kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Canal to v3.24.3 for k8s 1.25+

This commit is contained in:
Ciprian Hacman 2022-10-28 07:38:22 +03:00
parent 29cd8be78f
commit 5aa9570c5c
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.25.yaml.template
View File

@ -1,4 +1,4 @@
# Pulled and modified from: https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/canal.yaml # Pulled and modified from: https://projectcalico.docs.tigera.io/archive/v3.24/manifests/canal.yaml
--- ---
# Source: calico/templates/calico-kube-controllers.yaml # Source: calico/templates/calico-kube-controllers.yaml
# This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict # This manifest creates a Pod Disruption Budget for Controller to allow K8s Cluster Autoscaler to evict
@ -914,6 +914,11 @@ spec:
node appears to use the IP of the ingress node; this requires a node appears to use the IP of the ingress node; this requires a
permissive L2 network. [Default: Tunnel]' permissive L2 network. [Default: Tunnel]'
type: string type: string
bpfHostConntrackBypass:
description: 'BPFHostConntrackBypass Controls whether to bypass Linux
conntrack in BPF mode for workloads and services. [Default: true
- bypass Linux conntrack]'
type: boolean
bpfKubeProxyEndpointSlicesEnabled: bpfKubeProxyEndpointSlicesEnabled:
description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
whether Felix's embedded kube-proxy accepts EndpointSlices or not. whether Felix's embedded kube-proxy accepts EndpointSlices or not.
@ -1446,8 +1451,8 @@ spec:
type: boolean type: boolean
vxlanEnabled: vxlanEnabled:
description: 'VXLANEnabled overrides whether Felix should create the description: 'VXLANEnabled overrides whether Felix should create the
VXLAN tunnel device for VXLAN networking. Optional as Felix determines VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
this based on the existing IP pools. [Default: nil (unset)]' determines this based on the existing IP pools. [Default: nil (unset)]'
type: boolean type: boolean
vxlanMTU: vxlanMTU:
description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
@ -2873,7 +2878,7 @@ spec:
for internal use only.' for internal use only.'
type: boolean type: boolean
natOutgoing: natOutgoing:
description: When nat-outgoing is true, packets sent from Calico networked description: When natOutgoing is true, packets sent from Calico networked
containers in this pool to destinations outside of this pool will containers in this pool to destinations outside of this pool will
be masqueraded. be masqueraded.
type: boolean type: boolean
@ -4449,7 +4454,7 @@ spec:
# This container installs the CNI binaries # This container installs the CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
image: docker.io/calico/cni:v3.24.1 image: docker.io/calico/cni:v3.24.3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/opt/cni/bin/install"] command: ["/opt/cni/bin/install"]
envFrom: envFrom:
@ -4498,7 +4503,8 @@ spec:
# i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
# in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
- name: "mount-bpffs" - name: "mount-bpffs"
image: docker.io/calico/node:v3.23.3 image: docker.io/calico/node:v3.24.3
imagePullPolicy: IfNotPresent
command: ["calico-node", "-init", "-best-effort"] command: ["calico-node", "-init", "-best-effort"]
volumeMounts: volumeMounts:
- mountPath: /sys/fs - mountPath: /sys/fs
@ -4523,7 +4529,7 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
image: docker.io/calico/node:v3.24.1 image: docker.io/calico/node:v3.24.3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
envFrom: envFrom:
- configMapRef: - configMapRef:
@ -4808,7 +4814,7 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:
- name: calico-kube-controllers - name: calico-kube-controllers
image: docker.io/calico/kube-controllers:v3.24.1 image: docker.io/calico/kube-controllers:v3.24.3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
# Choose which controllers to run. # Choose which controllers to run.
@ -4885,7 +4891,7 @@ spec:
securityContext: securityContext:
fsGroup: 65534 fsGroup: 65534
containers: containers:
- image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:{{ or .Networking.Calico.Version "v3.24.1" }} - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:{{ or .Networking.Calico.Version "v3.24.3" }}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: calico-typha name: calico-typha
ports: ports: