The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
Weave limits the number of connections between peers and the default is 30.
As described here: ce9c5162bd/site/kubernetes/kube-addon.md
Setting the CONN_LIMIT environment variable controls this setting. Adding a field in the
WeaveNetworkingSpec and adding the env var to the associated templates lets users
have clusters larger than 30 nodes and still use weave's peer discovery
The weave authors have indicated that 100 is not an unreasonable setting.
https://github.com/weaveworks/weave/issues/1621#issuecomment-152713060
Automatic merge from submit-queue.
Support for hostPort when using canal
Similar to: https://github.com/kubernetes/kops/pull/3206
Without this, we are unable to get `hostPort` working with `canal`. The same is true for `flannel`, but this does add support for plain flannel.
Automatic merge from submit-queue.
Update Weave Net to version 2.1.3
This version supports 'v1' NetworkPolicy semantics.
Also includes a feature to clear down data for deleted nodes, which is probably the most-requested fix.
Renamed the k8s-1.8 manifest to a k8s-1.7. This is required because of config
change that occurs between k8s 1.6 and k8s 1.7. This refactor will also
be re-used when Calico Kubernetes data source support is added to kops.
Updated bootstrapchannelbuilder with the new Calico version numbers.
* Limit each CNI provider to 100m
* Remove CPU limits - they cause serious problems
(https://github.com/kubernetes/kubernetes/issues/51135), but this also
makes the CPU allocation less problematic.
* Bump versions and start introducing the `-kops.1` suffix preemptively.
* Upgrade flannel to 0.9.0 as it fixes a lot.
Automatic merge from submit-queue.
kube-router: remove beta annotation versions (deprectated in 1.8) of init container
kube-router: remove beta annotation versions (deprectated in 1.8) of init container and move init container to spec section
This lets us configure cross-project permissions while ourselves needing
minimal permissions, but also gives us a nice hook for future lockdown
of object-level permissions.
k8s-ci-robot