Merge pull request #65022 from jingax10/calico_addon_branch

Automatic merge from submit-queue (batch tested with PRs 64140, 64898, 65022, 65037, 65027). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update Calico addon yamls to make it work for both 2.x and 3.x. versions.

**What this PR does / why we need it**:

Without this PR, one could not run Calico 3.0+.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #65045 

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue
2018-06-21 05:40:16 -07:00
committed by GitHub
11 changed files with 148 additions and 6 deletions

View File

@@ -36,6 +36,7 @@ rules:
- get - get
- list - list
- watch - watch
- patch
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- nodes - nodes
@@ -51,17 +52,28 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- watch
- list
- apiGroups: ["crd.projectcalico.org"] - apiGroups: ["crd.projectcalico.org"]
resources: resources:
- globalfelixconfigs - globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs - globalbgpconfigs
- bgpconfigurations
- ippools - ippools
- globalnetworkpolicies - globalnetworkpolicies
- globalnetworksets
- networkpolicies
- clusterinformations
- hostendpoints
verbs: verbs:
- create - create
- get - get
- list - list
- update - update
- patch
- delete
- watch - watch

View File

@@ -41,18 +41,22 @@ spec:
value: "none" value: "none"
- name: DATASTORE_TYPE - name: DATASTORE_TYPE
value: "kubernetes" value: "kubernetes"
- name: FELIX_TYPHAK8SSERVICENAME
value: "calico-typha"
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT" value: "ACCEPT"
- name: FELIX_HEALTHENABLED
value: "true"
- name: FELIX_IPV6SUPPORT - name: FELIX_IPV6SUPPORT
value: "false" value: "false"
- name: FELIX_LOGSEVERITYSYS - name: FELIX_LOGSEVERITYSYS
value: "none" value: "none"
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
- name: FELIX_PROMETHEUSMETRICSENABLED - name: FELIX_PROMETHEUSMETRICSENABLED
value: "true" value: "true"
- name: FELIX_HEALTHENABLED - name: FELIX_REPORTINGINTERVALSECS
value: "true" value: "0"
- name: FELIX_TYPHAK8SSERVICENAME
value: "calico-typha"
- name: IP - name: IP
value: "" value: ""
- name: NO_DEFAULT_POOLS - name: NO_DEFAULT_POOLS
@@ -84,6 +88,12 @@ spec:
- mountPath: /etc/calico - mountPath: /etc/calico
name: etc-calico name: etc-calico
readOnly: true readOnly: true
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
# This container installs the Calico CNI binaries # This container installs the Calico CNI binaries
# and CNI network config file on each node. # and CNI network config file on each node.
- name: install-cni - name: install-cni
@@ -149,6 +159,12 @@ spec:
- name: cni-net-dir - name: cni-net-dir
hostPath: hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
tolerations: tolerations:
# Make sure calico/node gets scheduled on all nodes. # Make sure calico/node gets scheduled on all nodes.
- effect: NoSchedule - effect: NoSchedule

View File

@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation

View File

@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration

View File

@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset

View File

@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint

View File

@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy

View File

@@ -44,6 +44,8 @@ spec:
value: "9093" value: "9093"
- name: TYPHA_DATASTORETYPE - name: TYPHA_DATASTORETYPE
value: "kubernetes" value: "kubernetes"
- name: TYPHA_REPORTINGINTERVALSECS
value: "0"
- name: TYPHA_MAXCONNECTIONSLOWERLIMIT - name: TYPHA_MAXCONNECTIONSLOWERLIMIT
value: "1" value: "1"
- name: TYPHA_HEALTHENABLED - name: TYPHA_HEALTHENABLED

View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: typha-cpva
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
- apiGroups: ["apps", "extensions"]
resources: ["deployments"]
verbs: ["patch"]

View File

@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: typha-cpva
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: typha-cpva
subjects:
- kind: ServiceAccount
name: typha-cpva
namespace: kube-system

View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: typha-cpva
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile