diff --git a/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 4ac1567..a11fc5d 100644 --- a/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/bgpconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: bgpconfigurations.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml index 245844b..30db4aa 100644 --- a/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: bgppeers.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -38,6 +35,7 @@ spec: format: int32 type: integer keepOriginalNextHop: + default: false description: Option to keep the original nexthop field when routes are sent to a BGP Peer. Setting "true" configures the selected BGP Peers node to use the "next hop keep;" instead of "next hop self;"(default) @@ -45,8 +43,8 @@ spec: type: boolean node: description: The node name identifying the Calico node instance that - is peering with this peer. If this is not set, this represents a - global peer, i.e. a peer that peers with every node in the deployment. + is targeted by this peer. If this is not set, and no nodeSelector + is specified, then this BGP peer selects all nodes in the cluster. type: string nodeSelector: description: Selector for the nodes that should have this peering. When @@ -88,12 +86,9 @@ spec: peering between the local node and selected remote nodes, we configure an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The - remote AS number comes from the remote node’s NodeBGPSpec.ASNumber, + remote AS number comes from the remote node's NodeBGPSpec.ASNumber, or the global default if that is not set. type: string - required: - - asNumber - - peerIP type: object type: object served: true diff --git a/files/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml index d023a50..b1fd48d 100644 --- a/files/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/blockaffinities.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: blockaffinities.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/calico-config-ConfigMap.yaml b/files/calico-config-ConfigMap.yaml index ed30678..1d054e7 100644 --- a/files/calico-config-ConfigMap.yaml +++ b/files/calico-config-ConfigMap.yaml @@ -10,12 +10,11 @@ data: typha_service_name: "none" # Configure the backend to use. calico_backend: "vxlan" + # Configure the MTU to use for workload interfaces and tunnels. - # - If Wireguard is enabled, set to your network MTU - 60 - # - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50 - # - Otherwise, if IPIP is enabled, set to your network MTU - 20 - # - Otherwise, if not using any encapsulation, set to your network MTU. - veth_mtu: "1440" + # By default, MTU is auto-detected, and explicitly setting this field should not be required. + # You can override auto-detection by providing a non-zero value. + veth_mtu: "0" # The CNI network configuration to install on each node. The special # values in this config will be automatically populated. diff --git a/files/calico-kube-controllers-Deployment.yaml b/files/calico-kube-controllers-Deployment.yaml index 2ce8e85..cbf178b 100644 --- a/files/calico-kube-controllers-Deployment.yaml +++ b/files/calico-kube-controllers-Deployment.yaml @@ -34,7 +34,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: calico/kube-controllers:v3.16.5 + image: docker.io/calico/kube-controllers:v3.17.0 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/files/calico-kube-controllers-PodDisruptionBudget.yaml b/files/calico-kube-controllers-PodDisruptionBudget.yaml new file mode 100644 index 0000000..cbe1d78 --- /dev/null +++ b/files/calico-kube-controllers-PodDisruptionBudget.yaml @@ -0,0 +1,16 @@ + +# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: calico-kube-controllers + namespace: kube-system + labels: + k8s-app: calico-kube-controllers +spec: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: calico-kube-controllers + diff --git a/files/calico-node-DaemonSet.yaml b/files/calico-node-DaemonSet.yaml index d555085..f3af808 100644 --- a/files/calico-node-DaemonSet.yaml +++ b/files/calico-node-DaemonSet.yaml @@ -44,7 +44,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: calico/cni:v3.16.5 + image: docker.io/calico/cni:v3.17.0 command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -71,7 +71,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: calico/cni:v3.16.5 + image: docker.io/calico/cni:v3.17.0 command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -112,7 +112,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: calico/pod2daemon-flexvol:v3.16.5 + image: docker.io/calico/pod2daemon-flexvol:v3.17.0 volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -123,7 +123,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: calico/node:v3.16.5 + image: docker.io/calico/node:v3.17.0 envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -239,6 +239,9 @@ spec: # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. # If the host is known to mount that filesystem already then Bidirectional can be omitted. mountPropagation: Bidirectional + - name: cni-log-dir + mountPath: /var/log/calico/cni + readOnly: true volumes: # Used by calico-node. - name: lib-modules @@ -265,6 +268,10 @@ spec: - name: cni-net-dir hostPath: path: /etc/cni/net.d + # Used to access CNI logs. + - name: cni-log-dir + hostPath: + path: /var/log/calico/cni # Mount in the directory for host-local IPAM allocations. This is # used when upgrading from host-local to calico-ipam, and can be removed # if not using the upgrade-ipam init container. diff --git a/files/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml index b767caf..87522e4 100644 --- a/files/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/clusterinformations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: clusterinformations.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 347a573..220e34f 100644 --- a/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: felixconfigurations.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -62,13 +59,13 @@ spec: true]' type: boolean bpfDataIfacePattern: - description: 'BPFDataIfacePattern is a regular expression that controls + description: BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually - named cali...). [Default: ^(en.*|eth.*|tunl0$)]' + named cali...). type: string bpfDisableUnprivileged: description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled @@ -113,10 +110,10 @@ spec: `tc exec bpf debug`. [Default: Off].' type: string chainInsertMode: - description: 'ChainInsertMode controls whether Felix hooks the kernel’s + description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the chain or by appending a rule at the bottom. insert is the safe default - since it prevents Calico’s rules from being bypassed. If you switch + since it prevents Calico''s rules from being bypassed. If you switch to append mode, be sure that the other rules in the chains signal acceptance by falling through to the Calico rules, otherwise the Calico policy will be bypassed. [Default: insert]' @@ -198,7 +195,7 @@ spec: Each port should be specified as tcp: or udp:. For back-compatibility, if the protocol is not specified, it defaults to “tcp”. To disable all outbound host ports, use the value none. - The default value opens etcd’s standard ports to ensure that Felix + The default value opens etcd''s standard ports to ensure that Felix does not get cut off from etcd as well as allowing DHCP and DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667, udp:53, udp:67]' @@ -250,8 +247,8 @@ spec: workload endpoints and so distinguishes them from host endpoint interfaces. Note: in environments other than bare metal, the orchestrators configure this appropriately. For example our Kubernetes and Docker - integrations set the ‘cali’ value, and our OpenStack integration - sets the ‘tap’ value. [Default: cali]' + integrations set the ''cali'' value, and our OpenStack integration + sets the ''tap'' value. [Default: cali]' type: string interfaceRefreshInterval: description: InterfaceRefreshInterval is the period at which Felix @@ -267,7 +264,7 @@ spec: ipsetsRefreshInterval: description: 'IpsetsRefreshInterval is the period at which Felix re-checks all iptables state to ensure that no other process has accidentally - broken Calico’s rules. Set to 0 to disable iptables refresh. [Default: + broken Calico''s rules. Set to 0 to disable iptables refresh. [Default: 90s]' type: string iptablesBackend: @@ -279,7 +276,7 @@ spec: iptablesLockFilePath: description: 'IptablesLockFilePath is the location of the iptables lock file. You may need to change this if the lock file is not in - its standard location (for example if you have mapped it into Felix’s + its standard location (for example if you have mapped it into Felix''s container at a different path). [Default: /run/xtables.lock]' type: string iptablesLockProbeInterval: @@ -311,16 +308,16 @@ spec: description: 'IptablesPostWriteCheckInterval is the period after Felix has done a write to the dataplane that it schedules an extra read back in order to check the write was not clobbered by another process. - This should only occur if another application on the system doesn’t + This should only occur if another application on the system doesn''t respect the iptables lock. [Default: 1s]' type: string iptablesRefreshInterval: description: 'IptablesRefreshInterval is the period at which Felix re-checks the IP sets in the dataplane to ensure that no other process - has accidentally broken Calico’s rules. Set to 0 to disable IP sets - refresh. Note: the default for this value is lower than the other - refresh intervals as a workaround for a Linux kernel bug that was - fixed in kernel version 4.11. If you are using v4.11 or greater + has accidentally broken Calico''s rules. Set to 0 to disable IP + sets refresh. Note: the default for this value is lower than the + other refresh intervals as a workaround for a Linux kernel bug that + was fixed in kernel version 4.11. If you are using v4.11 or greater you may want to set this to, a higher value to reduce Felix CPU usage. [Default: 10s]' type: string @@ -371,10 +368,15 @@ spec: type: string metadataPort: description: 'MetadataPort is the port of the metadata server. This, - combined with global.MetadataAddr (if not ‘None’), is used to set - up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. + combined with global.MetadataAddr (if not ''None''), is used to + set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. In most cases this should not need to be changed [Default: 8775].' type: integer + mtuIfacePattern: + description: MTUIfacePattern is a regular expression that controls + which interfaces Felix should scan in order to calculate the host's + MTU. This should not match workload interfaces (usually named cali...). + type: string natOutgoingAddress: description: NATOutgoingAddress specifies an address to use when performing source NAT for traffic in a natOutgoing pool that is leaving the @@ -445,9 +447,9 @@ spec: status reports. [Default: 90s]' type: string routeRefreshInterval: - description: 'RouterefreshInterval is the period at which Felix re-checks + description: 'RouteRefreshInterval is the period at which Felix re-checks the routes in the dataplane to ensure that no other process has - accidentally broken Calico’s rules. Set to 0 to disable route refresh. + accidentally broken Calico''s rules. Set to 0 to disable route refresh. [Default: 90s]' type: string routeSource: @@ -468,6 +470,13 @@ spec: - max - min type: object + serviceLoopPrevention: + description: 'When service IP advertisement is enabled, prevent routing + loops to service IPs that are not in use, by dropping or rejecting + packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled", + in which case such routing loops continue to be allowed. [Default: + Drop]' + type: string sidecarAccelerationEnabled: description: 'SidecarAccelerationEnabled enables experimental sidecar acceleration [Default: false]' diff --git a/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml index 767cdf7..dc90b0a 100644 --- a/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: globalnetworkpolicies.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -206,7 +203,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -235,7 +232,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -537,7 +534,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -566,7 +563,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: diff --git a/files/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml index 51305a9..9a4ffdb 100644 --- a/files/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/globalnetworksets.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: globalnetworksets.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml index ab993a1..551f83f 100644 --- a/files/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/hostendpoints.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: hostendpoints.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml index 1682e56..083e4c6 100644 --- a/files/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/ipamblocks.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: ipamblocks.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -68,7 +65,6 @@ spec: - allocations - attributes - cidr - - deleted - strictAffinity - unallocated type: object diff --git a/files/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml index be62890..3e3d422 100644 --- a/files/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/ipamconfigs.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: ipamconfigs.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -36,6 +33,10 @@ spec: properties: autoAllocateBlocks: type: boolean + maxBlocksPerHost: + description: MaxBlocksPerHost, if non-zero, is the max number of blocks + that can be affine to each host. + type: integer strictAffinity: type: boolean required: diff --git a/files/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml index a341b8e..62eb926 100644 --- a/files/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/ipamhandles.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: ipamhandles.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -38,6 +35,8 @@ spec: additionalProperties: type: integer type: object + deleted: + type: boolean handleID: type: string required: diff --git a/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml index f0c735e..6e93b79 100644 --- a/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/ippools.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: ippools.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml index 908b6df..9c9243f 100644 --- a/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/kubecontrollersconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: kubecontrollersconfigurations.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/files/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml index b165af8..f555792 100644 --- a/files/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: networkpolicies.crd.projectcalico.org spec: group: crd.projectcalico.org @@ -195,7 +192,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -224,7 +221,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -526,7 +523,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: @@ -555,7 +552,7 @@ spec: code: description: Match on a specific ICMP code. If specified, the Type value must also be specified. This is a technical - limitation imposed by the kernel’s iptables firewall, + limitation imposed by the kernel's iptables firewall, which Calico uses to enforce the rule. type: integer type: diff --git a/files/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml b/files/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml index a7fae83..ec8f34c 100644 --- a/files/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml +++ b/files/networksets.crd.projectcalico.org-CustomResourceDefinition.yaml @@ -1,9 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: (devel) - creationTimestamp: null name: networksets.crd.projectcalico.org spec: group: crd.projectcalico.org diff --git a/vars/calico-files.yaml b/vars/calico-files.yaml index 342a53c..1a6af22 100644 --- a/vars/calico-files.yaml +++ b/vars/calico-files.yaml @@ -24,3 +24,4 @@ calico_files: - "calico-node-ServiceAccount.yaml" - "calico-kube-controllers-Deployment.yaml" - "calico-kube-controllers-ServiceAccount.yaml" + - "calico-kube-controllers-PodDisruptionBudget.yaml"