Update flannel manifest to v0.11.0 and add iptables-resync flag

docs/networking.md

@@ -440,6 +440,19 @@ For support with Cilium Network Policies you can reach out on Slack or Github:
 - [Cilium Github](https://github.com/cilium/cilium)
 - [Cilium Slack](https://cilium.io/slack)
 
+### Flannel Example for CNI
+
+#### Configuraing Flannel iptables resync period
+
+Flannel iptables resync option is configurable via editing a cluster and adding
+`iptablesResyncSeconds` option to spec:
+
+```
+  networking:
+    flannel:
+      iptablesResyncSeconds: 360
+```
+
 ### Validating CNI Installation
 
 You will notice that `kube-dns` fails to start properly until you deploy your CNI provider.

upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template

@@ -104,7 +104,7 @@ spec:
       - operator: Exists
       initContainers:
       - name: install-cni
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
         command:
         - cp
         args:
@@ -118,8 +118,12 @@ spec:
           mountPath: /etc/kube-flannel/
       containers:
       - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
-        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
+        command:
+        - "/opt/bin/flanneld"
+        - "--ip-masq"
+        - "--kube-subnet-mgr"
+        - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}"
         securityContext:
           privileged: true
         env:

upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template

@@ -99,7 +99,7 @@ spec:
       - operator: Exists
       initContainers:
       - name: install-cni
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
         command:
         - cp
         args:
@@ -113,8 +113,12 @@ spec:
           mountPath: /etc/kube-flannel/
       containers:
       - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
-        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
+        command:
+        - "/opt/bin/flanneld"
+        - "--ip-masq"
+        - "--kube-subnet-mgr"
+        - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}"
         securityContext:
           privileged: true
         env:

upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template

@@ -54,8 +54,12 @@ spec:
       serviceAccountName: flannel
       containers:
       - name: kube-flannel
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
-        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
+        command:
+        - "/opt/bin/flanneld"
+        - "--ip-masq"
+        - "--kube-subnet-mgr"
+        - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}"
         securityContext:
           privileged: true
         env:
@@ -79,7 +83,7 @@ spec:
         - name: flannel-cfg
           mountPath: /etc/kube-flannel/
       - name: install-cni
-        image: quay.io/coreos/flannel:v0.10.0-amd64
+        image: quay.io/coreos/flannel:v0.11.0-amd64
         command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ]
         resources:
           limits:
@@ -102,4 +106,4 @@ spec:
             path: /etc/cni/net.d
         - name: flannel-cfg
           configMap:
-            name: kube-flannel-cfg
+            name: kube-flannel-cfg