diff --git a/files/calico-config-ConfigMap.yaml b/files/calico-config-ConfigMap.yaml index 848686e..b009aba 100644 --- a/files/calico-config-ConfigMap.yaml +++ b/files/calico-config-ConfigMap.yaml @@ -10,8 +10,9 @@ data: typha_service_name: "none" # Configure the backend to use. calico_backend: "vxlan" - - # Configure the MTU to use + # Configure the MTU to use for workload interfaces and the + # tunnels. For IPIP, set to your network MTU - 20; for VXLAN + # set to your network MTU - 50. veth_mtu: "1440" # The CNI network configuration to install on each node. The special diff --git a/files/calico-kube-controllers-ClusterRole.yaml b/files/calico-kube-controllers-ClusterRole.yaml index 022226b..833dd5f 100644 --- a/files/calico-kube-controllers-ClusterRole.yaml +++ b/files/calico-kube-controllers-ClusterRole.yaml @@ -38,6 +38,16 @@ rules: - create - update - delete + # kube-controllers manages hostendpoints. + - apiGroups: ["crd.projectcalico.org"] + resources: + - hostendpoints + verbs: + - get + - list + - create + - update + - delete # Needs access to update clusterinformations. - apiGroups: ["crd.projectcalico.org"] resources: @@ -46,3 +56,16 @@ rules: - get - create - update + # KubeControllersConfiguration is where it gets its config + - apiGroups: ["crd.projectcalico.org"] + resources: + - kubecontrollersconfigurations + verbs: + # read its own config + - get + # create a default if none exists + - create + # update status + - update + # watch for changes + - watch diff --git a/files/calico-kube-controllers-Deployment.yaml b/files/calico-kube-controllers-Deployment.yaml index ad79222..c18cdf6 100644 --- a/files/calico-kube-controllers-Deployment.yaml +++ b/files/calico-kube-controllers-Deployment.yaml @@ -1,5 +1,4 @@ # Source: calico/templates/calico-kube-controllers.yaml - # See https://github.com/projectcalico/kube-controllers apiVersion: apps/v1 kind: Deployment @@ -37,7 +36,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: calico/kube-controllers:v3.13.3 + image: calico/kube-controllers:v3.14.0 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/files/calico-kube-controllers-ServiceAccount.yaml b/files/calico-kube-controllers-ServiceAccount.yaml index 9b41df4..6dce24b 100644 --- a/files/calico-kube-controllers-ServiceAccount.yaml +++ b/files/calico-kube-controllers-ServiceAccount.yaml @@ -4,3 +4,4 @@ kind: ServiceAccount metadata: name: calico-kube-controllers namespace: kube-system + diff --git a/files/calico-node-DaemonSet.yaml b/files/calico-node-DaemonSet.yaml index a000b0d..56fc064 100644 --- a/files/calico-node-DaemonSet.yaml +++ b/files/calico-node-DaemonSet.yaml @@ -50,7 +50,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: calico/cni:v3.13.3 + image: calico/cni:v3.14.0 command: ["/opt/cni/bin/calico-ipam", "-upgrade"] env: - name: KUBERNETES_NODE_NAME @@ -72,7 +72,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v3.13.3 + image: calico/cni:v3.14.0 command: ["/install-cni.sh"] env: # Name of the CNI config file to create. @@ -108,7 +108,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.13.3 + image: calico/pod2daemon-flexvol:v3.14.0 volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -119,7 +119,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v3.13.3 + image: calico/node:v3.14.0 env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -153,6 +153,12 @@ spec: configMapKeyRef: name: calico-config key: veth_mtu + # Set MTU for the VXLAN tunnel device. + - name: FELIX_VXLANMTU + valueFrom: + configMapKeyRef: + name: calico-config + key: veth_mtu # The default IPv4 pool to create on startup if none exists. Pod IPs will be # chosen from this range. Changing this value after installation will have # no effect. This should fall within `--cluster-cidr`. diff --git a/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml index abc1969..ae38004 100644 --- a/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -10,4 +10,6 @@ spec: kind: GlobalNetworkPolicy plural: globalnetworkpolicies singular: globalnetworkpolicy + shortNames: + - gnp diff --git a/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml new file mode 100644 index 0000000..44b0c9a --- /dev/null +++ b/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kubecontrollersconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: KubeControllersConfiguration + plural: kubecontrollersconfigurations + singular: kubecontrollersconfiguration diff --git a/vars/calico-files.yaml b/vars/calico-files.yaml index 9532c7b..1dd98ea 100644 --- a/vars/calico-files.yaml +++ b/vars/calico-files.yaml @@ -13,6 +13,7 @@ calico_files: - "version/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml" - "version/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml" - "version/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml" + - "version/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml" - "version/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml" - "version/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml" - "version/calico-kube-controllers-ClusterRole.yaml"