diff --git a/README.md b/README.md index 8e9abd795..aee4bc66b 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ Note: Upstart/SysV init based OS types are not supported. - [cri-o](http://cri-o.io/) v1.17 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS) - Network Plugin - [cni-plugins](https://github.com/containernetworking/plugins) v0.8.5 - - [calico](https://github.com/projectcalico/calico) v3.13.2 + - [calico](https://github.com/projectcalico/calico) v3.13.3 - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) - [cilium](https://github.com/cilium/cilium) v1.7.3 - [contiv](https://github.com/contiv/install) v1.2.1 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 146efd9d3..2d583bce5 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -68,11 +68,11 @@ alauda_image_repo: "index.alauda.cn" # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults # after migration to container download -calico_version: "v3.13.2" -calico_ctl_version: "v3.13.2" -calico_cni_version: "v3.13.2" -calico_policy_version: "v3.13.2" -calico_typha_version: "v3.13.2" +calico_version: "v3.13.3" +calico_ctl_version: "v3.13.3" +calico_cni_version: "v3.13.3" +calico_policy_version: "v3.13.3" +calico_typha_version: "v3.13.3" typha_enabled: false flannel_version: "v0.12.0" @@ -420,26 +420,17 @@ cni_binary_checksums: amd64: bd682ffcf701e8f83283cdff7281aad0c83b02a56084d6e601216210732833f9 calicoctl_binary_checksums: arm: + v3.13.3: 0 v3.13.2: 0 v3.11.1: 0 - v3.7.3: 0 - v3.6.1: 0 - v3.5.4: 0 - v3.4.4: 0 amd64: + v3.13.3: 570539d436df51bb349bb1a8c6b200a3a6f20803a9d391aa2c5cf19a70a083d4 v3.13.2: 5b0361e8935e450b1b39147d5690f75474a0ab7eb5936d65fa21a5eb8bcf66d7 v3.11.1: 045fdbfdb30789194c499ba17c8eac6d1704fe20d05e3c10027eb570767386db - v3.7.3: 932f68e893e80e95e10f064f1e7745e438d456f41a6ff12d11bb16ca0cab735c - v3.6.1: 3b01336de37550e020343d62a38c96c4605d33a3ed7ddba2fe38bc172a5b42b5 - v3.5.4: 197194b838cc2a9a7455c2ebd5505a5e24f8f3d994eb75c17f5dd568944100b8 - v3.4.4: 93bd084e053cf1bf3b7fef369677bd6767c30fe7135e2c7e044e31693422ef61 arm64: + v3.13.3: 0c47acd6d200ba1f8348b389cd7a54771542158fef657afc633a30ddad97e272 v3.13.2: 7936ad0a5a40a1d50e3b9a555c101d1372bc424a98e4480e6471afd3abf92451 v3.11.1: 770e0fce9acf1927726d64a885f8350d44a3fcbf248017d0aceec58bd41fa1b8 - v3.7.3: 7cfaab25c287f7ef93b2682d060b55bf39f76b668540de50376b5ed174209832 - v3.6.1: 60fbaeb257061647bdf12b5ede7a0d4298a5ee216f6472e5a92bb14ef5c2a5d3 - v3.5.4: a4481178665658658a73e4ceca9a1dff5cccded4179615c91d1c3e49fd96f237 - v3.4.4: ff35d9e8b5c00e9fe47d05e8f5123ec98fd641370f8cd93f4fbb3d913da77ab6 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}" cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}" diff --git a/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2 b/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2 index 1a797eaa1..477a01dea 100644 --- a/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2 +++ b/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2 @@ -5,79 +5,34 @@ metadata: name: calico namespace: kube-system rules: - - apiGroups: [""] - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: [""] - resources: - - pods/status - verbs: - - update - apiGroups: [""] resources: - pods + - nodes + - namespaces + - configmaps verbs: - get - - list - - watch - apiGroups: [""] resources: - - nodes + - endpoints + - services verbs: - - get - - list - - update - watch - - apiGroups: ["extensions"] - resources: - - thirdpartyresources - verbs: - - create - - get - list - - watch - - apiGroups: ["extensions"] + - apiGroups: [""] resources: - - networkpolicies + - nodes/status verbs: - - get - - list - - watch - - apiGroups: ["projectcalico.org"] - resources: - - globalbgppeers - verbs: - - get - - list - - apiGroups: ["projectcalico.org"] - resources: - - globalconfigs - - globalbgpconfigs - verbs: - - create - - get - - list - - update - - watch - - apiGroups: ["projectcalico.org"] - resources: - - ippools - verbs: - - create - - get - - list - - update - - watch - - apiGroups: ["alpha.projectcalico.org"] - resources: - - systemnetworkpolicies - verbs: - - get - - list + - patch + - apiGroups: + - policy + resourceNames: + - privileged + resources: + - podsecuritypolicies + verbs: + - use - apiGroups: - policy resourceNames: