Commit graph

123 commits

Author SHA1 Message Date
Etienne Champetier
7d7739e031
Calico: fix node ip subnet detection ()
We are currently setting the IP variable to hostIP,
Before https://github.com/projectcalico/node/pull/593 (not yet released)
Calico interpret that as hostIP/32
Using 'can-reach' we get the future behavior
This fixes vxlan and IPIP CrossSubnet modes

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-21 00:58:25 -08:00
Catblade
10a6bd67de
Calico: update files to handle multi-asn bgp peering conditions. ()
* update files to handle multi-asn bgp peering conditions.

* put back in the serviceClusterIPs.  Bad merge.

* remove extraneous environment var.

* update files as discussed with mirwan

* update titles.

* add not in.

* add a conditional for using bgp to advertise cluster ips.

Co-authored-by: marlow-h <mweston@habana.ai>
2020-12-17 22:54:25 -08:00
Mikael Johansson
93a1693040
Update BGPPeer CRD to match v3.16 of Calico () 2020-11-05 11:14:51 -08:00
Hans Feldt
04b19359cb
allow non existing etcd group ()
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
emiran-orange
081a9e7bd8
/opt/cni/bin/install not before calico 3.16 () 2020-09-25 06:15:11 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup ()
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … ()
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.

* Check if calico_network_backend is defined prior to checking value

* Removed calico hidden defaults for vxlan port and vni

* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Barry Melbourne
b6b26c710f
Add support for Calico CNI host-local IPAM plugin () 2020-09-17 02:44:46 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 () 2020-09-10 03:45:46 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr ()
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress ()
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Konstantin Lebedev
4b80a7f6fe
Felix configuration via extraenvs of calico node () 2020-07-22 00:08:04 -07:00
Minjong Kim
b19f2e2d3d
Update the calico_veth_mtu setting to affect IP-in-IP users ()
* Update calico_veth_mtu to FELIX_IPINIP variable

calico_veth_mtu is specified in the configuration, but since it only works for wireguard, modify it to work for IP-in-IP users.

* Update template with more cleaner expression
2020-07-21 23:58:18 -07:00
chenguoquan1024
e1873ab872
add calico-node selinux () 2020-07-15 00:22:38 -07:00
nurekage
017df7113d
Patch Calico for V3.14.0 missing CR and CRD () 2020-07-01 08:44:16 -07:00
Florian Ruynat
16ec5939c2
Update deprecated api () 2020-06-30 09:00:07 -07:00
Florian Ruynat
8213b1802b
Update calico to 1.15.0 + minor update to kube-ovn/weave () 2020-06-29 14:39:58 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file () 2020-06-29 12:39:59 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests ()
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.

According to the documentation:

```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```

Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. () 2020-06-01 12:44:14 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers () 2020-04-27 00:03:30 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os () 2020-04-17 05:51:06 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. () 2020-04-09 07:27:43 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service () 2020-03-30 01:19:53 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode ()
* Support configuring the insert mode

Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration

so nothing should change for existing deployments.

This allows coexistence with other firewall management technologies.

* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory ()
* calico VXLAN mode

* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable ()
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Matthew Mosesohn
b35b816287 Raise typha max connections to 300 ()
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.

Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Etienne Champetier
2c2ffa846c Calico: update to 3.11.1, allow to configure calico_iptables_backend ()
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
Matthew Mosesohn
7da2083986 Add toleration for calico-typha on master ()
Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
2019-12-05 06:24:32 -08:00
Jacopo Secchiero
97764921ed Fix calico name resolution () 2019-11-11 04:01:41 -08:00
Matthew Mosesohn
a1fff30bd9 Generate TLS certs for calico typha ()
* Generate TLS certs for calico typha

Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707

* Add group vars note

Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Hugo Blom
9dfb25cafd fix typo () 2019-10-16 18:26:38 -07:00
Matthew Mosesohn
af6456d1ea Fix selector for calico-typha deployment ()
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
2019-10-16 07:53:42 -07:00
陈谭军
99dbc6d780 clean-up doc,spelling mistakes () 2019-09-26 04:25:08 -07:00
Matthew Mosesohn
27ec548b88 Add support for k8s v1.16.0-beta.2 ()
Cleaned up deprecated APIs:
apps/v1beta1
apps/v1beta2
extensions/v1beta1 for ds,deploy,rs

Add workaround for deploying helm using incompatible
deployment manifest.
Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
2019-09-10 12:06:54 -07:00
Aleksey Kasatkin
fb9103acd3 Update calico-typha deployment to address v3.7.x changes ()
* Update calico-typha deployment to address v3.7.x changes

So that calico-typha works for Calico v3.7.x.

* Apply changes for v3.7.x only.
2019-07-24 09:12:16 -07:00
Matthew Mosesohn
23ae6027ab remove support for calico v2.x ()
* Remove support for calico below version v3.0.0

Change-Id: If8fe3036b9e054901a8b2c48516eff1e1271970f

* Update main.yml

* fixup node peering

Change-Id: Ifac4d363deba826f0c80e390ce80a28df9827323

* fixups

Change-Id: Ic35417330af6741962003b3930604393c90804d1

* fixups

Change-Id: I0ea82d634bb0c81d9b7dc50569c70988bc8d3a3b
2019-07-15 07:47:09 -07:00
Matthew Mosesohn
fd9bbcb157 Enable nodes to run calicoctl for calico kdd mode ()
* Enable nodes to run calicoctl

per-node tasks require waiting for calico-node to be applied

Change-Id: Ibe1076b7334a2da0332f2dd766fde0c3f172d1f2

* cleanup tasks that should run on master

Change-Id: I43a837879ef41596f14657ecd7f813899b6865ae

* Switch run_once calico logic to just run on first master

Change-Id: I6893711e354f63c5e1eaf6ac2e23d9a6347a555d
2019-07-15 01:59:06 -07:00
jlacoline
20c7e31ea3 Add calico 3.7.3 support ()
* Add calico 3.7.3 support

* add calico_datastore variable to policy controller role

* add missing clusterrole rules for calico policy controller

* disable calico kube controller when kdd mode is used for versions < 3.6
2019-07-09 12:42:28 -07:00
Julian Tabel
dc16ab92f4 fix for calico with kdd datastore ()
* fix for calico with kdd datastore

* remove AS number from daemonset

* revert changes to canal

* additionnal fixes for kdd datastore in calico
2019-07-08 12:20:03 +03:00
Tony Fouchard
f67a24499b Allow to specify feature_control in calico cni config ()
* Allow to specify feature_control in calico cni config

* list length checking

* double check

* remove 2 conditions
2019-06-16 23:14:07 -07:00
Andreas Krüger
818aa7aeb1 Set dnsPolicy to ClusterFirstWithHostNet when hostNetwork is true () 2019-06-05 03:17:55 -07:00
grialeyur
82119ca923 Add support calico kubernetes datastore and typha. ()
* Add support calico kubernetes datastore and typha.

* Add typha_enabled to kubespray-defaults.
2019-04-25 05:00:48 -07:00
Andreas Krüger
d588532c9b Update probe timeouts, delays etc. ()
* Fix merge conflict

* Add check delay

* Add more liveness and readiness options to metrics-server
2019-04-23 14:46:02 -07:00
Matthew Mosesohn
05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
2019-04-19 06:01:54 -07:00
Matthew Mosesohn
c5fb734098 Switch calicoctl from a container to a binary () 2019-04-15 04:24:04 -07:00
Matthew Mosesohn
d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ()" ()
This reverts commit 316508626d.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Matthew Mosesohn
4fe2aa6bf7 Use install_cni init container for cni copy for calico/canal () 2019-04-02 03:32:36 -07:00