From 2959f37074cfc6b960138fc84d6e8c0308556c11 Mon Sep 17 00:00:00 2001 From: Adrien Date: Wed, 7 Oct 2020 12:04:50 +0200 Subject: [PATCH] Update to the last version 3.16.2 --- ...ctcalico.org-CustomResourceDefinition.yaml | 23 +++++++++++++++++++ files/calico-kube-controllers-Deployment.yaml | 2 +- files/calico-node-ClusterRole.yaml | 8 +++++++ files/calico-node-DaemonSet.yaml | 8 +++---- ...ctcalico.org-CustomResourceDefinition.yaml | 10 ++++++++ 5 files changed, 46 insertions(+), 5 deletions(-) diff --git a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml index acaec6c..245844b 100644 --- a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -52,6 +52,29 @@ spec: description: Selector for the nodes that should have this peering. When this is set, the Node field must be empty. type: string + password: + description: Optional BGP password for the peerings generated by this + BGPPeer resource. + properties: + secretKeyRef: + description: Selects a key of a secret in the node pod's namespace. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + type: object peerIP: description: The IP address of the peer followed by an optional port number to peer with. If port number is given, format should be `[]:port` diff --git a/files/calico-kube-controllers-Deployment.yaml b/files/calico-kube-controllers-Deployment.yaml index 92c203d..24644e3 100644 --- a/files/calico-kube-controllers-Deployment.yaml +++ b/files/calico-kube-controllers-Deployment.yaml @@ -34,7 +34,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: calico/kube-controllers:v3.16.1 + image: calico/kube-controllers:v3.16.2 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/files/calico-node-ClusterRole.yaml b/files/calico-node-ClusterRole.yaml index 9ca41ad..c10da51 100644 --- a/files/calico-node-ClusterRole.yaml +++ b/files/calico-node-ClusterRole.yaml @@ -14,6 +14,14 @@ rules: - namespaces verbs: - get + - apiGroups: [""] + resources: + - secrets + verbs: + # Needed when configuring bgp password in bgppeer + - watch + - list + - get - apiGroups: [""] resources: - endpoints diff --git a/files/calico-node-DaemonSet.yaml b/files/calico-node-DaemonSet.yaml index 8849a1b..6810aa1 100644 --- a/files/calico-node-DaemonSet.yaml +++ b/files/calico-node-DaemonSet.yaml @@ -44,7 +44,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: calico/cni:v3.16.1 + image: calico/cni:v3.16.2 command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -71,7 +71,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v3.16.1 + image: calico/cni:v3.16.2 command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -112,7 +112,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.16.1 + image: calico/pod2daemon-flexvol:v3.16.2 volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -123,7 +123,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v3.16.1 + image: calico/node:v3.16.2 envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. diff --git a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 8818cfd..347a573 100644 --- a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -34,6 +34,16 @@ spec: spec: description: FelixConfigurationSpec contains the values of the Felix configuration. properties: + allowIPIPPacketsFromWorkloads: + description: 'AllowIPIPPacketsFromWorkloads controls whether Felix + will add a rule to drop IPIP encapsulated traffic from workloads + [Default: false]' + type: boolean + allowVXLANPacketsFromWorkloads: + description: 'AllowVXLANPacketsFromWorkloads controls whether Felix + will add a rule to drop VXLAN encapsulated traffic from workloads + [Default: false]' + type: boolean awsSrcDstCheck: description: 'Set source-destination-check on AWS EC2 instances. Accepted value must be one of "DoNothing", "Enabled" or "Disabled". [Default: