diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template index ca7bb5d24a..4ec06096f2 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template @@ -1,4 +1,4 @@ -# Pulled and modified from: https://docs.projectcalico.org/v3.23/manifests/canal.yaml +# Pulled and modified from: https://projectcalico.docs.tigera.io/archive/v3.23/manifests/canal.yaml --- # Source: calico/templates/calico-config.yaml @@ -865,6 +865,11 @@ spec: node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel]' type: string + bpfHostConntrackBypass: + description: 'BPFHostConntrackBypass Controls whether to bypass Linux + conntrack in BPF mode for workloads and services. [Default: true + - bypass Linux conntrack]' + type: boolean bpfKubeProxyEndpointSlicesEnabled: description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls whether Felix's embedded kube-proxy accepts EndpointSlices or not. @@ -1061,7 +1066,6 @@ spec: are auto-detected. type: string floatingIPs: - default: Disabled description: FloatingIPs configures whether or not Felix will program floating IP addresses. enum: @@ -1384,8 +1388,8 @@ spec: type: boolean vxlanEnabled: description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for VXLAN networking. Optional as Felix determines - this based on the existing IP pools. [Default: nil (unset)]' + VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix + determines this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel @@ -4366,7 +4370,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: calico/typha:v3.23.3 + - image: calico/typha:v3.23.4 name: calico-typha ports: - containerPort: 5473 @@ -4476,7 +4480,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.23.3 + image: docker.io/calico/cni:v3.23.4 command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -4524,7 +4528,7 @@ spec: # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode. - name: "mount-bpffs" - image: docker.io/calico/node:v3.23.3 + image: docker.io/calico/node:v3.23.4 command: ["calico-node", "-init", "-best-effort"] volumeMounts: - mountPath: /sys/fs @@ -4549,7 +4553,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.23.3 + image: docker.io/calico/node:v3.23.4 envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -4840,7 +4844,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.23.3 + image: docker.io/calico/kube-controllers:v3.23.4 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS