I was mistaken how the key in the namespace is used, looks like you can only have the one key per addon as the anonnotations on the namespace are addon_name -> version, so if you already have a old rbac.addons.k8s.io referenced it won't work. I didn't notice before as the cluster was new.
- Add Calico configuration field to specify MajorVersion
- Add Calico V3 manifest
- Default new installations to Calico V3
- Set etcd to V3 when calico is specified for networking
- Validate that etcd is V3 when Calico MajorVersion is v3
- Using Calico v3.2.1
This release adds support for Kubernetes `hostPort` mapping and the
`ipBlock` NetworkPolicy feature, plus many other improvements.
Release notes https://github.com/weaveworks/weave/releases/tag/v2.5.0
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
Adding the manifests for kubernetes >=1.9 to move to canal version 3.2.3. Admittedly I don't like the fact the users are unable to override or select the version of canal they wish to use, but as none of the networking spec have this feature i'm reluctant to add it. The PR upgrades kops cluster running kubernetes >=1.9.0 to canal v3.2.3
The current implementation applys the rbac addons regardless. When node authorization is enable this manifests is skipped. In regard to rollouts from RBAC -> Node, the process will be disable manifest, though the clusterrolebindings will still exist. Once all the nodes have been upgraded to use Node authorization the administrator can delete the binding maunally.
So the current canal manifest contains a 'description' field which as far as I can tell from the API documentation never existed (in apimachinery). Previous versions probably ignored the field but while testing v1.12.1 I noticed canal no longer deployed correctly due to the validation error. I've bumped the versions and removed the field from the manifest; this shouldn't have any impact on those already deployed, but as an alternative we could copy and paste 1.8 manifest, add an exclusion in the [bootstrapchannelbuilder.go](https://github.com/kubernetes/kops/blob/master/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go#L685-L699) to use >1.8.0 <=1.12.0 etc and use new manifest for >=1.12.0 (if you get what i know :-))
Post removing the `description` field the networking works again ..
JuanJo Ciarlante