Alexander Evseev
5a311236c4
Enable portmap CNI plugin with kube-router ( #6204 )
...
... to have working `hostPort` for containers.
See: https://www.kube-router.io/docs/user-guide/#hostport-support
2020-06-10 10:08:52 -07:00
Yousong Zhou
a7b8708dfc
calico: use absolute path to docker, crictl binary ( #6253 )
...
To avoid the following error (ignored when pipefail is off)
RUNNING HANDLER [network_plugin/calico : containerd | delete calico-node containers] *******************************************************************************
changed: [node1] => {"attempts": 1, "changed": true, "cmd": "crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c \"crictl stopp % && crictl rmp %\"", "delta": "0:00:00.004240", "end": "2020-06-10 03:32:41.316955", "rc": 0, "start": "2020-06-10 03:32:41.312715", "stderr": "/bin/sh: crictl: command not found", "stderr_lines": ["/bin/sh: crictl: command not found"], "stdout": "", "stdout_lines": []}
2020-06-10 03:22:08 -07:00
Florian Ruynat
ecc3a0aec5
Update kube-ovn to 1.2.0 - also update minor version for multus and weave ( #6223 )
2020-06-09 12:09:01 -07:00
Florian Ruynat
101686c665
Remove outdated CriticalAddonsOnly toleration and critical-pod annotation ( #6202 )
2020-06-09 05:23:30 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests ( #6208 )
...
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.
According to the documentation:
```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```
Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. ( #6217 )
2020-06-01 12:44:14 -07:00
Flavien
ab44beba17
weave: support any taint effect in daemonset tolerations ( #6159 )
...
Since weave 2.5.1, `NoExecute` taint effect is no more supported,
this changes the daemonset tolerations to change this behavior.
Also remove the toleration key `CriticalAddonsOnly` not required anymore.
2020-05-28 01:10:02 -07:00
Wang Zhen
d62836f2ab
Replace seccomp profile docker/default with runtime/default ( #6170 )
...
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00
Florian Ruynat
b6243bfc1c
Fix ImagePullPolicy missing variable usage ( #6091 )
2020-05-10 11:37:50 -07:00
Florian Ruynat
965fe1db94
Update cni spec to 0.4.0 for network plugin allowing it ( #6053 )
2020-05-06 11:13:09 -07:00
Florian Ruynat
f6be326feb
Update kube-ovn to 1.1.1 ( #6060 )
2020-05-06 11:05:09 -07:00
Florian Ruynat
7d497e46c5
Update calico to 3.13.3 ( #6061 )
2020-05-04 08:56:26 -07:00
Florian Ruynat
361645e8b6
Fix multus missing cni and erroneous CI tests ( #6051 )
2020-04-30 23:38:05 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico ( #6031 )
2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers ( #6030 )
2020-04-27 00:03:30 -07:00
Qasim Sarfraz
52edd4c9bc
Fix liveness probe for cilium operator ( #6016 )
2020-04-26 23:59:29 -07:00
Pasquale Toscano
3d5988577a
Support Cilium from version 1.5 ( #6006 )
2020-04-24 06:00:10 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables ( #6003 )
2020-04-24 01:54:07 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction ( #5989 )
2020-04-21 07:20:56 -07:00
Sergey
6e29a47784
generate flannel manifest only on first master ( #5983 )
2020-04-20 01:33:38 -07:00
Sergey
baff4e61cf
remove image flannel cni ( #5980 )
2020-04-19 06:13:37 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os ( #5964 )
2020-04-17 05:51:06 -07:00
Maxime Guyot
0924c2510c
Use role to copy CNI bin ( #5953 )
2020-04-16 10:06:45 -07:00
Ryler Hockenbury
b061cce913
Allow configureable vni and port for flannel overlay ( #5939 )
2020-04-15 03:14:02 -07:00
Florian Ruynat
c929b5e82e
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 ( #5852 )
2020-04-15 03:10:03 -07:00
Florian Ruynat
58f48500b1
Update Flannel manifests, install script and version (0.12) + fix tests scripts ( #5937 )
...
* Add CI_TEST_VARS to tests
* Update flannel to 0.12.0 (with new manifests) and disable tx/rx
offloading in networking test
2020-04-14 23:48:02 -07:00
Florian Ruynat
b5125e59ab
update rbac.authorization.k8s.io to non deprecated api-groups ( #5517 )
2020-04-14 13:14:04 -07:00
Chris
883194afec
Fix Cilium permissions ( #5923 )
...
* added required permissions for querying endpointslice resources
* copy-pasted role permissions from cilium install manifests
* bumped cilium version to v1.7.2
2020-04-10 23:47:48 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. ( #5912 )
2020-04-09 07:27:43 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service ( #5372 )
2020-03-30 01:19:53 -07:00
Petr Enkov
474fbf09c4
fix wrong cilium_operator repo variable ( #5819 )
2020-03-25 02:17:03 -07:00
Petr Enkov
bc2eeb0560
use variables for cilium-operator instead of hardcoded value ( #5802 )
2020-03-24 07:40:47 -07:00
Mateus Caruccio
81f07c3783
Disable IPv6 support for canal's calico-node ( #5684 )
...
This implements the same behavior as a15a0b5eb9/roles/network_plugin/calico/templates/calico-node.yml.j2
More info: https://github.com/projectcalico/felix/issues/1447
2020-03-24 07:10:49 -07:00
bozzo
3cefd60c37
Add OWNERS file for kube-router ( #5782 )
...
I propose also my help as a reviewer
2020-03-17 04:14:22 -07:00
bozzo
974902af31
Update Kube-router version to v0.4.0 ( #5756 )
2020-03-17 02:40:21 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode ( #5473 )
...
* Support configuring the insert mode
Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration
so nothing should change for existing deployments.
This allows coexistence with other firewall management technologies.
* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Christopher Randles
71c856878c
update multus to 3.4 and add crio support ( #5701 )
...
Signed-off-by: Chris Randles <randles.chris@gmail.com>
2020-03-13 04:22:39 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory ( #5731 )
...
* calico VXLAN mode
* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Fredrik Lönnegren
e257d92f41
Cilium updates ( #5438 )
...
* Add resources needed to deploy 1.6.4
* Use cilium v1.6.4
* Change deprecated option name
* Add update crd to clusterrole cilium
* Cilium 1.6.4 -> 1.6.5
* Make monitor-aggregation config configurable as a variable
* Change monitor-aggregation default none->medium
* Cilium 1.6.5 -> 1.6.6
* Update to 1.7.0
* v1.7.0->v1.7.1
2020-03-11 08:15:36 -07:00
Arthur Outhenin-Chalandre
588896712e
Fix kube-router config generation ( #5531 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-03-04 02:11:47 -08:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable ( #5658 )
...
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Sylvain Chateau
0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role ( #5607 )
2020-02-18 00:15:29 -08:00
lcooper40
579976260f
Added in code to allow control over pull policy for local path provis… ( #5334 )
...
* Added in code to allow control over pull policy for local path provisioner
* change to imagePullPolicy to use globally used variable k8s_image_pull_policy
* removed unusued variable from defaults
* updated contiv-etcd and cinder-csi-controllerplugin to use k8s_image_pull_policy variable
2020-02-17 02:13:30 -08:00
Matthew Mosesohn
b35b816287
Raise typha max connections to 300 ( #5527 )
...
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.
Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Etienne Champetier
2c2ffa846c
Calico: update to 3.11.1, allow to configure calico_iptables_backend ( #5514 )
...
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
bozzo
c0b262a22a
Add kube-router configuration to enable metrics exposure ( #5416 )
2019-12-16 04:35:36 -08:00
Maxime Guyot
b15d41a96a
Add support to Ansible 2.9 ( #5361 )
2019-12-05 07:24:32 -08:00
Matthew Mosesohn
7da2083986
Add toleration for calico-typha on master ( #5405 )
...
Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
2019-12-05 06:24:32 -08:00
Aaron Crickenberger
f1498d4b53
fix OWNERS file ( #5359 )
...
Initially this was to fix a mis-indented approvers key. However, it turns
out that 'oilbeater' is not a member of kubernetes-sigs nor
kubernetes-incubator (the org this repo was migrated from). Thus this
OWNERS file is failing prow's validation check.
As a workaround I've opted to move them to emeritus_approver, which
isn't valiated and can be used as a hint for other approvers in this
repo
2019-11-25 17:59:11 -08:00
Jacopo Secchiero
97764921ed
Fix calico name resolution ( #5291 )
2019-11-11 04:01:41 -08:00