diff --git a/templates/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index b2f385b..e03fc90 100644 --- a/templates/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,5 +1,4 @@ # Source: calico/templates/kdd-crds.yaml - apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -11,6 +10,7 @@ spec: listKind: BGPConfigurationList plural: bgpconfigurations singular: bgpconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -178,4 +178,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml index 89177b0..7f6ca5b 100644 --- a/templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: BGPPeerList plural: bgppeers singular: bgppeer + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -115,4 +117,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml index b1fd48d..cd90134 100644 --- a/templates/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: BlockAffinityList plural: blockaffinities singular: blockaffinity + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -57,4 +59,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/calico-config-ConfigMap.yaml b/templates/calico-config-ConfigMap.yaml index 1d054e7..e54a39d 100644 --- a/templates/calico-config-ConfigMap.yaml +++ b/templates/calico-config-ConfigMap.yaml @@ -51,4 +51,3 @@ data: } ] } - diff --git a/templates/calico-kube-controllers-ClusterRole.yaml b/templates/calico-kube-controllers-ClusterRole.yaml index e3c03c4..347343c 100644 --- a/templates/calico-kube-controllers-ClusterRole.yaml +++ b/templates/calico-kube-controllers-ClusterRole.yaml @@ -1,5 +1,4 @@ # Source: calico/templates/calico-kube-controllers-rbac.yaml - # Include a clusterrole for the kube-controllers component, # and bind it to the calico-kube-controllers serviceaccount. kind: ClusterRole diff --git a/templates/calico-kube-controllers-ClusterRoleBinding.yaml b/templates/calico-kube-controllers-ClusterRoleBinding.yaml index 4b64b4c..967f2ff 100644 --- a/templates/calico-kube-controllers-ClusterRoleBinding.yaml +++ b/templates/calico-kube-controllers-ClusterRoleBinding.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/calico-kube-controllers-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/templates/calico-kube-controllers-Deployment.yaml b/templates/calico-kube-controllers-Deployment.yaml index 0115427..ca65af2 100644 --- a/templates/calico-kube-controllers-Deployment.yaml +++ b/templates/calico-kube-controllers-Deployment.yaml @@ -30,11 +30,14 @@ spec: operator: Exists - key: node-role.kubernetes.io/master effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule serviceAccountName: calico-kube-controllers priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.23.3 + image: docker.io/calico/kube-controllers:v3.24.0 + imagePullPolicy: IfNotPresent env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS @@ -56,4 +59,3 @@ spec: - /usr/bin/check-status - -r periodSeconds: 10 - diff --git a/templates/calico-kube-controllers-PodDisruptionBudget.yaml b/templates/calico-kube-controllers-PodDisruptionBudget.yaml index 15c3341..f66a7b0 100644 --- a/templates/calico-kube-controllers-PodDisruptionBudget.yaml +++ b/templates/calico-kube-controllers-PodDisruptionBudget.yaml @@ -1,4 +1,4 @@ - +# Source: calico/templates/calico-kube-controllers.yaml # This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict apiVersion: policy/v1 @@ -13,4 +13,3 @@ spec: selector: matchLabels: k8s-app: calico-kube-controllers - diff --git a/templates/calico-kube-controllers-ServiceAccount.yaml b/templates/calico-kube-controllers-ServiceAccount.yaml index 6dce24b..24ddff7 100644 --- a/templates/calico-kube-controllers-ServiceAccount.yaml +++ b/templates/calico-kube-controllers-ServiceAccount.yaml @@ -1,7 +1,6 @@ - +# Source: calico/templates/calico-kube-controllers.yaml apiVersion: v1 kind: ServiceAccount metadata: name: calico-kube-controllers namespace: kube-system - diff --git a/templates/calico-node-ClusterRole.yaml b/templates/calico-node-ClusterRole.yaml index b535ee7..6b0cc0f 100644 --- a/templates/calico-node-ClusterRole.yaml +++ b/templates/calico-node-ClusterRole.yaml @@ -143,11 +143,14 @@ rules: - create - update - delete + # The CNI plugin and calico/node need to be able to create a default + # IPAMConfiguration - apiGroups: ["crd.projectcalico.org"] resources: - ipamconfigs verbs: - get + - create # Block affinities must also be watchable by confd for route aggregation. - apiGroups: ["crd.projectcalico.org"] resources: @@ -161,4 +164,3 @@ rules: - daemonsets verbs: - get - diff --git a/templates/calico-node-ClusterRoleBinding.yaml b/templates/calico-node-ClusterRoleBinding.yaml index e8cc541..2a04b42 100644 --- a/templates/calico-node-ClusterRoleBinding.yaml +++ b/templates/calico-node-ClusterRoleBinding.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/calico-node-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -10,4 +11,3 @@ subjects: - kind: ServiceAccount name: calico-node namespace: kube-system - diff --git a/templates/calico-node-DaemonSet.yaml b/templates/calico-node-DaemonSet.yaml index 9aaaf77..e337660 100644 --- a/templates/calico-node-DaemonSet.yaml +++ b/templates/calico-node-DaemonSet.yaml @@ -44,7 +44,8 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.23.3 + image: docker.io/calico/cni:v3.24.0 + imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -71,7 +72,8 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.23.3 + image: docker.io/calico/cni:v3.24.0 + imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -113,7 +115,8 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.23.3 + image: docker.io/calico/node:v3.24.0 + imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: - mountPath: /sys/fs @@ -138,7 +141,8 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.23.3 + image: docker.io/calico/node:v3.24.0 + imagePullPolicy: IfNotPresent envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. diff --git a/templates/calico-node-ServiceAccount.yaml b/templates/calico-node-ServiceAccount.yaml index 061d9c2..e9b0b96 100644 --- a/templates/calico-node-ServiceAccount.yaml +++ b/templates/calico-node-ServiceAccount.yaml @@ -1,7 +1,6 @@ - +# Source: calico/templates/calico-node.yaml apiVersion: v1 kind: ServiceAccount metadata: name: calico-node namespace: kube-system - diff --git a/templates/calicoctl-Pod.yaml b/templates/calicoctl-Pod.yaml index 488e0b7..0eb53b2 100644 --- a/templates/calicoctl-Pod.yaml +++ b/templates/calicoctl-Pod.yaml @@ -11,7 +11,7 @@ spec: serviceAccountName: calicoctl containers: - name: calicoctl - image: calico/ctl:v3.23.3 + image: calico/ctl:v3.24.0 command: - /calicoctl args: diff --git a/templates/calicoctl-ServiceAccount.yaml b/templates/calicoctl-ServiceAccount.yaml index 53351d9..ef22749 100644 --- a/templates/calicoctl-ServiceAccount.yaml +++ b/templates/calicoctl-ServiceAccount.yaml @@ -1,7 +1,7 @@ -# Calico Version v3.23.3 -# https://projectcalico.docs.tigera.io/releases#v3.23.3 +# Calico Version master +# https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:v3.23.3 +# calico/ctl:v3.24.0 apiVersion: v1 kind: ServiceAccount diff --git a/templates/caliconodestatuses.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/caliconodestatuses.crd.projectcalico.org-CustomResourceDefinition.yaml index 3d21b16..1f7d6bc 100644 --- a/templates/caliconodestatuses.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/caliconodestatuses.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -12,6 +13,7 @@ spec: listKind: CalicoNodeStatusList plural: caliconodestatuses singular: caliconodestatus + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -259,4 +261,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml index 87522e4..51ca669 100644 --- a/templates/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: ClusterInformationList plural: clusterinformations singular: clusterinformation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -60,4 +62,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 9d93b43..ae5739b 100644 --- a/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: FelixConfigurationList plural: felixconfigurations singular: felixconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -86,7 +88,7 @@ spec: description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local service. This mark allows us to control how packets of that connection - are routed within the host and how is routing intepreted by RPF + are routed within the host and how is routing interpreted by RPF check. [Default: 0]' type: integer bpfExternalServiceMode: @@ -134,6 +136,11 @@ spec: policy. Selectors such as "all()" can result in large numbers of entries (one entry per endpoint in that case). type: integer + bpfMapSizeIfState: + description: BPFMapSizeIfState sets the size for ifstate map. The + ifstate map must be large enough to hold an entry for each device + (host + workloads) on a host. + type: integer bpfMapSizeNATAffinity: type: integer bpfMapSizeNATBackend: @@ -166,6 +173,11 @@ spec: are inclusive. [Default: 20000:29999]' pattern: ^.* x-kubernetes-int-or-string: true + bpfPolicyDebugEnabled: + description: BPFPolicyDebugEnabled when true, Felix records detailed + information about the BPF policy programs, which can be examined + with the calico-bpf command-line tool. + type: boolean chainInsertMode: description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the @@ -295,7 +307,6 @@ spec: are auto-detected. type: string floatingIPs: - default: Disabled description: FloatingIPs configures whether or not Felix will program floating IP addresses. enum: @@ -557,6 +568,10 @@ spec: information. - WorkloadIPs: use workload endpoints to construct routes. - CalicoIPAM: the default - use IPAM data to construct routes.' type: string + routeSyncDisabled: + description: RouteSyncDisabled will disable all operations performed + on the route table. Set to true to run in network-policy mode only. + type: boolean routeTableRange: description: Deprecated in favor of RouteTableRanges. Calico programs additional Linux route tables for various purposes. RouteTableRange @@ -634,7 +649,13 @@ spec: vxlanVNI: type: integer wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. + description: 'WireguardEnabled controls whether Wireguard is enabled + for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). + [Default: false]' + type: boolean + wireguardEnabledV6: + description: 'WireguardEnabledV6 controls whether Wireguard is enabled + for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). [Default: false]' type: boolean wireguardHostEncryptionEnabled: @@ -643,7 +664,11 @@ spec: type: boolean wireguardInterfaceName: description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' + the IPv4 Wireguard interface. [Default: wireguard.cali]' + type: string + wireguardInterfaceNameV6: + description: 'WireguardInterfaceNameV6 specifies the name to use for + the IPv6 Wireguard interface. [Default: wg-v6.cali]' type: string wireguardKeepAlive: description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive @@ -651,11 +676,19 @@ spec: type: string wireguardListeningPort: description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' + by IPv4 Wireguard. [Default: 51820]' + type: integer + wireguardListeningPortV6: + description: 'WireguardListeningPortV6 controls the listening port + used by IPv6 Wireguard. [Default: 51821]' type: integer wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' + description: 'WireguardMTU controls the MTU on the IPv4 Wireguard + interface. See Configuring MTU [Default: 1440]' + type: integer + wireguardMTUV6: + description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard + interface. See Configuring MTU [Default: 1420]' type: integer wireguardRoutingRulePriority: description: 'WireguardRoutingRulePriority controls the priority value @@ -687,4 +720,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml index b4b1f2e..e7c2e61 100644 --- a/templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: GlobalNetworkPolicyList plural: globalnetworkpolicies singular: globalnetworkpolicy + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -851,4 +853,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml index 9a4ffdb..da2fef8 100644 --- a/templates/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: GlobalNetworkSetList plural: globalnetworksets singular: globalnetworkset + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -49,4 +51,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml index 74474b6..055a94a 100644 --- a/templates/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: HostEndpointList plural: hostendpoints singular: hostendpoint + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -104,4 +106,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml index 30fd171..2bdaa2f 100644 --- a/templates/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: IPAMBlockList plural: ipamblocks singular: ipamblock + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -115,4 +117,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml index 3e3d422..c39111a 100644 --- a/templates/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: IPAMConfigList plural: ipamconfigs singular: ipamconfig + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -36,6 +38,8 @@ spec: maxBlocksPerHost: description: MaxBlocksPerHost, if non-zero, is the max number of blocks that can be affine to each host. + maximum: 2147483647 + minimum: 0 type: integer strictAffinity: type: boolean @@ -52,4 +56,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml index 62eb926..7ed3e51 100644 --- a/templates/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: IPAMHandleList plural: ipamhandles singular: ipamhandle + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -52,4 +54,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml index 009bae0..6853b4a 100644 --- a/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: IPPoolList plural: ippools singular: ippool + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -105,4 +107,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/ipreservations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ipreservations.crd.projectcalico.org-CustomResourceDefinition.yaml index 1c2bd7d..0993048 100644 --- a/templates/ipreservations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ipreservations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -12,6 +13,7 @@ spec: listKind: IPReservationList plural: ipreservations singular: ipreservation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -50,4 +52,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 0a47375..b0b1f49 100644 --- a/templates/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: KubeControllersConfigurationList plural: kubecontrollersconfigurations singular: kubecontrollersconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -249,4 +251,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml index 2e79b63..186fc3a 100644 --- a/templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: NetworkPolicyList plural: networkpolicies singular: networkpolicy + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -832,4 +834,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/templates/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml index ec8f34c..5dc63e9 100644 --- a/templates/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,3 +1,4 @@ +# Source: calico/templates/kdd-crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -9,6 +10,7 @@ spec: listKind: NetworkSetList plural: networksets singular: networkset + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -47,4 +49,3 @@ status: plural: "" conditions: [] storedVersions: [] - diff --git a/vars/calico-files.yaml b/vars/calico-files.yaml index e086d77..1e6e1c6 100644 --- a/vars/calico-files.yaml +++ b/vars/calico-files.yaml @@ -1,5 +1,8 @@ --- calico_files: + - "calico-kube-controllers-PodDisruptionBudget.yaml" + - "calico-kube-controllers-ServiceAccount.yaml" + - "calico-node-ServiceAccount.yaml" - "calico-config-ConfigMap.yaml" - "bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml" - "bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml" @@ -19,14 +22,11 @@ calico_files: - "networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml" - "networksets.crd.projectcalico.org-CustomResourceDefinition.yaml" - "calico-kube-controllers-ClusterRole.yaml" - - "calico-kube-controllers-ClusterRoleBinding.yaml" - "calico-node-ClusterRole.yaml" + - "calico-kube-controllers-ClusterRoleBinding.yaml" - "calico-node-ClusterRoleBinding.yaml" - "calico-node-DaemonSet.yaml" - - "calico-node-ServiceAccount.yaml" - "calico-kube-controllers-Deployment.yaml" - - "calico-kube-controllers-ServiceAccount.yaml" - - "calico-kube-controllers-PodDisruptionBudget.yaml" calicoctl_files: - "calicoctl-ServiceAccount.yaml"