kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Disable CNP status updates by default

This commit is contained in:
Ole Markus With 2021-10-20 08:39:39 +02:00
parent feb6078c73
commit 11e68308d1
27 changed files with 52 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.23-NOTES.md
View File

@ -14,6 +14,8 @@ This is a document to gather the release notes prior to the release.
* Support for the Lyft CNI has been removed.
* Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields.
# Required actions
# Deprecations

4
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -4561,6 +4561,10 @@ spec:
description: Device is not implemented and may be removed
in the future. Setting this has no effect.
type: string
disableCNPStatusUpdates:
description: Determines if CNP NodeStatus updates will be
sent to the Kubernetes api-server.
type: boolean
disableConntrack:
description: DisableConntrack is not implemented and may be
removed in the future. Setting this has no effect.

2
pkg/apis/kops/networking.go
View File

@ -567,6 +567,8 @@ type CiliumNetworkingSpec struct {
// CniBinPath is not implemented and may be removed in the future.
// Setting this has no effect.
CniBinPath string `json:"cniBinPath,omitempty"`
// Determines if CNP NodeStatus updates will be sent to the Kubernetes api-server.
DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"`
}
// HubbleSpec configures the Hubble service on the Cilium agent.

2
pkg/apis/kops/v1alpha2/networking.go
View File

@ -576,6 +576,8 @@ type CiliumNetworkingSpec struct {
// CniBinPath is not implemented and may be removed in the future.
// Setting this has no effect.
CniBinPath string `json:"cniBinPath,omitempty"`
// Determines if CNP NodeStatus updates will be sent to the Kubernetes api-server.
DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"`
}
// HubbleSpec configures the Hubble service on the Cilium agent.

2
pkg/apis/kops/v1alpha2/zz_generated.conversion.go generated
View File

@ -1896,6 +1896,7 @@ func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *
out.ReconfigureKubelet = in.ReconfigureKubelet
out.NodeInitBootstrapFile = in.NodeInitBootstrapFile
out.CniBinPath = in.CniBinPath
out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates
return nil
}
@ -2007,6 +2008,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in *
out.ReconfigureKubelet = in.ReconfigureKubelet
out.NodeInitBootstrapFile = in.NodeInitBootstrapFile
out.CniBinPath = in.CniBinPath
out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates
return nil
}

5
pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go generated
View File

@ -581,6 +581,11 @@ func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
*out = new(HubbleSpec)
(*in).DeepCopyInto(*out)
}
if in.DisableCNPStatusUpdates != nil {
in, out := &in.DisableCNPStatusUpdates, &out.DisableCNPStatusUpdates
*out = new(bool)
**out = **in
}
return
}

2
pkg/apis/kops/v1alpha3/networking.go
View File

@ -556,6 +556,8 @@ type CiliumNetworkingSpec struct {
// CniBinPath is not implemented and may be removed in the future.
// Setting this has no effect.
CniBinPath string `json:"cniBinPath,omitempty"`
// Determines if CNP NodeStatus updates will be sent to the Kubernetes api-server.
DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"`
}
// HubbleSpec configures the Hubble service on the Cilium agent.

2
pkg/apis/kops/v1alpha3/zz_generated.conversion.go generated
View File

@ -1844,6 +1844,7 @@ func autoConvert_v1alpha3_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in *
out.ReconfigureKubelet = in.ReconfigureKubelet
out.NodeInitBootstrapFile = in.NodeInitBootstrapFile
out.CniBinPath = in.CniBinPath
out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates
return nil
}
@ -1955,6 +1956,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha3_CiliumNetworkingSpec(in *
out.ReconfigureKubelet = in.ReconfigureKubelet
out.NodeInitBootstrapFile = in.NodeInitBootstrapFile
out.CniBinPath = in.CniBinPath
out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates
return nil
}

5
pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go generated
View File

@ -582,6 +582,11 @@ func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
*out = new(HubbleSpec)
(*in).DeepCopyInto(*out)
}
if in.DisableCNPStatusUpdates != nil {
in, out := &in.DisableCNPStatusUpdates, &out.DisableCNPStatusUpdates
*out = new(bool)
**out = **in
}
return
}

5
pkg/apis/kops/zz_generated.deepcopy.go generated
View File

@ -658,6 +658,11 @@ func (in *CiliumNetworkingSpec) DeepCopyInto(out *CiliumNetworkingSpec) {
*out = new(HubbleSpec)
(*in).DeepCopyInto(*out)
}
if in.DisableCNPStatusUpdates != nil {
in, out := &in.DisableCNPStatusUpdates, &out.DisableCNPStatusUpdates
*out = new(bool)
**out = **in
}
return
}

4
pkg/model/components/cilium.go
View File

@ -139,6 +139,10 @@ func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error {
c.EnableL7Proxy = fi.Bool(true)
}
if c.DisableCNPStatusUpdates == nil {
c.DisableCNPStatusUpdates = fi.Bool(true)
}
if c.CPURequest == nil {
defaultCPURequest := resource.MustParse("25m")
c.CPURequest = &defaultCPURequest

1
tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -184,6 +184,7 @@ spec:
clusterName: default
containerRuntimeLabels: none
cpuRequest: 25m
disableCNPStatusUpdates: true
disableMasquerade: false
enableBPFMasquerade: false
enableEndpointHealthChecking: true

2
tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-bootstrap_content
View File

@ -54,7 +54,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 047215d10823af9a1bb696a4b0daaeb790b9c708986d7a97d989053f5b052cbf
manifestHash: e189fc92d397104b4526baecfe33054943a6fd5279802196bfbef4ec749bde76
name: networking.cilium.io
needsRollingUpdate: all
selector:

1
tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content
View File

@ -40,6 +40,7 @@ data:
cluster-name: default
container-runtime: none
debug: "false"
disable-cnp-status-updates: "true"
disable-endpoint-crd: "false"
enable-bpf-masquerade: "false"
enable-endpoint-health-checking: "true"

1
tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -177,6 +177,7 @@ spec:
clusterName: default
containerRuntimeLabels: none
cpuRequest: 25m
disableCNPStatusUpdates: true
disableMasquerade: false
enableBPFMasquerade: false
enableEndpointHealthChecking: true

2
tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-bootstrap_content
View File

@ -54,7 +54,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 52cdf5be5f19ea68efe3b18efe980717dc9081f8ef73df495d83784ae0d83720
manifestHash: b953f6c7cf1b1e1e58115981b21cf5837f5b181a834c47fb51e884ea91b45c45
name: networking.cilium.io
needsRollingUpdate: all
selector:

1
tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content
View File

@ -40,6 +40,7 @@ data:
cluster-name: default
container-runtime: none
debug: "false"
disable-cnp-status-updates: "true"
disable-endpoint-crd: "false"
enable-bpf-masquerade: "false"
enable-endpoint-health-checking: "true"

1
tests/integration/update_cluster/privatecilium2/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -182,6 +182,7 @@ spec:
clusterName: default
containerRuntimeLabels: none
cpuRequest: 25m
disableCNPStatusUpdates: true
disableMasquerade: false
enableBPFMasquerade: false
enableEndpointHealthChecking: true

1
tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_cluster-completed.spec_content
View File

@ -185,6 +185,7 @@ spec:
clusterName: default
containerRuntimeLabels: none
cpuRequest: 25m
disableCNPStatusUpdates: true
disableMasquerade: true
enableBPFMasquerade: false
enableEndpointHealthChecking: true

2
tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-bootstrap_content
View File

@ -54,7 +54,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 0d3773e9dcb3b00b570e6cd5b327fa74aaa7f90ea290afb7703c631f65088fe6
manifestHash: 12cfd585141014ba65ea2a1aec21f8012ac51e49466b35873c571bddf6b860db
name: networking.cilium.io
needsRollingUpdate: all
selector:

1
tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content
View File

@ -42,6 +42,7 @@ data:
cluster-name: default
container-runtime: none
debug: "false"
disable-cnp-status-updates: "true"
disable-endpoint-crd: "false"
enable-bpf-masquerade: "false"
enable-endpoint-health-checking: "true"

2
upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template
View File

@ -255,6 +255,8 @@ data:
cgroup-root: /run/cilium/cgroupv2
disable-cnp-status-updates: "{{ .DisableCNPStatusUpdates }}"
{{ if WithDefaultBool .Hubble.Enabled false }}
# Enable Hubble gRPC service.
enable-hubble: "true"

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml
View File

@ -61,7 +61,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 2191286409f4b8ee73737c2134bb2bef5a23c5302224010f79b01e17b1bfd420
manifestHash: fb14b81c0d752392e5880b57adb1225d87fadd790edbcb15aecc54fd3d1d4835
name: networking.cilium.io
needsRollingUpdate: all
selector:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.18/manifest.yaml
View File

@ -68,7 +68,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 2191286409f4b8ee73737c2134bb2bef5a23c5302224010f79b01e17b1bfd420
manifestHash: fb14b81c0d752392e5880b57adb1225d87fadd790edbcb15aecc54fd3d1d4835
name: networking.cilium.io
needsRollingUpdate: all
selector:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml
View File

@ -61,7 +61,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 2191286409f4b8ee73737c2134bb2bef5a23c5302224010f79b01e17b1bfd420
manifestHash: fb14b81c0d752392e5880b57adb1225d87fadd790edbcb15aecc54fd3d1d4835
name: networking.cilium.io
needsRollingUpdate: all
selector:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.18/manifest.yaml
View File

@ -75,7 +75,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 2191286409f4b8ee73737c2134bb2bef5a23c5302224010f79b01e17b1bfd420
manifestHash: fb14b81c0d752392e5880b57adb1225d87fadd790edbcb15aecc54fd3d1d4835
name: networking.cilium.io
needsRollingUpdate: all
selector:

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml
View File

@ -68,7 +68,7 @@ spec:
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 2191286409f4b8ee73737c2134bb2bef5a23c5302224010f79b01e17b1bfd420
manifestHash: fb14b81c0d752392e5880b57adb1225d87fadd790edbcb15aecc54fd3d1d4835
name: networking.cilium.io
needsRollingUpdate: all
selector: