From 821e7dac24ad28e284ee79c527b222ba33811987 Mon Sep 17 00:00:00 2001 From: minikube-bot Date: Mon, 13 May 2024 10:05:09 +0000 Subject: [PATCH] CNI: Update calico from v3.27.3 to v3.28.0 --- pkg/minikube/bootstrapper/images/images.go | 2 +- pkg/minikube/cni/calico.yaml | 73 ++++++++++++++-------- 2 files changed, 47 insertions(+), 28 deletions(-) diff --git a/pkg/minikube/bootstrapper/images/images.go b/pkg/minikube/bootstrapper/images/images.go index 5df2dd2189..3ee2c10cd7 100644 --- a/pkg/minikube/bootstrapper/images/images.go +++ b/pkg/minikube/bootstrapper/images/images.go @@ -183,7 +183,7 @@ func KindNet(repo string) string { } // all calico images are from https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml -const calicoVersion = "v3.27.3" +const calicoVersion = "v3.28.0" const calicoRepo = "docker.io/calico" // CalicoDaemonSet returns the image used for calicoDaemonSet diff --git a/pkg/minikube/cni/calico.yaml b/pkg/minikube/cni/calico.yaml index bc0468e9e8..51b08911c7 100644 --- a/pkg/minikube/cni/calico.yaml +++ b/pkg/minikube/cni/calico.yaml @@ -475,7 +475,7 @@ spec: numAllowedLocalASNumbers: description: Maximum number of local AS numbers that are allowed in the AS path for received routes. This removes BGP loop prevention - and should only be used if absolutely necesssary. + and should only be used if absolutely necessary. format: int32 type: integer password: @@ -1106,8 +1106,9 @@ spec: - Disabled type: string bpfKubeProxyEndpointSlicesEnabled: - description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls - whether Felix's embedded kube-proxy accepts EndpointSlices or not. + description: BPFKubeProxyEndpointSlicesEnabled is deprecated and has + no effect. BPF kube-proxy always accepts endpoint slices. This option + will be removed in the next release. type: boolean bpfKubeProxyIptablesCleanupEnabled: description: 'BPFKubeProxyIptablesCleanupEnabled, if enabled in BPF @@ -1226,11 +1227,23 @@ spec: type: string debugDisableLogDropping: type: boolean + debugHost: + description: DebugHost is the host IP or hostname to bind the debug + port to. Only used if DebugPort is set. [Default:localhost] + type: string debugMemoryProfilePath: type: string + debugPort: + description: DebugPort if set, enables Felix's debug HTTP port, which + allows memory and CPU profiles to be retrieved. The debug port + is not secure, it should not be exposed to the internet. + type: integer debugSimulateCalcGraphHangAfter: pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ type: string + debugSimulateDataplaneApplyDelay: + pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ + type: string debugSimulateDataplaneHangAfter: pattern: ^([0-9]+(\\.[0-9]+)?(ms|s|m|h))*$ type: string @@ -1270,6 +1283,12 @@ spec: type: string endpointReportingEnabled: type: boolean + endpointStatusPathPrefix: + description: "EndpointStatusPathPrefix is the path to the directory + where endpoint status will be written. Endpoint status file reporting + is disabled if field is left empty. \n Chosen directory should match + the directory used by the CNI for PodStartupDelay. [Default: \"\"]" + type: string externalNodesList: description: ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes which may source tunnel traffic and have the tunneled traffic be @@ -1541,7 +1560,7 @@ spec: description: 'MetadataAddr is the IP address or domain name of the server that can answer VM queries for cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in Ubuntu, - nova-api-metadata). A value of none (case insensitive) means that + nova-api-metadata). A value of none (case-insensitive) means that Felix should not set up any NAT rule for the metadata path. [Default: 127.0.0.1]' type: string @@ -2634,17 +2653,17 @@ spec: any DNAT. type: boolean selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + description: "The selector is an expression used to pick out the endpoints + that the policy should be applied to. \n Selector expressions follow + this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g. + my_label == \"foo bar\" \tlabel != \"string_literal\" -> not + equal; also matches if label is not present \tlabel in { \"a\", + \"b\", \"c\", ... } -> true if the value of label X is one of + \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } + \ -> true if the value of label X is not one of \"a\", \"b\", \"c\" + \thas(label_name) -> True if that label is present \t! expr -> + negation of expr \texpr && expr -> Short-circuit and \texpr || + expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() or the empty selector -> matches all endpoints. \n Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive but they do not support escape characters. \n Examples @@ -4302,17 +4321,17 @@ spec: type: string type: array selector: - description: "The selector is an expression used to pick pick out - the endpoints that the policy should be applied to. \n Selector - expressions follow this syntax: \n \tlabel == \"string_literal\" - \ -> comparison, e.g. my_label == \"foo bar\" \tlabel != \"string_literal\" - \ -> not equal; also matches if label is not present \tlabel in - { \"a\", \"b\", \"c\", ... } -> true if the value of label X is - one of \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", - ... } -> true if the value of label X is not one of \"a\", \"b\", - \"c\" \thas(label_name) -> True if that label is present \t! expr - -> negation of expr \texpr && expr -> Short-circuit and \texpr - || expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() + description: "The selector is an expression used to pick out the endpoints + that the policy should be applied to. \n Selector expressions follow + this syntax: \n \tlabel == \"string_literal\" -> comparison, e.g. + my_label == \"foo bar\" \tlabel != \"string_literal\" -> not + equal; also matches if label is not present \tlabel in { \"a\", + \"b\", \"c\", ... } -> true if the value of label X is one of + \"a\", \"b\", \"c\" \tlabel not in { \"a\", \"b\", \"c\", ... } + \ -> true if the value of label X is not one of \"a\", \"b\", \"c\" + \thas(label_name) -> True if that label is present \t! expr -> + negation of expr \texpr && expr -> Short-circuit and \texpr || + expr -> Short-circuit or \t( expr ) -> parens for grouping \tall() or the empty selector -> matches all endpoints. \n Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive but they do not support escape characters. \n Examples @@ -4598,7 +4617,7 @@ rules: - create - update # Calico must update some CRDs. - - apiGroups: [ "crd.projectcalico.org" ] + - apiGroups: ["crd.projectcalico.org"] resources: - caliconodestatuses verbs: