From 10aa776d2d0baa22223ee70dc94acc1074437676 Mon Sep 17 00:00:00 2001 From: Lancelot Robson Date: Mon, 28 Sep 2020 15:51:42 +0100 Subject: [PATCH 1/3] Update calico to v3.16.1 --- config/master/calico.yaml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/config/master/calico.yaml b/config/master/calico.yaml index d17194c13c..b55f39ef62 100644 --- a/config/master/calico.yaml +++ b/config/master/calico.yaml @@ -32,7 +32,12 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: quay.io/calico/node:v3.15.1 + image: quay.io/calico/node:v3.16.1 + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -114,6 +119,13 @@ spec: - mountPath: /var/lib/calico name: var-lib-calico readOnly: false + # For eBPF mode, we need to be able to mount the BPF filesystem at /sys/fs/bpf so we mount in the + # parent directory. + - name: sysfs + mountPath: /sys/fs/ + # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. + # If the host is known to mount that filesystem already then Bidirectional can be omitted. + mountPropagation: Bidirectional volumes: # Used to ensure proper kmods are installed. - name: lib-modules @@ -129,6 +141,10 @@ spec: hostPath: path: /run/xtables.lock type: FileOrCreate + - name: sysfs + hostPath: + path: /sys/fs/ + type: DirectoryOrCreate tolerations: # Make sure calico/node gets scheduled on all nodes. - effect: NoSchedule @@ -549,7 +565,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: quay.io/calico/typha:v3.15.1 + - image: quay.io/calico/typha:v3.16.1 name: calico-typha ports: - containerPort: 5473 From 10cc2312929dbf94e746be5ffef87ca3b6205a09 Mon Sep 17 00:00:00 2001 From: Lancelot Robson Date: Tue, 6 Oct 2020 18:03:51 +0100 Subject: [PATCH 2/3] Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT override in Typha too --- config/master/calico.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/master/calico.yaml b/config/master/calico.yaml index b55f39ef62..4d54560c59 100644 --- a/config/master/calico.yaml +++ b/config/master/calico.yaml @@ -571,6 +571,11 @@ spec: - containerPort: 5473 name: calico-typha protocol: TCP + envFrom: + - configMapRef: + # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. + name: kubernetes-services-endpoint + optional: true env: # Use eni not cali for interface prefix - name: FELIX_INTERFACEPREFIX From c135bbc19e362215acfaa18ab9d32f6061d440c4 Mon Sep 17 00:00:00 2001 From: Lancelot Robson Date: Wed, 7 Oct 2020 17:30:16 +0100 Subject: [PATCH 3/3] Update to v3.16.2 --- config/master/calico.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/master/calico.yaml b/config/master/calico.yaml index 4d54560c59..c113712fa3 100644 --- a/config/master/calico.yaml +++ b/config/master/calico.yaml @@ -32,7 +32,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: quay.io/calico/node:v3.16.1 + image: quay.io/calico/node:v3.16.2 envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -565,7 +565,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: quay.io/calico/typha:v3.16.1 + - image: quay.io/calico/typha:v3.16.2 name: calico-typha ports: - containerPort: 5473