This commit is contained in:
parent
e73c39a71d
commit
74c392523d
20 changed files with 81 additions and 88 deletions
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: bgpconfigurations.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: bgppeers.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -38,6 +35,7 @@ spec:
|
|||
format: int32
|
||||
type: integer
|
||||
keepOriginalNextHop:
|
||||
default: false
|
||||
description: Option to keep the original nexthop field when routes
|
||||
are sent to a BGP Peer. Setting "true" configures the selected BGP
|
||||
Peers node to use the "next hop keep;" instead of "next hop self;"(default)
|
||||
|
|
@ -45,8 +43,8 @@ spec:
|
|||
type: boolean
|
||||
node:
|
||||
description: The node name identifying the Calico node instance that
|
||||
is peering with this peer. If this is not set, this represents a
|
||||
global peer, i.e. a peer that peers with every node in the deployment.
|
||||
is targeted by this peer. If this is not set, and no nodeSelector
|
||||
is specified, then this BGP peer selects all nodes in the cluster.
|
||||
type: string
|
||||
nodeSelector:
|
||||
description: Selector for the nodes that should have this peering. When
|
||||
|
|
@ -88,12 +86,9 @@ spec:
|
|||
peering between the local node and selected remote nodes, we configure
|
||||
an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
|
||||
and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The
|
||||
remote AS number comes from the remote node’s NodeBGPSpec.ASNumber,
|
||||
remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
|
||||
or the global default if that is not set.
|
||||
type: string
|
||||
required:
|
||||
- asNumber
|
||||
- peerIP
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: blockaffinities.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ data:
|
|||
typha_service_name: "none"
|
||||
# Configure the backend to use.
|
||||
calico_backend: "vxlan"
|
||||
|
||||
# Configure the MTU to use for workload interfaces and tunnels.
|
||||
# - If Wireguard is enabled, set to your network MTU - 60
|
||||
# - Otherwise, if VXLAN or BPF mode is enabled, set to your network MTU - 50
|
||||
# - Otherwise, if IPIP is enabled, set to your network MTU - 20
|
||||
# - Otherwise, if not using any encapsulation, set to your network MTU.
|
||||
veth_mtu: "1440"
|
||||
# By default, MTU is auto-detected, and explicitly setting this field should not be required.
|
||||
# You can override auto-detection by providing a non-zero value.
|
||||
veth_mtu: "0"
|
||||
|
||||
# The CNI network configuration to install on each node. The special
|
||||
# values in this config will be automatically populated.
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ spec:
|
|||
priorityClassName: system-cluster-critical
|
||||
containers:
|
||||
- name: calico-kube-controllers
|
||||
image: calico/kube-controllers:v3.16.5
|
||||
image: docker.io/calico/kube-controllers:v3.17.0
|
||||
env:
|
||||
# Choose which controllers to run.
|
||||
- name: ENABLED_CONTROLLERS
|
||||
|
|
|
|||
16
files/calico-kube-controllers-PodDisruptionBudget.yaml
Normal file
16
files/calico-kube-controllers-PodDisruptionBudget.yaml
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
|
||||
# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
|
||||
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: calico-kube-controllers
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: calico-kube-controllers
|
||||
spec:
|
||||
maxUnavailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: calico-kube-controllers
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
# It can be deleted if this is a fresh installation, or if you have already
|
||||
# upgraded to use calico-ipam.
|
||||
- name: upgrade-ipam
|
||||
image: calico/cni:v3.16.5
|
||||
image: docker.io/calico/cni:v3.17.0
|
||||
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
|
|
@ -71,7 +71,7 @@ spec:
|
|||
# This container installs the CNI binaries
|
||||
# and CNI network config file on each node.
|
||||
- name: install-cni
|
||||
image: calico/cni:v3.16.5
|
||||
image: docker.io/calico/cni:v3.17.0
|
||||
command: ["/opt/cni/bin/install"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
|
|
@ -112,7 +112,7 @@ spec:
|
|||
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
|
||||
# to communicate with Felix over the Policy Sync API.
|
||||
- name: flexvol-driver
|
||||
image: calico/pod2daemon-flexvol:v3.16.5
|
||||
image: docker.io/calico/pod2daemon-flexvol:v3.17.0
|
||||
volumeMounts:
|
||||
- name: flexvol-driver-host
|
||||
mountPath: /host/driver
|
||||
|
|
@ -123,7 +123,7 @@ spec:
|
|||
# container programs network policy and routes on each
|
||||
# host.
|
||||
- name: calico-node
|
||||
image: calico/node:v3.16.5
|
||||
image: docker.io/calico/node:v3.17.0
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
|
||||
|
|
@ -239,6 +239,9 @@ spec:
|
|||
# Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host.
|
||||
# If the host is known to mount that filesystem already then Bidirectional can be omitted.
|
||||
mountPropagation: Bidirectional
|
||||
- name: cni-log-dir
|
||||
mountPath: /var/log/calico/cni
|
||||
readOnly: true
|
||||
volumes:
|
||||
# Used by calico-node.
|
||||
- name: lib-modules
|
||||
|
|
@ -265,6 +268,10 @@ spec:
|
|||
- name: cni-net-dir
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
# Used to access CNI logs.
|
||||
- name: cni-log-dir
|
||||
hostPath:
|
||||
path: /var/log/calico/cni
|
||||
# Mount in the directory for host-local IPAM allocations. This is
|
||||
# used when upgrading from host-local to calico-ipam, and can be removed
|
||||
# if not using the upgrade-ipam init container.
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: clusterinformations.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: felixconfigurations.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -62,13 +59,13 @@ spec:
|
|||
true]'
|
||||
type: boolean
|
||||
bpfDataIfacePattern:
|
||||
description: 'BPFDataIfacePattern is a regular expression that controls
|
||||
description: BPFDataIfacePattern is a regular expression that controls
|
||||
which interfaces Felix should attach BPF programs to in order to
|
||||
catch traffic to/from the network. This needs to match the interfaces
|
||||
that Calico workload traffic flows over as well as any interfaces
|
||||
that handle incoming traffic to nodeports and services from outside
|
||||
the cluster. It should not match the workload interfaces (usually
|
||||
named cali...). [Default: ^(en.*|eth.*|tunl0$)]'
|
||||
named cali...).
|
||||
type: string
|
||||
bpfDisableUnprivileged:
|
||||
description: 'BPFDisableUnprivileged, if enabled, Felix sets the kernel.unprivileged_bpf_disabled
|
||||
|
|
@ -113,10 +110,10 @@ spec:
|
|||
`tc exec bpf debug`. [Default: Off].'
|
||||
type: string
|
||||
chainInsertMode:
|
||||
description: 'ChainInsertMode controls whether Felix hooks the kernel’s
|
||||
description: 'ChainInsertMode controls whether Felix hooks the kernel''s
|
||||
top-level iptables chains by inserting a rule at the top of the
|
||||
chain or by appending a rule at the bottom. insert is the safe default
|
||||
since it prevents Calico’s rules from being bypassed. If you switch
|
||||
since it prevents Calico''s rules from being bypassed. If you switch
|
||||
to append mode, be sure that the other rules in the chains signal
|
||||
acceptance by falling through to the Calico rules, otherwise the
|
||||
Calico policy will be bypassed. [Default: insert]'
|
||||
|
|
@ -198,7 +195,7 @@ spec:
|
|||
Each port should be specified as tcp:<port-number> or udp:<port-number>.
|
||||
For back-compatibility, if the protocol is not specified, it defaults
|
||||
to “tcp”. To disable all outbound host ports, use the value none.
|
||||
The default value opens etcd’s standard ports to ensure that Felix
|
||||
The default value opens etcd''s standard ports to ensure that Felix
|
||||
does not get cut off from etcd as well as allowing DHCP and DNS.
|
||||
[Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667,
|
||||
udp:53, udp:67]'
|
||||
|
|
@ -250,8 +247,8 @@ spec:
|
|||
workload endpoints and so distinguishes them from host endpoint
|
||||
interfaces. Note: in environments other than bare metal, the orchestrators
|
||||
configure this appropriately. For example our Kubernetes and Docker
|
||||
integrations set the ‘cali’ value, and our OpenStack integration
|
||||
sets the ‘tap’ value. [Default: cali]'
|
||||
integrations set the ''cali'' value, and our OpenStack integration
|
||||
sets the ''tap'' value. [Default: cali]'
|
||||
type: string
|
||||
interfaceRefreshInterval:
|
||||
description: InterfaceRefreshInterval is the period at which Felix
|
||||
|
|
@ -267,7 +264,7 @@ spec:
|
|||
ipsetsRefreshInterval:
|
||||
description: 'IpsetsRefreshInterval is the period at which Felix re-checks
|
||||
all iptables state to ensure that no other process has accidentally
|
||||
broken Calico’s rules. Set to 0 to disable iptables refresh. [Default:
|
||||
broken Calico''s rules. Set to 0 to disable iptables refresh. [Default:
|
||||
90s]'
|
||||
type: string
|
||||
iptablesBackend:
|
||||
|
|
@ -279,7 +276,7 @@ spec:
|
|||
iptablesLockFilePath:
|
||||
description: 'IptablesLockFilePath is the location of the iptables
|
||||
lock file. You may need to change this if the lock file is not in
|
||||
its standard location (for example if you have mapped it into Felix’s
|
||||
its standard location (for example if you have mapped it into Felix''s
|
||||
container at a different path). [Default: /run/xtables.lock]'
|
||||
type: string
|
||||
iptablesLockProbeInterval:
|
||||
|
|
@ -311,16 +308,16 @@ spec:
|
|||
description: 'IptablesPostWriteCheckInterval is the period after Felix
|
||||
has done a write to the dataplane that it schedules an extra read
|
||||
back in order to check the write was not clobbered by another process.
|
||||
This should only occur if another application on the system doesn’t
|
||||
This should only occur if another application on the system doesn''t
|
||||
respect the iptables lock. [Default: 1s]'
|
||||
type: string
|
||||
iptablesRefreshInterval:
|
||||
description: 'IptablesRefreshInterval is the period at which Felix
|
||||
re-checks the IP sets in the dataplane to ensure that no other process
|
||||
has accidentally broken Calico’s rules. Set to 0 to disable IP sets
|
||||
refresh. Note: the default for this value is lower than the other
|
||||
refresh intervals as a workaround for a Linux kernel bug that was
|
||||
fixed in kernel version 4.11. If you are using v4.11 or greater
|
||||
has accidentally broken Calico''s rules. Set to 0 to disable IP
|
||||
sets refresh. Note: the default for this value is lower than the
|
||||
other refresh intervals as a workaround for a Linux kernel bug that
|
||||
was fixed in kernel version 4.11. If you are using v4.11 or greater
|
||||
you may want to set this to, a higher value to reduce Felix CPU
|
||||
usage. [Default: 10s]'
|
||||
type: string
|
||||
|
|
@ -371,10 +368,15 @@ spec:
|
|||
type: string
|
||||
metadataPort:
|
||||
description: 'MetadataPort is the port of the metadata server. This,
|
||||
combined with global.MetadataAddr (if not ‘None’), is used to set
|
||||
up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
|
||||
combined with global.MetadataAddr (if not ''None''), is used to
|
||||
set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort.
|
||||
In most cases this should not need to be changed [Default: 8775].'
|
||||
type: integer
|
||||
mtuIfacePattern:
|
||||
description: MTUIfacePattern is a regular expression that controls
|
||||
which interfaces Felix should scan in order to calculate the host's
|
||||
MTU. This should not match workload interfaces (usually named cali...).
|
||||
type: string
|
||||
natOutgoingAddress:
|
||||
description: NATOutgoingAddress specifies an address to use when performing
|
||||
source NAT for traffic in a natOutgoing pool that is leaving the
|
||||
|
|
@ -445,9 +447,9 @@ spec:
|
|||
status reports. [Default: 90s]'
|
||||
type: string
|
||||
routeRefreshInterval:
|
||||
description: 'RouterefreshInterval is the period at which Felix re-checks
|
||||
description: 'RouteRefreshInterval is the period at which Felix re-checks
|
||||
the routes in the dataplane to ensure that no other process has
|
||||
accidentally broken Calico’s rules. Set to 0 to disable route refresh.
|
||||
accidentally broken Calico''s rules. Set to 0 to disable route refresh.
|
||||
[Default: 90s]'
|
||||
type: string
|
||||
routeSource:
|
||||
|
|
@ -468,6 +470,13 @@ spec:
|
|||
- max
|
||||
- min
|
||||
type: object
|
||||
serviceLoopPrevention:
|
||||
description: 'When service IP advertisement is enabled, prevent routing
|
||||
loops to service IPs that are not in use, by dropping or rejecting
|
||||
packets that do not get DNAT''d by kube-proxy. Unless set to "Disabled",
|
||||
in which case such routing loops continue to be allowed. [Default:
|
||||
Drop]'
|
||||
type: string
|
||||
sidecarAccelerationEnabled:
|
||||
description: 'SidecarAccelerationEnabled enables experimental sidecar
|
||||
acceleration [Default: false]'
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: globalnetworkpolicies.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -206,7 +203,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -235,7 +232,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -537,7 +534,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -566,7 +563,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: globalnetworksets.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: hostendpoints.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: ipamblocks.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -68,7 +65,6 @@ spec:
|
|||
- allocations
|
||||
- attributes
|
||||
- cidr
|
||||
- deleted
|
||||
- strictAffinity
|
||||
- unallocated
|
||||
type: object
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: ipamconfigs.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -36,6 +33,10 @@ spec:
|
|||
properties:
|
||||
autoAllocateBlocks:
|
||||
type: boolean
|
||||
maxBlocksPerHost:
|
||||
description: MaxBlocksPerHost, if non-zero, is the max number of blocks
|
||||
that can be affine to each host.
|
||||
type: integer
|
||||
strictAffinity:
|
||||
type: boolean
|
||||
required:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: ipamhandles.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -38,6 +35,8 @@ spec:
|
|||
additionalProperties:
|
||||
type: integer
|
||||
type: object
|
||||
deleted:
|
||||
type: boolean
|
||||
handleID:
|
||||
type: string
|
||||
required:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: ippools.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: kubecontrollersconfigurations.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: networkpolicies.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
@ -195,7 +192,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -224,7 +221,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -526,7 +523,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
@ -555,7 +552,7 @@ spec:
|
|||
code:
|
||||
description: Match on a specific ICMP code. If specified,
|
||||
the Type value must also be specified. This is a technical
|
||||
limitation imposed by the kernel’s iptables firewall,
|
||||
limitation imposed by the kernel's iptables firewall,
|
||||
which Calico uses to enforce the rule.
|
||||
type: integer
|
||||
type:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: (devel)
|
||||
creationTimestamp: null
|
||||
name: networksets.crd.projectcalico.org
|
||||
spec:
|
||||
group: crd.projectcalico.org
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue