[calico] Make version 3.26.1 default (#10416)
* [calico] Make version 3.26.1 default * [calico] Separate calico-node and calico-cni-plugin service accounts See: https://github.com/projectcalico/calico/pull/7106pull/10452/head
Mohamed Omar Zaian
GitHub
parent
dbdc4d4123
commit
6b34e3ef08
|
|
@ -168,7 +168,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
|||
- [cri-o](http://cri-o.io/) v1.27 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
|
||||
- Network Plugin
|
||||
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
|
||||
- [calico](https://github.com/projectcalico/calico) v3.25.2
|
||||
- [calico](https://github.com/projectcalico/calico) v3.26.1
|
||||
- [cilium](https://github.com/cilium/cilium) v1.13.4
|
||||
- [flannel](https://github.com/flannel-io/flannel) v0.22.0
|
||||
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ github_image_repo: "ghcr.io"
|
|||
|
||||
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
|
||||
# after migration to container download
|
||||
calico_version: "v3.25.2"
|
||||
calico_version: "v3.26.1"
|
||||
calico_ctl_version: "{{ calico_version }}"
|
||||
calico_cni_version: "{{ calico_version }}"
|
||||
calico_flexvol_version: "{{ calico_version }}"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,39 @@
|
|||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: calico-cni-plugin
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods
|
||||
- nodes
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- pods/status
|
||||
verbs:
|
||||
- patch
|
||||
- apiGroups: ["crd.projectcalico.org"]
|
||||
resources:
|
||||
- blockaffinities
|
||||
- ipamblocks
|
||||
- ipamhandles
|
||||
- clusterinformations
|
||||
- ippools
|
||||
- ipreservations
|
||||
- ipamconfigs
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
|
|
@ -78,6 +111,7 @@ rules:
|
|||
- globalfelixconfigs
|
||||
- felixconfigurations
|
||||
- bgppeers
|
||||
- bgpfilters
|
||||
- globalbgpconfigs
|
||||
- bgpconfigurations
|
||||
- ippools
|
||||
|
|
@ -164,6 +198,6 @@ rules:
|
|||
resources:
|
||||
- serviceaccounts/token
|
||||
resourceNames:
|
||||
- calico-node
|
||||
- calico-cni-plugin
|
||||
verbs:
|
||||
- create
|
||||
|
|
|
|||
|
|
@ -11,3 +11,18 @@ subjects:
|
|||
- kind: ServiceAccount
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: calico-cni-plugin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: calico-cni-plugin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: calico-cni-plugin
|
||||
namespace: kube-system
|
||||
|
|
|
|||
|
|
@ -4,3 +4,10 @@ kind: ServiceAccount
|
|||
metadata:
|
||||
name: calico-node
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: calico-cni-plugin
|
||||
namespace: kube-system
|
||||
|
|
|
|||
Loading…
Reference in New Issue