From a6aad043b64760c51a90cf85e39b2a8b52b35a76 Mon Sep 17 00:00:00 2001 From: Laurence Man Date: Wed, 31 Jul 2019 20:15:33 -0700 Subject: [PATCH] Update Calico to v3.8.1 (cherry picked from commit 45a698daf52f2ee6fafa8ad0d83696b9c2be3941) --- config/v1.5/calico.yaml | 100 +++++++++++++++++++++++++++++++++++----- 1 file changed, 88 insertions(+), 12 deletions(-) diff --git a/config/v1.5/calico.yaml b/config/v1.5/calico.yaml index faefbbbd7f..42d9aa0588 100644 --- a/config/v1.5/calico.yaml +++ b/config/v1.5/calico.yaml @@ -32,7 +32,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: quay.io/calico/node:v3.3.6 + image: quay.io/calico/node:v3.8.1 env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -160,6 +160,42 @@ spec: --- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: IPAMBlock + plural: ipamblocks + singular: ipamblock + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: BlockAffinity + plural: blockaffinities + singular: blockaffinity + +--- + apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -302,6 +338,24 @@ spec: --- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + versions: + - name: v1 + served: true + storage: true + names: + kind: NetworkSet + plural: networksets + singular: networkset + +--- + # Create the ServiceAccount and roles necessary for Calico. apiVersion: v1 @@ -330,6 +384,12 @@ rules: - pods/status verbs: - patch + - apiGroups: [""] + resources: + - nodes/status + verbs: + - patch + - update - apiGroups: [""] resources: - pods @@ -376,9 +436,11 @@ rules: - globalbgpconfigs - bgpconfigurations - ippools + - ipamblocks - globalnetworkpolicies - globalnetworksets - networkpolicies + - networksets - clusterinformations - hostendpoints verbs: @@ -387,6 +449,22 @@ rules: - list - update - watch + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete + - apiGroups: ["crd.projectcalico.org"] + resources: + - blockaffinities + verbs: + - watch --- @@ -434,7 +512,7 @@ spec: hostNetwork: true serviceAccountName: calico-node containers: - - image: quay.io/calico/typha:v3.3.6 + - image: quay.io/calico/typha:v3.8.1 name: calico-typha ports: - containerPort: 5473 @@ -467,19 +545,17 @@ spec: - name: FELIX_IPTABLESMANGLEALLOWACTION value: Return livenessProbe: - exec: - command: - - calico-typha - - check - - liveness + httpGet: + path: /liveness + port: 9098 + host: localhost periodSeconds: 30 initialDelaySeconds: 30 readinessProbe: - exec: - command: - - calico-typha - - check - - readiness + httpGet: + path: /readiness + port: 9098 + host: localhost periodSeconds: 10 ---