Update cilium to 1.8.0 (#6314)
parent
93951f2ed5
commit
f54f63ec3f
|
@ -124,7 +124,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
|||
- [cni-plugins](https://github.com/containernetworking/plugins) v0.8.6
|
||||
- [calico](https://github.com/projectcalico/calico) v3.14.1
|
||||
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
|
||||
- [cilium](https://github.com/cilium/cilium) v1.7.4
|
||||
- [cilium](https://github.com/cilium/cilium) v1.8.0
|
||||
- [contiv](https://github.com/contiv/install) v1.2.1
|
||||
- [flanneld](https://github.com/coreos/flannel) v0.12.0
|
||||
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.0
|
||||
|
|
|
@ -79,7 +79,7 @@ cni_version: "v0.8.6"
|
|||
weave_version: 2.6.4
|
||||
pod_infra_version: "3.2"
|
||||
contiv_version: 1.2.1
|
||||
cilium_version: "v1.7.4"
|
||||
cilium_version: "v1.8.0"
|
||||
kube_ovn_version: "v1.2.0"
|
||||
kube_router_version: "v0.4.0"
|
||||
multus_version: "v3.4.2"
|
||||
|
|
|
@ -26,10 +26,12 @@ rules:
|
|||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
{% if cilium_version | regex_replace('v') is version('1.8', '<') %}
|
||||
# to automatically read from k8s and import the node's pod CIDR to cilium's
|
||||
# etcd so all nodes know how to reach another pod running in in a different
|
||||
# node.
|
||||
- nodes
|
||||
{% endif %}
|
||||
# to perform the translation of a CNP that contains `ToGroup` to its endpoints
|
||||
- services
|
||||
- endpoints
|
||||
|
@ -59,6 +61,14 @@ rules:
|
|||
{% endif %}
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
|
|
|
@ -92,7 +92,7 @@ spec:
|
|||
{% if cilium_enable_ipv4 %}
|
||||
host: 127.0.0.1
|
||||
{% else %}
|
||||
host: host: '[::1]'
|
||||
host: '::1'
|
||||
{% endif %}
|
||||
path: /healthz
|
||||
port: 9234
|
||||
|
|
|
@ -59,11 +59,14 @@ spec:
|
|||
command:
|
||||
- /cni-uninstall.sh
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- cilium
|
||||
- status
|
||||
- --brief
|
||||
httpGet:
|
||||
host: '127.0.0.1'
|
||||
path: /healthz
|
||||
port: 9876
|
||||
scheme: HTTP
|
||||
httpHeaders:
|
||||
- name: "brief"
|
||||
value: "true"
|
||||
failureThreshold: 10
|
||||
# The initial delay for the liveness probe is intentionally large to
|
||||
# avoid an endless kill & restart cycle if in the event that the initial
|
||||
|
@ -81,11 +84,14 @@ spec:
|
|||
protocol: TCP
|
||||
{% endif %}
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- cilium
|
||||
- status
|
||||
- --brief
|
||||
httpGet:
|
||||
host: '127.0.0.1'
|
||||
path: /healthz
|
||||
port: 9876
|
||||
scheme: HTTP
|
||||
httpHeaders:
|
||||
- name: "brief"
|
||||
value: "true"
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 30
|
||||
|
@ -131,6 +137,8 @@ spec:
|
|||
- mountPath: /lib/modules
|
||||
name: lib-modules
|
||||
readOnly: true
|
||||
- mountPath: /run/xtables.lock
|
||||
name: xtables-lock
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
hostNetwork: true
|
||||
hostPID: false
|
||||
|
@ -138,7 +146,7 @@ spec:
|
|||
- command:
|
||||
- /init-container.sh
|
||||
env:
|
||||
- name: CLEAN_CILIUM_STATE
|
||||
- name: CILIUM_ALL_STATE
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
key: clean-cilium-state
|
||||
|
@ -214,6 +222,11 @@ spec:
|
|||
- hostPath:
|
||||
path: /lib/modules
|
||||
name: lib-modules
|
||||
# To access iptables concurrently with other processes (e.g. kube-proxy)
|
||||
- hostPath:
|
||||
path: /run/xtables.lock
|
||||
type: FileOrCreate
|
||||
name: xtables-lock
|
||||
# To read the etcd config stored in config maps
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
|
|
Loading…
Reference in New Issue