kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10036 from hakman/calico-3.16.3 

Update Calico to v3.16.3
This commit is contained in:
Kubernetes Prow Robot 2020-10-10 22:26:47 -07:00 committed by GitHub
parent cc41bba0cf 2c15acfa44
commit 9bd14beaa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 97 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/model/iam/iam_builder.go
View File

@ -275,7 +275,7 @@ func (r *NodeRoleMaster) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
addCiliumEniPermissions(p, resource, b.Cluster.Spec.IAM.Legacy)
}
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "" {
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "") {
addCalicoSrcDstCheckPermissions(p)
}
@ -314,7 +314,7 @@ func (r *NodeRoleNode) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) {
addLyftVPCPermissions(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName())
}
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "" {
if b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil && (b.Cluster.Spec.Networking.Calico.CrossSubnet || b.Cluster.Spec.Networking.Calico.AwsSrcDstCheck != "") {
addCalicoSrcDstCheckPermissions(p)
}

53
upup/models/bindata.go
View File

@ -9422,6 +9422,29 @@ spec:
description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty.
type: string
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
peerIP:
description: The IP address of the peer followed by an optional port
number to peer with. If port number is given, format should be ` + "`" + `[<IPv6>]:port` + "`" + `
@ -9629,6 +9652,16 @@ spec:
spec:
description: FelixConfigurationSpec contains the values of the Felix configuration.
properties:
allowIPIPPacketsFromWorkloads:
description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
will add a rule to drop IPIP encapsulated traffic from workloads
[Default: false]'
type: boolean
allowVXLANPacketsFromWorkloads:
description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
will add a rule to drop VXLAN encapsulated traffic from workloads
[Default: false]'
type: boolean
awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default:
@ -12539,6 +12572,14 @@ rules:
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- secrets
verbs:
# Needed when configuring bgp password in bgppeer
- watch
- list
- get
- apiGroups: [""]
resources:
- endpoints
@ -12755,7 +12796,7 @@ spec:
securityContext:
fsGroup: 65534
containers:
- image: calico/typha:v3.16.1
- image: calico/typha:v3.16.3
name: calico-typha
ports:
- containerPort: 5473
@ -12872,7 +12913,7 @@ spec:
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: calico/cni:v3.16.1
image: calico/cni:v3.16.3
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
envFrom:
- configMapRef:
@ -12899,7 +12940,7 @@ spec:
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: calico/cni:v3.16.1
image: calico/cni:v3.16.3
command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
@ -12940,7 +12981,7 @@ spec:
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: calico/pod2daemon-flexvol:v3.16.1
image: calico/pod2daemon-flexvol:v3.16.3
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
@ -12951,7 +12992,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: calico/node:v3.16.1
image: calico/node:v3.16.3
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
@ -13193,7 +13234,7 @@ spec:
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: calico/kube-controllers:v3.16.1
image: calico/kube-controllers:v3.16.3
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS

53
upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template
View File

@ -259,6 +259,29 @@ spec:
description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty.
type: string
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
peerIP:
description: The IP address of the peer followed by an optional port
number to peer with. If port number is given, format should be `[<IPv6>]:port`
@ -466,6 +489,16 @@ spec:
spec:
description: FelixConfigurationSpec contains the values of the Felix configuration.
properties:
allowIPIPPacketsFromWorkloads:
description: 'AllowIPIPPacketsFromWorkloads controls whether Felix
will add a rule to drop IPIP encapsulated traffic from workloads
[Default: false]'
type: boolean
allowVXLANPacketsFromWorkloads:
description: 'AllowVXLANPacketsFromWorkloads controls whether Felix
will add a rule to drop VXLAN encapsulated traffic from workloads
[Default: false]'
type: boolean
awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default:
@ -3376,6 +3409,14 @@ rules:
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- secrets
verbs:
# Needed when configuring bgp password in bgppeer
- watch
- list
- get
- apiGroups: [""]
resources:
- endpoints
@ -3592,7 +3633,7 @@ spec:
securityContext:
fsGroup: 65534
containers:
- image: calico/typha:v3.16.1
- image: calico/typha:v3.16.3
name: calico-typha
ports:
- containerPort: 5473
@ -3709,7 +3750,7 @@ spec:
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: calico/cni:v3.16.1
image: calico/cni:v3.16.3
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
envFrom:
- configMapRef:
@ -3736,7 +3777,7 @@ spec:
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: calico/cni:v3.16.1
image: calico/cni:v3.16.3
command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
@ -3777,7 +3818,7 @@ spec:
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: calico/pod2daemon-flexvol:v3.16.1
image: calico/pod2daemon-flexvol:v3.16.3
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
@ -3788,7 +3829,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: calico/node:v3.16.1
image: calico/node:v3.16.3
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
@ -4030,7 +4071,7 @@ spec:
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: calico/kube-controllers:v3.16.1
image: calico/kube-controllers:v3.16.3
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS

2
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View File

@ -858,7 +858,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
"k8s-1.7": "2.6.12-kops.1",
"k8s-1.7-v3": "3.8.0-kops.2",
"k8s-1.12": "3.9.6-kops.1",
"k8s-1.16": "3.16.1-kops.3",
"k8s-1.16": "3.16.3-kops.1",
}
{