Skip to content

Commit

Permalink
Merge pull request #10039 from hakman/automated-cherry-pick-of-#10037…
Browse files Browse the repository at this point in the history
…-upstream-release-1.18

Automated cherry pick of #10037: Add WireGuard support for Calico CNI
  • Loading branch information
k8s-ci-robot committed Oct 12, 2020
2 parents 6318f5d + 8a906b8 commit 395237c
Show file tree
Hide file tree
Showing 8 changed files with 22 additions and 1 deletion.
4 changes: 4 additions & 0 deletions k8s/crds/kops.k8s.io_clusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2741,6 +2741,10 @@ spec:
to deploy
format: int32
type: integer
wireguardEnabled:
description: 'WireguardEnabled enables WireGuard encryption
for all on-the-wire pod-to-pod traffic (default: false)'
type: boolean
type: object
canal:
description: CanalNetworkingSpec declares that we want Canal networking
Expand Down
3 changes: 3 additions & 0 deletions nodeup/pkg/model/packages.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ func (b *PackagesBuilder) Build(c *fi.ModelBuilderContext) error {
c.AddTask(&nodetasks.Package{Name: "pigz"})
c.AddTask(&nodetasks.Package{Name: "socat"})
c.AddTask(&nodetasks.Package{Name: "util-linux"})
if b.Distribution.IsUbuntu() && b.Cluster.Spec.Networking != nil && b.Cluster.Spec.Networking.Calico != nil {
c.AddTask(&nodetasks.Package{Name: "wireguard"})
}
} else if b.Distribution.IsRHELFamily() {
// From containerd: https://github.com/containerd/cri/blob/master/contrib/ansible/tasks/bootstrap_centos.yaml
c.AddTask(&nodetasks.Package{Name: "conntrack-tools"})
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/kops/networking.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,9 @@ type CalicoNetworkingSpec struct {
TyphaPrometheusMetricsPort int32 `json:"typhaPrometheusMetricsPort,omitempty"`
// TyphaReplicas is the number of replicas of Typha to deploy
TyphaReplicas int32 `json:"typhaReplicas,omitempty"`
// WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic
// (default: false)
WireguardEnabled bool `json:"wireguardEnabled,omitempty"`
}

// CanalNetworkingSpec declares that we want Canal networking
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/kops/v1alpha2/networking.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,9 @@ type CalicoNetworkingSpec struct {
TyphaPrometheusMetricsPort int32 `json:"typhaPrometheusMetricsPort,omitempty"`
// TyphaReplicas is the number of replicas of Typha to deploy
TyphaReplicas int32 `json:"typhaReplicas,omitempty"`
// WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic
// (default: false)
WireguardEnabled bool `json:"wireguardEnabled,omitempty"`
}

// CanalNetworkingSpec declares that we want Canal networking
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kops/v1alpha2/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions upup/models/bindata.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -3796,6 +3796,9 @@ spec:
# Enable Prometheus process metrics collection
- name: FELIX_PROMETHEUSPROCESSMETRICSENABLED
value: "{{- or .Networking.Calico.PrometheusProcessMetricsEnabled "true" }}"
# Enable WireGuard encryption for all on-the-wire pod-to-pod traffic
- name: FELIX_WIREGUARDENABLED
value: "{{ .Networking.Calico.WireguardEnabled }}"
securityContext:
privileged: true
resources:
Expand Down
2 changes: 1 addition & 1 deletion upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
Original file line number Diff line number Diff line change
Expand Up @@ -726,7 +726,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
"k8s-1.7": "2.6.12-kops.1",
"k8s-1.7-v3": "3.8.0-kops.2",
"k8s-1.12": "3.9.6-kops.1",
"k8s-1.16": "3.15.3-kops.1",
"k8s-1.16": "3.15.3-kops.2",
}

{
Expand Down

0 comments on commit 395237c

Please sign in to comment.