Florian Ruynat
d40701463f
Update kube-ovn to 1.5.2 ( #6610 )
2020-11-26 09:34:19 -08:00
Andrii
8a153ed38e
Add serviceExternalIPs option for calico installation ( #6928 )
2020-11-25 05:34:39 -08:00
Hans Feldt
70bbb3e280
calico: avoid POD restart during initial deploy ( #6886 )
...
calico PODs are first started and then in a handler killed and
restarted for no reason, nothing has changed.
By using the existing variable 'calico_cni_config' (only defined when
calico has already started) the restart can be skipped.
2020-11-13 00:02:23 -08:00
Mikael Johansson
93a1693040
Update BGPPeer CRD to match v3.16 of Calico ( #6881 )
2020-11-05 11:14:51 -08:00
Hans Feldt
04b19359cb
allow non existing etcd group ( #6797 )
...
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
Florian Ruynat
a687013fbe
Update kube-router to 1.1.0 ( #6793 )
2020-10-05 13:46:20 -07:00
emiran-orange
081a9e7bd8
/opt/cni/bin/install not before calico 3.16 ( #6738 )
2020-09-25 06:15:11 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup ( #6733 )
...
* calico: add constant calico_min_version_required
and verify current deployed version against it.
* calico: remove upgrade support with data migration
The tool was used pre v3.0.0 and is no longer needed.
* calico: remove old version support from tasks
* calico: remove old ver support from policy ctrl
* calico: remove old ver support from node
* canal: remove old ver support
* remove unused calicoctl download checksums
calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Marco Martínez
5c448b6896
Add retries to update calico-rr data in etcd through calicoctl ( #6505 )
...
* Add retries to update calico-rr data in etcd through calicoctl
* Update update-node yaml syntax
* Add comment to clarify ansible block loop
* Remove trailing space
2020-09-24 03:24:05 -07:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore ( #6693 )
...
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … ( #6678 )
...
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.
* Check if calico_network_backend is defined prior to checking value
* Removed calico hidden defaults for vxlan port and vni
* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Victor Morales
0d0cc8cf9c
Add multi architeture support to flannel ( #6166 )
...
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-22 00:44:47 -07:00
Sebastian
9ce34be217
Added missing permissions for operator. ( #6683 )
...
Related commit: 976337b750
2020-09-18 02:12:45 -07:00
Barry Melbourne
b6b26c710f
Add support for Calico CNI host-local IPAM plugin ( #6580 )
2020-09-17 02:44:46 -07:00
Florian Ruynat
1712ba1198
Add iptables_backend to weave options ( #6639 )
2020-09-10 03:49:52 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 ( #6644 )
2020-09-10 03:45:46 -07:00
Florian Ruynat
050578da94
Update Cilium to 1.8.3 ( #6629 )
2020-09-07 02:11:49 -07:00
Maxim Pogozhiy
0553814b4f
Add selectable dns policy for kube-router ( #6586 )
2020-09-04 04:53:41 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr ( #6360 )
...
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Maxime Guyot
6245587dc8
Fix E306 in roles/network_plugin ( #6516 )
...
Signed-off-by: Miouge1 <maxime@root314.com>
2020-09-02 23:55:40 -07:00
Maxime Guyot
34d88ea6d9
Fix Ansible-lint E303 ( #6409 )
2020-08-31 03:30:20 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux ( #6576 )
2020-08-28 02:28:53 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress ( #6508 )
...
* add FELIX_DEVICEROUTESOURCEADDRESS calico option
* add calico_use_default_route_src_ipaddr option
add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option
* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Arthur Outhenin-Chalandre
e6dae03a0d
Add cilium hubble server in config ( #6575 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again ( #6493 )
2020-08-21 00:13:51 -07:00
Florian Ruynat
98f7485303
Update weave to 2.7.0 + minor update to Cilium ( #6501 )
2020-08-20 04:33:36 -07:00
Arthur Outhenin-Chalandre
ca8e59fa85
Add new cilium options for native routing ( #6519 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:39:42 -07:00
Arthur Outhenin-Chalandre
bedb411d06
improve Cilium metrics support ( #6513 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:29 -07:00
Arthur Outhenin-Chalandre
35682b5228
Fix cilium strict kube proxy replacement in HA ( #6473 )
...
* Update the cilium svc proxy test to HA mode
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Fix cilium strict kube-proxy in HA
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Add a single global endpoint variable
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Add cilium docs about kube-proxy replacement
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Fix issues in docs
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Florian Ruynat
24a7878e7c
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 ( #6479 )
2020-08-01 00:34:04 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray ( #6381 )
...
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Arthur Outhenin-Chalandre
3550e3c145
Adding kube-proxy-replacement support in cilium ( #6334 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Maxime Guyot
fe46349786
Fix ansible-lint E301 for commands fetching data ( #6465 )
2020-07-28 08:39:47 -07:00
Maxime Guyot
214e08f8c9
Fix ansible-lint E305 ( #6459 )
2020-07-28 01:39:08 -07:00
Maxime Guyot
8bd3b50e31
Fix ansible-lint E404 ( #6417 )
2020-07-28 01:21:08 -07:00
Maxime Guyot
e70f27dd79
Add noqa and disable .ansible-lint global exclusions ( #6410 )
2020-07-27 06:24:17 -07:00
Florian Ruynat
c9f63e5016
Update multus version & crio conf ( #6444 )
2020-07-26 23:36:16 -07:00
Konstantin Lebedev
4b80a7f6fe
Felix configuration via extraenvs of calico node ( #6433 )
2020-07-22 00:08:04 -07:00
Minjong Kim
b19f2e2d3d
Update the calico_veth_mtu setting to affect IP-in-IP users ( #6419 )
...
* Update calico_veth_mtu to FELIX_IPINIP variable
calico_veth_mtu is specified in the configuration, but since it only works for wireguard, modify it to work for IP-in-IP users.
* Update template with more cleaner expression
2020-07-21 23:58:18 -07:00
Florent Monbillard
bf8c8976dd
Upgrade etcd to 3.4.3 ( #5998 )
2020-07-20 07:26:51 -07:00
Arthur Outhenin-Chalandre
1a1fe99669
Add a way to deploy cilium alongside another CNI ( #6373 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-17 05:57:01 -07:00
chenguoquan1024
e1873ab872
add calico-node selinux ( #6359 )
2020-07-15 00:22:38 -07:00
Pasquale Toscano
4ce970c0b2
Cilium: overwrite auto-detected MTU of underlying network ( #6329 )
2020-07-02 07:12:47 -07:00
nurekage
017df7113d
Patch Calico for V3.14.0 missing CR and CRD ( #6276 )
2020-07-01 08:44:16 -07:00
Florian Ruynat
16ec5939c2
Update deprecated api ( #6245 )
2020-06-30 09:00:07 -07:00
Florian Ruynat
b064274e27
Update kube-router to 1.0.0 ( #6211 )
2020-06-30 08:54:06 -07:00
Florian Ruynat
8213b1802b
Update calico to 1.15.0 + minor update to kube-ovn/weave ( #6306 )
2020-06-29 14:39:58 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file ( #6307 )
2020-06-29 12:39:59 -07:00
Florian Ruynat
f54f63ec3f
Update cilium to 1.8.0 ( #6314 )
2020-06-25 06:16:38 -07:00
Alexander Evseev
5a311236c4
Enable portmap CNI plugin with kube-router ( #6204 )
...
... to have working `hostPort` for containers.
See: https://www.kube-router.io/docs/user-guide/#hostport-support
2020-06-10 10:08:52 -07:00
Yousong Zhou
a7b8708dfc
calico: use absolute path to docker, crictl binary ( #6253 )
...
To avoid the following error (ignored when pipefail is off)
RUNNING HANDLER [network_plugin/calico : containerd | delete calico-node containers] *******************************************************************************
changed: [node1] => {"attempts": 1, "changed": true, "cmd": "crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c \"crictl stopp % && crictl rmp %\"", "delta": "0:00:00.004240", "end": "2020-06-10 03:32:41.316955", "rc": 0, "start": "2020-06-10 03:32:41.312715", "stderr": "/bin/sh: crictl: command not found", "stderr_lines": ["/bin/sh: crictl: command not found"], "stdout": "", "stdout_lines": []}
2020-06-10 03:22:08 -07:00
Florian Ruynat
ecc3a0aec5
Update kube-ovn to 1.2.0 - also update minor version for multus and weave ( #6223 )
2020-06-09 12:09:01 -07:00
Florian Ruynat
101686c665
Remove outdated CriticalAddonsOnly toleration and critical-pod annotation ( #6202 )
2020-06-09 05:23:30 -07:00
Flavien
7ff8fc259b
Support all taints in network plugins manifests ( #6208 )
...
flannel, ovn and multus network plugins did not support all taint keys. This
update changes the tolerations to support them all.
According to the documentation:
```
There are two special cases: An empty key with operator Exists matches all keys,
values and effects which means this will tolerate everything. An empty effect matches
all effects with key key.
```
Usage of the empty `key` and `effect` ensures the network plugin daemonset will
be deployed on every nodes (ex: in case of custom taints, or NoExecute effect)
2020-06-02 05:38:15 -07:00
Sergey
cc507d7ace
disable bird-check flag for probes of calico-node pods when calico_network_backend is not 'bird'. ( #6217 )
2020-06-01 12:44:14 -07:00
Flavien
ab44beba17
weave: support any taint effect in daemonset tolerations ( #6159 )
...
Since weave 2.5.1, `NoExecute` taint effect is no more supported,
this changes the daemonset tolerations to change this behavior.
Also remove the toleration key `CriticalAddonsOnly` not required anymore.
2020-05-28 01:10:02 -07:00
Wang Zhen
d62836f2ab
Replace seccomp profile docker/default with runtime/default ( #6170 )
...
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00
Florian Ruynat
b6243bfc1c
Fix ImagePullPolicy missing variable usage ( #6091 )
2020-05-10 11:37:50 -07:00
Florian Ruynat
965fe1db94
Update cni spec to 0.4.0 for network plugin allowing it ( #6053 )
2020-05-06 11:13:09 -07:00
Florian Ruynat
f6be326feb
Update kube-ovn to 1.1.1 ( #6060 )
2020-05-06 11:05:09 -07:00
Florian Ruynat
7d497e46c5
Update calico to 3.13.3 ( #6061 )
2020-05-04 08:56:26 -07:00
Florian Ruynat
361645e8b6
Fix multus missing cni and erroneous CI tests ( #6051 )
2020-04-30 23:38:05 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico ( #6031 )
2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers ( #6030 )
2020-04-27 00:03:30 -07:00
Qasim Sarfraz
52edd4c9bc
Fix liveness probe for cilium operator ( #6016 )
2020-04-26 23:59:29 -07:00
Pasquale Toscano
3d5988577a
Support Cilium from version 1.5 ( #6006 )
2020-04-24 06:00:10 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables ( #6003 )
2020-04-24 01:54:07 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction ( #5989 )
2020-04-21 07:20:56 -07:00
Sergey
6e29a47784
generate flannel manifest only on first master ( #5983 )
2020-04-20 01:33:38 -07:00
Sergey
baff4e61cf
remove image flannel cni ( #5980 )
2020-04-19 06:13:37 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os ( #5964 )
2020-04-17 05:51:06 -07:00
Maxime Guyot
0924c2510c
Use role to copy CNI bin ( #5953 )
2020-04-16 10:06:45 -07:00
Ryler Hockenbury
b061cce913
Allow configureable vni and port for flannel overlay ( #5939 )
2020-04-15 03:14:02 -07:00
Florian Ruynat
c929b5e82e
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 ( #5852 )
2020-04-15 03:10:03 -07:00
Florian Ruynat
58f48500b1
Update Flannel manifests, install script and version (0.12) + fix tests scripts ( #5937 )
...
* Add CI_TEST_VARS to tests
* Update flannel to 0.12.0 (with new manifests) and disable tx/rx
offloading in networking test
2020-04-14 23:48:02 -07:00
Florian Ruynat
b5125e59ab
update rbac.authorization.k8s.io to non deprecated api-groups ( #5517 )
2020-04-14 13:14:04 -07:00
Chris
883194afec
Fix Cilium permissions ( #5923 )
...
* added required permissions for querying endpointslice resources
* copy-pasted role permissions from cilium install manifests
* bumped cilium version to v1.7.2
2020-04-10 23:47:48 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. ( #5912 )
2020-04-09 07:27:43 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service ( #5372 )
2020-03-30 01:19:53 -07:00
Petr Enkov
474fbf09c4
fix wrong cilium_operator repo variable ( #5819 )
2020-03-25 02:17:03 -07:00
Petr Enkov
bc2eeb0560
use variables for cilium-operator instead of hardcoded value ( #5802 )
2020-03-24 07:40:47 -07:00
Mateus Caruccio
81f07c3783
Disable IPv6 support for canal's calico-node ( #5684 )
...
This implements the same behavior as a15a0b5eb9/roles/network_plugin/calico/templates/calico-node.yml.j2
More info: https://github.com/projectcalico/felix/issues/1447
2020-03-24 07:10:49 -07:00
bozzo
3cefd60c37
Add OWNERS file for kube-router ( #5782 )
...
I propose also my help as a reviewer
2020-03-17 04:14:22 -07:00
bozzo
974902af31
Update Kube-router version to v0.4.0 ( #5756 )
2020-03-17 02:40:21 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode ( #5473 )
...
* Support configuring the insert mode
Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration
so nothing should change for existing deployments.
This allows coexistence with other firewall management technologies.
* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Christopher Randles
71c856878c
update multus to 3.4 and add crio support ( #5701 )
...
Signed-off-by: Chris Randles <randles.chris@gmail.com>
2020-03-13 04:22:39 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory ( #5731 )
...
* calico VXLAN mode
* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Fredrik Lönnegren
e257d92f41
Cilium updates ( #5438 )
...
* Add resources needed to deploy 1.6.4
* Use cilium v1.6.4
* Change deprecated option name
* Add update crd to clusterrole cilium
* Cilium 1.6.4 -> 1.6.5
* Make monitor-aggregation config configurable as a variable
* Change monitor-aggregation default none->medium
* Cilium 1.6.5 -> 1.6.6
* Update to 1.7.0
* v1.7.0->v1.7.1
2020-03-11 08:15:36 -07:00
Arthur Outhenin-Chalandre
588896712e
Fix kube-router config generation ( #5531 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-03-04 02:11:47 -08:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable ( #5658 )
...
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Sylvain Chateau
0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role ( #5607 )
2020-02-18 00:15:29 -08:00
lcooper40
579976260f
Added in code to allow control over pull policy for local path provis… ( #5334 )
...
* Added in code to allow control over pull policy for local path provisioner
* change to imagePullPolicy to use globally used variable k8s_image_pull_policy
* removed unusued variable from defaults
* updated contiv-etcd and cinder-csi-controllerplugin to use k8s_image_pull_policy variable
2020-02-17 02:13:30 -08:00
Matthew Mosesohn
b35b816287
Raise typha max connections to 300 ( #5527 )
...
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.
Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Etienne Champetier
2c2ffa846c
Calico: update to 3.11.1, allow to configure calico_iptables_backend ( #5514 )
...
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
bozzo
c0b262a22a
Add kube-router configuration to enable metrics exposure ( #5416 )
2019-12-16 04:35:36 -08:00
Maxime Guyot
b15d41a96a
Add support to Ansible 2.9 ( #5361 )
2019-12-05 07:24:32 -08:00
Matthew Mosesohn
7da2083986
Add toleration for calico-typha on master ( #5405 )
...
Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
2019-12-05 06:24:32 -08:00
Aaron Crickenberger
f1498d4b53
fix OWNERS file ( #5359 )
...
Initially this was to fix a mis-indented approvers key. However, it turns
out that 'oilbeater' is not a member of kubernetes-sigs nor
kubernetes-incubator (the org this repo was migrated from). Thus this
OWNERS file is failing prow's validation check.
As a workaround I've opted to move them to emeritus_approver, which
isn't valiated and can be used as a hint for other approvers in this
repo
2019-11-25 17:59:11 -08:00
Jacopo Secchiero
97764921ed
Fix calico name resolution ( #5291 )
2019-11-11 04:01:41 -08:00
Quentin Gliech
8a406be48a
Fix indentation in cilium-ds.yml template ( #5305 )
2019-11-11 03:25:41 -08:00