kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

run hack/update-expected.sh

This commit is contained in:
Jesse Haka 2023-05-24 08:55:35 +03:00
parent de9c5fbf2e
commit be59a4fcf3
6 changed files with 223 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.25 - id: k8s-1.25
manifest: networking.projectcalico.org/k8s-1.25.yaml manifest: networking.projectcalico.org/k8s-1.25.yaml
manifestHash: 219395986f66685fc3d5b0d070c875b3fc02470f28e4fb2fd6f2e30733ffc153 manifestHash: bde3f2186b82eddaca56d35ff7ec2c96e6f8feb583f3096da045eb0d00cdf492
name: networking.projectcalico.org name: networking.projectcalico.org
prune: prune:
kinds: kinds:

96
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.25_content
View File

@ -166,6 +166,12 @@ spec:
type: string type: string
type: object type: object
type: array type: array
ignoredInterfaces:
description: IgnoredInterfaces indicates the network interfaces that
needs to be excluded when reading device routes.
items:
type: string
type: array
listenPort: listenPort:
description: ListenPort is the port where BGP protocol should listen. description: ListenPort is the port where BGP protocol should listen.
Defaults to 179 Defaults to 179
@ -390,12 +396,23 @@ spec:
remote AS number comes from the remote node's NodeBGPSpec.ASNumber, remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set. or the global default if that is not set.
type: string type: string
reachableBy:
description: Add an exact, i.e. /32, static route toward peer IP in
order to prevent route flapping. ReachableBy contains the address
of the gateway which peer can be reached by.
type: string
sourceAddress: sourceAddress:
description: Specifies whether and how to configure a source address description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None" "UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address. means not to configure a source address.
type: string type: string
ttlSecurity:
description: TTLSecurity enables the generalized TTL security mechanism
(GTSM) which protects against spoofed packets by ignoring received
packets with a smaller than expected TTL value. The provided value
is the number of hops (edges) between the peers.
type: integer
type: object type: object
type: object type: object
served: true served: true
@ -903,9 +920,10 @@ spec:
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfEnforceRPF: bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
BPF programs regardless of what is the per-interfaces or global with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]' setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]'
type: string type: string
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
@ -945,6 +963,14 @@ spec:
kube-proxy. Lower values give reduced set-up latency. Higher values kube-proxy. Lower values give reduced set-up latency. Higher values
reduce Felix CPU usage by batching up more work. [Default: 1s]' reduce Felix CPU usage by batching up more work. [Default: 1s]'
type: string type: string
bpfL3IfacePattern:
description: BPFL3IfacePattern is a regular expression that allows
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
created by Calico, that Calico workload traffic flows over as well
as any interfaces that handle incoming traffic to nodeports and
services from outside the cluster.
type: string
bpfLogLevel: bpfLogLevel:
description: 'BPFLogLevel controls the log level of the BPF programs description: 'BPFLogLevel controls the log level of the BPF programs
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
@ -993,12 +1019,12 @@ spec:
- type: string - type: string
description: 'BPFPSNATPorts sets the range from which we randomly description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and within the ephemeral range as defined by RFC 6056 (1024–65535)
preferably outside the ephemeral ranges used by common operating and preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA systems. Linux uses 32768–60999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this defined range 49152–65535. It is not necessarily a problem if
range overlaps with the operating systems. Both ends of the range this range overlaps with the operating systems. Both ends of the
are inclusive. [Default: 20000:29999]' range are inclusive. [Default: 20000:29999]'
pattern: ^.* pattern: ^.*
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
bpfPolicyDebugEnabled: bpfPolicyDebugEnabled:
@ -1020,11 +1046,12 @@ spec:
to use. Only used if UseInternalDataplaneDriver is set to false. to use. Only used if UseInternalDataplaneDriver is set to false.
type: string type: string
dataplaneWatchdogTimeout: dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value used for Felix's (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]' or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
by the generic HealthTimeoutOverrides."
type: string type: string
debugDisableLogDropping: debugDisableLogDropping:
type: boolean type: boolean
@ -1128,15 +1155,21 @@ spec:
type: object type: object
type: array type: array
featureDetectOverride: featureDetectOverride:
description: FeatureDetectOverride is used to override the feature description: FeatureDetectOverride is used to override feature detection
detection. Values are specified in a comma separated list with no based on auto-detected platform capabilities. Values are specified
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
"true" or "false" will force the feature, empty or omitted values or "false" will force the feature, empty or omitted values are auto-detected.
are auto-detected. type: string
featureGates:
description: FeatureGates is used to enable or disable tech-preview
Calico features. Values are specified in a comma separated list
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
This is used to enable features that are not fully production ready.
type: string type: string
floatingIPs: floatingIPs:
description: FloatingIPs configures whether or not Felix will program description: FloatingIPs configures whether or not Felix will program
floating IP addresses. non-OpenStack floating IP addresses. (OpenStack-derived floating
IPs are always programmed, regardless of this setting.)
enum: enum:
- Enabled - Enabled
- Disabled - Disabled
@ -1153,6 +1186,23 @@ spec:
type: string type: string
healthPort: healthPort:
type: integer type: integer
healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for
working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs.
items:
properties:
name:
type: string
timeout:
type: string
required:
- name
- timeout
type: object
type: array
interfaceExclude: interfaceExclude:
description: 'InterfaceExclude is a comma-separated list of interfaces description: 'InterfaceExclude is a comma-separated list of interfaces
that Felix should exclude when monitoring for host endpoints. The that Felix should exclude when monitoring for host endpoints. The
@ -1194,7 +1244,7 @@ spec:
type: string type: string
iptablesBackend: iptablesBackend:
description: IptablesBackend specifies which backend of iptables will description: IptablesBackend specifies which backend of iptables will
be used. The default is legacy. be used. The default is Auto.
type: string type: string
iptablesFilterAllowAction: iptablesFilterAllowAction:
type: string type: string
@ -4576,7 +4626,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -4656,7 +4706,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.24.5 image: docker.io/calico/cni:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: install-cni name: install-cni
securityContext: securityContext:
@ -4670,7 +4720,7 @@ spec:
- calico-node - calico-node
- -init - -init
- -best-effort - -best-effort
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: mount-bpffs name: mount-bpffs
securityContext: securityContext:
@ -4793,7 +4843,7 @@ spec:
value: node value: node
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: kubernetes value: kubernetes
image: docker.io/calico/kube-controllers:v3.24.5 image: docker.io/calico/kube-controllers:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
exec: exec:

2
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.25 - id: k8s-1.25
manifest: networking.projectcalico.org/k8s-1.25.yaml manifest: networking.projectcalico.org/k8s-1.25.yaml
manifestHash: 1852ad0416c94707c3939d43248c81a9f3d209c94f0e33808aeb1c7f87c0b56a manifestHash: 8a9f1f3229fc5eb8fb4e134a93eb8a70c00e135fc6eca6046e9b4c4902fa7205
name: networking.projectcalico.org name: networking.projectcalico.org
prune: prune:
kinds: kinds:

98
tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.25_content
View File

@ -165,6 +165,12 @@ spec:
type: string type: string
type: object type: object
type: array type: array
ignoredInterfaces:
description: IgnoredInterfaces indicates the network interfaces that
needs to be excluded when reading device routes.
items:
type: string
type: array
listenPort: listenPort:
description: ListenPort is the port where BGP protocol should listen. description: ListenPort is the port where BGP protocol should listen.
Defaults to 179 Defaults to 179
@ -389,12 +395,23 @@ spec:
remote AS number comes from the remote node's NodeBGPSpec.ASNumber, remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set. or the global default if that is not set.
type: string type: string
reachableBy:
description: Add an exact, i.e. /32, static route toward peer IP in
order to prevent route flapping. ReachableBy contains the address
of the gateway which peer can be reached by.
type: string
sourceAddress: sourceAddress:
description: Specifies whether and how to configure a source address description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None" "UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address. means not to configure a source address.
type: string type: string
ttlSecurity:
description: TTLSecurity enables the generalized TTL security mechanism
(GTSM) which protects against spoofed packets by ignoring received
packets with a smaller than expected TTL value. The provided value
is the number of hops (edges) between the peers.
type: integer
type: object type: object
type: object type: object
served: true served: true
@ -902,9 +919,10 @@ spec:
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfEnforceRPF: bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
BPF programs regardless of what is the per-interfaces or global with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]' setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]'
type: string type: string
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
@ -944,6 +962,14 @@ spec:
kube-proxy. Lower values give reduced set-up latency. Higher values kube-proxy. Lower values give reduced set-up latency. Higher values
reduce Felix CPU usage by batching up more work. [Default: 1s]' reduce Felix CPU usage by batching up more work. [Default: 1s]'
type: string type: string
bpfL3IfacePattern:
description: BPFL3IfacePattern is a regular expression that allows
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
created by Calico, that Calico workload traffic flows over as well
as any interfaces that handle incoming traffic to nodeports and
services from outside the cluster.
type: string
bpfLogLevel: bpfLogLevel:
description: 'BPFLogLevel controls the log level of the BPF programs description: 'BPFLogLevel controls the log level of the BPF programs
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
@ -992,12 +1018,12 @@ spec:
- type: string - type: string
description: 'BPFPSNATPorts sets the range from which we randomly description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and within the ephemeral range as defined by RFC 6056 (1024–65535)
preferably outside the ephemeral ranges used by common operating and preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA systems. Linux uses 32768–60999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this defined range 49152–65535. It is not necessarily a problem if
range overlaps with the operating systems. Both ends of the range this range overlaps with the operating systems. Both ends of the
are inclusive. [Default: 20000:29999]' range are inclusive. [Default: 20000:29999]'
pattern: ^.* pattern: ^.*
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
bpfPolicyDebugEnabled: bpfPolicyDebugEnabled:
@ -1019,11 +1045,12 @@ spec:
to use. Only used if UseInternalDataplaneDriver is set to false. to use. Only used if UseInternalDataplaneDriver is set to false.
type: string type: string
dataplaneWatchdogTimeout: dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value used for Felix's (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]' or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
by the generic HealthTimeoutOverrides."
type: string type: string
debugDisableLogDropping: debugDisableLogDropping:
type: boolean type: boolean
@ -1127,15 +1154,21 @@ spec:
type: object type: object
type: array type: array
featureDetectOverride: featureDetectOverride:
description: FeatureDetectOverride is used to override the feature description: FeatureDetectOverride is used to override feature detection
detection. Values are specified in a comma separated list with no based on auto-detected platform capabilities. Values are specified
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
"true" or "false" will force the feature, empty or omitted values or "false" will force the feature, empty or omitted values are auto-detected.
are auto-detected. type: string
featureGates:
description: FeatureGates is used to enable or disable tech-preview
Calico features. Values are specified in a comma separated list
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
This is used to enable features that are not fully production ready.
type: string type: string
floatingIPs: floatingIPs:
description: FloatingIPs configures whether or not Felix will program description: FloatingIPs configures whether or not Felix will program
floating IP addresses. non-OpenStack floating IP addresses. (OpenStack-derived floating
IPs are always programmed, regardless of this setting.)
enum: enum:
- Enabled - Enabled
- Disabled - Disabled
@ -1152,6 +1185,23 @@ spec:
type: string type: string
healthPort: healthPort:
type: integer type: integer
healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for
working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs.
items:
properties:
name:
type: string
timeout:
type: string
required:
- name
- timeout
type: object
type: array
interfaceExclude: interfaceExclude:
description: 'InterfaceExclude is a comma-separated list of interfaces description: 'InterfaceExclude is a comma-separated list of interfaces
that Felix should exclude when monitoring for host endpoints. The that Felix should exclude when monitoring for host endpoints. The
@ -1193,7 +1243,7 @@ spec:
type: string type: string
iptablesBackend: iptablesBackend:
description: IptablesBackend specifies which backend of iptables will description: IptablesBackend specifies which backend of iptables will
be used. The default is legacy. be used. The default is Auto.
type: string type: string
iptablesFilterAllowAction: iptablesFilterAllowAction:
type: string type: string
@ -4571,7 +4621,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -4645,7 +4695,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.24.5 image: docker.io/calico/cni:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: upgrade-ipam name: upgrade-ipam
securityContext: securityContext:
@ -4680,7 +4730,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.24.5 image: docker.io/calico/cni:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: install-cni name: install-cni
securityContext: securityContext:
@ -4694,7 +4744,7 @@ spec:
- calico-node - calico-node
- -init - -init
- -best-effort - -best-effort
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: mount-bpffs name: mount-bpffs
securityContext: securityContext:
@ -4820,7 +4870,7 @@ spec:
value: node value: node
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: kubernetes value: kubernetes
image: docker.io/calico/kube-controllers:v3.24.5 image: docker.io/calico/kube-controllers:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
exec: exec:

2
tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content
View File

@ -55,7 +55,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.25 - id: k8s-1.25
manifest: networking.projectcalico.org.canal/k8s-1.25.yaml manifest: networking.projectcalico.org.canal/k8s-1.25.yaml
manifestHash: 0de2c92594096a040369eb190d7090380deb470af2262716bdbad660da07d067 manifestHash: fd73e91eb9ddc00e565073190350eb301a6831fc211f84b508bb3c9e6bd94841
name: networking.projectcalico.org.canal name: networking.projectcalico.org.canal
prune: prune:
kinds: kinds:

96
tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-networking.projectcalico.org.canal-k8s-1.25_content
View File

@ -172,6 +172,12 @@ spec:
type: string type: string
type: object type: object
type: array type: array
ignoredInterfaces:
description: IgnoredInterfaces indicates the network interfaces that
needs to be excluded when reading device routes.
items:
type: string
type: array
listenPort: listenPort:
description: ListenPort is the port where BGP protocol should listen. description: ListenPort is the port where BGP protocol should listen.
Defaults to 179 Defaults to 179
@ -396,12 +402,23 @@ spec:
remote AS number comes from the remote node's NodeBGPSpec.ASNumber, remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set. or the global default if that is not set.
type: string type: string
reachableBy:
description: Add an exact, i.e. /32, static route toward peer IP in
order to prevent route flapping. ReachableBy contains the address
of the gateway which peer can be reached by.
type: string
sourceAddress: sourceAddress:
description: Specifies whether and how to configure a source address description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None" "UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address. means not to configure a source address.
type: string type: string
ttlSecurity:
description: TTLSecurity enables the generalized TTL security mechanism
(GTSM) which protects against spoofed packets by ignoring received
packets with a smaller than expected TTL value. The provided value
is the number of hops (edges) between the peers.
type: integer
type: object type: object
type: object type: object
served: true served: true
@ -909,9 +926,10 @@ spec:
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfEnforceRPF: bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
BPF programs regardless of what is the per-interfaces or global with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]' setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]'
type: string type: string
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
@ -951,6 +969,14 @@ spec:
kube-proxy. Lower values give reduced set-up latency. Higher values kube-proxy. Lower values give reduced set-up latency. Higher values
reduce Felix CPU usage by batching up more work. [Default: 1s]' reduce Felix CPU usage by batching up more work. [Default: 1s]'
type: string type: string
bpfL3IfacePattern:
description: BPFL3IfacePattern is a regular expression that allows
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
created by Calico, that Calico workload traffic flows over as well
as any interfaces that handle incoming traffic to nodeports and
services from outside the cluster.
type: string
bpfLogLevel: bpfLogLevel:
description: 'BPFLogLevel controls the log level of the BPF programs description: 'BPFLogLevel controls the log level of the BPF programs
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
@ -999,12 +1025,12 @@ spec:
- type: string - type: string
description: 'BPFPSNATPorts sets the range from which we randomly description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and within the ephemeral range as defined by RFC 6056 (1024–65535)
preferably outside the ephemeral ranges used by common operating and preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA systems. Linux uses 32768–60999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this defined range 49152–65535. It is not necessarily a problem if
range overlaps with the operating systems. Both ends of the range this range overlaps with the operating systems. Both ends of the
are inclusive. [Default: 20000:29999]' range are inclusive. [Default: 20000:29999]'
pattern: ^.* pattern: ^.*
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
bpfPolicyDebugEnabled: bpfPolicyDebugEnabled:
@ -1026,11 +1052,12 @@ spec:
to use. Only used if UseInternalDataplaneDriver is set to false. to use. Only used if UseInternalDataplaneDriver is set to false.
type: string type: string
dataplaneWatchdogTimeout: dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value used for Felix's (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]' or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
by the generic HealthTimeoutOverrides."
type: string type: string
debugDisableLogDropping: debugDisableLogDropping:
type: boolean type: boolean
@ -1134,15 +1161,21 @@ spec:
type: object type: object
type: array type: array
featureDetectOverride: featureDetectOverride:
description: FeatureDetectOverride is used to override the feature description: FeatureDetectOverride is used to override feature detection
detection. Values are specified in a comma separated list with no based on auto-detected platform capabilities. Values are specified
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
"true" or "false" will force the feature, empty or omitted values or "false" will force the feature, empty or omitted values are auto-detected.
are auto-detected. type: string
featureGates:
description: FeatureGates is used to enable or disable tech-preview
Calico features. Values are specified in a comma separated list
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
This is used to enable features that are not fully production ready.
type: string type: string
floatingIPs: floatingIPs:
description: FloatingIPs configures whether or not Felix will program description: FloatingIPs configures whether or not Felix will program
floating IP addresses. non-OpenStack floating IP addresses. (OpenStack-derived floating
IPs are always programmed, regardless of this setting.)
enum: enum:
- Enabled - Enabled
- Disabled - Disabled
@ -1159,6 +1192,23 @@ spec:
type: string type: string
healthPort: healthPort:
type: integer type: integer
healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for
working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs.
items:
properties:
name:
type: string
timeout:
type: string
required:
- name
- timeout
type: object
type: array
interfaceExclude: interfaceExclude:
description: 'InterfaceExclude is a comma-separated list of interfaces description: 'InterfaceExclude is a comma-separated list of interfaces
that Felix should exclude when monitoring for host endpoints. The that Felix should exclude when monitoring for host endpoints. The
@ -1200,7 +1250,7 @@ spec:
type: string type: string
iptablesBackend: iptablesBackend:
description: IptablesBackend specifies which backend of iptables will description: IptablesBackend specifies which backend of iptables will
be used. The default is legacy. be used. The default is Auto.
type: string type: string
iptablesFilterAllowAction: iptablesFilterAllowAction:
type: string type: string
@ -4570,7 +4620,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@ -4688,7 +4738,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.24.5 image: docker.io/calico/cni:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: install-cni name: install-cni
securityContext: securityContext:
@ -4702,7 +4752,7 @@ spec:
- calico-node - calico-node
- -init - -init
- -best-effort - -best-effort
image: docker.io/calico/node:v3.24.5 image: docker.io/calico/node:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: mount-bpffs name: mount-bpffs
securityContext: securityContext:
@ -4828,7 +4878,7 @@ spec:
value: node value: node
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: kubernetes value: kubernetes
image: docker.io/calico/kube-controllers:v3.24.5 image: docker.io/calico/kube-controllers:v3.25.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
exec: exec: