Skip to content

Commit 6b34e3e

Browse files
mzaianmzaian
authored
[calico] Make version 3.26.1 default (kubernetes-sigs#10416)
* [calico] Make version 3.26.1 default * [calico] Separate calico-node and calico-cni-plugin service accounts See: projectcalico/calico#7106
1 parent dbdc4d4 commit 6b34e3e

File tree

5 files changed

+59
-3
lines changed

5 files changed

+59
-3
lines changed

‎README.md‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ Note: Upstart/SysV init based OS types are not supported.
168168
- [cri-o](http://cri-o.io/) v1.27 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
169169
- Network Plugin
170170
- [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
171-
- [calico](https://github.com/projectcalico/calico) v3.25.2
171+
- [calico](https://github.com/projectcalico/calico) v3.26.1
172172
- [cilium](https://github.com/cilium/cilium) v1.13.4
173173
- [flannel](https://github.com/flannel-io/flannel) v0.22.0
174174
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5

‎roles/download/defaults/main/main.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ github_image_repo: "ghcr.io"
100100

101101
# TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
102102
# after migration to container download
103-
calico_version: "v3.25.2"
103+
calico_version: "v3.26.1"
104104
calico_ctl_version: "{{ calico_version }}"
105105
calico_cni_version: "{{ calico_version }}"
106106
calico_flexvol_version: "{{ calico_version }}"

‎roles/network_plugin/calico/templates/calico-cr.yml.j2‎

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,39 @@
11
---
22
kind: ClusterRole
33
apiVersion: rbac.authorization.k8s.io/v1
4+
metadata:
5+
name: calico-cni-plugin
6+
rules:
7+
- apiGroups: [""]
8+
resources:
9+
- pods
10+
- nodes
11+
- namespaces
12+
verbs:
13+
- get
14+
- apiGroups: [""]
15+
resources:
16+
- pods/status
17+
verbs:
18+
- patch
19+
- apiGroups: ["crd.projectcalico.org"]
20+
resources:
21+
- blockaffinities
22+
- ipamblocks
23+
- ipamhandles
24+
- clusterinformations
25+
- ippools
26+
- ipreservations
27+
- ipamconfigs
28+
verbs:
29+
- get
30+
- list
31+
- create
32+
- update
33+
- delete
34+
---
35+
kind: ClusterRole
36+
apiVersion: rbac.authorization.k8s.io/v1
437
metadata:
538
name: calico-node
639
namespace: kube-system
@@ -78,6 +111,7 @@ rules:
78111
- globalfelixconfigs
79112
- felixconfigurations
80113
- bgppeers
114+
- bgpfilters
81115
- globalbgpconfigs
82116
- bgpconfigurations
83117
- ippools
@@ -164,6 +198,6 @@ rules:
164198
resources:
165199
- serviceaccounts/token
166200
resourceNames:
167-
- calico-node
201+
- calico-cni-plugin
168202
verbs:
169203
- create

‎roles/network_plugin/calico/templates/calico-crb.yml.j2‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,18 @@ subjects:
1111
- kind: ServiceAccount
1212
name: calico-node
1313
namespace: kube-system
14+
15+
---
16+
17+
apiVersion: rbac.authorization.k8s.io/v1
18+
kind: ClusterRoleBinding
19+
metadata:
20+
name: calico-cni-plugin
21+
roleRef:
22+
apiGroup: rbac.authorization.k8s.io
23+
kind: ClusterRole
24+
name: calico-cni-plugin
25+
subjects:
26+
- kind: ServiceAccount
27+
name: calico-cni-plugin
28+
namespace: kube-system

‎roles/network_plugin/calico/templates/calico-node-sa.yml.j2‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,10 @@ kind: ServiceAccount
44
metadata:
55
name: calico-node
66
namespace: kube-system
7+
8+
---
9+
apiVersion: v1
10+
kind: ServiceAccount
11+
metadata:
12+
name: calico-cni-plugin
13+
namespace: kube-system

0 commit comments

Comments
 (0)