Update cilium to 1.8.0 (#6314)

pull/6306/head
Florian Ruynat 2020-06-25 15:16:38 +02:00 committed by GitHub
parent 93951f2ed5
commit f54f63ec3f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 14 deletions

View File

@ -124,7 +124,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [cni-plugins](https://github.com/containernetworking/plugins) v0.8.6 - [cni-plugins](https://github.com/containernetworking/plugins) v0.8.6
- [calico](https://github.com/projectcalico/calico) v3.14.1 - [calico](https://github.com/projectcalico/calico) v3.14.1
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- [cilium](https://github.com/cilium/cilium) v1.7.4 - [cilium](https://github.com/cilium/cilium) v1.8.0
- [contiv](https://github.com/contiv/install) v1.2.1 - [contiv](https://github.com/contiv/install) v1.2.1
- [flanneld](https://github.com/coreos/flannel) v0.12.0 - [flanneld](https://github.com/coreos/flannel) v0.12.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.0 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.0

View File

@ -79,7 +79,7 @@ cni_version: "v0.8.6"
weave_version: 2.6.4 weave_version: 2.6.4
pod_infra_version: "3.2" pod_infra_version: "3.2"
contiv_version: 1.2.1 contiv_version: 1.2.1
cilium_version: "v1.7.4" cilium_version: "v1.8.0"
kube_ovn_version: "v1.2.0" kube_ovn_version: "v1.2.0"
kube_router_version: "v0.4.0" kube_router_version: "v0.4.0"
multus_version: "v3.4.2" multus_version: "v3.4.2"

View File

@ -26,10 +26,12 @@ rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
{% if cilium_version | regex_replace('v') is version('1.8', '<') %}
# to automatically read from k8s and import the node's pod CIDR to cilium's # to automatically read from k8s and import the node's pod CIDR to cilium's
# etcd so all nodes know how to reach another pod running in in a different # etcd so all nodes know how to reach another pod running in in a different
# node. # node.
- nodes - nodes
{% endif %}
# to perform the translation of a CNP that contains `ToGroup` to its endpoints # to perform the translation of a CNP that contains `ToGroup` to its endpoints
- services - services
- endpoints - endpoints
@ -59,6 +61,14 @@ rules:
{% endif %} {% endif %}
verbs: verbs:
- '*' - '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole

View File

@ -92,7 +92,7 @@ spec:
{% if cilium_enable_ipv4 %} {% if cilium_enable_ipv4 %}
host: 127.0.0.1 host: 127.0.0.1
{% else %} {% else %}
host: host: '[::1]' host: '::1'
{% endif %} {% endif %}
path: /healthz path: /healthz
port: 9234 port: 9234

View File

@ -59,11 +59,14 @@ spec:
command: command:
- /cni-uninstall.sh - /cni-uninstall.sh
livenessProbe: livenessProbe:
exec: httpGet:
command: host: '127.0.0.1'
- cilium path: /healthz
- status port: 9876
- --brief scheme: HTTP
httpHeaders:
- name: "brief"
value: "true"
failureThreshold: 10 failureThreshold: 10
# The initial delay for the liveness probe is intentionally large to # The initial delay for the liveness probe is intentionally large to
# avoid an endless kill & restart cycle if in the event that the initial # avoid an endless kill & restart cycle if in the event that the initial
@ -81,11 +84,14 @@ spec:
protocol: TCP protocol: TCP
{% endif %} {% endif %}
readinessProbe: readinessProbe:
exec: httpGet:
command: host: '127.0.0.1'
- cilium path: /healthz
- status port: 9876
- --brief scheme: HTTP
httpHeaders:
- name: "brief"
value: "true"
failureThreshold: 3 failureThreshold: 3
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 30 periodSeconds: 30
@ -131,6 +137,8 @@ spec:
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
hostPID: false hostPID: false
@ -138,7 +146,7 @@ spec:
- command: - command:
- /init-container.sh - /init-container.sh
env: env:
- name: CLEAN_CILIUM_STATE - name: CILIUM_ALL_STATE
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:
key: clean-cilium-state key: clean-cilium-state
@ -214,6 +222,11 @@ spec:
- hostPath: - hostPath:
path: /lib/modules path: /lib/modules
name: lib-modules name: lib-modules
# To access iptables concurrently with other processes (e.g. kube-proxy)
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock
# To read the etcd config stored in config maps # To read the etcd config stored in config maps
- configMap: - configMap:
defaultMode: 420 defaultMode: 420