Skip to content

Commit

Permalink
Merge pull request #10411 from hakman/automated-cherry-pick-of-#10316-#…
Browse files Browse the repository at this point in the history 
…10408-upstream-release-1.19

Automated cherry pick of #10316: Allow override of registry and tag for Calico images #10408: Update Calico to v3.17.1
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Dec 12, 2020
2 parents a89002a + b049f22 commit 22849d0
Show file tree
Hide file tree
Showing 10 changed files with 120 additions and 96 deletions.
12 changes: 9 additions & 3 deletions k8s/crds/kops.k8s.io_clusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2177,10 +2177,10 @@ spec:
description: CalicoNetworkingSpec declares that we want Calico networking
properties:
awsSrcDstCheck:
description: 'AwsSrcDstCheck enables/disables source/destination checks (AWS only) Options: "DoNothing" (default) , "Enable" or "Disable"'
description: 'AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only) Options: DoNothing (default), Enable, or Disable'
type: string
bpfEnabled:
description: BpfEnabled enables the eBPF dataplane mode.
description: BPFEnabled enables the eBPF dataplane mode.
type: boolean
bpfExternalServiceMode:
description: 'BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; this requires a network that allows direct return. Default: Tunnel (other options: DSR)'
Expand All @@ -2205,7 +2205,7 @@ spec:
description: CrossSubnet enables Calico's cross-subnet mode when set to true
type: boolean
ipipMode:
description: IPIPMode is mode for CALICO_IPV4POOL_IPIP
description: IPIPMode is the encapsulation mode to use for the default Calico IPv4 pool created at start up, determining when to use IP-in-IP encapsulation, conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_IPIP environment variable
type: string
iptablesBackend:
description: 'IptablesBackend controls which variant of iptables binary Felix uses Default: Auto (other options: Legacy, NFT)'
Expand Down Expand Up @@ -2239,6 +2239,9 @@ spec:
prometheusProcessMetricsEnabled:
description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection
type: boolean
registry:
description: Version overrides the Calico container image registry.
type: string
typhaPrometheusMetricsEnabled:
description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)'
type: boolean
Expand All @@ -2250,6 +2253,9 @@ spec:
description: TyphaReplicas is the number of replicas of Typha to deploy
format: int32
type: integer
version:
description: Version overrides the Calico container image tag.
type: string
wireguardEnabled:
description: 'WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic (default: false)'
type: boolean
Expand Down
49 changes: 28 additions & 21 deletions pkg/apis/kops/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,15 @@ type FlannelNetworkingSpec struct {

// CalicoNetworkingSpec declares that we want Calico networking
type CalicoNetworkingSpec struct {
// BpfEnabled enables the eBPF dataplane mode.
// Version overrides the Calico container image registry.
Registry string `json:"registry,omitempty"`
// Version overrides the Calico container image tag.
Version string `json:"version,omitempty"`

// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
// Options: DoNothing (default), Enable, or Disable
AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
// BPFEnabled enables the eBPF dataplane mode.
BPFEnabled bool `json:"bpfEnabled,omitempty"`
// BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled.
// In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again.
Expand All @@ -126,9 +134,25 @@ type CalicoNetworkingSpec struct {
CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
// CrossSubnet enables Calico's cross-subnet mode when set to true
CrossSubnet bool `json:"crossSubnet,omitempty"`
// AwsSrcDstCheck enables/disables source/destination checks (AWS only)
// Options: "DoNothing" (default) , "Enable" or "Disable"
AwsSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
// IPIPMode is the encapsulation mode to use for the default Calico IPv4 pool created at start
// up, determining when to use IP-in-IP encapsulation, conveyed to the "calico-node" daemon
// container via the CALICO_IPV4POOL_IPIP environment variable
IPIPMode string `json:"ipipMode,omitempty"`
// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Auto (other options: Legacy, NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// LogSeverityScreen lets us set the desired log level. (Default: info)
LogSeverityScreen string `json:"logSeverityScreen,omitempty"`
// MTU to be set in the cni-network-config for calico.
Expand All @@ -145,23 +169,6 @@ type CalicoNetworkingSpec struct {
PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
// MajorVersion is the version of Calico to use
MajorVersion string `json:"majorVersion,omitempty"`
// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Auto (other options: Legacy, NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// IPIPMode is mode for CALICO_IPV4POOL_IPIP
IPIPMode string `json:"ipipMode,omitempty"`
// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
// (default: false)
TyphaPrometheusMetricsEnabled bool `json:"typhaPrometheusMetricsEnabled,omitempty"`
Expand Down
49 changes: 28 additions & 21 deletions pkg/apis/kops/v1alpha2/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,15 @@ type FlannelNetworkingSpec struct {

// CalicoNetworkingSpec declares that we want Calico networking
type CalicoNetworkingSpec struct {
// BpfEnabled enables the eBPF dataplane mode.
// Version overrides the Calico container image registry.
Registry string `json:"registry,omitempty"`
// Version overrides the Calico container image tag.
Version string `json:"version,omitempty"`

// AWSSrcDstCheck enables/disables ENI source/destination checks (AWS only)
// Options: DoNothing (default), Enable, or Disable
AWSSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
// BPFEnabled enables the eBPF dataplane mode.
BPFEnabled bool `json:"bpfEnabled,omitempty"`
// BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled.
// In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again.
Expand All @@ -126,9 +134,25 @@ type CalicoNetworkingSpec struct {
CPURequest *resource.Quantity `json:"cpuRequest,omitempty"`
// CrossSubnet enables Calico's cross-subnet mode when set to true
CrossSubnet bool `json:"crossSubnet,omitempty"`
// AwsSrcDstCheck enables/disables source/destination checks (AWS only)
// Options: "DoNothing" (default) , "Enable" or "Disable"
AwsSrcDstCheck string `json:"awsSrcDstCheck,omitempty"`
// IPIPMode is the encapsulation mode to use for the default Calico IPv4 pool created at start
// up, determining when to use IP-in-IP encapsulation, conveyed to the "calico-node" daemon
// container via the CALICO_IPV4POOL_IPIP environment variable
IPIPMode string `json:"ipipMode,omitempty"`
// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Auto (other options: Legacy, NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// LogSeverityScreen lets us set the desired log level. (Default: info)
LogSeverityScreen string `json:"logSeverityScreen,omitempty"`
// MTU to be set in the cni-network-config for calico.
Expand All @@ -145,23 +169,6 @@ type CalicoNetworkingSpec struct {
PrometheusProcessMetricsEnabled bool `json:"prometheusProcessMetricsEnabled,omitempty"`
// MajorVersion is the version of Calico to use
MajorVersion string `json:"majorVersion,omitempty"`
// IptablesBackend controls which variant of iptables binary Felix uses
// Default: Auto (other options: Legacy, NFT)
IptablesBackend string `json:"iptablesBackend,omitempty"`
// IPIPMode is mode for CALICO_IPV4POOL_IPIP
IPIPMode string `json:"ipipMode,omitempty"`
// IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv4AutoDetectionMethod string `json:"ipv4AutoDetectionMethod,omitempty"`
// IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route
// between nodes. This should be set when the host has multiple interfaces
// and it is important to select the interface used.
// Options: "first-found" (default), "can-reach=DESTINATION",
// "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"
IPv6AutoDetectionMethod string `json:"ipv6AutoDetectionMethod,omitempty"`
// TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha
// (default: false)
TyphaPrometheusMetricsEnabled bool `json:"typhaPrometheusMetricsEnabled,omitempty"`
Expand Down
24 changes: 14 additions & 10 deletions pkg/apis/kops/v1alpha2/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

40 changes: 20 additions & 20 deletions pkg/apis/kops/validation/validation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -993,23 +993,9 @@ func ValidateEtcdVersionForCalicoV3(e kops.EtcdClusterSpec, majorVersion string,
func validateNetworkingCalico(v *kops.CalicoNetworkingSpec, e kops.EtcdClusterSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}

if v.TyphaReplicas < 0 {
allErrs = append(allErrs,
field.Invalid(fldPath.Child("typhaReplicas"), v.TyphaReplicas,
fmt.Sprintf("Unable to set number of Typha replicas to less than 0, you've specified %d", v.TyphaReplicas)))
}

if v.MajorVersion != "" {
valid := []string{"v3"}
allErrs = append(allErrs, IsValidValue(fldPath.Child("majorVersion"), &v.MajorVersion, valid)...)
if v.MajorVersion == "v3" {
allErrs = append(allErrs, ValidateEtcdVersionForCalicoV3(e, v.MajorVersion, fldPath)...)
}
}

if v.AwsSrcDstCheck != "" {
if v.AWSSrcDstCheck != "" {
valid := []string{"Enable", "Disable", "DoNothing"}
allErrs = append(allErrs, IsValidValue(fldPath.Child("awsSrcDstCheck"), &v.AwsSrcDstCheck, valid)...)
allErrs = append(allErrs, IsValidValue(fldPath.Child("awsSrcDstCheck"), &v.AWSSrcDstCheck, valid)...)
}

if v.BPFExternalServiceMode != "" {
Expand All @@ -1027,17 +1013,31 @@ func validateNetworkingCalico(v *kops.CalicoNetworkingSpec, e kops.EtcdClusterSp
allErrs = append(allErrs, IsValidValue(fldPath.Child("chainInsertMode"), &v.ChainInsertMode, valid)...)
}

if v.IPv4AutoDetectionMethod != "" {
allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv4AutoDetectionMethod"), v.IPv4AutoDetectionMethod, ipv4.Version)...)
}

if v.IPv6AutoDetectionMethod != "" {
allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv6AutoDetectionMethod"), v.IPv6AutoDetectionMethod, ipv6.Version)...)
}

if v.IptablesBackend != "" {
valid := []string{"Auto", "Legacy", "NFT"}
allErrs = append(allErrs, IsValidValue(fldPath.Child("iptablesBackend"), &v.IptablesBackend, valid)...)
}

if v.IPv4AutoDetectionMethod != "" {
allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv4AutoDetectionMethod"), v.IPv4AutoDetectionMethod, ipv4.Version)...)
if v.MajorVersion != "" {
valid := []string{"v3"}
allErrs = append(allErrs, IsValidValue(fldPath.Child("majorVersion"), &v.MajorVersion, valid)...)
if v.MajorVersion == "v3" {
allErrs = append(allErrs, ValidateEtcdVersionForCalicoV3(e, v.MajorVersion, fldPath)...)
}
}

if v.IPv6AutoDetectionMethod != "" {
allErrs = append(allErrs, validateCalicoAutoDetectionMethod(fldPath.Child("ipv6AutoDetectionMethod"), v.IPv6AutoDetectionMethod, ipv6.Version)...)
if v.TyphaReplicas < 0 {
allErrs = append(allErrs,
field.Invalid(fldPath.Child("typhaReplicas"), v.TyphaReplicas,
fmt.Sprintf("Unable to set number of Typha replicas to less than 0, you've specified %d", v.TyphaReplicas)))
}

return allErrs
Expand Down
8 changes: 4 additions & 4 deletions pkg/apis/kops/validation/validation_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -519,7 +519,7 @@ func Test_Validate_Calico(t *testing.T) {
{
Input: caliInput{
Calico: &kops.CalicoNetworkingSpec{
AwsSrcDstCheck: "off",
AWSSrcDstCheck: "off",
},
Etcd: kops.EtcdClusterSpec{},
},
Expand All @@ -528,23 +528,23 @@ func Test_Validate_Calico(t *testing.T) {
{
Input: caliInput{
Calico: &kops.CalicoNetworkingSpec{
AwsSrcDstCheck: "Enable",
AWSSrcDstCheck: "Enable",
},
Etcd: kops.EtcdClusterSpec{},
},
},
{
Input: caliInput{
Calico: &kops.CalicoNetworkingSpec{
AwsSrcDstCheck: "Disable",
AWSSrcDstCheck: "Disable",
},
Etcd: kops.EtcdClusterSpec{},
},
},
{
Input: caliInput{
Calico: &kops.CalicoNetworkingSpec{
AwsSrcDstCheck: "DoNothing",
AWSSrcDstCheck: "DoNothing",
},
Etcd: kops.EtcdClusterSpec{},
},
Expand Down
Loading

0 comments on commit 22849d0

Please sign in to comment.