Skip to content
  1. Jun 28, 2021
  2. Jun 25, 2021
  3. Jun 16, 2021
  4. Jun 07, 2021
    • Cristian Calin's avatar
      Calico enable support for eBPF (#7618) · ec0c0d4a
      Cristian Calin authored
      * Calico: align manifests with upstream
      
      * allow enabling typha prometheus metrics
      
      * Calico: enable eBPF support
      
      * manage the kubernetes-services-endpoint configmap
      
      * Calico: document the use of eBPF dataplane
      
      * Calico: improve checks before deployment
      
      * enforce disabling kube-proxy when using eBPF dataplane
      * ensure calico_version is supported
      ec0c0d4a
  5. May 27, 2021
  6. May 26, 2021
  7. May 12, 2021
  8. May 11, 2021
    • emiran-orange's avatar
      Enables Calico serviceAccount token monitoring and update of... · afbabebf
      emiran-orange authored
      Enables Calico serviceAccount token monitoring and update of /etc/cni/net.d/calico-kubeconfig if need be. (#7586)
      
      Since K8S 1.21, BoundServiceAccountTokenVolume feature gate is in beta stage, thus activated by default (anyone who follows CSI guidelines has enabled AllAlpha and faced the issue before 1.21).
      With this feature, SA tokens are regenerated every hour.
      As a consequence for Calico CNI, token in /etc/cni/net.d/calico-kubeconfig copied from /var/run/secrets/kubernetes.io/serviceaccount in install-cni initContainer expires after one hour and any pod creation fails due to unauthorization.
      Calico pods need to be restarted so that /etc/cni/net.d/calico-kubeconfig is updated with the new SA token.
      afbabebf
    • Cristian Calin's avatar
  9. Apr 30, 2021
  10. Apr 29, 2021
    • Cristian Calin's avatar
      Rename ansible groups to use _ instead of - (#7552) · 360aff4a
      Cristian Calin authored
      * rename ansible groups to use _ instead of -
      
      k8s-cluster -> k8s_cluster
      k8s-node -> k8s_node
      calico-rr -> calico_rr
      no-floating -> no_floating
      
      Note: kube-node,k8s-cluster groups in upgrade CI
            need clean-up after v2.16 is tagged
      
      * ensure old groups are mapped to the new ones
      360aff4a
  11. Apr 28, 2021
  12. Apr 27, 2021
  13. Apr 24, 2021
    • Cristian Calin's avatar
      Drop calico 3.15 (#7545) · 002a4b03
      Cristian Calin authored
      * calico: drop support for version 3.15
      
      * drop check for calico version >= 3.3, we are at 3.16 minimum now
      
      * we moved to calico 3.16+ so we can default to /opt/cni/bin/install
      002a4b03
  14. Apr 23, 2021
    • Cristian Calin's avatar
      Initial AlmaLinux support (#7538) · 73db44b0
      Cristian Calin authored
      * AlmaLinux: ansible>2.9.19 is needed to know about AlmaLinux
      
      * AlmaLinux: identify as a centos derrivative
      
      * AlmaLinux: add AlmaLinux to checks for CentOS
      
      * Use ansible_os_family to compare family and not distribution
      73db44b0
  15. Apr 22, 2021
  16. Apr 21, 2021
  17. Apr 19, 2021
  18. Apr 08, 2021
    • Frank Ritchie's avatar
      Move cilium kvstore settings to configmap (#7462) · 6f2abbf7
      Frank Ritchie authored
      This PR is to move the cilium kvstore options to the configmap
      rather than specifying them in the deployment as args. This
      is not technically necessary but keeping all the options in
      one place is probably not a bad idea.
      
      Tested with cilium 1.9.5.
      6f2abbf7
  19. Apr 06, 2021
    • Frank Ritchie's avatar
      Update cilium_ipsec_enabled check (#7413) · a6622b17
      Frank Ritchie authored
      When attempting a fresh install without cilium_ipsec_enabled I ran
      into the following error:
      
      failed: [k8m01] (item={'name': 'cilium', 'file': 'cilium-secret.yml', 'type': 'secret', 'when': 'cilium_ipsec_enabled'}) =>
      {"ansible_loop_var": "item", "changed": false, "item": {"file": "cilium-secret.yml", "name": "cilium", "type": "secret",
      "when": "cilium_ipsec_enabled"},"msg": "AnsibleUndefinedVariable: 'cilium_ipsec_key' is undefined"}
      
      Moving the when condition from the item level to the task level solved
      the issue.
      a6622b17
  20. Apr 01, 2021
    • Frank Ritchie's avatar
      Add cilium_ipam_mode variable (#7418) · f05d6b37
      Frank Ritchie authored
      Starting with Cilium v1.9 the default ipam mode has changed to "Cluster
      Scope". See:
      
      https://docs.cilium.io/en/v1.9/concepts/networking/ipam/
      
      With this ipam mode Cilium handles assigning subnets to nodes to use
      for pod ip addresses. The default Kubespray deploy uses the Kube
      Controller Manager for this (the --allocate-node-cidrs
      kube-controller-manager flag is set). This makes the proper ipam mode
      for kubespray using cilium v1.9+ "kubernetes".
      
      Tested with Cilium 1.9.5.
      
      This PR also mounts the cilium-config ConfigMap for this variable
      to be read properly.
      
      In the future we can probably remove the kvstore and kvstore-opt
      Cilium Operator args since they can be in the ConfigMap. I will tackle
      that after this merges.
      f05d6b37
  21. Mar 29, 2021
    • Fernando's avatar
      add support for custom calico port (#7419) · 5dbce6a2
      Fernando authored
      5dbce6a2
    • Frank Ritchie's avatar
      Update cilium-operator clusterrole (#7416) · 5b0e8833
      Frank Ritchie authored
      When upgrading cilium from 1.8.8 to 1.9.5 I ran into the following
      error:
      
      level=error msg="Unable to update CRD" error="customresourcedefinitions.apiextensions.k8s.io
      \"ciliumnodes.cilium.io\" is forbidden: User \"system:serviceaccount:kube-system:cilium-operator\"
      cannot update resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the
      cluster scope" name=CiliumNode/v2 subsys=k8s
      
      The fix was to add the update verb to the clusterrole. I also added
      create to match the clusterrole created by the cilium helm chart.
      5b0e8833
    • Samuel Liu's avatar
      db43891f
  22. Mar 24, 2021
  23. Mar 19, 2021
    • Erwan Miran's avatar
      Download Calico KDD CRDs (#7372) · 1c62af0c
      Erwan Miran authored
      * Download Calico KDD CRDs
      
      * Replace kustomize with lineinfile and use ansible assemble module
      
      * Replace find+lineinfile by sed in shell module to avoid nested loop
      
      * add condition on sed
      
      * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
      1c62af0c
  24. Mar 03, 2021
  25. Feb 16, 2021
  26. Feb 10, 2021
  27. Feb 05, 2021
  28. Feb 03, 2021
  29. Jan 26, 2021
    • Jorik Jonker's avatar
      calico: fix NetworkManager check (#7169) · bba55faa
      Jorik Jonker authored
      Previous check for presence of NM assumed "systemctl show
      NetworkManager" would exit with a nonzero status code, which seems not
      the case anymore with recent Flatcar Container Linux.
      
      This new check also checks the activeness of network manager, as
      `is-active` implies presence.
      
      Signed-off-by Jorik Jonker <jorik@kippendief.biz>
      bba55faa
  30. Jan 22, 2021
Loading