richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5763 Commits
33 Branches
82 Tags
153 MiB
Tree: ae3a1d7c01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae3a1d7c01'
${ noResults }
kubespray/roles/network_plugin/calico/templates/calico-cr.yml.j2

143 lines
3.1 KiB
Raw Normal View History

Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514) I've tested this update by deploying a containerd / etcd cluster on top CentOS7, MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
5 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
Stop templating kube-system namespace and creating it (#2545) Kubernetes makes this namespace automatically, so there is no need for kubespray to manage it.
7 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. (#5912)
4 years ago
Move calico to daemonset (#1605) * Drop legacy calico logic * add calico as a daemonset
7 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
[PR-Calico]Support calico 3.4.0 (#4102) * Suport calico 3.4.0 Signed-off-by: wangxf1987 <xiaofeix.wang@gmail.com> * Remove symlink + cni conflist template when 3.3.0+, handle Canal, addition of install-cni: sidecar(3.3.0) or initontainer(3.4.0), KUBECONFIG_FILEPATH, calico_cert_dir, advertise cluster ips * scheduler.alpha.kubernetes.io/critical-pod deprecated since 1.12
6 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514) I've tested this update by deploying a containerd / etcd cluster on top CentOS7, MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
clean-up doc,spelling mistakes (#5206)
5 years ago
Add support calico kubernetes datastore and typha. (#4498) * Add support calico kubernetes datastore and typha. * Add typha_enabled to kubespray-defaults.
5 years ago
Add calico 3.7.3 support (#4953) * Add calico 3.7.3 support * add calico_datastore variable to policy controller role * add missing clusterrole rules for calico policy controller * disable calico kube controller when kdd mode is used for versions < 3.6
5 years ago
  1. ---
  2. kind: ClusterRole
  3. apiVersion: rbac.authorization.k8s.io/v1
  4. metadata:
  5. name: calico-node
  6. namespace: kube-system
  7. rules:
  8. - apiGroups: [""]
  9. resources:
  10. - pods
  11. - nodes
  12. - namespaces
  13. - configmaps
  14. verbs:
  15. - get
  16. - apiGroups: [""]
  17. resources:
  18. - endpoints
  19. - services
  20. verbs:
  21. - watch
  22. - list
  23. {% if calico_datastore == "kdd" %}
  24. # Used to discover Typhas.
  25. - get
  26. {% endif %}
  27. - apiGroups: [""]
  28. resources:
  29. - nodes/status
  30. verbs:
  31. - patch
  32. {% if calico_datastore == "etcd" %}
  33. - apiGroups:
  34. - policy
  35. resourceNames:
  36. - privileged
  37. resources:
  38. - podsecuritypolicies
  39. verbs:
  40. - use
  41. {% elif calico_datastore == "kdd" %}
  42. # Calico stores some configuration information in node annotations.
  43. - update
  44. # Watch for changes to Kubernetes NetworkPolicies.
  45. - apiGroups: ["networking.k8s.io"]
  46. resources:
  47. - networkpolicies
  48. verbs:
  49. - watch
  50. - list
  51. # Used by Calico for policy information.
  52. - apiGroups: [""]
  53. resources:
  54. - pods
  55. - namespaces
  56. - serviceaccounts
  57. verbs:
  58. - list
  59. - watch
  60. # The CNI plugin patches pods/status.
  61. - apiGroups: [""]
  62. resources:
  63. - pods/status
  64. verbs:
  65. - patch
  66. # Calico monitors various CRDs for config.
  67. - apiGroups: ["crd.projectcalico.org"]
  68. resources:
  69. - globalfelixconfigs
  70. - felixconfigurations
  71. - bgppeers
  72. - globalbgpconfigs
  73. - bgpconfigurations
  74. - ippools
  75. - ipamblocks
  76. - globalnetworkpolicies
  77. - globalnetworksets
  78. - networkpolicies
  79. - networksets
  80. - clusterinformations
  81. - hostendpoints
  82. - blockaffinities
  83. verbs:
  84. - get
  85. - list
  86. - watch
  87. # Calico must create and update some CRDs on startup.
  88. - apiGroups: ["crd.projectcalico.org"]
  89. resources:
  90. - ippools
  91. - felixconfigurations
  92. - clusterinformations
  93. verbs:
  94. - create
  95. - update
  96. # Calico stores some configuration information on the node.
  97. - apiGroups: [""]
  98. resources:
  99. - nodes
  100. verbs:
  101. - get
  102. - list
  103. - watch
  104. # These permissions are only required for upgrade from v2.6, and can
  105. # be removed after upgrade or on fresh installations.
  106. - apiGroups: ["crd.projectcalico.org"]
  107. resources:
  108. - bgpconfigurations
  109. - bgppeers
  110. verbs:
  111. - create
  112. - update
  113. # These permissions are required for Calico CNI to perform IPAM allocations.
  114. - apiGroups: ["crd.projectcalico.org"]
  115. resources:
  116. - blockaffinities
  117. - ipamblocks
  118. - ipamhandles
  119. verbs:
  120. - get
  121. - list
  122. - create
  123. - update
  124. - delete
  125. - apiGroups: ["crd.projectcalico.org"]
  126. resources:
  127. - ipamconfigs
  128. verbs:
  129. - get
  130. # Block affinities must also be watchable by confd for route aggregation.
  131. - apiGroups: ["crd.projectcalico.org"]
  132. resources:
  133. - blockaffinities
  134. verbs:
  135. - watch
  136. # The Calico IPAM migration needs to get daemonsets. These permissions can be
  137. # removed if not upgrading from an installation using host-local IPAM.
  138. - apiGroups: ["apps"]
  139. resources:
  140. - daemonsets
  141. verbs:
  142. - get
  143. {% endif %}