kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set FELIX_IPTABLESBACKEND for Calico and Canal

This commit is contained in:
Ciprian Hacman 2019-12-10 11:39:18 +02:00
parent 11cec04bab
commit dd69274cf2
9 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
k8s/crds/kops.k8s.io_clusters.yaml
View File

@ -2376,6 +2376,10 @@ spec:
ipipMode:
description: IPIPMode is mode for CALICO_IPV4POOL_IPIP
type: string
iptablesBackend:
description: 'IptablesBackend controls which variant of iptables
binary Felix uses Default: Legacy (other options: NFT)'
type: string
logSeverityScreen:
description: 'LogSeverityScreen lets us set the desired log
level. (Default: info)'
@ -2441,6 +2445,10 @@ spec:
NOT add the default ACCEPT traffic rules to the iptables FORWARD
chain
type: boolean
iptablesBackend:
description: 'IptablesBackend controls which variant of iptables
binary Felix uses Default: Legacy (other options: NFT)'
type: string
logSeveritySys:
description: 'LogSeveritySys the severity to set for logs which
are sent to syslog Default: INFO (other options: DEBUG, WARNING,

6
pkg/apis/kops/networking.go
View File

@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct {
PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
// MajorVersion is the version of Calico to use
MajorVersion string `json:"majorVersion,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// IPIPMode is mode for CALICO_IPV4POOL_IPIP
IPIPMode string `json:"ipipMode,omitempty"`
// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
@ -119,6 +122,9 @@ type CanalNetworkingSpec struct {
// DisableFlannelForwardRules configures Flannel to NOT add the
// default ACCEPT traffic rules to the iptables FORWARD chain
DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// LogSeveritySys the severity to set for logs which are sent to syslog
// Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE)
LogSeveritySys string `json:"logSeveritySys,omitempty"`

6
pkg/apis/kops/v1alpha1/networking.go
View File

@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct {
PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
// MajorVersion is the version of Calico to use
MajorVersion string `json:"majorVersion,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// IPIPMode is mode for CALICO_IPV4POOL_IPIP
IPIPMode string `json:"ipipMode,omitempty"`
// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
@ -119,6 +122,9 @@ type CanalNetworkingSpec struct {
// DisableFlannelForwardRules configures Flannel to NOT add the
// default ACCEPT traffic rules to the iptables FORWARD chain
DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// LogSeveritySys the severity to set for logs which are sent to syslog
// Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE)
LogSeveritySys string `json:"logSeveritySys,omitempty"`

4
pkg/apis/kops/v1alpha1/zz_generated.conversion.go
View File

@ -1137,6 +1137,7 @@ func autoConvert_v1alpha1_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled
out.MajorVersion = in.MajorVersion
out.IptablesBackend = in.IptablesBackend
out.IPIPMode = in.IPIPMode
out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled
out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort
@ -1158,6 +1159,7 @@ func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha1_CalicoNetworkingSpec(in *
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled
out.MajorVersion = in.MajorVersion
out.IptablesBackend = in.IptablesBackend
out.IPIPMode = in.IPIPMode
out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled
out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort
@ -1174,6 +1176,7 @@ func autoConvert_v1alpha1_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca
out.ChainInsertMode = in.ChainInsertMode
out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction
out.DisableFlannelForwardRules = in.DisableFlannelForwardRules
out.IptablesBackend = in.IptablesBackend
out.LogSeveritySys = in.LogSeveritySys
out.MTU = in.MTU
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
@ -1195,6 +1198,7 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha1_CanalNetworkingSpec(in *ko
out.ChainInsertMode = in.ChainInsertMode
out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction
out.DisableFlannelForwardRules = in.DisableFlannelForwardRules
out.IptablesBackend = in.IptablesBackend
out.LogSeveritySys = in.LogSeveritySys
out.MTU = in.MTU
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled

6
pkg/apis/kops/v1alpha2/networking.go
View File

@ -94,6 +94,9 @@ type CalicoNetworkingSpec struct {
PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
// MajorVersion is the version of Calico to use
MajorVersion string `json:"majorVersion,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// IPIPMode is mode for CALICO_IPV4POOL_IPIP
IPIPMode string `json:"ipipMode,omitempty"`
// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
@ -119,6 +122,9 @@ type CanalNetworkingSpec struct {
// DisableFlannelForwardRules configures Flannel to NOT add the
// default ACCEPT traffic rules to the iptables FORWARD chain
DisableFlannelForwardRules bool `json:"disableFlannelForwardRules,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Legacy (other options: NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// LogSeveritySys the severity to set for logs which are sent to syslog
// Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE)
LogSeveritySys string `json:"logSeveritySys,omitempty"`

4
pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View File

@ -1179,6 +1179,7 @@ func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled
out.MajorVersion = in.MajorVersion
out.IptablesBackend = in.IptablesBackend
out.IPIPMode = in.IPIPMode
out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled
out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort
@ -1200,6 +1201,7 @@ func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
out.PrometheusProcessMetricsEnabled = in.PrometheusProcessMetricsEnabled
out.MajorVersion = in.MajorVersion
out.IptablesBackend = in.IptablesBackend
out.IPIPMode = in.IPIPMode
out.TyphaPrometheusMetricsEnabled = in.TyphaPrometheusMetricsEnabled
out.TyphaPrometheusMetricsPort = in.TyphaPrometheusMetricsPort
@ -1216,6 +1218,7 @@ func autoConvert_v1alpha2_CanalNetworkingSpec_To_kops_CanalNetworkingSpec(in *Ca
out.ChainInsertMode = in.ChainInsertMode
out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction
out.DisableFlannelForwardRules = in.DisableFlannelForwardRules
out.IptablesBackend = in.IptablesBackend
out.LogSeveritySys = in.LogSeveritySys
out.MTU = in.MTU
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled
@ -1237,6 +1240,7 @@ func autoConvert_kops_CanalNetworkingSpec_To_v1alpha2_CanalNetworkingSpec(in *ko
out.ChainInsertMode = in.ChainInsertMode
out.DefaultEndpointToHostAction = in.DefaultEndpointToHostAction
out.DisableFlannelForwardRules = in.DisableFlannelForwardRules
out.IptablesBackend = in.IptablesBackend
out.LogSeveritySys = in.LogSeveritySys
out.MTU = in.MTU
out.PrometheusGoMetricsEnabled = in.PrometheusGoMetricsEnabled

3
upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.15.yaml.template
View File

@ -721,6 +721,9 @@ spec:
configMapKeyRef:
name: canal-config
key: veth_mtu
# Set Felix iptables binary variant, Legacy or NFT
- name: FELIX_IPTABLESBACKEND
value: "{{- or .Networking.Canal.IptablesBackend "Legacy" }}"
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"

3
upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.12.yaml.template
View File

@ -819,6 +819,9 @@ spec:
value: "true"
# kops additions
# Set Felix iptables binary variant, Legacy or NFT
- name: FELIX_IPTABLESBACKEND
value: "{{- or .Networking.Calico.IptablesBackend "Legacy" }}"
# Set to enable the experimental Prometheus metrics server
- name: FELIX_PROMETHEUSMETRICSENABLED
value: "{{- or .Networking.Calico.PrometheusMetricsEnabled "false" }}"

4
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View File

@ -828,7 +828,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
"k8s-1.6": "2.6.9-kops.1",
"k8s-1.7": "2.6.12-kops.1",
"k8s-1.7-v3": "3.8.0-kops.2",
"k8s-1.12": "3.9.3-kops.1",
"k8s-1.12": "3.9.3-kops.2",
}
{
@ -912,7 +912,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
"k8s-1.8": "2.6.7-kops.3",
"k8s-1.9": "3.2.3-kops.1",
"k8s-1.12": "3.7.4",
"k8s-1.15": "3.10.1",
"k8s-1.15": "3.10.1-kops.2",
}
{
id := "pre-k8s-1.6"