Skip to content

Commit

Permalink
Calico: add dependencies for 3.21.x (kubernetes-sigs#8250)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cristicalin @sakuraiyuta
cristicalin authored and sakuraiyuta committed Apr 16, 2022
1 parent b7b50be commit d964269
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 5 deletions.
1 change: 1 addition & 0 deletions roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ rules:
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
- ipreservations
verbs:
- list
- apiGroups: ["crd.projectcalico.org"]
Expand Down
8 changes: 8 additions & 0 deletions roles/network_plugin/calico/templates/calico-cr.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ rules:
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipreservations
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
Expand All @@ -91,6 +92,7 @@ rules:
- clusterinformations
- hostendpoints
- blockaffinities
- caliconodestatuses
verbs:
- get
- list
Expand All @@ -104,6 +106,12 @@ rules:
verbs:
- create
- update
# Calico must update some CRDs.
- apiGroups: [ "crd.projectcalico.org" ]
resources:
- caliconodestatuses
verbs:
- update
# Calico stores some configuration information on the node.
- apiGroups: [""]
resources:
Expand Down
33 changes: 28 additions & 5 deletions roles/network_plugin/calico/templates/calico-node.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@ spec:
- name: install-cni
image: {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }}
command: ["/opt/cni/bin/install"]
envFrom:
- configMapRef:
# Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
name: kubernetes-services-endpoint
optional: true
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
Expand Down Expand Up @@ -214,11 +219,6 @@ spec:
# # Configure the IP Pool from which Pod IPs will be chosen.
# - name: CALICO_IPV4POOL_CIDR
# value: "{{ calico_pool_cidr | default(kube_pods_subnet) }}"
{% if calico_veth_mtu is defined %}
# Set MTU for the Wireguard tunnel device.
- name: FELIX_WIREGUARDMTU
value: "{{ calico_veth_mtu }}"
{% endif %}
- name: CALICO_IPV4POOL_IPIP
value: "{{ calico_ipv4pool_ipip }}"
- name: FELIX_IPV6SUPPORT
Expand All @@ -234,8 +234,15 @@ spec:
value: "{{ calico_usage_reporting }}"
# Set MTU for tunnel device used if ipip is enabled
{% if calico_mtu is defined %}
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
# Set MTU for the VXLAN tunnel device.
- name: FELIX_VXLANMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
# Set MTU for the Wireguard tunnel device.
- name: FELIX_WIREGUARDMTU
value: "{{ calico_veth_mtu | default(calico_mtu) }}"
{% endif %}
- name: FELIX_CHAININSERTMODE
value: "{{ calico_felix_chaininsertmode }}"
Expand Down Expand Up @@ -270,6 +277,12 @@ spec:
fieldRef:
fieldPath: status.hostIP
{% endif %}
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
- name: NODENAME
valueFrom:
fieldRef:
Expand All @@ -295,6 +308,14 @@ spec:
requests:
cpu: {{ calico_node_cpu_requests }}
memory: {{ calico_node_memory_requests }}
{% if calico_version is version('v3.21.0', '>=') %}
lifecycle:
preStop:
exec:
command:
- /bin/calico-node
- -shutdown
{% endif %}
livenessProbe:
exec:
command:
Expand Down Expand Up @@ -336,8 +357,10 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
# For maintaining CNI plugin API credentials.
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
readOnly: false
{% if typha_secure %}
- name: typha-client
mountPath: /etc/typha-client
Expand Down

0 comments on commit d964269

Please sign in to comment.