32f3d92d6b
Remove PodSecurityPolicies in Calico ( #9395 )
2 years ago
859df84b45
remove-psp-in-flannel ( #9365 )
2 years ago
4701abff4c
upgrade-api-version-for-PodDisruptionBudget ( #9369 )
2 years ago
3646dc0bd2
fix: remove trailing backslash and yaml indent ( #9339 )
* fix: remove trailing backslash
* fixed indent in cilium config template
2 years ago
31caab5f92
Fix: The Hubble certificate is faulty because the cluster name is hard coded ( #9340 )
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
Signed-off-by: dcwbq <biqiang.wu@daocloud.io>
2 years ago
d62c67a5f5
allow user to set env: FELIX_MTUIFACEPATTERN in calico-node.yml ( #9330 )
2 years ago
18efdc2c51
Fix typos in calico ( #9327 )
2 years ago
8acd33d0df
Calico: add wireguard support for Rocky Linux 9 ( #9287 )
2 years ago
7da3dbcb39
Cilium 1.12 Upgrade ( #9225 )
* Drop support for Cilium < 1.10
Signed-off-by: necatican <necaticanyildirim@gmail.com>
* Synchronize Cilium templates for 1.11.7
Signed-off-by: necatican <contact@necatican.com>
* Set Cilium v1.12.1 as the default version
Signed-off-by: necatican <contact@necatican.com>
Signed-off-by: necatican <necaticanyildirim@gmail.com>
Signed-off-by: necatican <contact@necatican.com>
2 years ago
952cad8d63
Remove mutual exclusivity in calico: NAT and router mode ( #9255 )
* Add optional NAT support in calico router mode
* Add a blank line in front of lists
* Remove mutual exclusivity: NAT and router mode
* Ignore router mode from NAT
* Update calico doc
2 years ago
09d9bc910e
Fix typos in calico comments ( #9254 )
2 years ago
133a7a0e1b
Add featureDetectOverride configration of calico ( #9249 )
2 years ago
7ebb8c3f2e
make calico installation more stable ( #9227 )
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
Signed-off-by: hang.jiang <hang.jiang@daocloud.io>
2 years ago
220f149299
Fix abort because calicoctl.sh is not a full path ( #9217 )
2 years ago
617b17ad46
Fix kube_ovn_hw_offload value ( #9218 )
2 years ago
de762400ad
Fixes for calico_datastore: etcd ( #9228 )
It seems that PR #8839 broke `calico_datastore: etcd` when it removed ipamconfig support for etcd mode.
This PR fixes some failing tasks when `calico_datastore == etcd`, but it does not restore ipamconfig support for calico in etcd mode. If someone wants to restore ipamconfig support for `calico_datastore: etcd` please submit a follow up PR for that.
2 years ago
bbd1161147
9035: Make Cilium rolling-restart delay/timeout configurable ( #9176 )
See #9035
2 years ago
ea29cd0890
add list nodes rules to cilium-operator clusterrole ( #9178 )
2 years ago
b36bb9115a
[calico] calico rr supports multiple groups ( #9134 )
* update calico rr
* fix bgppeer conf
* fix yamllint
* fix ansible lint
* fix calico deploy
* fix yamllint
* fix some typo
2 years ago
307f598bc8
Move flannel to etcd datastore
2 years ago
eb10249a75
Align canal templates with calico official ones (k8s datastore)
2 years ago
8306adb102
update cilium to v1.11.7 ( #9119 )
2 years ago
6525461d97
Add reset tasks specific to calico network_plugin ( #9103 )
2 years ago
2e1863af78
feat: change default blockSize for calico ( #9055 )
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2 years ago
d821bed2ea
Fix some typo ( #9056 )
* fix ingress controller task name
* fix calico word
* add check typo
2 years ago
a7ba7cdcd5
[calico] add v3.23.2 and make it default ( #9041 )
2 years ago
5071529a74
feat: upgrade cilium and add default variables ( #9065 )
Signed-off-by: eminaktas <eminaktas34@gmail.com>
Signed-off-by: Emin Aktas <emin.aktas@trendyol.com>
2 years ago
e1f06dd406
Add support for the updated (startup|liveness|readiness)Probe.Port numbers in Cilium ( #9031 )
2 years ago
b33896844e
apply calico bgp peer definition task to all nodes, but delegate to ( #8974 )
first control plane node
2 years ago
c3c9a42502
support multus multi-architecture installation ( #9012 )
Signed-off-by: cyclinder qifeng.guo@daocloud.io
2 years ago
97b4d79ed5
feat: make kubernetes owner parametrized ( #8952 )
* feat: make kubernetes owner parametrized
* docs: update hardening guide with configuration for CIS 1.1.19
* fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2 years ago
2de5c4821c
[calico] clean up workarounds for older versions
2 years ago
9efe145688
[calico] make 3.23.1 the default and drop 3.20.x and 3.19.x
2 years ago
77de7cb785
Expose calico-typha metrics port ( #8855 )
2 years ago
889454f2bc
Fix typo in calico check ( #8969 )
2 years ago
cc6cbfbe71
Allow disabling calico CNI logs with calico_cni_log_file_path ( #8921 )
* Allow disabling calico CNI logs with calico_cni_log_file_path
Calico CNI logs up to 1G if it log a lot with current default settings:
log_file_max_size 100 Max file size in MB log files can reach before they are rotated.
log_file_max_age 30 Max age in days that old log files will be kept on the host before they are removed.
log_file_max_count 10 Max number of rotated log files allowed on the host before they are cleaned up.
See https://projectcalico.docs.tigera.io/reference/cni-plugin/configuration#logging
To save disk space, make the path configurable and allow disabling this log by setting
`calico_cni_log_file_path: false`
* Fix markdown
* Update roles/network_plugin/canal/templates/cni-canal.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
3 years ago
8030e6f76c
fix 8893#issuecomment-1147154353 ( #8933 )
Signed-off-by: mahjonp <junpeng.man@gmail.com>
3 years ago
814760ba25
Use blocks for macvlan tasks for each distribution ( #8918 )
For the code readability, this adds blocks for each distribution.
3 years ago
a4f752fb02
Add subjectAltName to calico-apiserver certificate ( #8907 )
* Add AltName to calico-apiserver certificate
* fix support for centos7 openssl
3 years ago
5c136ae3af
[calico] add 3.22.3 and 3.23.1 ( #8897 )
* [calico]
* add 3.22.3 and 3.23.1
* set 3.22.3 default
* fix download crd for calico 3.22.3 and upper
* update calico README.md
3 years ago
c927da00e0
Support cilium ip-masq-agent configuration ( #8893 )
* fix deploy Cilium with eBPF-based Masquerading failed
Signed-off-by: mahjonp <junpeng.man@gmail.com>
* forget to add the enable-ip-masq-agent flag
Signed-off-by: mahjonp <junpeng.man@gmail.com>
3 years ago
4c97ce747c
Adding support for the kube-router flag --cluster-asn flag ( #8837 )
3 years ago
9d3a894991
Possible remove ippools from cni config ( #8845 )
* Possible remove ippools from cni config
* Typo
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
* Update cni-calico.conflist.j2
Incorrectly deleted calico forwarding content.
* Update roles/network_plugin/calico/templates/cni-calico.conflist.j2
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
Co-authored-by: Kenichi Omichi <ken1ohmichi@gmail.com>
3 years ago
a28b58dbd0
[calico]use ipamconfig instead of calico ipam command ( #8839 )
* use ipamconfig instead of calico ipam command
* fix ansible lint
3 years ago
eea7bb7692
only need run this once ( #8833 )
calicoctl ipam xx
calicoctl apply xx
3 years ago
569a319ff5
[calico] don't clobber user set bgp configuration options that are not managed by kubespray
3 years ago
47812ec002
[calico] don't clobber user set ippool options that are not managed by kubespray
3 years ago
c27dee57ea
[calico] don't clobber user set felixconfig options that are not managed by kubespray
3 years ago
3eb0a4071a
set default value of name to "k8s-pod-network" ( #8813 )
Signed-off-by: cyclinder qifeng.guo@daocloud.io
3 years ago
f26f544ff6
[kube-ovn]: update kube-ovn version and sync some feature ( #8790 )
* [kube-ovn]: some feature
kube-ovn vlan mode
ipv6/ipv4 dual stack
...
* remove unused env
* fix readinessprobe
3 years ago
Kay Yan
Rene Luria
biqiang Wu
Shelming.Song
Ho Kim
Krystian Młynek
Necatican Yıldırım
lou-lan
蒋航
tasekida
Florian Ruynat
Chad Swenson
Tristan
Thearas
Samuel Liu
Denis Khachyan
忘尘
Cyclinder
Mohamed Zaian
Emin AKTAS
Tom Stian Berget
orange-llajeanne
Alessio Greggi
Calin Cristian Andrei
Viktor Jacynycz
Ilya Margolin
mahjonp
Kenichi Omichi
vanyasvl
Daniil Muidinov
Ross Kusler
Tamas Pasztor