* Update version v1.6.0 -> v2.1.0
* expose container runtime socket to kube-router
* kube-router loadbalancer controller
* Add access / information that is needed by the load balancer
controller in kube-router.
* add access to endpoint slices for services controller
* enable hairpin mode on kube-router
* There are integration tests in kops that expect that hairpin
functionality is always enabled, as such we now enable hairpin-mode
in kube-router by default.
* enable hostPID access
* kube-router now requires access to the host's process namespace. See
https://github.com/cloudnativelabs/kube-router/pull/1584 for more
information.
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.
With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
* Limit each CNI provider to 100m
* Remove CPU limits - they cause serious problems
(https://github.com/kubernetes/kubernetes/issues/51135), but this also
makes the CPU allocation less problematic.
* Bump versions and start introducing the `-kops.1` suffix preemptively.
* Upgrade flannel to 0.9.0 as it fixes a lot.
Kube-router was using --cluster-cidr flag to get the subnet allocated
for pod CIDR's. But now kube-router has the ability internally to infer
the CIDR allocated for the pod's by getting the information from
kubernetes API server node spec's
fixes#2606
Most part of the changes are similar to current supported CNI networking
provider. Kube-router also support IPVS bassed service proxy which can
be used as replacement for kube-proxy. So the manifest for kube-router
included with this patch enables kube-router to provide pod-to-pod
networking, IPVS based service proxy and ingress pod firewall.