[calico] update to latest version
This commit is contained in:
Nico Schottelius
parent
f5a30dd84b
commit
83fd83c84a
1 changed files with 50 additions and 33 deletions
|
|
@ -32,9 +32,9 @@ data:
|
||||||
"nodename": "__KUBERNETES_NODE_NAME__",
|
"nodename": "__KUBERNETES_NODE_NAME__",
|
||||||
"mtu": __CNI_MTU__,
|
"mtu": __CNI_MTU__,
|
||||||
"ipam": {
|
"ipam": {
|
||||||
"type": "calico-ipam",
|
"type": "calico-ipam",
|
||||||
"assign_ipv4": "false",
|
"assign_ipv4": "false",
|
||||||
"assign_ipv6": "true"
|
"assign_ipv6": "true"
|
||||||
},
|
},
|
||||||
"policy": {
|
"policy": {
|
||||||
"type": "k8s"
|
"type": "k8s"
|
||||||
|
|
@ -513,6 +513,13 @@ spec:
|
||||||
description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
|
description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
|
||||||
[Default: false]'
|
[Default: false]'
|
||||||
type: boolean
|
type: boolean
|
||||||
|
bpfExtToServiceConnmark:
|
||||||
|
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
|
||||||
|
mark that is set on connections from an external client to a local
|
||||||
|
service. This mark allows us to control how packets of that connection
|
||||||
|
are routed within the host and how is routing intepreted by RPF
|
||||||
|
check. [Default: 0]'
|
||||||
|
type: integer
|
||||||
bpfExternalServiceMode:
|
bpfExternalServiceMode:
|
||||||
description: 'BPFExternalServiceMode in BPF mode, controls how connections
|
description: 'BPFExternalServiceMode in BPF mode, controls how connections
|
||||||
from outside the cluster to services (node ports and cluster IPs)
|
from outside the cluster to services (node ports and cluster IPs)
|
||||||
|
|
@ -601,19 +608,21 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
failsafeInboundHostPorts:
|
failsafeInboundHostPorts:
|
||||||
description: 'FailsafeInboundHostPorts is a comma-delimited list of
|
description: 'FailsafeInboundHostPorts is a list of UDP/TCP ports
|
||||||
UDP/TCP ports that Felix will allow incoming traffic to host endpoints
|
and CIDRs that Felix will allow incoming traffic to host endpoints
|
||||||
on irrespective of the security policy. This is useful to avoid
|
on irrespective of the security policy. This is useful to avoid
|
||||||
accidentally cutting off a host with incorrect configuration. Each
|
accidentally cutting off a host with incorrect configuration. For
|
||||||
port should be specified as tcp:<port-number> or udp:<port-number>.
|
back-compatibility, if the protocol is not specified, it defaults
|
||||||
For back-compatibility, if the protocol is not specified, it defaults
|
to "tcp". If a CIDR is not specified, it will allow traffic from
|
||||||
to "tcp". To disable all inbound host ports, use the value none.
|
all addresses. To disable all inbound host ports, use the value
|
||||||
The default value allows ssh access and DHCP. [Default: tcp:22,
|
none. The default value allows ssh access and DHCP. [Default: tcp:22,
|
||||||
udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
|
udp:68, tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667]'
|
||||||
items:
|
items:
|
||||||
description: ProtoPort is combination of protocol and port, both
|
description: ProtoPort is combination of protocol, port, and CIDR.
|
||||||
must be specified.
|
Protocol and port must be specified.
|
||||||
properties:
|
properties:
|
||||||
|
net:
|
||||||
|
type: string
|
||||||
port:
|
port:
|
||||||
type: integer
|
type: integer
|
||||||
protocol:
|
protocol:
|
||||||
|
|
@ -624,21 +633,23 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
failsafeOutboundHostPorts:
|
failsafeOutboundHostPorts:
|
||||||
description: 'FailsafeOutboundHostPorts is a comma-delimited list
|
description: 'FailsafeOutboundHostPorts is a list of UDP/TCP ports
|
||||||
of UDP/TCP ports that Felix will allow outgoing traffic from host
|
and CIDRs that Felix will allow outgoing traffic from host endpoints
|
||||||
endpoints to irrespective of the security policy. This is useful
|
to irrespective of the security policy. This is useful to avoid
|
||||||
to avoid accidentally cutting off a host with incorrect configuration.
|
accidentally cutting off a host with incorrect configuration. For
|
||||||
Each port should be specified as tcp:<port-number> or udp:<port-number>.
|
back-compatibility, if the protocol is not specified, it defaults
|
||||||
For back-compatibility, if the protocol is not specified, it defaults
|
to "tcp". If a CIDR is not specified, it will allow traffic from
|
||||||
to "tcp". To disable all outbound host ports, use the value none.
|
all addresses. To disable all outbound host ports, use the value
|
||||||
The default value opens etcd''s standard ports to ensure that Felix
|
none. The default value opens etcd''s standard ports to ensure that
|
||||||
does not get cut off from etcd as well as allowing DHCP and DNS.
|
Felix does not get cut off from etcd as well as allowing DHCP and
|
||||||
[Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666, tcp:6667,
|
DNS. [Default: tcp:179, tcp:2379, tcp:2380, tcp:6443, tcp:6666,
|
||||||
udp:53, udp:67]'
|
tcp:6667, udp:53, udp:67]'
|
||||||
items:
|
items:
|
||||||
description: ProtoPort is combination of protocol and port, both
|
description: ProtoPort is combination of protocol, port, and CIDR.
|
||||||
must be specified.
|
Protocol and port must be specified.
|
||||||
properties:
|
properties:
|
||||||
|
net:
|
||||||
|
type: string
|
||||||
port:
|
port:
|
||||||
type: integer
|
type: integer
|
||||||
protocol:
|
protocol:
|
||||||
|
|
@ -3535,7 +3546,7 @@ spec:
|
||||||
# It can be deleted if this is a fresh installation, or if you have already
|
# It can be deleted if this is a fresh installation, or if you have already
|
||||||
# upgraded to use calico-ipam.
|
# upgraded to use calico-ipam.
|
||||||
- name: upgrade-ipam
|
- name: upgrade-ipam
|
||||||
image: docker.io/calico/cni:v3.18.1
|
image: docker.io/calico/cni:v3.19.0
|
||||||
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
|
|
@ -3562,7 +3573,7 @@ spec:
|
||||||
# This container installs the CNI binaries
|
# This container installs the CNI binaries
|
||||||
# and CNI network config file on each node.
|
# and CNI network config file on each node.
|
||||||
- name: install-cni
|
- name: install-cni
|
||||||
image: docker.io/calico/cni:v3.18.1
|
image: docker.io/calico/cni:v3.19.0
|
||||||
command: ["/opt/cni/bin/install"]
|
command: ["/opt/cni/bin/install"]
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
|
|
@ -3603,7 +3614,7 @@ spec:
|
||||||
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
|
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
|
||||||
# to communicate with Felix over the Policy Sync API.
|
# to communicate with Felix over the Policy Sync API.
|
||||||
- name: flexvol-driver
|
- name: flexvol-driver
|
||||||
image: docker.io/calico/pod2daemon-flexvol:v3.18.1
|
image: docker.io/calico/pod2daemon-flexvol:v3.19.0
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: flexvol-driver-host
|
- name: flexvol-driver-host
|
||||||
mountPath: /host/driver
|
mountPath: /host/driver
|
||||||
|
|
@ -3614,7 +3625,7 @@ spec:
|
||||||
# container programs network policy and routes on each
|
# container programs network policy and routes on each
|
||||||
# host.
|
# host.
|
||||||
- name: calico-node
|
- name: calico-node
|
||||||
image: docker.io/calico/node:v3.18.1
|
image: docker.io/calico/node:v3.19.0
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
|
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
|
||||||
|
|
@ -3686,9 +3697,6 @@ spec:
|
||||||
# Disable IPv6 on Kubernetes.
|
# Disable IPv6 on Kubernetes.
|
||||||
- name: FELIX_IPV6SUPPORT
|
- name: FELIX_IPV6SUPPORT
|
||||||
value: "true"
|
value: "true"
|
||||||
# Set Felix logging to "info"
|
|
||||||
- name: FELIX_LOGSEVERITYSCREEN
|
|
||||||
value: "info"
|
|
||||||
- name: FELIX_HEALTHENABLED
|
- name: FELIX_HEALTHENABLED
|
||||||
value: "true"
|
value: "true"
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
@ -3828,18 +3836,27 @@ spec:
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
containers:
|
containers:
|
||||||
- name: calico-kube-controllers
|
- name: calico-kube-controllers
|
||||||
image: docker.io/calico/kube-controllers:v3.18.1
|
image: docker.io/calico/kube-controllers:v3.19.0
|
||||||
env:
|
env:
|
||||||
# Choose which controllers to run.
|
# Choose which controllers to run.
|
||||||
- name: ENABLED_CONTROLLERS
|
- name: ENABLED_CONTROLLERS
|
||||||
value: node
|
value: node
|
||||||
- name: DATASTORE_TYPE
|
- name: DATASTORE_TYPE
|
||||||
value: kubernetes
|
value: kubernetes
|
||||||
|
livenessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /usr/bin/check-status
|
||||||
|
- -l
|
||||||
|
periodSeconds: 10
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 6
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
- /usr/bin/check-status
|
- /usr/bin/check-status
|
||||||
- -r
|
- -r
|
||||||
|
periodSeconds: 10
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue