Commit graph

479 commits

Author SHA1 Message Date
Alexander Evseev
5a311236c4
Enable portmap CNI plugin with kube-router (#6204)
... to have working `hostPort` for containers.

See: https://www.kube-router.io/docs/user-guide/#hostport-support
2020-06-10 10:08:52 -07:00
Yousong Zhou
a7b8708dfc
calico: use absolute path to docker, crictl binary (#6253)
To avoid the following error (ignored when pipefail is off)

  RUNNING HANDLER [network_plugin/calico : containerd | delete calico-node containers] *******************************************************************************
  changed: [node1] => {"attempts": 1, "changed": true, "cmd": "crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c \"crictl stopp % && crictl rmp %\"", "delta": "0:00:00.004240", "end": "2020-06-10 03:32:41.316955", "rc": 0, "start": "2020-06-10 03:32:41.312715", "stderr": "/bin/sh: crictl: command not found", "stderr_lines": ["/bin/sh: crictl: command not found"], "stdout": "", "stdout_lines": []}
2020-06-10 03:22:08 -07:00
Florian Ruynat
ecc3a0aec5
Update kube-ovn to 1.2.0 - also update minor version for multus and weave (#6223) 2020-06-09 12:09:01 -07:00
Florian Ruynat
101686c665
Remove outdated CriticalAddonsOnly toleration and critical-pod annotation (#6202) 2020-06-09 05:23:30 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests (#6208)
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.

According to the documentation:

```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```

Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. (#6217) 2020-06-01 12:44:14 -07:00
Flavien
ab44beba17
weave: support any taint effect in daemonset tolerations (#6159)
Since weave 2.5.1, `NoExecute` taint effect is no more supported,
this changes the daemonset tolerations to change this behavior.

Also remove the toleration key `CriticalAddonsOnly` not required anymore.
2020-05-28 01:10:02 -07:00
Wang Zhen
d62836f2ab
Replace seccomp profile docker/default with runtime/default (#6170)
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00
Florian Ruynat
b6243bfc1c
Fix ImagePullPolicy missing variable usage (#6091) 2020-05-10 11:37:50 -07:00
Florian Ruynat
965fe1db94
Update cni spec to 0.4.0 for network plugin allowing it (#6053) 2020-05-06 11:13:09 -07:00
Florian Ruynat
f6be326feb
Update kube-ovn to 1.1.1 (#6060) 2020-05-06 11:05:09 -07:00
Florian Ruynat
7d497e46c5
Update calico to 3.13.3 (#6061) 2020-05-04 08:56:26 -07:00
Florian Ruynat
361645e8b6
Fix multus missing cni and erroneous CI tests (#6051) 2020-04-30 23:38:05 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico (#6031) 2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers (#6030) 2020-04-27 00:03:30 -07:00
Qasim Sarfraz
52edd4c9bc
Fix liveness probe for cilium operator (#6016) 2020-04-26 23:59:29 -07:00
Pasquale Toscano
3d5988577a
Support Cilium from version 1.5 (#6006) 2020-04-24 06:00:10 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables (#6003) 2020-04-24 01:54:07 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction (#5989) 2020-04-21 07:20:56 -07:00
Sergey
6e29a47784
generate flannel manifest only on first master (#5983) 2020-04-20 01:33:38 -07:00
Sergey
baff4e61cf
remove image flannel cni (#5980) 2020-04-19 06:13:37 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os (#5964) 2020-04-17 05:51:06 -07:00
Maxime Guyot
0924c2510c
Use role to copy CNI bin (#5953) 2020-04-16 10:06:45 -07:00
Ryler Hockenbury
b061cce913
Allow configureable vni and port for flannel overlay (#5939) 2020-04-15 03:14:02 -07:00
Florian Ruynat
c929b5e82e
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852) 2020-04-15 03:10:03 -07:00
Florian Ruynat
58f48500b1
Update Flannel manifests, install script and version (0.12) + fix tests scripts (#5937)
* Add CI_TEST_VARS to tests

* Update flannel to 0.12.0 (with new manifests) and disable tx/rx
offloading in networking test
2020-04-14 23:48:02 -07:00
Florian Ruynat
b5125e59ab
update rbac.authorization.k8s.io to non deprecated api-groups (#5517) 2020-04-14 13:14:04 -07:00
Chris
883194afec
Fix Cilium permissions (#5923)
* added required permissions for querying endpointslice resources

* copy-pasted role permissions from cilium install manifests

* bumped cilium version to v1.7.2
2020-04-10 23:47:48 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. (#5912) 2020-04-09 07:27:43 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service (#5372) 2020-03-30 01:19:53 -07:00
Petr Enkov
474fbf09c4
fix wrong cilium_operator repo variable (#5819) 2020-03-25 02:17:03 -07:00
Petr Enkov
bc2eeb0560
use variables for cilium-operator instead of hardcoded value (#5802) 2020-03-24 07:40:47 -07:00
Mateus Caruccio
81f07c3783
Disable IPv6 support for canal's calico-node (#5684)
This implements the same behavior as a15a0b5eb9/roles/network_plugin/calico/templates/calico-node.yml.j2

More info: https://github.com/projectcalico/felix/issues/1447
2020-03-24 07:10:49 -07:00
bozzo
3cefd60c37
Add OWNERS file for kube-router (#5782)
I propose also my help as a reviewer
2020-03-17 04:14:22 -07:00
bozzo
974902af31
Update Kube-router version to v0.4.0 (#5756) 2020-03-17 02:40:21 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode (#5473)
* Support configuring the insert mode

Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration

so nothing should change for existing deployments.

This allows coexistence with other firewall management technologies.

* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Christopher Randles
71c856878c
update multus to 3.4 and add crio support (#5701)
Signed-off-by: Chris Randles <randles.chris@gmail.com>
2020-03-13 04:22:39 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory (#5731)
* calico VXLAN mode

* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Fredrik Lönnegren
e257d92f41
Cilium updates (#5438)
* Add resources needed to deploy 1.6.4

* Use cilium v1.6.4

* Change deprecated option name

* Add update crd to clusterrole cilium

* Cilium 1.6.4 -> 1.6.5

* Make monitor-aggregation config configurable as a variable

* Change monitor-aggregation default none->medium

* Cilium 1.6.5 -> 1.6.6

* Update to 1.7.0

* v1.7.0->v1.7.1
2020-03-11 08:15:36 -07:00
Arthur Outhenin-Chalandre
588896712e
Fix kube-router config generation (#5531)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-03-04 02:11:47 -08:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable (#5658)
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Sylvain Chateau
0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role (#5607) 2020-02-18 00:15:29 -08:00
lcooper40
579976260f
Added in code to allow control over pull policy for local path provis… (#5334)
* Added in code to allow control over pull policy for local path provisioner

* change to imagePullPolicy to use globally used variable k8s_image_pull_policy

* removed unusued variable from defaults

* updated contiv-etcd and cinder-csi-controllerplugin to use k8s_image_pull_policy variable
2020-02-17 02:13:30 -08:00
Matthew Mosesohn
b35b816287 Raise typha max connections to 300 (#5527)
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.

Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Etienne Champetier
2c2ffa846c Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514)
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
bozzo
c0b262a22a Add kube-router configuration to enable metrics exposure (#5416) 2019-12-16 04:35:36 -08:00
Maxime Guyot
b15d41a96a Add support to Ansible 2.9 (#5361) 2019-12-05 07:24:32 -08:00
Matthew Mosesohn
7da2083986 Add toleration for calico-typha on master (#5405)
Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
2019-12-05 06:24:32 -08:00
Aaron Crickenberger
f1498d4b53 fix OWNERS file (#5359)
Initially this was to fix a mis-indented approvers key. However, it turns
out that 'oilbeater' is not a member of kubernetes-sigs nor
kubernetes-incubator (the org this repo was migrated from). Thus this
OWNERS file is failing prow's validation check.

As a workaround I've opted to move them to emeritus_approver, which
isn't valiated and can be used as a hint for other approvers in this
repo
2019-11-25 17:59:11 -08:00
Jacopo Secchiero
97764921ed Fix calico name resolution (#5291) 2019-11-11 04:01:41 -08:00