Skip to content

Commit

Permalink
build,salt: Upgrade Calico to 3.25.0
Browse files Browse the repository at this point in the history 
Images bumped with:
  docker.io/calico/node:v3.25.0
  docker.io/calico/kube-controllers:v3.25.0
  docker.io/calico/cni:v3.25.0

Manifest updated based on upstream from:
  https://github.com/projectcalico/calico/blob/v3.25.0/manifests/calico.yaml
  • Loading branch information
@TeddyAndrieux
TeddyAndrieux committed Mar 3, 2023
1 parent 30ab7a8 commit 1515f24
Show file tree
Hide file tree
Showing 3 changed files with 79 additions and 20 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@
The pause image has been bump to 3.9
(PR[#4006](https://github.com/scality/metalk8s/pull/4006))

- Bump Calico version to [3.25.0](https://github.com/projectcalico/calico/releases/tag/v3.25.0)
(PR[#4014](https://github.com/scality/metalk8s/pull/4014))

- Bump ingress-nginx chart version to
[4.5.2](https://github.com/kubernetes/ingress-nginx/releases/tag/helm-chart-4.5.2)
The controller image has been bumped accordingly to
Expand Down
8 changes: 4 additions & 4 deletions buildchain/buildchain/versions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

# Project-wide versions {{{

CALICO_VERSION: str = "3.24.1"
CALICO_VERSION: str = "3.25.0"
K8S_VERSION: str = "1.25.5"
SALT_VERSION: str = "3002.9"
CONTAINERD_VERSION: str = "1.6.19"
Expand Down Expand Up @@ -104,17 +104,17 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
Image(
name="calico-cni",
version=_version_prefix(CALICO_VERSION),
digest="sha256:e60b90d7861e872efa720ead575008bc6eca7bee41656735dcaa8210b688fcd9",
digest="sha256:a38d53cb8688944eafede2f0eadc478b1b403cefeff7953da57fe9cd2d65e977",
),
Image(
name="calico-node",
version=_version_prefix(CALICO_VERSION),
digest="sha256:43f6cee5ca002505ea142b3821a76d585aa0c8d22bc58b7e48589ca7deb48c13",
digest="sha256:a85123d1882832af6c45b5e289c6bb99820646cb7d4f6006f98095168808b1e6",
),
Image(
name="calico-kube-controllers",
version=_version_prefix(CALICO_VERSION),
digest="sha256:4010b2739792ae5e77a750be909939c0a0a372e378f3c81020754efcf4a91efa",
digest="sha256:c45af3a9692d87a527451cf544557138fedf86f92b6e39bf2003e2fdb848dce3",
),
Image(
name="coredns",
Expand Down
88 changes: 72 additions & 16 deletions salt/metalk8s/kubernetes/cni/calico/deployed.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ data:

# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
# NOTE: Add some specific MetalK8s conditions for PortMap
cni_network_config: |-
{
"name": "k8s-pod-network",
Expand Down Expand Up @@ -169,6 +170,12 @@ spec:
type: string
type: object
type: array
ignoredInterfaces:
description: IgnoredInterfaces indicates the network interfaces that
needs to be excluded when reading device routes.
items:
type: string
type: array
listenPort:
description: ListenPort is the port where BGP protocol should listen.
Defaults to 179
Expand Down Expand Up @@ -387,12 +394,23 @@ spec:
remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set.
type: string
reachableBy:
description: Add an exact, i.e. /32, static route toward peer IP in
order to prevent route flapping. ReachableBy contains the address
of the gateway which peer can be reached by.
type: string
sourceAddress:
description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address.
type: string
ttlSecurity:
description: TTLSecurity enables the generalized TTL security mechanism
(GTSM) which protects against spoofed packets by ignoring received
packets with a smaller than expected TTL value. The provided value
is the number of hops (edges) between the peers.
type: integer
type: object
type: object
served: true
Expand Down Expand Up @@ -877,9 +895,10 @@ spec:
[Default: false]'
type: boolean
bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with
BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled or Strict. [Default: Strict]'
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]'
type: string
bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
Expand All @@ -898,6 +917,11 @@ spec:
node appears to use the IP of the ingress node; this requires a
permissive L2 network. [Default: Tunnel]'
type: string
bpfHostConntrackBypass:
description: 'BPFHostConntrackBypass Controls whether to bypass Linux
conntrack in BPF mode for workloads and services. [Default: true
- bypass Linux conntrack]'
type: boolean
bpfKubeProxyEndpointSlicesEnabled:
description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
whether Felix's embedded kube-proxy accepts EndpointSlices or not.
Expand All @@ -914,6 +938,14 @@ spec:
kube-proxy. Lower values give reduced set-up latency. Higher values
reduce Felix CPU usage by batching up more work. [Default: 1s]'
type: string
bpfL3IfacePattern:
description: BPFL3IfacePattern is a regular expression that allows
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
created by Calico, that Calico workload traffic flows over as well
as any interfaces that handle incoming traffic to nodeports and
services from outside the cluster.
type: string
bpfLogLevel:
description: 'BPFLogLevel controls the log level of the BPF programs
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
Expand Down Expand Up @@ -989,11 +1021,12 @@ spec:
to use. Only used if UseInternalDataplaneDriver is set to false.
type: string
dataplaneWatchdogTimeout:
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix''s (internal) dataplane driver. Increase this value
description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix's (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s]'
or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
by the generic HealthTimeoutOverrides."
type: string
debugDisableLogDropping:
type: boolean
Expand Down Expand Up @@ -1097,15 +1130,21 @@ spec:
type: object
type: array
featureDetectOverride:
description: FeatureDetectOverride is used to override the feature
detection. Values are specified in a comma separated list with no
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=".
"true" or "false" will force the feature, empty or omitted values
are auto-detected.
description: FeatureDetectOverride is used to override feature detection
based on auto-detected platform capabilities. Values are specified
in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
or "false" will force the feature, empty or omitted values are auto-detected.
type: string
featureGates:
description: FeatureGates is used to enable or disable tech-preview
Calico features. Values are specified in a comma separated list
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
This is used to enable features that are not fully production ready.
type: string
floatingIPs:
description: FloatingIPs configures whether or not Felix will program
floating IP addresses.
non-OpenStack floating IP addresses. (OpenStack-derived floating
IPs are always programmed, regardless of this setting.)
enum:
- Enabled
- Disabled
Expand All @@ -1122,6 +1161,23 @@ spec:
type: string
healthPort:
type: integer
healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for
working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs.
items:
properties:
name:
type: string
timeout:
type: string
required:
- name
- timeout
type: object
type: array
interfaceExclude:
description: 'InterfaceExclude is a comma-separated list of interfaces
that Felix should exclude when monitoring for host endpoints. The
Expand Down Expand Up @@ -1163,7 +1219,7 @@ spec:
type: string
iptablesBackend:
description: IptablesBackend specifies which backend of iptables will
be used. The default is legacy.
be used. The default is Auto.
type: string
iptablesFilterAllowAction:
type: string
Expand Down Expand Up @@ -1430,8 +1486,8 @@ spec:
type: boolean
vxlanEnabled:
description: 'VXLANEnabled overrides whether Felix should create the
VXLAN tunnel device for VXLAN networking. Optional as Felix determines
this based on the existing IP pools. [Default: nil (unset)]'
VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
determines this based on the existing IP pools. [Default: nil (unset)]'
type: boolean
vxlanMTU:
description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
Expand Down Expand Up @@ -2857,7 +2913,7 @@ spec:
for internal use only.'
type: boolean
natOutgoing:
description: When nat-outgoing is true, packets sent from Calico networked
description: When natOutgoing is true, packets sent from Calico networked
containers in this pool to destinations outside of this pool will
be masqueraded.
type: boolean
Expand Down

0 comments on commit 1515f24

Please sign in to comment.