Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Calico to v2.4.1 #3161

Closed
tmjd opened this issue Aug 8, 2017 · 3 comments
Closed

Update Calico to v2.4.1 #3161

tmjd opened this issue Aug 8, 2017 · 3 comments

Comments

@tmjd
Copy link
Contributor

tmjd commented Aug 8, 2017

Calico was last updated with v2.2.1 in Kops and it should be updated to the latest available to pick up new features and fixes.

One thing that needs to be mentioned is that this update includes a change in the default deny behavior, Calico has switched this behavior for the move of Kubernetes NetworkPolicy to v1. You can see the release notes for Calico at https://github.com/projectcalico/calico/releases/tag/v2.4.0 (see the changes under k8s-policy).
I am looking for guidance on how the kops project would like to handle this behavior change or at least know that it is expected that users should understand the changes of the components they are using.

Just to point out how this new behavior works:

  • DefaultDeny is enabled for a pod if there is any policy that selects the pod
    • That means the new way to enable DefaultDeny is create a policy that selects all pods (in a namespace)
    • This also means that if DefaultDeny is not desired then all policy needs to be removed that targets a pod.
  • The old default deny annotation has no effect with the new Calico version
This was referenced Aug 8, 2017
Merged
Merged
k8s-github-robot pushed a commit that referenced this issue Aug 17, 2017
Merge pull request #3187 from tmjd/update-canal-2-4-1
e3d6b15 
Automatic merge from submit-queue

Update Canal to the latest

Update Calico and Flannel versions
- Calico to v2.4.1
- Flannel to v0.8.0

The #3161 issue should be reviewed for the Default Deny NetworkPolicy behavior change this PR brings along.
k8s-github-robot pushed a commit that referenced this issue Aug 17, 2017
Merge pull request #3162 from tmjd/update-calico-2-4-0
429004f 
Automatic merge from submit-queue

Update to Calico 2.4.1

- Switch Calico images to be pulled from quay.io

Addresses #3161
@chrislovecnm
Copy link
Contributor

Can we close this now?

@tmjd
Copy link
Contributor Author

tmjd commented Aug 18, 2017

Should any release notes be added for this update? If so, I can add them if you point me to where/how. If not then yeah I'm good with closing this.

@chrislovecnm
Copy link
Contributor

@tmjd yes please start on the 1.7.1 release notes! https://github.com/kubernetes/kops/tree/master/docs/releases is where we store them and create a new file for 1.7.1.

Closing :)

@tmjd tmjd mentioned this issue Aug 23, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrislovecnm @tmjd