diff --git a/puppet-manifests/centos/build_srpm.data b/puppet-manifests/centos/build_srpm.data index 7631fd8635..cc746d762c 100644 --- a/puppet-manifests/centos/build_srpm.data +++ b/puppet-manifests/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="src" -TIS_PATCH_VER=72 +TIS_PATCH_VER=73 diff --git a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb index 8eaab9caa0..1f6eea5ffc 100644 --- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb +++ b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb @@ -1,8 +1,8 @@ -# Calico Version v3.2.3 -# https://docs.projectcalico.org/v3.2/releases#v3.2.3 +# Calico Version v3.1.4 +# https://docs.projectcalico.org/v3.1/releases#v3.1.4 # This manifest includes the following component versions: -# calico/node:v3.2.3 -# calico/cni:v3.2.3 +# calico/node:v3.1.4 +# calico/cni:v3.1.4 # This ConfigMap is used to configure a self-hosted Calico installation. kind: ConfigMap @@ -15,14 +15,8 @@ data: # below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is # essential. typha_service_name: "none" - # Configure the Calico backend to use. - calico_backend: "bird" - # Configure the MTU to use - veth_mtu: "1440" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. + # The CNI network configuration to install on each node. cni_network_config: |- { "name": "k8s-pod-network", @@ -33,16 +27,16 @@ data: "log_level": "info", "datastore_type": "kubernetes", "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, + "mtu": 1500, "ipam": { "type": "host-local", "subnet": "usePodCidr" }, "policy": { - "type": "k8s" + "type": "k8s" }, "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" + "kubeconfig": "__KUBECONFIG_FILEPATH__" } }, { @@ -55,7 +49,6 @@ data: --- - # This manifest creates a Service, which will be backed by Calico's Typha daemon. # Typha sits in between Felix and the API server, reducing Calico's load on the API server. @@ -105,8 +98,6 @@ spec: # if it ever gets evicted. scheduler.alpha.kubernetes.io/critical-pod: '' spec: - nodeSelector: - beta.kubernetes.io/os: linux hostNetwork: true tolerations: # Mark the pod as a critical add-on for rescheduling. @@ -116,7 +107,7 @@ spec: # as a host-networked pod. serviceAccountName: calico-node containers: - - image: quay.io/calico/typha:v3.2.3 + - image: quay.io/calico/typha:v3.1.4 name: calico-typha ports: - containerPort: 5473 @@ -146,19 +137,15 @@ spec: #- name: TYPHA_PROMETHEUSMETRICSPORT # value: "9093" livenessProbe: - exec: - command: - - calico-typha - - check - - liveness + httpGet: + path: /liveness + port: 9098 periodSeconds: 30 initialDelaySeconds: 30 readinessProbe: - exec: - command: - - calico-typha - - check - - readiness + httpGet: + path: /readiness + port: 9098 periodSeconds: 10 --- @@ -192,11 +179,9 @@ spec: # if it ever gets evicted. scheduler.alpha.kubernetes.io/critical-pod: '' spec: - nodeSelector: - beta.kubernetes.io/os: linux hostNetwork: true tolerations: - # Make sure calico-node gets scheduled on all nodes. + # Make sure calico/node gets scheduled on all nodes. - effect: NoSchedule operator: Exists # Mark the pod as a critical add-on for rescheduling. @@ -213,66 +198,59 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: quay.io/calico/node:v3.2.3 + image: quay.io/calico/node:v3.1.4 env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE value: "kubernetes" - # Typha support: controlled by the ConfigMap. - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend + # Enable felix info logging. + - name: FELIX_LOGSEVERITYSCREEN + value: "info" # Cluster type to identify the deployment type - name: CLUSTER_TYPE value: "k8s,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "autodetect" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # Enable IP-in-IP within Felix. - - name: FELIX_IPINIPENABLED - value: "true" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - - name: CALICO_IPV4POOL_CIDR - value: "<%= @pod_network_cidr %>" # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING value: "true" # Set Felix endpoint to host default action to ACCEPT. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION value: "ACCEPT" - # Disable IPv6 on Kubernetes. + # Disable IPV6 on Kubernetes. - name: FELIX_IPV6SUPPORT value: "false" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" + # Set MTU for tunnel device used if ipip is enabled + - name: FELIX_IPINIPMTU + value: "1440" + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: "true" + # The default IPv4 pool to create on startup if none exists. Pod IPs will be + # chosen from this range. Changing this value after installation will have + # no effect. This should fall within `--cluster-cidr`. + - name: CALICO_IPV4POOL_CIDR + value: "<%= @pod_network_cidr %>" + # Enable IPIP + - name: CALICO_IPV4POOL_IPIP + value: "Always" + # Enable IP-in-IP within Felix. + - name: FELIX_IPINIPENABLED + value: "true" + # Typha support: controlled by the ConfigMap. + - name: FELIX_TYPHAK8SSERVICENAME + valueFrom: + configMapKeyRef: + name: calico-config + key: typha_service_name + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Auto-detect the BGP IP address. + - name: IP + value: "autodetect" + - name: IP_AUTODETECTION_METHOD + value: "can-reach=<%= @apiserver_advertise_address %>" - name: FELIX_HEALTHENABLED value: "true" securityContext: @@ -284,16 +262,13 @@ spec: httpGet: path: /liveness port: 9099 - host: localhost periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 readinessProbe: - exec: - command: - - /bin/calico-node - - -bird-ready - - -felix-ready + httpGet: + path: /readiness + port: 9099 periodSeconds: 10 volumeMounts: - mountPath: /lib/modules @@ -308,29 +283,23 @@ spec: # This container installs the Calico CNI binaries # and CNI network config file on each node. - name: install-cni - image: quay.io/calico/cni:v3.2.3 + image: quay.io/calico/cni:v3.1.4 command: ["/install-cni.sh"] env: # Name of the CNI config file to create. - name: CNI_CONF_NAME value: "10-calico.conflist" - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName # The CNI network config to install on each node. - name: CNI_NETWORK_CONFIG valueFrom: configMapKeyRef: name: calico-config key: cni_network_config - # CNI MTU Config variable - - name: CNI_MTU + # Set the hostname based on the k8s node name. + - name: KUBERNETES_NODE_NAME valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu + fieldRef: + fieldPath: spec.nodeName volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir @@ -354,18 +323,10 @@ spec: - name: cni-net-dir hostPath: path: /etc/cni/net.d ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- # Create all the CustomResourceDefinitions needed for # Calico policy and networking mode. +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -379,6 +340,7 @@ spec: kind: FelixConfiguration plural: felixconfigurations singular: felixconfiguration + --- apiVersion: apiextensions.k8s.io/v1beta1 @@ -499,3 +461,10 @@ spec: plural: networkpolicies singular: networkpolicy +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-node + namespace: kube-system diff --git a/puppet-manifests/src/modules/platform/templates/rbac-kdd.yaml.erb b/puppet-manifests/src/modules/platform/templates/rbac-kdd.yaml.erb index e06e908cce..478e36fa7b 100644 --- a/puppet-manifests/src/modules/platform/templates/rbac-kdd.yaml.erb +++ b/puppet-manifests/src/modules/platform/templates/rbac-kdd.yaml.erb @@ -1,5 +1,5 @@ -# Calico Version v3.2.3 -# https://docs.projectcalico.org/v3.2/releases#v3.2.3 +# Calico Version v3.1.4 +# https://docs.projectcalico.org/v3.1/releases#v3.1.4 kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: @@ -8,7 +8,6 @@ rules: - apiGroups: [""] resources: - namespaces - - serviceaccounts verbs: - get - list