From 050578da94166688413ba75b5260b88f0ad8739f Mon Sep 17 00:00:00 2001
From: Florian Ruynat <16313165+floryut@users.noreply.github.com>
Date: Mon, 7 Sep 2020 11:11:49 +0200
Subject: [PATCH] Update Cilium to 1.8.3 (#6629)
---
README.md | 2 +-
roles/download/defaults/main.yml | 2 +-
.../cilium/templates/cilium-deploy.yml.j2 | 19 +++++++++++++++++++
.../cilium/templates/cilium-ds.yml.j2 | 14 ++++++++++++++
4 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index d73c0390b..3abf8b0a4 100644
--- a/README.md
+++ b/README.md
@@ -125,7 +125,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [cni-plugins](https://github.com/containernetworking/plugins) v0.8.6
- [calico](https://github.com/projectcalico/calico) v3.15.2
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- - [cilium](https://github.com/cilium/cilium) v1.8.2
+ - [cilium](https://github.com/cilium/cilium) v1.8.3
- [contiv](https://github.com/contiv/install) v1.2.1
- [flanneld](https://github.com/coreos/flannel) v0.12.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.3.0
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 57713a973..214790392 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -79,7 +79,7 @@ cni_version: "v0.8.7"
weave_version: 2.7.0
pod_infra_version: "3.2"
contiv_version: 1.2.1
-cilium_version: "v1.8.2"
+cilium_version: "v1.8.3"
kube_ovn_version: "v1.3.0"
kube_router_version: "v1.0.1"
multus_version: "v3.6"
diff --git a/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2 b/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
index a747f43e6..bf65a746d 100644
--- a/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-deploy.yml.j2
@@ -29,6 +29,18 @@ spec:
io.cilium/app: operator
name: cilium-operator
spec:
+ # In HA mode, cilium-operator pods must not be scheduled on the same
+ # node as they will clash with each other.
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: io.cilium/app
+ operator: In
+ values:
+ - operator
+ topologyKey: "kubernetes.io/hostname"
containers:
- args:
- --debug=$(CILIUM_DEBUG)
@@ -47,6 +59,11 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
+ - name: CILIUM_K8S_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
- name: CILIUM_DEBUG
valueFrom:
configMapKeyRef:
@@ -131,6 +148,8 @@ spec:
serviceAccount: cilium-operator
serviceAccountName: cilium-operator
hostNetwork: true
+ tolerations:
+ - operator: Exists
volumes:
# To read the etcd config stored in config maps
- configMap:
diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
index bede48dce..07eb78fb9 100755
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -20,6 +20,16 @@ spec:
labels:
k8s-app: cilium
spec:
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: k8s-app
+ operator: In
+ values:
+ - cilium
+ topologyKey: kubernetes.io/hostname
containers:
- args:
- --kvstore=etcd
@@ -194,6 +204,10 @@ spec:
name: bpf-maps
- mountPath: /var/run/cilium
name: cilium-run
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
priorityClassName: system-node-critical
restartPolicy: Always
serviceAccount: cilium
--
GitLab