diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index 0273135bd7..ddaf6937b5 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -2376,6 +2376,10 @@ spec: ipipMode: description: IPIPMode is mode for CALICO_IPV4POOL_IPIP type: string + iptablesBackend: + description: 'IptablesBackend controls which variant of iptables + binary Felix uses Default: Legacy (other options: NFT)' + type: string logSeverityScreen: description: 'LogSeverityScreen lets us set the desired log level. (Default: info)' @@ -2441,6 +2445,10 @@ spec: NOT add the default ACCEPT traffic rules to the iptables FORWARD chain type: boolean + iptablesBackend: + description: 'IptablesBackend controls which variant of iptables + binary Felix uses Default: Legacy (other options: NFT)' + type: string logSeveritySys: description: 'LogSeveritySys the severity to set for logs which are sent to syslog Default: INFO (other options: DEBUG, WARNING, diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index b15e2a77f6..f23f948fe7 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct { PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"` // MajorVersion is the version of Calico to use MajorVersion string `json:"majorVersion,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // IPIPMode is mode for CALICO_IPV4POOL_IPIP IPIPMode string `json:"ipipMode,omitempty"` // TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha @@ -119,6 +122,9 @@ type CanalNetworkingSpec struct { // DisableFlannelForwardRules configures Flannel to NOT add the // default ACCEPT traffic rules to the iptables FORWARD chain DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // LogSeveritySys the severity to set for logs which are sent to syslog // Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE) LogSeveritySys string `json:"logSeveritySys,omitempty"` diff --git a/pkg/apis/kops/v1alpha1/networking.go b/pkg/apis/kops/v1alpha1/networking.go index 33f00b2b78..e24ebe6e4f 100644 --- a/pkg/apis/kops/v1alpha1/networking.go +++ b/pkg/apis/kops/v1alpha1/networking.go @@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct { PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"` // MajorVersion is the version of Calico to use MajorVersion string `json:"majorVersion,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // IPIPMode is mode for CALICO_IPV4POOL_IPIP IPIPMode string `json:"ipipMode,omitempty"` // TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha @@ -119,6 +122,9 @@ type CanalNetworkingSpec struct { // DisableFlannelForwardRules configures Flannel to NOT add the // default ACCEPT traffic rules to the iptables FORWARD chain DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // LogSeveritySys the severity to set for logs which are sent to syslog // Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE) LogSeveritySys string `json:"logSeveritySys,omitempty"` diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go index 6ac9640ba3..ca2e9bd1fa 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go @@ -1137,6 +1137,7 @@ func autoConvert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in * out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled out.MajorVersion = in.MajorVersion + out.IptablesBackend = in.IptablesBackend out.IPIPMode = in.IPIPMode out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort @@ -1158,6 +1159,7 @@ func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha1_CalicoNetworkingSpec(in * out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled out.MajorVersion = in.MajorVersion + out.IptablesBackend = in.IptablesBackend out.IPIPMode = in.IPIPMode out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort @@ -1174,6 +1176,7 @@ func autoConvert_v1alpha1_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca out.ChainInsertMode = in.ChainInsertMode out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled @@ -1195,6 +1198,7 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha1_CanalNetworkingSpec(in *ko out.ChainInsertMode = in.ChainInsertMode out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index 72370c8b0e..40b24086ce 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct { PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"` // MajorVersion is the version of Calico to use MajorVersion string `json:"majorVersion,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // IPIPMode is mode for CALICO_IPV4POOL_IPIP IPIPMode string `json:"ipipMode,omitempty"` // TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha @@ -119,6 +122,9 @@ type CanalNetworkingSpec struct { // DisableFlannelForwardRules configures Flannel to NOT add the // default ACCEPT traffic rules to the iptables FORWARD chain DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"` + // IptablesBackend controls which variant of iptables binary Felix uses + // Default: Legacy (other options: NFT) + IptablesBackend string `json:"iptablesBackend,omitempty"` // LogSeveritySys the severity to set for logs which are sent to syslog // Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE) LogSeveritySys string `json:"logSeveritySys,omitempty"` diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 90c5bad8d8..57d5639c9a 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -1179,6 +1179,7 @@ func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in * out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled out.MajorVersion = in.MajorVersion + out.IptablesBackend = in.IptablesBackend out.IPIPMode = in.IPIPMode out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort @@ -1200,6 +1201,7 @@ func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in * out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled out.MajorVersion = in.MajorVersion + out.IptablesBackend = in.IptablesBackend out.IPIPMode = in.IPIPMode out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort @@ -1216,6 +1218,7 @@ func autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca out.ChainInsertMode = in.ChainInsertMode out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled @@ -1237,6 +1240,7 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *ko out.ChainInsertMode = in.ChainInsertMode out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction out.DisableFlannelForwardRules = in.DisableFlannelForwardRules + out.IptablesBackend = in.IptablesBackend out.LogSeveritySys = in.LogSeveritySys out.MTU = in.MTU out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template index 930994f931..8a9a52664c 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template @@ -721,6 +721,9 @@ spec: configMapKeyRef: name: canal-config key: veth_mtu + # Set Felix iptables binary variant, Legacy or NFT + - name: FELIX_IPTABLESBACKEND + value: "{{- or .Networking.Canal.IptablesBackend "Legacy" }}" # Disable IPv6 on Kubernetes. - name: FELIX_IPV6SUPPORT value: "false" diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.12.yaml.template index 780abc62f5..4fc3d00574 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.12.yaml.template @@ -819,6 +819,9 @@ spec: value: "true" # kops additions + # Set Felix iptables binary variant, Legacy or NFT + - name: FELIX_IPTABLESBACKEND + value: "{{- or .Networking.Calico.IptablesBackend "Legacy" }}" # Set to enable the experimental Prometheus metrics server - name: FELIX_PROMETHEUSMETRICSENABLED value: "{{- or .Networking.Calico.PrometheusMetricsEnabled "false" }}" diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 229d5491f5..64fde695cf 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -828,7 +828,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { "k8s-1.6": "2.6.9-kops.1", "k8s-1.7": "2.6.12-kops.1", "k8s-1.7-v3": "3.8.0-kops.2", - "k8s-1.12": "3.9.3-kops.1", + "k8s-1.12": "3.9.3-kops.2", } { @@ -912,7 +912,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { "k8s-1.8": "2.6.7-kops.3", "k8s-1.9": "3.2.3-kops.1", "k8s-1.12": "3.7.4", - "k8s-1.15": "3.10.1", + "k8s-1.15": "3.10.1-kops.2", } { id := "pre-k8s-1.6"