C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
c12s-kubespray/roles/network_plugin/calico/templates
History
emiran-orange afbabebfd5
Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) 
Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21).
With this feature, SA tokens are regenerated every hour.
As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization.
Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
2021-05-11 08:47:36 -07:00
..
calico-config.yml.j2 Rename ansible groups to use _ instead of - (#7552) 2021-04-29 05:20:50 -07:00
calico-cr.yml.j2 Calico upgrade path validation and old version cleanup (#6733) 2020-09-24 09:04:06 -07:00
calico-crb.yml.j2 Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514) 2020-01-08 02:27:40 -08:00
calico-node-sa.yml.j2 Removed deprecated label kubernetes.io/cluster-service (#5372) 2020-03-30 01:19:53 -07:00
calico-node.yml.j2 Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586) 2021-05-11 08:47:36 -07:00
calico-typha.yml.j2 Change node-role.kubernetes.io from master to control-plane (#7183) 2021-01-21 08:13:03 -08:00
calicoctl.etcd.sh.j2 fix for calico with kdd datastore (#4922) 2019-07-08 12:20:03 +03:00
calicoctl.kdd.sh.j2 Replace kube-master with kube_control_plane (#7256) 2021-03-23 17:26:05 -07:00
cni-calico.conflist.j2 Changes to support Dual Stack networking 2021-02-05 00:04:52 -08:00