Skip to content

Commit f304a55

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #3142 from CecileRobertMichon/calico-v3.25
Bump Windows Calico to v3.25.0
2 parents e94ca12 + 5eccfdf commit f304a55

18 files changed

+476
-140
lines changed

.codespellignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ aks
22
witht
33
geting
44
ot
5-
intepreted
65
updat
76
shouldnot
87
decorder
8+
overriden

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -492,7 +492,7 @@ generate-addons: fetch-calico-manifests ## Generate metric-server, calico calico
492492
$(KUSTOMIZE) build $(ADDONS_DIR)/calico-dual-stack > $(ADDONS_DIR)/calico-dual-stack.yaml
493493

494494
# When updating this, make sure to also update the Windows image version in templates/addons/windows/calico.
495-
CALICO_VERSION := v3.24.5
495+
CALICO_VERSION := v3.25.0
496496
# Where all downloaded Calico manifests are unpacked and stored.
497497
CALICO_RELEASES := $(ARTIFACTS)/calico
498498
# Path to manifests directory in a Calico release archive.

templates/addons/calico-dual-stack.yaml

Lines changed: 76 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,12 @@ spec:
6363
type: string
6464
type: object
6565
type: array
66+
ignoredInterfaces:
67+
description: IgnoredInterfaces indicates the network interfaces that
68+
needs to be excluded when reading device routes.
69+
items:
70+
type: string
71+
type: array
6672
listenPort:
6773
description: ListenPort is the port where BGP protocol should listen.
6874
Defaults to 179
@@ -280,12 +286,23 @@ spec:
280286
remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
281287
or the global default if that is not set.
282288
type: string
289+
reachableBy:
290+
description: Add an exact, i.e. /32, static route toward peer IP in
291+
order to prevent route flapping. ReachableBy contains the address
292+
of the gateway which peer can be reached by.
293+
type: string
283294
sourceAddress:
284295
description: Specifies whether and how to configure a source address
285296
for the peerings generated by this BGPPeer resource. Default value
286297
"UseNodeIP" means to configure the node IP as the source address. "None"
287298
means not to configure a source address.
288299
type: string
300+
ttlSecurity:
301+
description: TTLSecurity enables the generalized TTL security mechanism
302+
(GTSM) which protects against spoofed packets by ignoring received
303+
packets with a smaller than expected TTL value. The provided value
304+
is the number of hops (edges) between the peers.
305+
type: integer
289306
type: object
290307
type: object
291308
served: true
@@ -766,9 +783,10 @@ spec:
766783
[Default: false]'
767784
type: boolean
768785
bpfEnforceRPF:
769-
description: 'BPFEnforceRPF enforce strict RPF on all interfaces with
770-
BPF programs regardless of what is the per-interfaces or global
771-
setting. Possible values are Disabled or Strict. [Default: Strict]'
786+
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
787+
with BPF programs regardless of what is the per-interfaces or global
788+
setting. Possible values are Disabled, Strict or Loose. [Default:
789+
Strict]'
772790
type: string
773791
bpfExtToServiceConnmark:
774792
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
@@ -808,6 +826,14 @@ spec:
808826
kube-proxy. Lower values give reduced set-up latency. Higher values
809827
reduce Felix CPU usage by batching up more work. [Default: 1s]'
810828
type: string
829+
bpfL3IfacePattern:
830+
description: BPFL3IfacePattern is a regular expression that allows
831+
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
832+
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
833+
created by Calico, that Calico workload traffic flows over as well
834+
as any interfaces that handle incoming traffic to nodeports and
835+
services from outside the cluster.
836+
type: string
811837
bpfLogLevel:
812838
description: 'BPFLogLevel controls the log level of the BPF programs
813839
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
@@ -883,11 +909,12 @@ spec:
883909
to use. Only used if UseInternalDataplaneDriver is set to false.
884910
type: string
885911
dataplaneWatchdogTimeout:
886-
description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout
887-
used for Felix''s (internal) dataplane driver. Increase this value
912+
description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
913+
used for Felix's (internal) dataplane driver. Increase this value
888914
if you experience spurious non-ready or non-live events when Felix
889915
is under heavy load. Decrease the value to get felix to report non-live
890-
or non-ready more quickly. [Default: 90s]'
916+
or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
917+
by the generic HealthTimeoutOverrides."
891918
type: string
892919
debugDisableLogDropping:
893920
type: boolean
@@ -991,15 +1018,21 @@ spec:
9911018
type: object
9921019
type: array
9931020
featureDetectOverride:
994-
description: FeatureDetectOverride is used to override the feature
995-
detection. Values are specified in a comma separated list with no
996-
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=".
997-
"true" or "false" will force the feature, empty or omitted values
998-
are auto-detected.
1021+
description: FeatureDetectOverride is used to override feature detection
1022+
based on auto-detected platform capabilities. Values are specified
1023+
in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
1024+
or "false" will force the feature, empty or omitted values are auto-detected.
1025+
type: string
1026+
featureGates:
1027+
description: FeatureGates is used to enable or disable tech-preview
1028+
Calico features. Values are specified in a comma separated list
1029+
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
1030+
This is used to enable features that are not fully production ready.
9991031
type: string
10001032
floatingIPs:
10011033
description: FloatingIPs configures whether or not Felix will program
1002-
floating IP addresses.
1034+
non-OpenStack floating IP addresses. (OpenStack-derived floating
1035+
IPs are always programmed, regardless of this setting.)
10031036
enum:
10041037
- Enabled
10051038
- Disabled
@@ -1016,6 +1049,23 @@ spec:
10161049
type: string
10171050
healthPort:
10181051
type: integer
1052+
healthTimeoutOverrides:
1053+
description: HealthTimeoutOverrides allows the internal watchdog timeouts
1054+
of individual subcomponents to be overriden. This is useful for
1055+
working around "false positive" liveness timeouts that can occur
1056+
in particularly stressful workloads or if CPU is constrained. For
1057+
a list of active subcomponents, see Felix's logs.
1058+
items:
1059+
properties:
1060+
name:
1061+
type: string
1062+
timeout:
1063+
type: string
1064+
required:
1065+
- name
1066+
- timeout
1067+
type: object
1068+
type: array
10191069
interfaceExclude:
10201070
description: 'InterfaceExclude is a comma-separated list of interfaces
10211071
that Felix should exclude when monitoring for host endpoints. The
@@ -1057,7 +1107,7 @@ spec:
10571107
type: string
10581108
iptablesBackend:
10591109
description: IptablesBackend specifies which backend of iptables will
1060-
be used. The default is legacy.
1110+
be used. The default is Auto.
10611111
type: string
10621112
iptablesFilterAllowAction:
10631113
type: string
@@ -4301,7 +4351,7 @@ spec:
43014351
value: node
43024352
- name: DATASTORE_TYPE
43034353
value: kubernetes
4304-
image: docker.io/calico/kube-controllers:v3.24.5
4354+
image: docker.io/calico/kube-controllers:v3.25.0
43054355
imagePullPolicy: IfNotPresent
43064356
livenessProbe:
43074357
exec:
@@ -4344,6 +4394,11 @@ spec:
43444394
selector:
43454395
matchLabels:
43464396
k8s-app: calico-typha
4397+
strategy:
4398+
rollingUpdate:
4399+
maxSurge: 100%
4400+
maxUnavailable: 1
4401+
type: RollingUpdate
43474402
template:
43484403
metadata:
43494404
annotations:
@@ -4365,13 +4420,15 @@ spec:
43654420
value: kubernetes
43664421
- name: TYPHA_HEALTHENABLED
43674422
value: "true"
4423+
- name: TYPHA_SHUTDOWNTIMEOUTSECS
4424+
value: "300"
43684425
- name: USE_POD_CIDR
43694426
value: "true"
43704427
envFrom:
43714428
- configMapRef:
43724429
name: kubernetes-services-endpoint
43734430
optional: true
4374-
image: docker.io/calico/typha:v3.24.5
4431+
image: docker.io/calico/typha:v3.25.0
43754432
imagePullPolicy: IfNotPresent
43764433
livenessProbe:
43774434
httpGet:
@@ -4403,6 +4460,7 @@ spec:
44034460
securityContext:
44044461
fsGroup: 65534
44054462
serviceAccountName: calico-node
4463+
terminationGracePeriodSeconds: 300
44064464
tolerations:
44074465
- key: CriticalAddonsOnly
44084466
operator: Exists
@@ -4488,7 +4546,7 @@ spec:
44884546
- configMapRef:
44894547
name: kubernetes-services-endpoint
44904548
optional: true
4491-
image: docker.io/calico/node:v3.24.5
4549+
image: docker.io/calico/node:v3.25.0
44924550
imagePullPolicy: IfNotPresent
44934551
lifecycle:
44944552
preStop:
@@ -4563,7 +4621,7 @@ spec:
45634621
- configMapRef:
45644622
name: kubernetes-services-endpoint
45654623
optional: true
4566-
image: docker.io/calico/cni:v3.24.5
4624+
image: docker.io/calico/cni:v3.25.0
45674625
imagePullPolicy: IfNotPresent
45684626
name: install-cni
45694627
securityContext:
@@ -4577,7 +4635,7 @@ spec:
45774635
- calico-node
45784636
- -init
45794637
- -best-effort
4580-
image: docker.io/calico/node:v3.24.5
4638+
image: docker.io/calico/node:v3.25.0
45814639
imagePullPolicy: IfNotPresent
45824640
name: mount-bpffs
45834641
securityContext:

0 commit comments

Comments
 (0)