kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

CNI Calico: Update from v3.25.1 to v3.26.0

pull/16596/head
Steven Powell 2023-05-30 08:02:44 -07:00
parent e884a44b77
commit f3041dc6f8
2 changed files with 204 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/minikube/bootstrapper/images/images.go
View File

@ -174,7 +174,7 @@ func KindNet(repo string) string {
} }
// all calico images are from https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml // all calico images are from https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml
const calicoVersion = "v3.25.1" const calicoVersion = "v3.26.0"
const calicoRepo = "docker.io/calico" const calicoRepo = "docker.io/calico"
// CalicoDaemonSet returns the image used for calicoDaemonSet // CalicoDaemonSet returns the image used for calicoDaemonSet

207
pkg/minikube/cni/calico.yaml
View File

@ -29,6 +29,13 @@ metadata:
name: calico-node name: calico-node
namespace: kube-system namespace: kube-system
--- ---
# Source: calico/templates/calico-node.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-cni-plugin
namespace: kube-system
---
# Source: calico/templates/calico-config.yaml # Source: calico/templates/calico-config.yaml
# This ConfigMap is used to configure a self-hosted Calico installation. # This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap kind: ConfigMap
@ -273,6 +280,130 @@ status:
# Source: calico/templates/kdd-crds.yaml # Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: bgpfilters.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: BGPFilter
listKind: BGPFilterList
plural: bgpfilters
singular: bgpfilter
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPFilterSpec contains the IPv4 and IPv6 filter rules of
the BGP Filter.
properties:
exportV4:
description: The ordered set of IPv4 BGPFilter rules acting on exporting
routes to a peer.
items:
description: BGPFilterRuleV4 defines a BGP filter rule consisting
a single IPv4 CIDR block and a filter action for this CIDR.
properties:
action:
type: string
cidr:
type: string
matchOperator:
type: string
required:
- action
- cidr
- matchOperator
type: object
type: array
exportV6:
description: The ordered set of IPv6 BGPFilter rules acting on exporting
routes to a peer.
items:
description: BGPFilterRuleV6 defines a BGP filter rule consisting
a single IPv6 CIDR block and a filter action for this CIDR.
properties:
action:
type: string
cidr:
type: string
matchOperator:
type: string
required:
- action
- cidr
- matchOperator
type: object
type: array
importV4:
description: The ordered set of IPv4 BGPFilter rules acting on importing
routes from a peer.
items:
description: BGPFilterRuleV4 defines a BGP filter rule consisting
a single IPv4 CIDR block and a filter action for this CIDR.
properties:
action:
type: string
cidr:
type: string
matchOperator:
type: string
required:
- action
- cidr
- matchOperator
type: object
type: array
importV6:
description: The ordered set of IPv6 BGPFilter rules acting on importing
routes from a peer.
items:
description: BGPFilterRuleV6 defines a BGP filter rule consisting
a single IPv6 CIDR block and a filter action for this CIDR.
properties:
action:
type: string
cidr:
type: string
matchOperator:
type: string
required:
- action
- cidr
- matchOperator
type: object
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata: metadata:
name: bgppeers.crd.projectcalico.org name: bgppeers.crd.projectcalico.org
spec: spec:
@ -308,6 +439,11 @@ spec:
description: The AS Number of the peer. description: The AS Number of the peer.
format: int32 format: int32
type: integer type: integer
filters:
description: The ordered set of BGPFilters applied on this BGP peer.
items:
type: string
type: array
keepOriginalNextHop: keepOriginalNextHop:
description: Option to keep the original nexthop field when routes description: Option to keep the original nexthop field when routes
are sent to a BGP Peer. Setting "true" configures the selected BGP are sent to a BGP Peer. Setting "true" configures the selected BGP
@ -854,6 +990,13 @@ spec:
connections. The only reason to disable it is for debugging purposes. [Default: connections. The only reason to disable it is for debugging purposes. [Default:
true]' true]'
type: boolean type: boolean
bpfDSROptoutCIDRs:
description: BPFDSROptoutCIDRs is a list of CIDRs which are excluded
from DSR. That is, clients in those CIDRs will accesses nodeports
as if BPFExternalServiceMode was set to Tunnel.
items:
type: string
type: array
bpfDataIfacePattern: bpfDataIfacePattern:
description: BPFDataIfacePattern is a regular expression that controls description: BPFDataIfacePattern is a regular expression that controls
which interfaces Felix should attach BPF programs to in order to which interfaces Felix should attach BPF programs to in order to
@ -877,7 +1020,7 @@ spec:
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
with BPF programs regardless of what is the per-interfaces or global with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled, Strict or Loose. [Default: setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]' Loose]'
type: string type: string
bpfExtToServiceConnmark: bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
@ -1142,7 +1285,7 @@ spec:
type: integer type: integer
healthTimeoutOverrides: healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for of individual subcomponents to be overridden. This is useful for
working around "false positive" liveness timeouts that can occur working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs. a list of active subcomponents, see Felix's logs.
@ -1202,6 +1345,12 @@ spec:
type: string type: string
iptablesFilterAllowAction: iptablesFilterAllowAction:
type: string type: string
iptablesFilterDenyAction:
description: IptablesFilterDenyAction controls what happens to traffic
that is denied by network policy. By default Calico blocks traffic
with an iptables "DROP" action. If you want to use "REJECT" action
instead you can configure it in here.
type: string
iptablesLockFilePath: iptablesLockFilePath:
description: 'IptablesLockFilePath is the location of the iptables description: 'IptablesLockFilePath is the location of the iptables
lock file. You may need to change this if the lock file is not in lock file. You may need to change this if the lock file is not in
@ -4212,7 +4361,7 @@ rules:
resources: resources:
- serviceaccounts/token - serviceaccounts/token
resourceNames: resourceNames:
- calico-node - calico-cni-plugin
verbs: verbs:
- create - create
# The CNI plugin needs to get pods, nodes, and namespaces. # The CNI plugin needs to get pods, nodes, and namespaces.
@ -4229,7 +4378,7 @@ rules:
resources: resources:
- endpointslices - endpointslices
verbs: verbs:
- watch - watch
- list - list
- apiGroups: [""] - apiGroups: [""]
resources: resources:
@ -4283,6 +4432,7 @@ rules:
- globalfelixconfigs - globalfelixconfigs
- felixconfigurations - felixconfigurations
- bgppeers - bgppeers
- bgpfilters
- globalbgpconfigs - globalbgpconfigs
- bgpconfigurations - bgpconfigurations
- ippools - ippools
@ -4366,6 +4516,41 @@ rules:
verbs: verbs:
- get - get
--- ---
# Source: calico/templates/calico-node-rbac.yaml
# CNI cluster role
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-cni-plugin
rules:
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- pods/status
verbs:
- patch
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
- clusterinformations
- ippools
- ipreservations
- ipamconfigs
verbs:
- get
- list
- create
- update
- delete
---
# Source: calico/templates/calico-kube-controllers-rbac.yaml # Source: calico/templates/calico-kube-controllers-rbac.yaml
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -4394,6 +4579,20 @@ subjects:
name: calico-node name: calico-node
namespace: kube-system namespace: kube-system
--- ---
# Source: calico/templates/calico-node-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-cni-plugin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-cni-plugin
subjects:
- kind: ServiceAccount
name: calico-cni-plugin
namespace: kube-system
---
# Source: calico/templates/calico-node.yaml # Source: calico/templates/calico-node.yaml
# This manifest installs the calico-node container, as well # This manifest installs the calico-node container, as well
# as the CNI plugins and network config on # as the CNI plugins and network config on