "API Server of ${CLUSTER_NAME} is accessible";
     '''
 
-    # copy the kubeadm configmap to the calico-system namespace.
-    # This is a workaround needed for the calico-node-windows daemonset to be able to run in the calico-system namespace.
-    if "windows" in flavor_name:
-        flavor_cmd += """
-        until """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig get configmap kubeadm-config --namespace=kube-system > /dev/null 2>&1; do sleep 5; done;
-        """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig create namespace calico-system --dry-run=client -o yaml |         """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig apply -f -;
-        """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig get configmap kubeadm-config --namespace=kube-system -o yaml |         sed 's/namespace: kube-system/namespace: calico-system/' |         """ + kubectl_cmd + """ --kubeconfig ./${CLUSTER_NAME}.kubeconfig apply -f -;
-        """
-
     if "aks_as_mgmt_settings" in settings and needs_vnet_peering(flavor_name):
         flavor_cmd += create_private_dns_zone()
 

docs/book/src/self-managed/addons.md

@@ -63,21 +63,6 @@ helm repo add projectcalico https://docs.tigera.io/calico/charts && \
 helm install calico projectcalico/tigera-operator --version v3.26.1 -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-azure/main/templates/addons/calico-dual-stack/values.yaml --set-string "installation.calicoNetwork.ipPools[0].cidr=${IPV4_CIDR_BLOCK}","installation.calicoNetwork.ipPools[1].cidr=${IPV6_CIDR_BLOCK}" --namespace tigera-operator --create-namespace
 ```
 
-<aside class="note">
-
-<h1> Note </h1>
-
-For Windows nodes, you also need to copy the kubeadm-config configmap to the calico-system namespace so the calico-node-windows Daemonset can find it:
-
-```bash
-kubectl create ns calico-system
-kubectl get configmap kubeadm-config --namespace=kube-system -o yaml \
-| sed 's/namespace: kube-system/namespace: calico-system/' \
-| kubectl create -f -
-```
-
-</aside>
-
 For more information, see the [official Calico documentation](https://projectcalico.docs.tigera.io/getting-started/kubernetes/helm).
 
 ## Flannel

scripts/ci-entrypoint.sh

@@ -146,29 +146,6 @@ create_cluster() {
     export KUBE_SSH_USER
 }
 
-# copy_kubeadm_config_map copies the kubeadm configmap into the calico-system namespace.
-# any retryable operation in this function must return a non-zero exit code on failure so that we can
-# retry it using a `until copy_kubeadm_config_map; do sleep 5; done` pattern;
-# and any statement must be idempotent so that subsequent retry attempts can make forward progress.
-copy_kubeadm_config_map() {
-    # Copy the kubeadm configmap to the calico-system namespace.
-    # This is a workaround needed for the calico-node-windows daemonset
-    # to be able to run in the calico-system namespace.
-    # First, validate that the kubeadm-config configmap has been created.
-    "${KUBECTL}" get configmap kubeadm-config --namespace=kube-system -o yaml || return 1
-    "${KUBECTL}" create namespace calico-system --dry-run=client -o yaml | kubectl apply -f - || return 1
-    if ! "${KUBECTL}" get configmap kubeadm-config --namespace=calico-system; then
-        "${KUBECTL}" get configmap kubeadm-config --namespace=kube-system -o yaml | sed 's/namespace: kube-system/namespace: calico-system/' | "${KUBECTL}" apply -f - || return 1
-    fi
-}
-
-wait_for_copy_kubeadm_config_map() {
-    echo "Copying kubeadm ConfigMap into calico-system namespace"
-    until copy_kubeadm_config_map; do
-        sleep 5
-    done
-}
-
 # wait_for_nodes returns when all nodes in the workload cluster are Ready.
 wait_for_nodes() {
     echo "Waiting for ${CONTROL_PLANE_MACHINE_COUNT} control plane machine(s), ${WORKER_MACHINE_COUNT} worker machine(s), and ${WINDOWS_WORKER_MACHINE_COUNT:-0} windows machine(s) to become Ready"
@@ -206,8 +183,6 @@ wait_for_pods() {
 }
 
 install_addons() {
-    export -f copy_kubeadm_config_map wait_for_copy_kubeadm_config_map
-    timeout --foreground 600 bash -c wait_for_copy_kubeadm_config_map
     # In order to determine the successful outcome of CNI and cloud-provider-azure,
     # we need to wait a little bit for nodes and pods terminal state,
     # so we block successful return upon the cluster being fully operational.