- switching to using code rather than a template for the systemd unit creation as requested in review
- as part of the review, changing the name of the ca from tls-ca to tls-client-ca
- changing the api from DisableAddressCheck to EnableAddressCheck and defaulting to true if no set
- fixing up the test for node-authorizer and shifting the parsing of the certificates as suggested in reviews to a method
- including the config only when there is something to include i.e. no nulls please
- fixing up the pod security policies for system:nodes groups, needs a mapping to permit manifests
Testing Done:
1. Created a cluster without explicitly setting MTU. Verified that the calico nodes came up. The config map didn't have any mtu setting. The FELIX_IPINIPMTU env variable was not set.
2. Created a cluster by explicitly setting the MTU in the kops config. Verified that calico nodes came up. Config map had correct value for "mtu". The FELIX_IPINIPMTU env variable was set to correct value.
This commit does the following two changes:
1. Changes the default calico mtu to 8198.
2. Enables setting the mtu explicitly in the config as:
```
networking:
calico:
mtu: 2048
```
Testing done:
1. Created cluster on AWS with networking set to calico. No additional details were provided. Verified that the mtu was set to 8198. Also verified that the FELIX_IPINIPMTU environment variable was set to 8198.
2. Created a cluster explicitly setting the calico mtu to 2048. Verified that the mtu for the 'cali*' interfaces inside the pods was set to 2048. Also, verified that the FELIX_IPINIPMTU environment variable was set to 2048.
3. make test passed.
Closes#4042
Cilium was using the same code as Calico to retrieve etcd certs, new
builder is not Calico-specific.
calico name of certs is retained to ensure backward compatibility
Signed-off-by: Maciej Kwiek <maciej@covalent.io>
The launch configuration test exposed that our integration tests don't
retry for very long, and wait a long time in between retries.
Create a RunTasksOptions type to hold the parameters, in particular
max task time, and the amount of time we wait when all tasks have
failed.
We delete old AWS LaunchConfigurations when we see that we have more
than 3. We add a feature flag KeepLaunchConfigurations to disable this
functionality, for backwards compatability.
Fixes#329
Otherwise we were seeing instance templates changing every time.
PREMIUM is the default, so we set it to PREMIUM for compatability. In
future we may want to expose this option.
k8s-ci-robot
Christian Kampka
Ali Rizwan
Rodrigo Menezes
LilyFaFa
Rohith
Shri Javadekar
Sandeep Rajan
Maciej Kwiek
Justin Santa Barbara
Mike Splain
Justin Santa Barbara