From 4974a904f2153832b3dc0b13f71df59bd68aa604 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Wed, 19 Oct 2022 10:25:25 +0200 Subject: [PATCH] Update calico to version 3.24.2 --- templates/calico-kube-controllers-Deployment.yaml | 2 +- templates/calico-node-DaemonSet.yaml | 8 ++++---- templates/calicoctl-Pod.yaml | 2 +- templates/calicoctl-ServiceAccount.yaml | 2 +- ...s.crd.projectcalico.org-CustomResourceDefinition.yaml | 9 +++++++-- ...s.crd.projectcalico.org-CustomResourceDefinition.yaml | 2 +- 6 files changed, 15 insertions(+), 10 deletions(-) diff --git a/templates/calico-kube-controllers-Deployment.yaml b/templates/calico-kube-controllers-Deployment.yaml index 74d1ae5..62d6eca 100644 --- a/templates/calico-kube-controllers-Deployment.yaml +++ b/templates/calico-kube-controllers-Deployment.yaml @@ -36,7 +36,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.24.1 + image: docker.io/calico/kube-controllers:v3.24.2 imagePullPolicy: IfNotPresent env: # Choose which controllers to run. diff --git a/templates/calico-node-DaemonSet.yaml b/templates/calico-node-DaemonSet.yaml index 119fcce..43f223e 100644 --- a/templates/calico-node-DaemonSet.yaml +++ b/templates/calico-node-DaemonSet.yaml @@ -44,7 +44,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.24.1 + image: docker.io/calico/cni:v3.24.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: @@ -72,7 +72,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.24.1 + image: docker.io/calico/cni:v3.24.2 imagePullPolicy: IfNotPresent command: ["/opt/cni/bin/install"] envFrom: @@ -115,7 +115,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.24.1 + image: docker.io/calico/node:v3.24.2 imagePullPolicy: IfNotPresent command: ["calico-node", "-init", "-best-effort"] volumeMounts: @@ -141,7 +141,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.24.1 + image: docker.io/calico/node:v3.24.2 imagePullPolicy: IfNotPresent envFrom: - configMapRef: diff --git a/templates/calicoctl-Pod.yaml b/templates/calicoctl-Pod.yaml index c93efee..c055b70 100644 --- a/templates/calicoctl-Pod.yaml +++ b/templates/calicoctl-Pod.yaml @@ -11,7 +11,7 @@ spec: serviceAccountName: calicoctl containers: - name: calicoctl - image: calico/ctl:v3.24.1 + image: calico/ctl:v3.24.2 command: - /calicoctl args: diff --git a/templates/calicoctl-ServiceAccount.yaml b/templates/calicoctl-ServiceAccount.yaml index 5bdd205..f1c141e 100644 --- a/templates/calicoctl-ServiceAccount.yaml +++ b/templates/calicoctl-ServiceAccount.yaml @@ -1,7 +1,7 @@ # Calico Version master # https://projectcalico.docs.tigera.io/releases#master # This manifest includes the following component versions: -# calico/ctl:v3.24.1 +# calico/ctl:v3.24.2 apiVersion: v1 kind: ServiceAccount diff --git a/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index ae5739b..fc8f592 100644 --- a/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -101,6 +101,11 @@ spec: node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel]' type: string + bpfHostConntrackBypass: + description: 'BPFHostConntrackBypass Controls whether to bypass Linux + conntrack in BPF mode for workloads and services. [Default: true + - bypass Linux conntrack]' + type: boolean bpfKubeProxyEndpointSlicesEnabled: description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls whether Felix's embedded kube-proxy accepts EndpointSlices or not. @@ -633,8 +638,8 @@ spec: type: boolean vxlanEnabled: description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for VXLAN networking. Optional as Felix determines - this based on the existing IP pools. [Default: nil (unset)]' + VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix + determines this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel diff --git a/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml b/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml index 6853b4a..6aac449 100644 --- a/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/templates/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -82,7 +82,7 @@ spec: for internal use only.' type: boolean natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked + description: When natOutgoing is true, packets sent from Calico networked containers in this pool to destinations outside of this pool will be masqueraded. type: boolean