diff --git a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template index 3e065663512ed..6f50f9e0fca07 100644 --- a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template @@ -13,18 +13,18 @@ apiVersion: v1 kind: ServiceAccount metadata: name: weave-net - namespace: kube-system labels: name: weave-net + namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system rules: - apiGroups: - '' @@ -36,6 +36,14 @@ rules: - get - list - watch + - apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch - apiGroups: - 'networking.k8s.io' resources: @@ -56,10 +64,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system roleRef: kind: ClusterRole name: weave-net @@ -113,17 +121,17 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system spec: # Wait 5 seconds to let pod connect before rolling next pod - minReadySeconds: 5 selector: matchLabels: name: weave-net role.kubernetes.io/networking: "1" + minReadySeconds: 5 template: metadata: labels: @@ -131,7 +139,6 @@ spec: role.kubernetes.io/networking: "1" annotations: prometheus.io/scrape: "true" - scheduler.alpha.kubernetes.io/critical-pod: '' spec: containers: - name: weave @@ -168,7 +175,7 @@ spec: name: weave-net key: network-password {{- end }} - image: 'weaveworks/weave-kube:2.5.2' + image: 'weaveworks/weave-kube:2.6.4' ports: - name: metrics containerPort: 6782 @@ -200,15 +207,15 @@ spec: mountPath: /lib/modules - name: xtables-lock mountPath: /run/xtables.lock + readOnly: false - name: weave-npc - args: [] env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: 'weaveworks/weave-npc:2.5.2' + image: 'weaveworks/weave-npc:2.6.4' ports: - name: metrics containerPort: 6781 @@ -223,7 +230,9 @@ spec: volumeMounts: - name: xtables-lock mountPath: /run/xtables.lock + readOnly: false hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet hostPID: true restartPolicy: Always securityContext: @@ -232,6 +241,8 @@ spec: tolerations: - effect: NoSchedule operator: Exists + - effect: NoExecute + operator: Exists - key: CriticalAddonsOnly operator: Exists volumes: diff --git a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template index 79e415f59a46d..f267e6fccbe15 100644 --- a/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.weave/k8s-1.8.yaml.template @@ -13,18 +13,18 @@ apiVersion: v1 kind: ServiceAccount metadata: name: weave-net - namespace: kube-system labels: name: weave-net + namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system rules: - apiGroups: - '' @@ -36,6 +36,14 @@ rules: - get - list - watch + - apiGroups: + - extensions + resources: + - networkpolicies + verbs: + - get + - list + - watch - apiGroups: - 'networking.k8s.io' resources: @@ -52,14 +60,14 @@ rules: - patch - update --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system roleRef: kind: ClusterRole name: weave-net @@ -69,7 +77,7 @@ subjects: name: weave-net namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: weave-net @@ -93,7 +101,7 @@ rules: verbs: - create --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: weave-net @@ -113,10 +121,10 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: weave-net - namespace: kube-system labels: name: weave-net role.kubernetes.io/networking: "1" + namespace: kube-system spec: # Wait 5 seconds to let pod connect before rolling next pod minReadySeconds: 5 @@ -164,7 +172,7 @@ spec: name: weave-net key: network-password {{- end }} - image: 'weaveworks/weave-kube:2.5.2' + image: 'weaveworks/weave-kube:2.6.4' ports: - name: metrics containerPort: 6782 @@ -196,15 +204,15 @@ spec: mountPath: /lib/modules - name: xtables-lock mountPath: /run/xtables.lock + readOnly: false - name: weave-npc - args: [] env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - image: 'weaveworks/weave-npc:2.5.2' + image: 'weaveworks/weave-npc:2.6.4' ports: - name: metrics containerPort: 6781 @@ -219,6 +227,7 @@ spec: volumeMounts: - name: xtables-lock mountPath: /run/xtables.lock + readOnly: false hostNetwork: true hostPID: true restartPolicy: Always @@ -228,6 +237,8 @@ spec: tolerations: - effect: NoSchedule operator: Exists + - effect: NoExecute + operator: Exists - key: CriticalAddonsOnly operator: Exists volumes: diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 22ca08b957c98..e9345393d8c9d 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -695,8 +695,8 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons { "pre-k8s-1.6": "2.3.0-kops.3", "k8s-1.6": "2.3.0-kops.3", "k8s-1.7": "2.5.2-kops.2", - "k8s-1.8": "2.5.2-kops.2", - "k8s-1.12": "2.5.2-kops.3", + "k8s-1.8": "2.6.4-kops.1", + "k8s-1.12": "2.6.4-kops.1", } { diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml index 107141484a6a5..29d0e80e2cdf5 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml @@ -139,16 +139,16 @@ spec: - id: k8s-1.8 kubernetesVersion: '>=1.8.0 <1.12.0' manifest: networking.weave/k8s-1.8.yaml - manifestHash: 748a1526515a719058b99c203cd943a740675e21 + manifestHash: 04b76e2d427fcdd14c042eb63b44c3a9d34ece33 name: networking.weave selector: role.kubernetes.io/networking: "1" - version: 2.5.2-kops.2 + version: 2.6.4-kops.1 - id: k8s-1.12 kubernetesVersion: '>=1.12.0' manifest: networking.weave/k8s-1.12.yaml - manifestHash: 96334bfcfa6a3ec9791b50c94674a8821cb6ad67 + manifestHash: eb0ee027200ce4fbe3f99b656474c0891d15d6aa name: networking.weave selector: role.kubernetes.io/networking: "1" - version: 2.5.2-kops.3 + version: 2.6.4-kops.1