adrien/ansible-role-k8s-calico
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update calico to version 3.28.0

Browse source
This commit is contained in:
Adrien Reslinger 2024-05-12 13:01:23 +02:00
parent 7548f12db8
commit d6f17858ce
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
10 changed files with 55 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bin/update.sh
View file

@ -1,5 +1,5 @@
#!/bin/bash
CALICO_VERSION="3.27.3"
CALICO_VERSION="3.28.0"
#BASEURL=https://docs.projectcalico.org/manifests
#BASEURL=https://docs.projectcalico.org/archive/v3.18/manifests
BASEURL="https://raw.githubusercontent.com/projectcalico/calico/v${CALICO_VERSION}/manifests"

2
templates/bgppeers.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -64,7 +64,7 @@ spec:
numAllowedLocalASNumbers:
description: Maximum number of local AS numbers that are allowed in
the AS path for received routes. This removes BGP loop prevention
and should only be used if absolutely necesssary.
and should only be used if absolutely necessary.
format: int32
type: integer
password:

2
templates/calico-kube-controllers-Deployment.yaml
View file

@ -36,7 +36,7 @@ spec:
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: docker.io/calico/kube-controllers:v3.27.3
image: docker.io/calico/kube-controllers:v3.28.0
imagePullPolicy: IfNotPresent
env:
# Choose which controllers to run.

2
templates/calico-node-ClusterRole.yaml
View file

@ -110,7 +110,7 @@ rules:
- create
- update
# Calico must update some CRDs.
- apiGroups: [ "crd.projectcalico.org" ]
- apiGroups: ["crd.projectcalico.org"]
resources:
- caliconodestatuses
verbs:

8
templates/calico-node-DaemonSet.yaml
View file

@ -44,7 +44,7 @@ spec:
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: docker.io/calico/cni:v3.27.3
image: docker.io/calico/cni:v3.28.0
imagePullPolicy: IfNotPresent
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
envFrom:
@ -72,7 +72,7 @@ spec:
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: docker.io/calico/cni:v3.27.3
image: docker.io/calico/cni:v3.28.0
imagePullPolicy: IfNotPresent
command: ["/opt/cni/bin/install"]
envFrom:
@ -115,7 +115,7 @@ spec:
# i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
# in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
- name: "mount-bpffs"
image: docker.io/calico/node:v3.27.3
image: docker.io/calico/node:v3.28.0
imagePullPolicy: IfNotPresent
command: ["calico-node", "-init", "-best-effort"]
volumeMounts:
@ -141,7 +141,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: docker.io/calico/node:v3.27.3
image: docker.io/calico/node:v3.28.0
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:

4
templates/calicoctl-Pod.yaml
View file

@ -11,9 +11,9 @@ spec:
serviceAccountName: calicoctl
containers:
- name: calicoctl
image: calico/ctl:v3.27.3
image: calico/ctl:v3.28.0
command:
- /calicoctl
- calicoctl
args:
- version
- --poll=1m

2
templates/calicoctl-ServiceAccount.yaml
View file

@ -1,7 +1,7 @@
# Calico Version master
# https://projectcalico.docs.tigera.io/releases#master
# This manifest includes the following component versions:
# calico/ctl:v3.27.3
# calico/ctl:v3.28.0
apiVersion: v1
kind: ServiceAccount

25
templates/felixconfigurations.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -168,8 +168,9 @@ spec:
- Disabled
type: string
bpfKubeProxyEndpointSlicesEnabled:
description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
whether Felix's embedded kube-proxy accepts EndpointSlices or not.
description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has
no effect. BPF kube-proxy always accepts endpoint slices. This option
will be removed in the next release.
type: boolean
bpfKubeProxyIptablesCleanupEnabled:
description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF
@ -288,11 +289,23 @@ spec:
type: string
debugDisableLogDropping:
type: boolean
debugHost:
description: DebugHost is the host IP or hostname to bind the debug
port to. Only used if DebugPort is set. [Default:localhost]
type: string
debugMemoryProfilePath:
type: string
debugPort:
description: DebugPort if set, enables Felix's debug HTTP port, which
allows memory and CPU profiles to be retrieved. The debug port
is not secure, it should not be exposed to the internet.
type: integer
debugSimulateCalcGraphHangAfter:
pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
type: string
debugSimulateDataplaneApplyDelay:
pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
type: string
debugSimulateDataplaneHangAfter:
pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$
type: string
@ -332,6 +345,12 @@ spec:
type: string
endpointReportingEnabled:
type: boolean
endpointStatusPathPrefix:
description: "EndpointStatusPathPrefix is the path to the directory
where endpoint status will be written. Endpoint status file reporting
is disabled if field is left empty. \n Chosen directory should match
the directory used by the CNI for PodStartupDelay. [Default: \"\"]"
type: string
externalNodesList:
description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes
which may source tunnel traffic and have the tunneled traffic be
@ -603,7 +622,7 @@ spec:
description: 'MetadataAddr is the IP address or domain name of the
server that can answer VM queries for cloud-init metadata. In OpenStack,
this corresponds to the machine running nova-api (or in Ubuntu,
nova-api-metadata). A value of none (case insensitive) means that
nova-api-metadata). A value of none (case-insensitive) means that
Felix should not set up any NAT rule for the metadata path. [Default:
127.0.0.1]'
type: string

22
templates/globalnetworkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -818,17 +818,17 @@ spec:
any DNAT.
type: boolean
selector:
description: "The selector is an expression used to pick pick out
the endpoints that the policy should be applied to. \n Selector
expressions follow this syntax: \n \tlabel == \"string_literal\"
\ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\"
\ -> not equal; also matches if label is not present \tlabel in
{ \"a\", \"b\", \"c\", ... } -> true if the value of label X is
one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\",
... } -> true if the value of label X is not one of \"a\", \"b\",
\"c\" \thas(label_name) -> True if that label is present \t! expr
-> negation of expr \texpr && expr -> Short-circuit and \texpr
|| expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
description: "The selector is an expression used to pick out the endpoints
that the policy should be applied to. \n Selector expressions follow
this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
equal; also matches if label is not present \tlabel in { \"a\",
\"b\", \"c\", ... } -> true if the value of label X is one of
\"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
\ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
\thas(label_name) -> True if that label is present \t! expr ->
negation of expr \texpr && expr -> Short-circuit and \texpr ||
expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
or the empty selector -> matches all endpoints. \n Label names are
allowed to contain alphanumerics, -, _ and /. String literals are
more permissive but they do not support escape characters. \n Examples

22
templates/networkpolicies.crd.projectcalico.org-CustomResourceDefinition.yaml
View file

@ -799,17 +799,17 @@ spec:
type: string
type: array
selector:
description: "The selector is an expression used to pick pick out
the endpoints that the policy should be applied to. \n Selector
expressions follow this syntax: \n \tlabel == \"string_literal\"
\ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\"
\ -> not equal; also matches if label is not present \tlabel in
{ \"a\", \"b\", \"c\", ... } -> true if the value of label X is
one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\",
... } -> true if the value of label X is not one of \"a\", \"b\",
\"c\" \thas(label_name) -> True if that label is present \t! expr
-> negation of expr \texpr && expr -> Short-circuit and \texpr
|| expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
description: "The selector is an expression used to pick out the endpoints
that the policy should be applied to. \n Selector expressions follow
this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g.
my_label == \"foo bar\" \tlabel != \"string_literal\" -> not
equal; also matches if label is not present \tlabel in { \"a\",
\"b\", \"c\", ... } -> true if the value of label X is one of
\"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... }
\ -> true if the value of label X is not one of \"a\", \"b\", \"c\"
\thas(label_name) -> True if that label is present \t! expr ->
negation of expr \texpr && expr -> Short-circuit and \texpr ||
expr -> Short-circuit or \t( expr ) -> parens for grouping \tall()
or the empty selector -> matches all endpoints. \n Label names are
allowed to contain alphanumerics, -, _ and /. String literals are
more permissive but they do not support escape characters. \n Examples