kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Run hack/update-expected.sh

This commit is contained in:
Ciprian Hacman 2021-11-11 06:17:13 +02:00
parent 5cad1999fc
commit efd6628784
4 changed files with 768 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-bootstrap_content
View File

@ -54,7 +54,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: networking.projectcalico.org/k8s-1.16.yaml manifest: networking.projectcalico.org/k8s-1.16.yaml
manifestHash: ac010a4bac0ae69a9e7693ebaf06e6a2a82010c0c97b01a58b19c89ff7db1803 manifestHash: fe30f09850e8d3744b3b4257a6199d9df7382c89b608391b40b027ba641e6c09
name: networking.projectcalico.org name: networking.projectcalico.org
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"

406
tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content
View File

@ -386,6 +386,274 @@ status:
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
app.kubernetes.io/managed-by: kops
role.kubernetes.io/networking: "1"
name: caliconodestatuses.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: CalicoNodeStatus
listKind: CalicoNodeStatusList
plural: caliconodestatuses
singular: caliconodestatus
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
resource.
properties:
classes:
description: Classes declares the types of information to monitor
for this calico/node, and allows for selective status reporting
about certain subsets of information.
items:
type: string
type: array
node:
description: The node name identifies the Calico node instance for
node status.
type: string
updatePeriodSeconds:
description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
should be updated. Set to 0 to disable CalicoNodeStatus refresh.
Maximum update period is one day.
format: int32
type: integer
type: object
status:
description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
No validation needed for status since it is updated by Calico.
properties:
agent:
description: Agent holds agent status on the node.
properties:
birdV4:
description: BIRDV4 represents the latest observed status of bird4.
properties:
lastBootTime:
description: LastBootTime holds the value of lastBootTime
from bird.ctl output.
type: string
lastReconfigurationTime:
description: LastReconfigurationTime holds the value of lastReconfigTime
from bird.ctl output.
type: string
routerID:
description: Router ID used by bird.
type: string
state:
description: The state of the BGP Daemon.
type: string
version:
description: Version of the BGP daemon
type: string
type: object
birdV6:
description: BIRDV6 represents the latest observed status of bird6.
properties:
lastBootTime:
description: LastBootTime holds the value of lastBootTime
from bird.ctl output.
type: string
lastReconfigurationTime:
description: LastReconfigurationTime holds the value of lastReconfigTime
from bird.ctl output.
type: string
routerID:
description: Router ID used by bird.
type: string
state:
description: The state of the BGP Daemon.
type: string
version:
description: Version of the BGP daemon
type: string
type: object
type: object
bgp:
description: BGP holds node BGP status.
properties:
numberEstablishedV4:
description: The total number of IPv4 established bgp sessions.
type: integer
numberEstablishedV6:
description: The total number of IPv6 established bgp sessions.
type: integer
numberNotEstablishedV4:
description: The total number of IPv4 non-established bgp sessions.
type: integer
numberNotEstablishedV6:
description: The total number of IPv6 non-established bgp sessions.
type: integer
peersV4:
description: PeersV4 represents IPv4 BGP peers status on the node.
items:
description: CalicoNodePeer contains the status of BGP peers
on the node.
properties:
peerIP:
description: IP address of the peer whose condition we are
reporting.
type: string
since:
description: Since the state or reason last changed.
type: string
state:
description: State is the BGP session state.
type: string
type:
description: Type indicates whether this peer is configured
via the node-to-node mesh, or via en explicit global or
per-node BGPPeer object.
type: string
type: object
type: array
peersV6:
description: PeersV6 represents IPv6 BGP peers status on the node.
items:
description: CalicoNodePeer contains the status of BGP peers
on the node.
properties:
peerIP:
description: IP address of the peer whose condition we are
reporting.
type: string
since:
description: Since the state or reason last changed.
type: string
state:
description: State is the BGP session state.
type: string
type:
description: Type indicates whether this peer is configured
via the node-to-node mesh, or via en explicit global or
per-node BGPPeer object.
type: string
type: object
type: array
required:
- numberEstablishedV4
- numberEstablishedV6
- numberNotEstablishedV4
- numberNotEstablishedV6
type: object
lastUpdated:
description: LastUpdated is a timestamp representing the server time
when CalicoNodeStatus object last updated. It is represented in
RFC3339 form and is in UTC.
format: date-time
nullable: true
type: string
routes:
description: Routes reports routes known to the Calico BGP daemon
on the node.
properties:
routesV4:
description: RoutesV4 represents IPv4 routes on the node.
items:
description: CalicoNodeRoute contains the status of BGP routes
on the node.
properties:
destination:
description: Destination of the route.
type: string
gateway:
description: Gateway for the destination.
type: string
interface:
description: Interface for the destination
type: string
learnedFrom:
description: LearnedFrom contains information regarding
where this route originated.
properties:
peerIP:
description: If sourceType is NodeMesh or BGPPeer, IP
address of the router that sent us this route.
type: string
sourceType:
description: Type of the source where a route is learned
from.
type: string
type: object
type:
description: Type indicates if the route is being used for
forwarding or not.
type: string
type: object
type: array
routesV6:
description: RoutesV6 represents IPv6 routes on the node.
items:
description: CalicoNodeRoute contains the status of BGP routes
on the node.
properties:
destination:
description: Destination of the route.
type: string
gateway:
description: Gateway for the destination.
type: string
interface:
description: Interface for the destination
type: string
learnedFrom:
description: LearnedFrom contains information regarding
where this route originated.
properties:
peerIP:
description: If sourceType is NodeMesh or BGPPeer, IP
address of the router that sent us this route.
type: string
sourceType:
description: Type of the source where a route is learned
from.
type: string
type: object
type:
description: Type indicates if the route is being used for
forwarding or not.
type: string
type: object
type: array
type: object
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -506,7 +774,7 @@ spec:
type: boolean type: boolean
awsSrcDstCheck: awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default: value must be one of "DoNothing", "Enable" or "Disable". [Default:
DoNothing]' DoNothing]'
enum: enum:
- DoNothing - DoNothing
@ -541,7 +809,7 @@ spec:
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, controls a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local mark that is set on connections from an external client to a local
service. This mark allows us to control how packets of that connection service. This mark allows us to control how packets of that connection
are routed within the host and how is routing intepreted by RPF are routed within the host and how is routing intepreted by RPF
@ -905,6 +1173,12 @@ spec:
to false. This reduces the number of metrics reported, reducing to false. This reduces the number of metrics reported, reducing
Prometheus load. [Default: true]' Prometheus load. [Default: true]'
type: boolean type: boolean
prometheusWireGuardMetricsEnabled:
description: 'PrometheusWireGuardMetricsEnabled disables wireguard
metrics collection, which the Prometheus client does by default,
when set to false. This reduces the number of metrics reported,
reducing Prometheus load. [Default: true]'
type: boolean
removeExternalRoutes: removeExternalRoutes:
description: Whether or not to remove device routes that have not description: Whether or not to remove device routes that have not
been programmed by Felix. Disabling this will allow external applications been programmed by Felix. Disabling this will allow external applications
@ -986,6 +1260,10 @@ spec:
description: 'WireguardEnabled controls whether Wireguard is enabled. description: 'WireguardEnabled controls whether Wireguard is enabled.
[Default: false]' [Default: false]'
type: boolean type: boolean
wireguardHostEncryptionEnabled:
description: 'WireguardHostEncryptionEnabled controls whether Wireguard
host-to-host encryption is enabled. [Default: false]'
type: boolean
wireguardInterfaceName: wireguardInterfaceName:
description: 'WireguardInterfaceName specifies the name to use for description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]' the Wireguard interface. [Default: wg.calico]'
@ -1201,8 +1479,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1427,8 +1705,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1574,8 +1852,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1800,8 +2078,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -2305,6 +2583,12 @@ spec:
spec: spec:
description: IPPoolSpec contains the specification for an IPPool resource. description: IPPoolSpec contains the specification for an IPPool resource.
properties: properties:
allowedUses:
description: AllowedUse controls what the IP pool will be used for. If
not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
items:
type: string
type: array
blockSize: blockSize:
description: The block size to use for IP address assignments from description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6. this pool. Defaults to 26 for IPv4 and 112 for IPv6.
@ -2312,6 +2596,10 @@ spec:
cidr: cidr:
description: The pool CIDR. description: The pool CIDR.
type: string type: string
disableBGPExport:
description: 'Disable exporting routes from this IP Pools CIDR over
BGP. [Default: false]'
type: boolean
disabled: disabled:
description: When disabled is true, Calico IPAM will not assign addresses description: When disabled is true, Calico IPAM will not assign addresses
from this pool. from this pool.
@ -2373,6 +2661,63 @@ status:
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
app.kubernetes.io/managed-by: kops
role.kubernetes.io/networking: "1"
name: ipreservations.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: IPReservation
listKind: IPReservationList
plural: ipreservations
singular: ipreservation
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPReservationSpec contains the specification for an IPReservation
resource.
properties:
reservedCIDRs:
description: ReservedCIDRs is a list of CIDRs and/or IP addresses
that Calico IPAM will exclude from new allocations.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -2787,8 +3132,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3013,8 +3358,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3160,8 +3505,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3386,8 +3731,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3551,6 +3896,7 @@ rules:
- crd.projectcalico.org - crd.projectcalico.org
resources: resources:
- ippools - ippools
- ipreservations
verbs: verbs:
- list - list
- apiGroups: - apiGroups:
@ -3694,6 +4040,7 @@ rules:
- globalbgpconfigs - globalbgpconfigs
- bgpconfigurations - bgpconfigurations
- ippools - ippools
- ipreservations
- ipamblocks - ipamblocks
- globalnetworkpolicies - globalnetworkpolicies
- globalnetworksets - globalnetworksets
@ -3702,6 +4049,7 @@ rules:
- clusterinformations - clusterinformations
- hostendpoints - hostendpoints
- blockaffinities - blockaffinities
- caliconodestatuses
verbs: verbs:
- get - get
- list - list
@ -3715,6 +4063,12 @@ rules:
verbs: verbs:
- create - create
- update - update
- apiGroups:
- crd.projectcalico.org
resources:
- caliconodestatuses
verbs:
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -3892,7 +4246,13 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/node:v3.20.2 image: docker.io/calico/node:v3.21.1
lifecycle:
preStop:
exec:
command:
- /bin/calico-node
- -shutdown
livenessProbe: livenessProbe:
exec: exec:
command: command:
@ -3958,7 +4318,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.20.2 image: docker.io/calico/cni:v3.21.1
name: upgrade-ipam name: upgrade-ipam
securityContext: securityContext:
privileged: true privileged: true
@ -3992,7 +4352,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.20.2 image: docker.io/calico/cni:v3.21.1
name: install-cni name: install-cni
securityContext: securityContext:
privileged: true privileged: true
@ -4001,7 +4361,7 @@ spec:
name: cni-bin-dir name: cni-bin-dir
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- image: docker.io/calico/pod2daemon-flexvol:v3.20.2 - image: docker.io/calico/pod2daemon-flexvol:v3.21.1
name: flexvol-driver name: flexvol-driver
securityContext: securityContext:
privileged: true privileged: true
@ -4109,7 +4469,7 @@ spec:
value: node value: node
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: kubernetes value: kubernetes
image: docker.io/calico/kube-controllers:v3.20.2 image: docker.io/calico/kube-controllers:v3.21.1
livenessProbe: livenessProbe:
exec: exec:
command: command:

2
tests/integration/update_cluster/privatecalico/data/aws_s3_bucket_object_privatecalico.example.com-addons-bootstrap_content
View File

@ -54,7 +54,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.16 - id: k8s-1.16
manifest: networking.projectcalico.org/k8s-1.16.yaml manifest: networking.projectcalico.org/k8s-1.16.yaml
manifestHash: f9fc744ae00cc5fe205bfd59f562399640761293460628da11e56c0f42b51757 manifestHash: 69a558c349000e8f818014f5da0b029b62ba5eddab471670320b962eefbfc19c
name: networking.projectcalico.org name: networking.projectcalico.org
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"

406
tests/integration/update_cluster/privatecalico/data/aws_s3_bucket_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content
View File

@ -385,6 +385,274 @@ status:
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
app.kubernetes.io/managed-by: kops
role.kubernetes.io/networking: "1"
name: caliconodestatuses.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: CalicoNodeStatus
listKind: CalicoNodeStatusList
plural: caliconodestatuses
singular: caliconodestatus
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CalicoNodeStatusSpec contains the specification for a CalicoNodeStatus
resource.
properties:
classes:
description: Classes declares the types of information to monitor
for this calico/node, and allows for selective status reporting
about certain subsets of information.
items:
type: string
type: array
node:
description: The node name identifies the Calico node instance for
node status.
type: string
updatePeriodSeconds:
description: UpdatePeriodSeconds is the period at which CalicoNodeStatus
should be updated. Set to 0 to disable CalicoNodeStatus refresh.
Maximum update period is one day.
format: int32
type: integer
type: object
status:
description: CalicoNodeStatusStatus defines the observed state of CalicoNodeStatus.
No validation needed for status since it is updated by Calico.
properties:
agent:
description: Agent holds agent status on the node.
properties:
birdV4:
description: BIRDV4 represents the latest observed status of bird4.
properties:
lastBootTime:
description: LastBootTime holds the value of lastBootTime
from bird.ctl output.
type: string
lastReconfigurationTime:
description: LastReconfigurationTime holds the value of lastReconfigTime
from bird.ctl output.
type: string
routerID:
description: Router ID used by bird.
type: string
state:
description: The state of the BGP Daemon.
type: string
version:
description: Version of the BGP daemon
type: string
type: object
birdV6:
description: BIRDV6 represents the latest observed status of bird6.
properties:
lastBootTime:
description: LastBootTime holds the value of lastBootTime
from bird.ctl output.
type: string
lastReconfigurationTime:
description: LastReconfigurationTime holds the value of lastReconfigTime
from bird.ctl output.
type: string
routerID:
description: Router ID used by bird.
type: string
state:
description: The state of the BGP Daemon.
type: string
version:
description: Version of the BGP daemon
type: string
type: object
type: object
bgp:
description: BGP holds node BGP status.
properties:
numberEstablishedV4:
description: The total number of IPv4 established bgp sessions.
type: integer
numberEstablishedV6:
description: The total number of IPv6 established bgp sessions.
type: integer
numberNotEstablishedV4:
description: The total number of IPv4 non-established bgp sessions.
type: integer
numberNotEstablishedV6:
description: The total number of IPv6 non-established bgp sessions.
type: integer
peersV4:
description: PeersV4 represents IPv4 BGP peers status on the node.
items:
description: CalicoNodePeer contains the status of BGP peers
on the node.
properties:
peerIP:
description: IP address of the peer whose condition we are
reporting.
type: string
since:
description: Since the state or reason last changed.
type: string
state:
description: State is the BGP session state.
type: string
type:
description: Type indicates whether this peer is configured
via the node-to-node mesh, or via en explicit global or
per-node BGPPeer object.
type: string
type: object
type: array
peersV6:
description: PeersV6 represents IPv6 BGP peers status on the node.
items:
description: CalicoNodePeer contains the status of BGP peers
on the node.
properties:
peerIP:
description: IP address of the peer whose condition we are
reporting.
type: string
since:
description: Since the state or reason last changed.
type: string
state:
description: State is the BGP session state.
type: string
type:
description: Type indicates whether this peer is configured
via the node-to-node mesh, or via en explicit global or
per-node BGPPeer object.
type: string
type: object
type: array
required:
- numberEstablishedV4
- numberEstablishedV6
- numberNotEstablishedV4
- numberNotEstablishedV6
type: object
lastUpdated:
description: LastUpdated is a timestamp representing the server time
when CalicoNodeStatus object last updated. It is represented in
RFC3339 form and is in UTC.
format: date-time
nullable: true
type: string
routes:
description: Routes reports routes known to the Calico BGP daemon
on the node.
properties:
routesV4:
description: RoutesV4 represents IPv4 routes on the node.
items:
description: CalicoNodeRoute contains the status of BGP routes
on the node.
properties:
destination:
description: Destination of the route.
type: string
gateway:
description: Gateway for the destination.
type: string
interface:
description: Interface for the destination
type: string
learnedFrom:
description: LearnedFrom contains information regarding
where this route originated.
properties:
peerIP:
description: If sourceType is NodeMesh or BGPPeer, IP
address of the router that sent us this route.
type: string
sourceType:
description: Type of the source where a route is learned
from.
type: string
type: object
type:
description: Type indicates if the route is being used for
forwarding or not.
type: string
type: object
type: array
routesV6:
description: RoutesV6 represents IPv6 routes on the node.
items:
description: CalicoNodeRoute contains the status of BGP routes
on the node.
properties:
destination:
description: Destination of the route.
type: string
gateway:
description: Gateway for the destination.
type: string
interface:
description: Interface for the destination
type: string
learnedFrom:
description: LearnedFrom contains information regarding
where this route originated.
properties:
peerIP:
description: If sourceType is NodeMesh or BGPPeer, IP
address of the router that sent us this route.
type: string
sourceType:
description: Type of the source where a route is learned
from.
type: string
type: object
type:
description: Type indicates if the route is being used for
forwarding or not.
type: string
type: object
type: array
type: object
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -505,7 +773,7 @@ spec:
type: boolean type: boolean
awsSrcDstCheck: awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default: value must be one of "DoNothing", "Enable" or "Disable". [Default:
DoNothing]' DoNothing]'
enum: enum:
- DoNothing - DoNothing
@ -540,7 +808,7 @@ spec:
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, controls a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local mark that is set on connections from an external client to a local
service. This mark allows us to control how packets of that connection service. This mark allows us to control how packets of that connection
are routed within the host and how is routing intepreted by RPF are routed within the host and how is routing intepreted by RPF
@ -904,6 +1172,12 @@ spec:
to false. This reduces the number of metrics reported, reducing to false. This reduces the number of metrics reported, reducing
Prometheus load. [Default: true]' Prometheus load. [Default: true]'
type: boolean type: boolean
prometheusWireGuardMetricsEnabled:
description: 'PrometheusWireGuardMetricsEnabled disables wireguard
metrics collection, which the Prometheus client does by default,
when set to false. This reduces the number of metrics reported,
reducing Prometheus load. [Default: true]'
type: boolean
removeExternalRoutes: removeExternalRoutes:
description: Whether or not to remove device routes that have not description: Whether or not to remove device routes that have not
been programmed by Felix. Disabling this will allow external applications been programmed by Felix. Disabling this will allow external applications
@ -985,6 +1259,10 @@ spec:
description: 'WireguardEnabled controls whether Wireguard is enabled. description: 'WireguardEnabled controls whether Wireguard is enabled.
[Default: false]' [Default: false]'
type: boolean type: boolean
wireguardHostEncryptionEnabled:
description: 'WireguardHostEncryptionEnabled controls whether Wireguard
host-to-host encryption is enabled. [Default: false]'
type: boolean
wireguardInterfaceName: wireguardInterfaceName:
description: 'WireguardInterfaceName specifies the name to use for description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]' the Wireguard interface. [Default: wg.calico]'
@ -1200,8 +1478,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1426,8 +1704,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1573,8 +1851,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -1799,8 +2077,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -2304,6 +2582,12 @@ spec:
spec: spec:
description: IPPoolSpec contains the specification for an IPPool resource. description: IPPoolSpec contains the specification for an IPPool resource.
properties: properties:
allowedUses:
description: AllowedUse controls what the IP pool will be used for. If
not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
items:
type: string
type: array
blockSize: blockSize:
description: The block size to use for IP address assignments from description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6. this pool. Defaults to 26 for IPv4 and 112 for IPv6.
@ -2311,6 +2595,10 @@ spec:
cidr: cidr:
description: The pool CIDR. description: The pool CIDR.
type: string type: string
disableBGPExport:
description: 'Disable exporting routes from this IP Pools CIDR over
BGP. [Default: false]'
type: boolean
disabled: disabled:
description: When disabled is true, Calico IPAM will not assign addresses description: When disabled is true, Calico IPAM will not assign addresses
from this pool. from this pool.
@ -2372,6 +2660,63 @@ status:
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: networking.projectcalico.org
app.kubernetes.io/managed-by: kops
role.kubernetes.io/networking: "1"
name: ipreservations.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: IPReservation
listKind: IPReservationList
plural: ipreservations
singular: ipreservation
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPReservationSpec contains the specification for an IPReservation
resource.
properties:
reservedCIDRs:
description: ReservedCIDRs is a list of CIDRs and/or IP addresses
that Calico IPAM will exclude from new allocations.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -2786,8 +3131,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3012,8 +3357,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3159,8 +3504,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3385,8 +3730,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -3550,6 +3895,7 @@ rules:
- crd.projectcalico.org - crd.projectcalico.org
resources: resources:
- ippools - ippools
- ipreservations
verbs: verbs:
- list - list
- apiGroups: - apiGroups:
@ -3693,6 +4039,7 @@ rules:
- globalbgpconfigs - globalbgpconfigs
- bgpconfigurations - bgpconfigurations
- ippools - ippools
- ipreservations
- ipamblocks - ipamblocks
- globalnetworkpolicies - globalnetworkpolicies
- globalnetworksets - globalnetworksets
@ -3701,6 +4048,7 @@ rules:
- clusterinformations - clusterinformations
- hostendpoints - hostendpoints
- blockaffinities - blockaffinities
- caliconodestatuses
verbs: verbs:
- get - get
- list - list
@ -3714,6 +4062,12 @@ rules:
verbs: verbs:
- create - create
- update - update
- apiGroups:
- crd.projectcalico.org
resources:
- caliconodestatuses
verbs:
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -3887,7 +4241,13 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/node:v3.20.2 image: docker.io/calico/node:v3.21.1
lifecycle:
preStop:
exec:
command:
- /bin/calico-node
- -shutdown
livenessProbe: livenessProbe:
exec: exec:
command: command:
@ -3955,7 +4315,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.20.2 image: docker.io/calico/cni:v3.21.1
name: upgrade-ipam name: upgrade-ipam
securityContext: securityContext:
privileged: true privileged: true
@ -3989,7 +4349,7 @@ spec:
- configMapRef: - configMapRef:
name: kubernetes-services-endpoint name: kubernetes-services-endpoint
optional: true optional: true
image: docker.io/calico/cni:v3.20.2 image: docker.io/calico/cni:v3.21.1
name: install-cni name: install-cni
securityContext: securityContext:
privileged: true privileged: true
@ -3998,7 +4358,7 @@ spec:
name: cni-bin-dir name: cni-bin-dir
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- image: docker.io/calico/pod2daemon-flexvol:v3.20.2 - image: docker.io/calico/pod2daemon-flexvol:v3.21.1
name: flexvol-driver name: flexvol-driver
securityContext: securityContext:
privileged: true privileged: true
@ -4106,7 +4466,7 @@ spec:
value: node value: node
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: kubernetes value: kubernetes
image: docker.io/calico/kube-controllers:v3.20.2 image: docker.io/calico/kube-controllers:v3.21.1
livenessProbe: livenessProbe:
exec: exec:
command: command: