Upgrade Weave to 2.2.1

- Fix #2414, so namespace isolation should now works
- Update weave-net.yml.j2 as per latest https://cloud.weave.works/k8s/net
- Other minor fixup
This commit is contained in:
Wong Hoi Sing Edison 2018-03-24 10:52:21 +08:00
parent f07734596e
commit 3f5c60886b
8 changed files with 50 additions and 31 deletions

View file

@ -83,7 +83,7 @@ Versions of supported components
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- [cilium](https://github.com/cilium/cilium) v1.0.0-rc8
- [contiv](https://github.com/contiv/install/releases) v1.1.7
- [weave](http://weave.works/) v2.2.0
- [weave](http://weave.works/) v2.2.1
- [docker](https://www.docker.com/) v17.03 (see note)
- [rkt](https://coreos.com/rkt/docs/latest/) v1.21.0 (see Note 2)

View file

@ -38,7 +38,7 @@ flannel_version: "v0.10.0"
flannel_cni_version: "v0.3.0"
istio_version: "0.2.6"
vault_version: 0.8.1
weave_version: 2.2.0
weave_version: 2.2.1
pod_infra_version: 3.0
contiv_version: 1.1.7
cilium_version: "v1.0.0-rc8"

View file

@ -1,7 +1,7 @@
---
# Limits
weave_memory_limit: 400M
weave_cpu_limit: 30m
weave_memory_limits: 400M
weave_cpu_limits: 30m
weave_memory_requests: 64M
weave_cpu_requests: 10m

View file

@ -9,12 +9,13 @@ items:
labels:
name: weave-net
namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
@ -27,35 +28,42 @@ items:
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: {{ system_namespace }}
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
namespace: {{ system_namespace }}
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
resources:
- configmaps
verbs:
- get
- update
@ -65,29 +73,31 @@ items:
- configmaps
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: weave-net
labels:
name: weave-net
namespace: {{ system_namespace }}
roleRef:
kind: ClusterRole
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
namespace: {{ system_namespace }}
- apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
version: {{ weave_version }}
version: v{{ weave_version }}
namespace: {{ system_namespace }}
spec:
minReadySeconds: 5
template:
metadata:
labels:
@ -122,7 +132,7 @@ items:
- name: WEAVE_PASSWORD
value: {{ weave_password }}
image: {{ weave_kube_image_repo }}:{{ weave_kube_image_tag }}
imagePullPolicy: Always
imagePullPolicy: {{ k8s_image_pull_policy }}
livenessProbe:
httpGet:
host: 127.0.0.1
@ -149,19 +159,28 @@ items:
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
args: []
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{ weave_npc_image_repo }}:{{ weave_npc_image_tag }}
imagePullPolicy: Always
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
requests:
cpu: {{ weave_cpu_requests }}
memory: {{ weave_memory_requests }}
limits:
cpu: {{ weave_cpu_limit }}
memory: {{ weave_memory_limit }}
cpu: {{ weave_cpu_limits }}
memory: {{ weave_memory_limits }}
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
hostNetwork: true
hostPID: true
restartPolicy: Always

View file

@ -7,7 +7,7 @@ startup_script: ""
# Deployment settings
kube_network_plugin: weave
weave_cpu_limit: "100m"
weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
kubeadm_enabled: true
deploy_netchecker: true

View file

@ -7,7 +7,7 @@ startup_script: 'systemctl disable locksmithd && systemctl stop locksmithd'
# Deployment settings
kube_network_plugin: weave
weave_cpu_limit: "100m"
weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
bootstrap_os: coreos
resolvconf_mode: host_resolvconf # this is required as long as the coreos stable channel uses docker < 1.12

View file

@ -5,7 +5,7 @@ mode: default
# Deployment settings
kube_network_plugin: weave
weave_cpu_limit: "100m"
weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
deploy_netchecker: true
kubedns_min_replicas: 1

View file

@ -6,7 +6,7 @@ mode: separate
# Deployment settings
bootstrap_os: ubuntu
kube_network_plugin: weave
weave_cpu_limit: "100m"
weave_cpu_limits: "100m"
weave_cpu_requests: "100m"
deploy_netchecker: true
kubedns_min_replicas: 1