diff --git a/cluster/addons/calico-policy-controller/MAINTAINERS.md b/cluster/addons/calico-policy-controller/MAINTAINERS.md deleted file mode 100644 index cd7d55d651..0000000000 --- a/cluster/addons/calico-policy-controller/MAINTAINERS.md +++ /dev/null @@ -1,6 +0,0 @@ -# Maintainers - -Matt Dupre , Casey Davenport and committers to the https://github.com/projectcalico/k8s-policy repository. - - -[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/calico-policy-controller/MAINTAINERS.md?pixel)]() diff --git a/cluster/addons/calico-policy-controller/README.md b/cluster/addons/calico-policy-controller/README.md index 7ef70eede2..8176fdd83e 100644 --- a/cluster/addons/calico-policy-controller/README.md +++ b/cluster/addons/calico-policy-controller/README.md @@ -1,11 +1,11 @@ # Calico Policy Controller -============== Calico is an implementation of the Kubernetes network policy API. The provided manifests install: - A DaemonSet which runs Calico on each node in the cluster. - A Deployment which installs the Calico Typha agent. - A Service for the Calico Typha agent. +- Horizontal and vertical autoscalers for Calico. ### Learn More diff --git a/cluster/addons/calico-policy-controller/calico-clusterrole.yaml b/cluster/addons/calico-policy-controller/calico-clusterrole.yaml index b1b83498d8..aff9ef7614 100644 --- a/cluster/addons/calico-policy-controller/calico-clusterrole.yaml +++ b/cluster/addons/calico-policy-controller/calico-clusterrole.yaml @@ -30,13 +30,6 @@ rules: - pods/status verbs: - update - - apiGroups: [""] - resources: - - pods - verbs: - - get - - list - - watch - patch - apiGroups: [""] resources: @@ -46,13 +39,6 @@ rules: - list - update - watch - - apiGroups: ["extensions"] - resources: - - networkpolicies - verbs: - - get - - list - - watch - apiGroups: ["networking.k8s.io"] resources: - networkpolicies @@ -61,10 +47,8 @@ rules: - list - apiGroups: ["crd.projectcalico.org"] resources: - - globalfelixconfigs - felixconfigurations - bgppeers - - globalbgpconfigs - bgpconfigurations - ippools - globalnetworkpolicies @@ -78,3 +62,29 @@ rules: - list - update - watch + # Used in Calico v2.6 only - can be removed after upgrade. + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + - patch + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - globalbgpconfigs + verbs: + - create + - get + - list + - update + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch diff --git a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml index 96440e74d8..025818768f 100644 --- a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml +++ b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml @@ -33,7 +33,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: gcr.io/projectcalico-org/node:v2.6.7 + image: gcr.io/projectcalico-org/node:v3.3.1 env: - name: CALICO_DISABLE_FILE_LOGGING value: "true" @@ -73,6 +73,7 @@ spec: httpGet: path: /liveness port: 9099 + host: localhost periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 @@ -80,6 +81,7 @@ spec: httpGet: path: /readiness port: 9099 + host: localhost periodSeconds: 10 volumeMounts: - mountPath: /lib/modules @@ -97,7 +99,7 @@ spec: # This container installs the Calico CNI binaries # and CNI network config file on each node. - name: install-cni - image: gcr.io/projectcalico-org/cni:v1.11.2 + image: gcr.io/projectcalico-org/cni:v3.3.1 command: ["/install-cni.sh"] env: - name: CNI_CONF_NAME @@ -110,7 +112,7 @@ spec: "plugins": [ { "type": "calico", - "log_level": "debug", + "log_level": "info", "datastore_type": "kubernetes", "nodename": "__KUBERNETES_NODE_NAME__", "ipam": { @@ -118,11 +120,9 @@ spec: "subnet": "usePodCidr" }, "policy": { - "type": "k8s", - "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" + "type": "k8s" }, "kubernetes": { - "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", "kubeconfig": "__KUBECONFIG_FILEPATH__" } }, diff --git a/cluster/addons/calico-policy-controller/typha-deployment.yaml b/cluster/addons/calico-policy-controller/typha-deployment.yaml index ebc6d6dbaf..f8209868dd 100644 --- a/cluster/addons/calico-policy-controller/typha-deployment.yaml +++ b/cluster/addons/calico-policy-controller/typha-deployment.yaml @@ -23,7 +23,7 @@ spec: hostNetwork: true serviceAccountName: calico containers: - - image: gcr.io/projectcalico-org/typha:v0.5.6 + - image: gcr.io/projectcalico-org/typha:v3.3.1 name: calico-typha ports: - containerPort: 5473 @@ -58,12 +58,14 @@ spec: httpGet: path: /liveness port: 9098 + host: localhost periodSeconds: 30 initialDelaySeconds: 30 readinessProbe: httpGet: path: /readiness port: 9098 + host: localhost periodSeconds: 10 volumes: - name: etc-calico