adrien/ansible-role-k8s-calico
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update calico to version 3.24.0
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-08-20 11:58:01 +02:00
parent 8e4129387e
commit 0de1caead0
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
30 changed files with 101 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

3
templates/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,5 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -11,6 +10,7 @@ spec:
listKind: BGPConfigurationList
plural: bgpconfigurations
singular: bgpconfiguration
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -178,4 +178,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: BGPPeerList
plural: bgppeers
singular: bgppeer
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -115,4 +117,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: BlockAffinityList
plural: blockaffinities
singular: blockaffinity
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -57,4 +59,3 @@ status:
plural: ""
conditions: []
storedVersions: []

1
templates/calico-config-ConfigMap.yaml
View file

@ -51,4 +51,3 @@ data:
}
]
}

1
templates/calico-kube-controllers-ClusterRole.yaml
View file

@ -1,5 +1,4 @@
# Source: calico/templates/calico-kube-controllers-rbac.yaml
# Include a clusterrole for the kube-controllers component,
# and bind it to the calico-kube-controllers serviceaccount.
kind: ClusterRole

1
templates/calico-kube-controllers-ClusterRoleBinding.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/calico-kube-controllers-rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:

6
templates/calico-kube-controllers-Deployment.yaml
View file

@ -30,11 +30,14 @@ spec:
operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
serviceAccountName: calico-kube-controllers
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: docker.io/calico/kube-controllers:v3.23.3
image: docker.io/calico/kube-controllers:v3.24.0
imagePullPolicy: IfNotPresent
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
@ -56,4 +59,3 @@ spec:
- /usr/bin/check-status
- -r
periodSeconds: 10

3
templates/calico-kube-controllers-PodDisruptionBudget.yaml
View file

@ -1,4 +1,4 @@
# Source: calico/templates/calico-kube-controllers.yaml
# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
apiVersion: policy/v1
@ -13,4 +13,3 @@ spec:
selector:
matchLabels:
k8s-app: calico-kube-controllers

3
templates/calico-kube-controllers-ServiceAccount.yaml
View file

@ -1,7 +1,6 @@
# Source: calico/templates/calico-kube-controllers.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
namespace: kube-system

4
templates/calico-node-ClusterRole.yaml
View file

@ -143,11 +143,14 @@ rules:
- create
- update
- delete
# The CNI plugin and calico/node need to be able to create a default
# IPAMConfiguration
- apiGroups: ["crd.projectcalico.org"]
resources:
- ipamconfigs
verbs:
- get
- create
# Block affinities must also be watchable by confd for route aggregation.
- apiGroups: ["crd.projectcalico.org"]
resources:
@ -161,4 +164,3 @@ rules:
- daemonsets
verbs:
- get

2
templates/calico-node-ClusterRoleBinding.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/calico-node-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -10,4 +11,3 @@ subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system

12
templates/calico-node-DaemonSet.yaml
View file

@ -44,7 +44,8 @@ spec:
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: docker.io/calico/cni:v3.23.3
image: docker.io/calico/cni:v3.24.0
imagePullPolicy: IfNotPresent
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
envFrom:
- configMapRef:
@ -71,7 +72,8 @@ spec:
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: docker.io/calico/cni:v3.23.3
image: docker.io/calico/cni:v3.24.0
imagePullPolicy: IfNotPresent
command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
@ -113,7 +115,8 @@ spec:
# i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
# in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
- name: "mount-bpffs"
image: docker.io/calico/node:v3.23.3
image: docker.io/calico/node:v3.24.0
imagePullPolicy: IfNotPresent
command: ["calico-node", "-init", "-best-effort"]
volumeMounts:
- mountPath: /sys/fs
@ -138,7 +141,8 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: docker.io/calico/node:v3.23.3
image: docker.io/calico/node:v3.24.0
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.

3
templates/calico-node-ServiceAccount.yaml
View file

@ -1,7 +1,6 @@
# Source: calico/templates/calico-node.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system

2
templates/calicoctl-Pod.yaml
View file

@ -11,7 +11,7 @@ spec:
serviceAccountName: calicoctl
containers:
- name: calicoctl
image: calico/ctl:v3.23.3
image: calico/ctl:v3.24.0
command:
- /calicoctl
args:

6
templates/calicoctl-ServiceAccount.yaml
View file

@ -1,7 +1,7 @@
# Calico Version v3.23.3
# https://projectcalico.docs.tigera.io/releases#v3.23.3
# Calico Version master
# https://projectcalico.docs.tigera.io/releases#master
# This manifest includes the following component versions:
# calico/ctl:v3.23.3
# calico/ctl:v3.24.0
apiVersion: v1
kind: ServiceAccount

3
templates/caliconodestatuses.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -12,6 +13,7 @@ spec:
listKind: CalicoNodeStatusList
plural: caliconodestatuses
singular: caliconodestatus
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -259,4 +261,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: ClusterInformationList
plural: clusterinformations
singular: clusterinformation
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -60,4 +62,3 @@ status:
plural: ""
conditions: []
storedVersions: []

48
templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: FelixConfigurationList
plural: felixconfigurations
singular: felixconfiguration
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -86,7 +88,7 @@ spec:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local
service. This mark allows us to control how packets of that connection
are routed within the host and how is routing intepreted by RPF
are routed within the host and how is routing interpreted by RPF
check. [Default: 0]'
type: integer
bpfExternalServiceMode:
@ -134,6 +136,11 @@ spec:
policy. Selectors such as "all()" can result in large numbers of
entries (one entry per endpoint in that case).
type: integer
bpfMapSizeIfState:
description: BPFMapSizeIfState sets the size for ifstate map. The
ifstate map must be large enough to hold an entry for each device
(host + workloads) on a host.
type: integer
bpfMapSizeNATAffinity:
type: integer
bpfMapSizeNATBackend:
@ -166,6 +173,11 @@ spec:
are inclusive. [Default: 20000:29999]'
pattern: ^.*
x-kubernetes-int-or-string: true
bpfPolicyDebugEnabled:
description: BPFPolicyDebugEnabled when true, Felix records detailed
information about the BPF policy programs, which can be examined
with the calico-bpf command-line tool.
type: boolean
chainInsertMode:
description: 'ChainInsertMode controls whether Felix hooks the kernel''s
top-level iptables chains by inserting a rule at the top of the
@ -295,7 +307,6 @@ spec:
are auto-detected.
type: string
floatingIPs:
default: Disabled
description: FloatingIPs configures whether or not Felix will program
floating IP addresses.
enum:
@ -557,6 +568,10 @@ spec:
information. - WorkloadIPs: use workload endpoints to construct
routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
type: string
routeSyncDisabled:
description: RouteSyncDisabled will disable all operations performed
on the route table. Set to true to run in network-policy mode only.
type: boolean
routeTableRange:
description: Deprecated in favor of RouteTableRanges. Calico programs
additional Linux route tables for various purposes. RouteTableRange
@ -634,7 +649,13 @@ spec:
vxlanVNI:
type: integer
wireguardEnabled:
description: 'WireguardEnabled controls whether Wireguard is enabled.
description: 'WireguardEnabled controls whether Wireguard is enabled
for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
[Default: false]'
type: boolean
wireguardEnabledV6:
description: 'WireguardEnabledV6 controls whether Wireguard is enabled
for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
[Default: false]'
type: boolean
wireguardHostEncryptionEnabled:
@ -643,7 +664,11 @@ spec:
type: boolean
wireguardInterfaceName:
description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]'
the IPv4 Wireguard interface. [Default: wireguard.cali]'
type: string
wireguardInterfaceNameV6:
description: 'WireguardInterfaceNameV6 specifies the name to use for
the IPv6 Wireguard interface. [Default: wg-v6.cali]'
type: string
wireguardKeepAlive:
description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
@ -651,11 +676,19 @@ spec:
type: string
wireguardListeningPort:
description: 'WireguardListeningPort controls the listening port used
by Wireguard. [Default: 51820]'
by IPv4 Wireguard. [Default: 51820]'
type: integer
wireguardListeningPortV6:
description: 'WireguardListeningPortV6 controls the listening port
used by IPv6 Wireguard. [Default: 51821]'
type: integer
wireguardMTU:
description: 'WireguardMTU controls the MTU on the Wireguard interface.
See Configuring MTU [Default: 1420]'
description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
interface. See Configuring MTU [Default: 1440]'
type: integer
wireguardMTUV6:
description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
interface. See Configuring MTU [Default: 1420]'
type: integer
wireguardRoutingRulePriority:
description: 'WireguardRoutingRulePriority controls the priority value
@ -687,4 +720,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: GlobalNetworkPolicyList
plural: globalnetworkpolicies
singular: globalnetworkpolicy
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -851,4 +853,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: GlobalNetworkSetList
plural: globalnetworksets
singular: globalnetworkset
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -49,4 +51,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: HostEndpointList
plural: hostendpoints
singular: hostendpoint
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -104,4 +106,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: IPAMBlockList
plural: ipamblocks
singular: ipamblock
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -115,4 +117,3 @@ status:
plural: ""
conditions: []
storedVersions: []

5
templates/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: IPAMConfigList
plural: ipamconfigs
singular: ipamconfig
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -36,6 +38,8 @@ spec:
maxBlocksPerHost:
description: MaxBlocksPerHost, if non-zero, is the max number of blocks
that can be affine to each host.
maximum: 2147483647
minimum: 0
type: integer
strictAffinity:
type: boolean
@ -52,4 +56,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: IPAMHandleList
plural: ipamhandles
singular: ipamhandle
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -52,4 +54,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: IPPoolList
plural: ippools
singular: ippool
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -105,4 +107,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/ipreservations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -12,6 +13,7 @@ spec:
listKind: IPReservationList
plural: ipreservations
singular: ipreservation
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -50,4 +52,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: KubeControllersConfigurationList
plural: kubecontrollersconfigurations
singular: kubecontrollersconfiguration
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
@ -249,4 +251,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: NetworkPolicyList
plural: networkpolicies
singular: networkpolicy
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1
@ -832,4 +834,3 @@ status:
plural: ""
conditions: []
storedVersions: []

3
templates/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -1,3 +1,4 @@
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -9,6 +10,7 @@ spec:
listKind: NetworkSetList
plural: networksets
singular: networkset
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1
@ -47,4 +49,3 @@ status:
plural: ""
conditions: []
storedVersions: []

8
vars/calico-files.yaml
View file

@ -1,5 +1,8 @@
---
calico_files:
- "calico-kube-controllers-PodDisruptionBudget.yaml"
- "calico-kube-controllers-ServiceAccount.yaml"
- "calico-node-ServiceAccount.yaml"
- "calico-config-ConfigMap.yaml"
- "bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml"
- "bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml"
@ -19,14 +22,11 @@ calico_files:
- "networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml"
- "networksets.crd.projectcalico.org-CustomResourceDefinition.yaml"
- "calico-kube-controllers-ClusterRole.yaml"
- "calico-kube-controllers-ClusterRoleBinding.yaml"
- "calico-node-ClusterRole.yaml"
- "calico-kube-controllers-ClusterRoleBinding.yaml"
- "calico-node-ClusterRoleBinding.yaml"
- "calico-node-DaemonSet.yaml"
- "calico-node-ServiceAccount.yaml"
- "calico-kube-controllers-Deployment.yaml"
- "calico-kube-controllers-ServiceAccount.yaml"
- "calico-kube-controllers-PodDisruptionBudget.yaml"
calicoctl_files:
- "calicoctl-ServiceAccount.yaml"