From 00711df28e1830239abdc7308d50fe08577e950c Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Tue, 24 Nov 2020 08:54:12 +0200 Subject: [PATCH] Allow override of registry and tag for Calico images --- k8s/crds/kops.k8s.io_clusters.yaml | 6 ++++++ pkg/apis/kops/networking.go | 5 +++++ pkg/apis/kops/v1alpha2/networking.go | 5 +++++ pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 4 ++++ upup/models/bindata.go | 13 +++++++------ .../k8s-1.16.yaml.template | 13 +++++++------ 6 files changed, 34 insertions(+), 12 deletions(-) diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index af2e21bb69b29..cd509f8eef351 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -2238,6 +2238,9 @@ spec: prometheusProcessMetricsEnabled: description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection type: boolean + registry: + description: Version overrides the Calico container image registry. + type: string typhaPrometheusMetricsEnabled: description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)' type: boolean @@ -2249,6 +2252,9 @@ spec: description: TyphaReplicas is the number of replicas of Typha to deploy format: int32 type: integer + version: + description: Version overrides the Calico container image tag. + type: string wireguardEnabled: description: 'WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic (default: false)' type: boolean diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index e1470a84a6f32..6b3a65511da20 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -103,6 +103,11 @@ type FlannelNetworkingSpec struct { // CalicoNetworkingSpec declares that we want Calico networking type CalicoNetworkingSpec struct { + // Version overrides the Calico container image registry. + Registry string `json:"registry,omitempty"` + // Version overrides the Calico container image tag. + Version string `json:"version,omitempty"` + // BpfEnabled enables the eBPF dataplane mode. BPFEnabled bool `json:"bpfEnabled,omitempty"` // BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index 834b688997509..d28e80ac2ef32 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -103,6 +103,11 @@ type FlannelNetworkingSpec struct { // CalicoNetworkingSpec declares that we want Calico networking type CalicoNetworkingSpec struct { + // Version overrides the Calico container image registry. + Registry string `json:"registry,omitempty"` + // Version overrides the Calico container image tag. + Version string `json:"version,omitempty"` + // BpfEnabled enables the eBPF dataplane mode. BPFEnabled bool `json:"bpfEnabled,omitempty"` // BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index d7770b5c898a0..86ad2a4b1709c 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -1325,6 +1325,8 @@ func Convert_kops_CNINetworkingSpec_To_v1alpha2_CNINetworkingSpec(in *kops.CNINe } func autoConvert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *CalicoNetworkingSpec, out *kops.CalicoNetworkingSpec, s conversion.Scope) error { + out.Registry = in.Registry + out.Version = in.Version out.BPFEnabled = in.BPFEnabled out.BPFExternalServiceMode = in.BPFExternalServiceMode out.BPFKubeProxyIptablesCleanupEnabled = in.BPFKubeProxyIptablesCleanupEnabled @@ -1357,6 +1359,8 @@ func Convert_v1alpha2_CalicoNetworkingSpec_To_kops_CalicoNetworkingSpec(in *Cali } func autoConvert_kops_CalicoNetworkingSpec_To_v1alpha2_CalicoNetworkingSpec(in *kops.CalicoNetworkingSpec, out *CalicoNetworkingSpec, s conversion.Scope) error { + out.Registry = in.Registry + out.Version = in.Version out.BPFEnabled = in.BPFEnabled out.BPFExternalServiceMode = in.BPFExternalServiceMode out.BPFKubeProxyIptablesCleanupEnabled = in.BPFKubeProxyIptablesCleanupEnabled diff --git a/upup/models/bindata.go b/upup/models/bindata.go index 2122460da6547..4f85b18ca9c30 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -10312,7 +10312,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:v3.17.0 + - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:v{{ or .Networking.Calico.Version "3.17.0" }} name: calico-typha ports: - containerPort: 5473 @@ -10429,7 +10429,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:v{{ or .Networking.Calico.Version "3.17.0" }} command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -10456,7 +10456,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:v{{ or .Networking.Calico.Version "3.17.0" }} command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -10497,7 +10497,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: docker.io/calico/pod2daemon-flexvol:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/pod2daemon-flexvol:v{{ or .Networking.Calico.Version "3.17.0" }} volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -10508,7 +10508,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:v{{ or .Networking.Calico.Version "3.17.0" }} envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -10772,7 +10772,8 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:v{{ or .Networking.Calico.Version "3.17.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:v{{ or .Networking.Calico.Version "3.17.0" }} env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template index 53b68cbc2ffcc..a526e0e488385 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.16.yaml.template @@ -3625,7 +3625,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: docker.io/calico/typha:v3.17.0 + - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:v{{ or .Networking.Calico.Version "3.17.0" }} name: calico-typha ports: - containerPort: 5473 @@ -3742,7 +3742,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: docker.io/calico/cni:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:v{{ or .Networking.Calico.Version "3.17.0" }} command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -3769,7 +3769,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:v{{ or .Networking.Calico.Version "3.17.0" }} command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -3810,7 +3810,7 @@ spec: # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes # to communicate with Felix over the Policy Sync API. - name: flexvol-driver - image: docker.io/calico/pod2daemon-flexvol:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/pod2daemon-flexvol:v{{ or .Networking.Calico.Version "3.17.0" }} volumeMounts: - name: flexvol-driver-host mountPath: /host/driver @@ -3821,7 +3821,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:v{{ or .Networking.Calico.Version "3.17.0" }} envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -4085,7 +4085,8 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.17.0 + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:v{{ or .Networking.Calico.Version "3.17.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:v{{ or .Networking.Calico.Version "3.17.0" }} env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS