In PR [#2635](https://github.com/kubernetes/kops/pull/2635) the version
of calico was updated as part of canal. What this PR missed was bumping
the version of the addon. This meant that if you upgraded a kops
cluster from v1.6.0 to v1.6.1 the new version of calico was not picked
up because `channels apply` does not think the daemonset needs to be
updated.
Currently, we are using .NonMasqueradeCIDR in the wrong fashion. We
should be using .KubeControllerManager.ClusterCIDR to prevent IP
collision with Service IPs.
We modelled our VFS clientset (for API objects backed by a VFS path)
after the "real" clientsets, so now it is relatively easy to add a
second implementation that will be backed by a real clientset.
The snafu here is that we weren't really using namespaces previously.
Namespaces do seem to be the primary RBAC scoping mechanism though, so
we start using them with the real clientset.
The namespace is currently inferred from the cluster name. We map dots
to dashes, because of namespace limitations, which could yield
collisions, but we'll deal with this by simply preventing users from
creating conflicting cluster names - i.e. you simply won't be able to
create a.b.example.com and a-b.example.com
I hit an odd IAM failure yesterday, and this information would have been
helpful. It only proved a negative - it turned out to be an AWS problem
that was solved by deleting and recreating the IAM roles - but still
makes diagnosis much easier.
When looking for a zone, match by name, but also only match private
zones if running with --dns private, or public zones with --dns public.
We log if we find a zone that matches by name but not by type.
Requires https://github.com/kubernetes/kubernetes/pull/40197
Issue #1522
Issue #1468
fixes#2606
Most part of the changes are similar to current supported CNI networking
provider. Kube-router also support IPVS bassed service proxy which can
be used as replacement for kube-proxy. So the manifest for kube-router
included with this patch enables kube-router to provide pod-to-pod
networking, IPVS based service proxy and ingress pod firewall.
This gives the ability to a user to enable cross-subnet mode in Calico.
Also introduces a new addon that, full disclosure, I wrote.
[ottoyiu/k8s-ec2-srcdst](https://github.com/ottoyiu/k8s-ec2-srcdst)
When system is low on resources, it is possible that calico-node will be
evicted by kubernetes. That's what happened today in our cluster
bringing down all containers.
amdonov
Justin Santa Barbara
Chris Love
Austin Moore
Travis Thompson
Otto Yiu
Jordan Jennings
andrewsykim
Murali Reddy
Seth Pollack
heschlie
Andrey Chernih
Dan Osborne
Alexander Brandstedt