Calico: add dependencies for 3.21.x (#8250)
This commit is contained in:
Cristian Calin
GitHub
parent
dc767c14b9
commit
31c7b6747b
|
|
@ -52,6 +52,7 @@ rules:
|
||||||
- apiGroups: ["crd.projectcalico.org"]
|
- apiGroups: ["crd.projectcalico.org"]
|
||||||
resources:
|
resources:
|
||||||
- ippools
|
- ippools
|
||||||
|
- ipreservations
|
||||||
verbs:
|
verbs:
|
||||||
- list
|
- list
|
||||||
- apiGroups: ["crd.projectcalico.org"]
|
- apiGroups: ["crd.projectcalico.org"]
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,7 @@ rules:
|
||||||
- globalbgpconfigs
|
- globalbgpconfigs
|
||||||
- bgpconfigurations
|
- bgpconfigurations
|
||||||
- ippools
|
- ippools
|
||||||
|
- ipreservations
|
||||||
- ipamblocks
|
- ipamblocks
|
||||||
- globalnetworkpolicies
|
- globalnetworkpolicies
|
||||||
- globalnetworksets
|
- globalnetworksets
|
||||||
|
|
@ -91,6 +92,7 @@ rules:
|
||||||
- clusterinformations
|
- clusterinformations
|
||||||
- hostendpoints
|
- hostendpoints
|
||||||
- blockaffinities
|
- blockaffinities
|
||||||
|
- caliconodestatuses
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
|
|
@ -104,6 +106,12 @@ rules:
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
|
# Calico must update some CRDs.
|
||||||
|
- apiGroups: [ "crd.projectcalico.org" ]
|
||||||
|
resources:
|
||||||
|
- caliconodestatuses
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
# Calico stores some configuration information on the node.
|
# Calico stores some configuration information on the node.
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources:
|
resources:
|
||||||
|
|
|
||||||
|
|
@ -72,6 +72,11 @@ spec:
|
||||||
- name: install-cni
|
- name: install-cni
|
||||||
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
|
||||||
command: ["/opt/cni/bin/install"]
|
command: ["/opt/cni/bin/install"]
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
|
||||||
|
name: kubernetes-services-endpoint
|
||||||
|
optional: true
|
||||||
env:
|
env:
|
||||||
# Name of the CNI config file to create.
|
# Name of the CNI config file to create.
|
||||||
- name: CNI_CONF_NAME
|
- name: CNI_CONF_NAME
|
||||||
|
|
@ -214,11 +219,6 @@ spec:
|
||||||
# # Configure the IP Pool from which Pod IPs will be chosen.
|
# # Configure the IP Pool from which Pod IPs will be chosen.
|
||||||
# - name: CALICO_IPV4POOL_CIDR
|
# - name: CALICO_IPV4POOL_CIDR
|
||||||
# value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
|
# value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
|
||||||
{% if calico_veth_mtu is defined %}
|
|
||||||
# Set MTU for the Wireguard tunnel device.
|
|
||||||
- name: FELIX_WIREGUARDMTU
|
|
||||||
value: "{{ calico_veth_mtu }}"
|
|
||||||
{% endif %}
|
|
||||||
- name: CALICO_IPV4POOL_IPIP
|
- name: CALICO_IPV4POOL_IPIP
|
||||||
value: "{{ calico_ipv4pool_ipip }}"
|
value: "{{ calico_ipv4pool_ipip }}"
|
||||||
- name: FELIX_IPV6SUPPORT
|
- name: FELIX_IPV6SUPPORT
|
||||||
|
|
@ -234,8 +234,15 @@ spec:
|
||||||
value: "{{ calico_usage_reporting }}"
|
value: "{{ calico_usage_reporting }}"
|
||||||
# Set MTU for tunnel device used if ipip is enabled
|
# Set MTU for tunnel device used if ipip is enabled
|
||||||
{% if calico_mtu is defined %}
|
{% if calico_mtu is defined %}
|
||||||
|
# Set MTU for tunnel device used if ipip is enabled
|
||||||
- name: FELIX_IPINIPMTU
|
- name: FELIX_IPINIPMTU
|
||||||
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
|
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
|
||||||
|
# Set MTU for the VXLAN tunnel device.
|
||||||
|
- name: FELIX_VXLANMTU
|
||||||
|
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
|
||||||
|
# Set MTU for the Wireguard tunnel device.
|
||||||
|
- name: FELIX_WIREGUARDMTU
|
||||||
|
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- name: FELIX_CHAININSERTMODE
|
- name: FELIX_CHAININSERTMODE
|
||||||
value: "{{ calico_felix_chaininsertmode }}"
|
value: "{{ calico_felix_chaininsertmode }}"
|
||||||
|
|
@ -270,6 +277,12 @@ spec:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: status.hostIP
|
fieldPath: status.hostIP
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
# Disable file logging so `kubectl logs` works.
|
||||||
|
- name: CALICO_DISABLE_FILE_LOGGING
|
||||||
|
value: "true"
|
||||||
|
# Set Felix endpoint to host default action to ACCEPT.
|
||||||
|
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
|
||||||
|
value: "ACCEPT"
|
||||||
- name: NODENAME
|
- name: NODENAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
|
@ -295,6 +308,14 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ calico_node_cpu_requests }}
|
cpu: {{ calico_node_cpu_requests }}
|
||||||
memory: {{ calico_node_memory_requests }}
|
memory: {{ calico_node_memory_requests }}
|
||||||
|
{% if calico_version is version('v3.21.0', '>=') %}
|
||||||
|
lifecycle:
|
||||||
|
preStop:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- /bin/calico-node
|
||||||
|
- -shutdown
|
||||||
|
{% endif %}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
|
@ -336,8 +357,10 @@ spec:
|
||||||
- name: xtables-lock
|
- name: xtables-lock
|
||||||
mountPath: /run/xtables.lock
|
mountPath: /run/xtables.lock
|
||||||
readOnly: false
|
readOnly: false
|
||||||
|
# For maintaining CNI plugin API credentials.
|
||||||
- mountPath: /host/etc/cni/net.d
|
- mountPath: /host/etc/cni/net.d
|
||||||
name: cni-net-dir
|
name: cni-net-dir
|
||||||
|
readOnly: false
|
||||||
{% if typha_secure %}
|
{% if typha_secure %}
|
||||||
- name: typha-client
|
- name: typha-client
|
||||||
mountPath: /etc/typha-client
|
mountPath: /etc/typha-client
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue