From 29b391dde4340bc9f2bcc996b4dd192578d2b337 Mon Sep 17 00:00:00 2001 From: Adrien Date: Fri, 28 Aug 2020 11:33:19 +0200 Subject: [PATCH] Update to version v3.16.0 --- ...ctcalico.org-CustomResourceDefinition.yaml | 57 +++++++++++++++++-- ...ctcalico.org-CustomResourceDefinition.yaml | 12 +++- files/calico-config-ConfigMap.yaml | 1 + files/calico-kube-controllers-Deployment.yaml | 2 +- files/calico-node-DaemonSet.yaml | 36 ++++++++++-- ...ctcalico.org-CustomResourceDefinition.yaml | 23 +++++++- ...ctcalico.org-CustomResourceDefinition.yaml | 4 +- 7 files changed, 120 insertions(+), 15 deletions(-) diff --git a/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 59ccc59..4ac1567 100644 --- a/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -39,6 +39,32 @@ spec: 64512]' format: int32 type: integer + communities: + description: Communities is a list of BGP community values and their + arbitrary names for tagging routes. + items: + description: Community contains standard or large community value + and its name. + properties: + name: + description: Name given to community value. + type: string + value: + description: Value must be of format `aa:nn` or `aa:nn:mm`. + For standard community use `aa:nn` format, where `aa` and + `nn` are 16 bit number. For large community use `aa:nn:mm` + format, where `aa`, `nn` and `mm` are 32 bit number. Where, + `aa` is an AS Number, `nn` and `mm` are per-AS identifier. + pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$ + type: string + type: object + type: array + listenPort: + description: ListenPort is the port where BGP protocol should listen. + Defaults to 179 + maximum: 65535 + minimum: 1 + type: integer logSeverityScreen: description: 'LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO]' @@ -47,13 +73,36 @@ spec: description: 'NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true]' type: boolean + prefixAdvertisements: + description: PrefixAdvertisements contains per-prefix advertisement + configuration. + items: + description: PrefixAdvertisement configures advertisement properties + for the specified CIDR. + properties: + cidr: + description: CIDR for which properties should be advertised. + type: string + communities: + description: Communities can be list of either community names + already defined in `Specs.Communities` or community value + of format `aa:nn` or `aa:nn:mm`. For standard community use + `aa:nn` format, where `aa` and `nn` are 16 bit number. For + large community use `aa:nn:mm` format, where `aa`, `nn` and + `mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and + `mm` are per-AS identifier. + items: + type: string + type: array + type: object + type: array serviceClusterIPs: description: ServiceClusterIPs are the CIDR blocks from which service cluster IPs are allocated. If specified, Calico will advertise these blocks, as well as any cluster IPs within them. items: - description: ServiceClusterIPBlock represents a single whitelisted - CIDR block for ClusterIPs. + description: ServiceClusterIPBlock represents a single allowed ClusterIP + CIDR block. properties: cidr: type: string @@ -64,8 +113,8 @@ spec: Service External IPs. Kubernetes Service ExternalIPs will only be advertised if they are within one of these blocks. items: - description: ServiceExternalIPBlock represents a single whitelisted - CIDR External IP block. + description: ServiceExternalIPBlock represents a single allowed + External IP CIDR block. properties: cidr: type: string diff --git a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml index 5723d69..acaec6c 100644 --- a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -37,6 +37,12 @@ spec: description: The AS Number of the peer. format: int32 type: integer + keepOriginalNextHop: + description: Option to keep the original nexthop field when routes + are sent to a BGP Peer. Setting "true" configures the selected BGP + Peers node to use the "next hop keep;" instead of "next hop self;"(default) + in the specific branch of the Node on "bird.cfg". + type: boolean node: description: The node name identifying the Calico node instance that is peering with this peer. If this is not set, this represents a @@ -47,7 +53,11 @@ spec: this is set, the Node field must be empty. type: string peerIP: - description: The IP address of the peer. + description: The IP address of the peer followed by an optional port + number to peer with. If port number is given, format should be `[]:port` + or `:` for IPv4. If optional port number is not set, + and this peer IP and ASNumber belongs to a calico/node with ListenPort + set in BGPConfiguration, then we use that port to peer. type: string peerSelector: description: Selector for the remote nodes to peer with. When this diff --git a/files/calico-config-ConfigMap.yaml b/files/calico-config-ConfigMap.yaml index 36c06e8..ed30678 100644 --- a/files/calico-config-ConfigMap.yaml +++ b/files/calico-config-ConfigMap.yaml @@ -27,6 +27,7 @@ data: { "type": "calico", "log_level": "info", + "log_file_path": "/var/log/calico/cni/cni.log", "datastore_type": "kubernetes", "nodename": "__KUBERNETES_NODE_NAME__", "mtu": __CNI_MTU__, diff --git a/files/calico-kube-controllers-Deployment.yaml b/files/calico-kube-controllers-Deployment.yaml index 1fad98e..fceef69 100644 --- a/files/calico-kube-controllers-Deployment.yaml +++ b/files/calico-kube-controllers-Deployment.yaml @@ -34,7 +34,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: calico/kube-controllers:v3.15.1 + image: calico/kube-controllers:v3.16.0 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/files/calico-node-DaemonSet.yaml b/files/calico-node-DaemonSet.yaml index 020dd2a..d7e2fba 100644 --- a/files/calico-node-DaemonSet.yaml +++ b/files/calico-node-DaemonSet.yaml @@ -44,8 +44,13 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: calico/cni:v3.15.1 + image: calico/cni:v3.16.0 command: ["/opt/cni/bin/calico-ipam", "-upgrade"] + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: - name: KUBERNETES_NODE_NAME valueFrom: @@ -66,8 +71,13 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v3.15.1 - command: ["/install-cni.sh"] + image: calico/cni:v3.16.0 + command: ["/opt/cni/bin/install"] + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Name of the CNI config file to create. - name: CNI_CONF_NAME @@ -102,7 +112,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.15.1 + image: calico/pod2daemon-flexvol:v3.16.0 volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -113,7 +123,12 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v3.15.1 + image: calico/node:v3.16.0 + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -217,6 +232,13 @@ spec: readOnly: false - name: policysync mountPath: /var/run/nodeagent + # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the + # parent directory. + - name: sysfs + mountPath: /sys/fs/ + # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. + # If the host is known to mount that filesystem already then Bidirectional can be omitted. + mountPropagation: Bidirectional volumes: # Used by calico-node. - name: lib-modules @@ -232,6 +254,10 @@ spec: hostPath: path: /run/xtables.lock type: FileOrCreate + - name: sysfs + hostPath: + path: /sys/fs/ + type: DirectoryOrCreate # Used to install CNI. - name: cni-bin-dir hostPath: diff --git a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index e8b6c36..8818cfd 100644 --- a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -34,6 +34,15 @@ spec: spec: description: FelixConfigurationSpec contains the values of the Felix configuration. properties: + awsSrcDstCheck: + description: 'Set source-destination-check on AWS EC2 instances. Accepted + value must be one of "DoNothing", "Enabled" or "Disabled". [Default: + DoNothing]' + enum: + - DoNothing + - Enable + - Disable + type: string bpfConnectTimeLoadBalancingEnabled: description: 'BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load balancer. The @@ -196,6 +205,13 @@ spec: - protocol type: object type: array + featureDetectOverride: + description: FeatureDetectOverride is used to override the feature + detection. Values are specified in a comma separated list with no + spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". + "true" or "false" will force the feature, empty or omitted values + are auto-detected. + type: string genericXDPEnabled: description: 'GenericXDPEnabled enables Generic XDP so network cards that don''t support XDP offload or driver modes can use XDP. This @@ -227,6 +243,11 @@ spec: integrations set the ‘cali’ value, and our OpenStack integration sets the ‘tap’ value. [Default: cali]' type: string + interfaceRefreshInterval: + description: InterfaceRefreshInterval is the period at which Felix + rescans local interfaces to verify their state. The rescan can be + disabled by setting the interval to 0. + type: string ipipEnabled: type: boolean ipipMTU: @@ -498,8 +519,6 @@ spec: Calico''s BPF maps or attached programs. Set to 0 to disable XDP refresh. [Default: 90s]' type: string - required: - - bpfLogLevel type: object type: object served: true diff --git a/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml index 6ac15cd..f0c735e 100644 --- a/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -64,7 +64,7 @@ spec: type: object ipipMode: description: Contains configuration for IPIP tunneling for this pool. - If not specified, then this is defaulted to "Never" (i.e. IPIP tunelling + If not specified, then this is defaulted to "Never" (i.e. IPIP tunneling is disabled). type: string nat-outgoing: @@ -84,7 +84,7 @@ spec: vxlanMode: description: Contains configuration for VXLAN tunneling for this pool. If not specified, then this is defaulted to "Never" (i.e. VXLAN - tunelling is disabled). + tunneling is disabled). type: string required: - cidr