adrien/ansible-role-k8s-calico
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update to the last version 3.16.2
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2020-10-07 12:04:50 +02:00
parent 32dbc7da08
commit 2959f37074
5 changed files with 46 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

23
files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -52,6 +52,29 @@ spec:
description: Selector for the nodes that should have this peering. When description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty. this is set, the Node field must be empty.
type: string type: string
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
peerIP: peerIP:
description: The IP address of the peer followed by an optional port description: The IP address of the peer followed by an optional port
number to peer with. If port number is given, format should be `[<IPv6>]:port` number to peer with. If port number is given, format should be `[<IPv6>]:port`

2
files/calico-kube-controllers-Deployment.yaml
View file

@ -34,7 +34,7 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:
- name: calico-kube-controllers - name: calico-kube-controllers
image: calico/kube-controllers:v3.16.1 image: calico/kube-controllers:v3.16.2
env: env:
# Choose which controllers to run. # Choose which controllers to run.
- name: ENABLED_CONTROLLERS - name: ENABLED_CONTROLLERS

8
files/calico-node-ClusterRole.yaml
View file

@ -14,6 +14,14 @@ rules:
- namespaces - namespaces
verbs: verbs:
- get - get
- apiGroups: [""]
resources:
- secrets
verbs:
# Needed when configuring bgp password in bgppeer
- watch
- list
- get
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- endpoints - endpoints

8
files/calico-node-DaemonSet.yaml
View file

@ -44,7 +44,7 @@ spec:
# It can be deleted if this is a fresh installation, or if you have already # It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam. # upgraded to use calico-ipam.
- name: upgrade-ipam - name: upgrade-ipam
image: calico/cni:v3.16.1 image: calico/cni:v3.16.2
command: ["/opt/cni/bin/calico-ipam", "-upgrade"] command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
envFrom: envFrom:
- configMapRef: - configMapRef:
@ -71,7 +71,7 @@ spec:
# This container installs the CNI binaries # This container installs the CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
image: calico/cni:v3.16.1 image: calico/cni:v3.16.2
command: ["/opt/cni/bin/install"] command: ["/opt/cni/bin/install"]
envFrom: envFrom:
- configMapRef: - configMapRef:
@ -112,7 +112,7 @@ spec:
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API. # to communicate with Felix over the Policy Sync API.
- name: flexvol-driver - name: flexvol-driver
image: calico/pod2daemon-flexvol:v3.16.1 image: calico/pod2daemon-flexvol:v3.16.2
volumeMounts: volumeMounts:
- name: flexvol-driver-host - name: flexvol-driver-host
mountPath: /host/driver mountPath: /host/driver
@ -123,7 +123,7 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
image: calico/node:v3.16.1 image: calico/node:v3.16.2
envFrom: envFrom:
- configMapRef: - configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.

10
files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -34,6 +34,16 @@ spec:
spec: spec:
description: FelixConfigurationSpec contains the values of the Felix configuration. description: FelixConfigurationSpec contains the values of the Felix configuration.
properties: properties:
allowIPIPPacketsFromWorkloads:
description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
will add a rule to drop IPIP encapsulated traffic from workloads
[Default: false]'
type: boolean
allowVXLANPacketsFromWorkloads:
description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
will add a rule to drop VXLAN encapsulated traffic from workloads
[Default: false]'
type: boolean
awsSrcDstCheck: awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default: value must be one of "DoNothing", "Enabled" or "Disabled". [Default: