diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go index 9c00a3b7a95f9..37f72ab51f363 100644 --- a/pkg/apis/kops/cluster.go +++ b/pkg/apis/kops/cluster.go @@ -576,9 +576,6 @@ func (c *Cluster) FillDefaults() error { } else if c.Spec.Networking.AmazonVPC != nil { // OK } else if c.Spec.Networking.Cilium != nil { - if c.Spec.Networking.Cilium.Version == "" { - c.Spec.Networking.Cilium.Version = CiliumDefaultVersion - } // OK } else if c.Spec.Networking.LyftVPC != nil { // OK diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index ec1fac3d14a0e..8be99545a320c 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -168,8 +168,6 @@ type AmazonVPCNetworkingSpec struct { ImageName string `json:"imageName,omitempty"` } -const CiliumDefaultVersion = "v1.6.6" - // CiliumNetworkingSpec declares that we want Cilium networking type CiliumNetworkingSpec struct { Version string `json:"version,omitempty"` diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template index c0d3d3667e1fb..315938e9f71ea 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template @@ -154,6 +154,14 @@ rules: - get - list - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -207,6 +215,8 @@ rules: resources: - ciliumnetworkpolicies - ciliumnetworkpolicies/status + - ciliumclusterwidenetworkpolicies + - ciliumclusterwidenetworkpolicies/status - ciliumendpoints - ciliumendpoints/status - ciliumnodes @@ -234,6 +244,14 @@ rules: - list - watch - delete +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -255,6 +273,8 @@ rules: resources: - ciliumnetworkpolicies - ciliumnetworkpolicies/status + - ciliumclusterwidenetworkpolicies + - ciliumclusterwidenetworkpolicies/status - ciliumendpoints - ciliumendpoints/status - ciliumnodes @@ -316,7 +336,6 @@ spec: # gets priority scheduling. # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ scheduler.alpha.kubernetes.io/critical-pod: "" - scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated","operator":"Equal","value":"master","effect":"NoSchedule"}]' labels: k8s-app: cilium kubernetes.io/cluster-service: "true" @@ -368,7 +387,7 @@ spec: value: {{ . }} {{ end }} {{ with .Networking.Cilium }} - image: "docker.io/cilium/cilium:{{ .Version }}" + image: "docker.io/cilium/cilium:{{- or .Version "v.1.7.0" }}" imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -421,6 +440,7 @@ spec: volumeMounts: - mountPath: /sys/fs/bpf name: bpf-maps + mountPropagation: HostToContainer - mountPath: /var/run/cilium name: cilium-run - mountPath: /host/opt/cni/bin @@ -462,7 +482,7 @@ spec: key: wait-bpf-mount name: cilium-config optional: true - image: "docker.io/cilium/cilium:{{ .Version }}" + image: "docker.io/cilium/cilium:{{- or .Version "v1.7.0" }}" ## end of `with .Networking.Cilium` #{{ end }} imagePullPolicy: IfNotPresent @@ -642,7 +662,7 @@ spec: key: AWS_DEFAULT_REGION name: cilium-aws optional: true - image: "docker.io/cilium/operator:{{ .Version }}" + image: "docker.io/cilium/operator:{{- if eq .Version "" -}}v1.7.0{{- else -}}{{ .Version }}{{- end -}}" imagePullPolicy: IfNotPresent name: cilium-operator {{ if .EnablePrometheusMetrics }} diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.7.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.7.yaml.template index aa8b382961509..da8e73a2df3cd 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.7.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.7.yaml.template @@ -368,7 +368,7 @@ spec: value: {{ . }} {{ end }} {{ with .Networking.Cilium }} - image: "docker.io/cilium/cilium:{{ .Version }}" + image: "docker.io/cilium/cilium:{{- or .Version "v1.6.6" }}" imagePullPolicy: IfNotPresent lifecycle: postStart: @@ -634,7 +634,7 @@ spec: key: AWS_DEFAULT_REGION name: cilium-aws optional: true - image: "docker.io/cilium/operator:{{ .Version }}" + image: "docker.io/cilium/operator:{{- or .Version "v1.6.6" }}" imagePullPolicy: IfNotPresent name: cilium-operator {{ if .EnablePrometheusMetrics }} diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 1038fee869bfa..bed0baa20e159 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -1161,7 +1161,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { if b.cluster.Spec.Networking.Cilium != nil { key := "networking.cilium.io" - version := "1.6.4-kops.3" + version := "1.7.0-kops.1" { id := "k8s-1.7" diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 0b085514dadb6..6857194790b89 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -115,16 +115,16 @@ spec: - id: k8s-1.7 kubernetesVersion: '>=1.7.0 <1.12.0' manifest: networking.cilium.io/k8s-1.7.yaml - manifestHash: 6928e95ec4b8359075e3dfb069f74e290e2e6eb2 + manifestHash: 66318e232bf165b6af5da546e711ac3b9444afdc name: networking.cilium.io selector: role.kubernetes.io/networking: "1" - version: 1.6.4-kops.3 + version: 1.7.0-kops.1 - id: k8s-1.12 kubernetesVersion: '>=1.12.0' manifest: networking.cilium.io/k8s-1.12.yaml - manifestHash: 84295d293c8a461f7d510721c48b969cd1d99e54 + manifestHash: e5c3b42382746bb66bc302cd0c162489c8650187 name: networking.cilium.io selector: role.kubernetes.io/networking: "1" - version: 1.6.4-kops.3 + version: 1.7.0-kops.1