github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update Calico to v3.3.1

pull/564/head
Casey Davenport 2018-11-11 16:36:48 -08:00
parent 8307fb2fb3
commit fc40cce94b
5 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/addons/calico-policy-controller/MAINTAINERS.md
View File

@ -1,6 +0,0 @@
# Maintainers
Matt Dupre <matt@projectcalico.org>, Casey Davenport <casey@tigera.io> and committers to the https://github.com/projectcalico/k8s-policy repository.
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/cluster/addons/calico-policy-controller/MAINTAINERS.md?pixel)]()

2
cluster/addons/calico-policy-controller/README.md
View File

@ -1,11 +1,11 @@
# Calico Policy Controller # Calico Policy Controller
==============
Calico is an implementation of the Kubernetes network policy API. The provided manifests install: Calico is an implementation of the Kubernetes network policy API. The provided manifests install:
- A DaemonSet which runs Calico on each node in the cluster. - A DaemonSet which runs Calico on each node in the cluster.
- A Deployment which installs the Calico Typha agent. - A Deployment which installs the Calico Typha agent.
- A Service for the Calico Typha agent. - A Service for the Calico Typha agent.
- Horizontal and vertical autoscalers for Calico.
### Learn More ### Learn More

42
cluster/addons/calico-policy-controller/calico-clusterrole.yaml
View File

@ -30,13 +30,6 @@ rules:
- pods/status - pods/status
verbs: verbs:
- update - update
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- watch
- patch - patch
- apiGroups: [""] - apiGroups: [""]
resources: resources:
@ -46,13 +39,6 @@ rules:
- list - list
- update - update
- watch - watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups: ["networking.k8s.io"] - apiGroups: ["networking.k8s.io"]
resources: resources:
- networkpolicies - networkpolicies
@ -61,10 +47,8 @@ rules:
- list - list
- apiGroups: ["crd.projectcalico.org"] - apiGroups: ["crd.projectcalico.org"]
resources: resources:
- globalfelixconfigs
- felixconfigurations - felixconfigurations
- bgppeers - bgppeers
- globalbgpconfigs
- bgpconfigurations - bgpconfigurations
- ippools - ippools
- globalnetworkpolicies - globalnetworkpolicies
@ -78,3 +62,29 @@ rules:
- list - list
- update - update
- watch - watch
# Used in Calico v2.6 only - can be removed after upgrade.
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- watch
- patch
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- globalbgpconfigs
verbs:
- create
- get
- list
- update
- watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch

12
cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
View File

@ -33,7 +33,7 @@ spec:
# container programs network policy and routes on each # container programs network policy and routes on each
# host. # host.
- name: calico-node - name: calico-node
image: gcr.io/projectcalico-org/node:v2.6.7 image: gcr.io/projectcalico-org/node:v3.3.1
env: env:
- name: CALICO_DISABLE_FILE_LOGGING - name: CALICO_DISABLE_FILE_LOGGING
value: "true" value: "true"
@ -73,6 +73,7 @@ spec:
httpGet: httpGet:
path: /liveness path: /liveness
port: 9099 port: 9099
host: localhost
periodSeconds: 10 periodSeconds: 10
initialDelaySeconds: 10 initialDelaySeconds: 10
failureThreshold: 6 failureThreshold: 6
@ -80,6 +81,7 @@ spec:
httpGet: httpGet:
path: /readiness path: /readiness
port: 9099 port: 9099
host: localhost
periodSeconds: 10 periodSeconds: 10
volumeMounts: volumeMounts:
- mountPath: /lib/modules - mountPath: /lib/modules
@ -97,7 +99,7 @@ spec:
# This container installs the Calico CNI binaries # This container installs the Calico CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
image: gcr.io/projectcalico-org/cni:v1.11.2 image: gcr.io/projectcalico-org/cni:v3.3.1
command: ["/install-cni.sh"] command: ["/install-cni.sh"]
env: env:
- name: CNI_CONF_NAME - name: CNI_CONF_NAME
@ -110,7 +112,7 @@ spec:
"plugins": [ "plugins": [
{ {
"type": "calico", "type": "calico",
"log_level": "debug", "log_level": "info",
"datastore_type": "kubernetes", "datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__", "nodename": "__KUBERNETES_NODE_NAME__",
"ipam": { "ipam": {
@ -118,11 +120,9 @@ spec:
"subnet": "usePodCidr" "subnet": "usePodCidr"
}, },
"policy": { "policy": {
"type": "k8s", "type": "k8s"
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
}, },
"kubernetes": { "kubernetes": {
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
"kubeconfig": "__KUBECONFIG_FILEPATH__" "kubeconfig": "__KUBECONFIG_FILEPATH__"
} }
}, },

4
cluster/addons/calico-policy-controller/typha-deployment.yaml
View File

@ -23,7 +23,7 @@ spec:
hostNetwork: true hostNetwork: true
serviceAccountName: calico serviceAccountName: calico
containers: containers:
- image: gcr.io/projectcalico-org/typha:v0.5.6 - image: gcr.io/projectcalico-org/typha:v3.3.1
name: calico-typha name: calico-typha
ports: ports:
- containerPort: 5473 - containerPort: 5473
@ -58,12 +58,14 @@ spec:
httpGet: httpGet:
path: /liveness path: /liveness
port: 9098 port: 9098
host: localhost
periodSeconds: 30 periodSeconds: 30
initialDelaySeconds: 30 initialDelaySeconds: 30
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /readiness path: /readiness
port: 9098 port: 9098
host: localhost
periodSeconds: 10 periodSeconds: 10
volumes: volumes:
- name: etc-calico - name: etc-calico