diff --git a/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template index af6e186d14..cbd59da301 100644 --- a/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template @@ -1,6 +1,5 @@ -# Pulled and modified from https://github.com/cloudnativelabs/kube-router/blob/v0.3.1/daemonset/generic-kuberouter-all-features.yaml +# Pulled and modified from https://github.com/cloudnativelabs/kube-router/blob/v0.4.0/daemonset/generic-kuberouter-all-features.yaml ---- apiVersion: v1 kind: ConfigMap metadata: @@ -12,19 +11,19 @@ metadata: data: cni-conf.json: | { - "cniVersion":"0.3.0", - "name":"mynet", - "plugins":[ - { - "name":"kubernetes", - "type":"bridge", - "bridge":"kube-bridge", - "isDefaultGateway":true, - "ipam":{ - "type":"host-local" - } - } - ] + "cniVersion":"0.3.0", + "name":"mynet", + "plugins":[ + { + "name":"kubernetes", + "type":"bridge", + "bridge":"kube-bridge", + "isDefaultGateway":true, + "ipam":{ + "type":"host-local" + } + } + ] } --- apiVersion: apps/v1 @@ -45,12 +44,12 @@ spec: labels: k8s-app: kube-router tier: node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical + serviceAccountName: kube-router containers: - name: kube-router - image: cloudnativelabs/kube-router:v0.3.1 + image: docker.io/cloudnativelabs/kube-router:v0.4.0 args: - --run-router=true - --run-firewall=true @@ -82,9 +81,6 @@ spec: readOnly: true - name: cni-conf-dir mountPath: /etc/cni/net.d - - name: kubeconfig - mountPath: /var/lib/kube-router/kubeconfig - readOnly: true initContainers: - name: install-cni image: busybox @@ -93,36 +89,35 @@ spec: - -c - set -e -x; if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then - if [ -f /etc/cni/net.d/*.conf ]; then - rm -f /etc/cni/net.d/*.conf; - fi; - TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; - cp /etc/kube-router/cni-conf.json ${TMP}; - mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; + if [ -f /etc/cni/net.d/*.conf ]; then + rm -f /etc/cni/net.d/*.conf; + fi; + TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; + cp /etc/kube-router/cni-conf.json ${TMP}; + mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; fi volumeMounts: - - name: cni-conf-dir - mountPath: /etc/cni/net.d - - name: kube-router-cfg - mountPath: /etc/kube-router + - mountPath: /etc/cni/net.d + name: cni-conf-dir + - mountPath: /etc/kube-router + name: kube-router-cfg hostNetwork: true - priorityClassName: system-node-critical - serviceAccountName: kube-router tolerations: - key: CriticalAddonsOnly operator: Exists - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready operator: Exists volumes: - - hostPath: - path: /lib/modules - name: lib-modules - - hostPath: - path: /etc/cni/net.d - name: cni-conf-dir - - name: kubeconfig + - name: lib-modules hostPath: - path: /var/lib/kube-router/kubeconfig + path: /lib/modules + - name: cni-conf-dir + hostPath: + path: /etc/cni/net.d - name: kube-router-cfg configMap: name: kube-router-cfg @@ -133,38 +128,40 @@ metadata: name: kube-router namespace: kube-system --- -# Kube-router roles kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kube-router namespace: kube-system rules: - - apiGroups: [""] - resources: - - namespaces - - pods - - services - - nodes - - endpoints - verbs: - - get - - list - - watch - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - get - - list - - watch - - apiGroups: ["extensions"] - resources: - - networkpolicies - verbs: - - get - - list - - watch +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + - nodes + - endpoints + verbs: + - list + - get + - watch +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - get + - watch +- apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -178,5 +175,3 @@ subjects: - kind: ServiceAccount name: kube-router namespace: kube-system -- kind: User - name: system:kube-router diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 6a0d253154..c5e0c81061 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -795,7 +795,10 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { if b.cluster.Spec.Networking.Kuberouter != nil { key := "networking.kuberouter" - version := "0.3.1-kops.3" + versions := map[string]string{ + "k8s-1.6": "3.1.0-kops.3", + "k8s-1.12": "0.4.0-kops.1", + } { location := key + "/k8s-1.6.yaml" @@ -803,7 +806,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ Name: fi.String(key), - Version: fi.String(version), + Version: fi.String(versions[id]), Selector: networkingSelector, Manifest: fi.String(location), KubernetesVersion: "<1.12.0", @@ -817,7 +820,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ Name: fi.String(key), - Version: fi.String(version), + Version: fi.String(versions[id]), Selector: networkingSelector, Manifest: fi.String(location), KubernetesVersion: ">=1.12.0",