Sync from SUSE:SLFO:Main flannel revision 2bd423cc9f2f6ec4df6b5471a7bbd27f
This commit is contained in:
commit
4bb6906ca4
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
444
flannel.changes
Normal file
444
flannel.changes
Normal file
@ -0,0 +1,444 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 23 08:54:45 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
||||
|
||||
- Update to 0.14.0:
|
||||
* Add tencent cloud VPC network support
|
||||
* moving go modules to flannel-io/flannel and updating to go 1.16
|
||||
* fix(windows): nil pointer panic
|
||||
* Preserve environment for extension backend
|
||||
* Fix flannel hang if lease expired
|
||||
* Documentation for the Flannel upgrade/downgrade procedure
|
||||
* Move from glog to klog
|
||||
* fix(host-gw): failed to restart if gateway hnsep existed
|
||||
* ipsec: use well known paths of charon daemon
|
||||
* upgrade client-go to 1.19.4
|
||||
* move from juju/errors to pkg/errors
|
||||
* subnets: move forward the cursor to skip illegal subnet
|
||||
* Fix Expired URL to Deploying Flannel with kubeadm
|
||||
* Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
|
||||
* preserve AccessKey & AccessKeySecret environment on sudo fix some typo in doc.
|
||||
* iptables: handle errors that prevent rule deletes
|
||||
- Sync kube-flannel.yaml manifest
|
||||
- Change project URL to github.com/flannel-io/flannel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 28 13:20:33 UTC 2021 - Ralf Haferkamp <ralf@h4kamp.de>
|
||||
|
||||
- Sync manifest with upstream (0.13.0 release). Includes the
|
||||
following changes:
|
||||
* Fix typo and invalid indent in kube-flannel.yml
|
||||
* Use stable os and arch label for node
|
||||
* set priorityClassName to system-node-critical
|
||||
* Add NET_RAW capability to support cri-o
|
||||
* Use multi-arch Docker images in the Kubernetes manifest
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 17 01:25:43 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Set GO111MODULE=auto to build with go1.16+
|
||||
* Default changed to GO111MODULE=on in go1.16
|
||||
* Set temporarily until using upstream version with go.mod
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 26 09:43:39 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
||||
|
||||
- update to 0.13.0:
|
||||
* Use multi-arch Docker images in the Kubernetes manifest
|
||||
* Accept existing XMRF policies and update them intead of raising errors
|
||||
* Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64
|
||||
* Use "docker manifest" to publish multi-arch Docker images
|
||||
* Add NET_RAW capability to support cri-o
|
||||
* remove glide
|
||||
* switch to go modules
|
||||
* Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers
|
||||
* documentation: set priorityClassName to system-node-critical
|
||||
* Added a hint for firewall rules
|
||||
* Disabling ipv6 accept_ra explicitely on the created interface
|
||||
* use alpine 3.12 everywhere
|
||||
* windows: replace old netsh (rakelkar/gonetsh) with powershell commands
|
||||
* fix CVE-2019-14697
|
||||
* Bugfix: VtepMac would be empty when lease re-acquire for windows
|
||||
* Use stable os and arch label for node
|
||||
* doc(awsvpc): correct the required permissions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Aug 16 17:14:50 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||||
|
||||
- update to 0.12.0:
|
||||
* fix deleteLease
|
||||
* Use publicIP lookup iface if --public-ip indicated
|
||||
* kubernetes 1.16 cni error
|
||||
* Add cniVersion to general CNI plugin configuration.
|
||||
* Needs to clear NodeNetworkUnavailable flag on Kubernetes
|
||||
* Replaces gorillalabs go-powershell with bhendo/go-powershell
|
||||
* Make VXLAN device learning attribute configurable
|
||||
* change nodeSelector to nodeAffinity and schedule the pod to linux node
|
||||
* This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap
|
||||
* EnableNonPersistent flag for Windows Overlay networks
|
||||
* snap package.
|
||||
* Update lease with DR Mac
|
||||
* main.go: add the "net-config-path" flag
|
||||
* Deploy Flannel with unprivileged PSP
|
||||
* Enable local host to local pod connectivity in Windows VXLAN
|
||||
* Update hcsshim for HostRoute policy in Windows VXLAN
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 29 13:30:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||||
|
||||
- Use Tumbleweed Kubic flannel containers instead of devel:kubic
|
||||
containers. This fixes aarch64 and ppc64* (boo#1152185)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 11 07:46:20 UTC 2019 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- It's apps/v1, not apps/v1beta1
|
||||
- Fix some more typos
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 10 15:03:40 UTC 2019 - Richard Brown <rbrown@suse.com>
|
||||
|
||||
- Fix typo in updated flannel manifest
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 10 13:45:11 UTC 2019 - Richard Brown <rbrown@suse.com>
|
||||
|
||||
- Update flannel manifest to match upstream and support k8s 1.16 API
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 19 10:56:20 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Set cni version in flannel manifest
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 18 09:06:33 UTC 2019 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- Use current kube-flannel.yaml from git to fix DNS problems
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 9 15:24:02 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Add missing words in descriptions.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 6 15:57:32 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Fix path of flanneld in yaml file
|
||||
- Cleanup filelist
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 9 11:45:05 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Require minimal set of used network utilities
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 8 13:56:16 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Add flannel-k8s-yaml sub-package with the yaml file to deploy
|
||||
flannel.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 8 13:24:07 CEST 2019 - kukuk@suse.de
|
||||
|
||||
- Update to flannel 0.11.0
|
||||
- Drop standalone support, it's only for containers
|
||||
- Drop use-32-prefix-udp-backend.patch, included upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 19 16:55:33 UTC 2018 - clee@suse.com
|
||||
|
||||
- Refactor go to go1.11 for BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com
|
||||
|
||||
- Updated to a supported version of Go (due to security reasons)
|
||||
* bsc#1118897 CVE-2018-16873
|
||||
go#29230 cmd/go: remote command execution during "go get -u"
|
||||
* bsc#1118898 CVE-2018-16874
|
||||
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
|
||||
* bsc#1118899 CVE-2018-16875
|
||||
go#29233 crypto/x509: CPU denial of service
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 12 12:43:24 UTC 2018 - alvaro.saurin@suse.com
|
||||
|
||||
- Updated to a supported version of Go (due to security reasons)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 5 09:33:44 UTC 2018 - dcassany@suse.com
|
||||
|
||||
- Make use of %license macro
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 29 11:11:34 UTC 2018 - rfernandezlopez@suse.com
|
||||
|
||||
- Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface
|
||||
This avoids the kernel's creation of broadcast routes, which prevent
|
||||
communication from the host with the zeroth subnet to containers on any
|
||||
other hosts.
|
||||
|
||||
Fixes: bsc#1094364
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 1 16:58:22 CET 2018 - ro@suse.de
|
||||
|
||||
- do not build on s390, only on s390x (no go on s390)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 27 09:28:36 UTC 2017 - opensuse-packaging@opensuse.org
|
||||
|
||||
- Update to version 0.9.1:
|
||||
* kube: Update manifests to v0.9.1
|
||||
* network/iptables: Add iptables rules to FORWARD chain
|
||||
* kube-flannel.yml: Update to v0.9.0 and improve docs
|
||||
* Update README.md
|
||||
* Fix horrendous README typo
|
||||
* Always ensure iptables masquerade rules are installed
|
||||
* Makefile: Stop pulling the unused lib from kube-cross
|
||||
* subnet/*: Remove unused reservations code
|
||||
* use init container to install cni on flannel daemonset
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 23 13:48:19 UTC 2017 - rbrown@suse.com
|
||||
|
||||
- Replace references to /var/adm/fillup-templates with new
|
||||
%_fillupdir macro (boo#1069468)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 29 08:27:54 UTC 2017 - mmeister@suse.com
|
||||
|
||||
- build with go1.8
|
||||
this fixes the golang.org/x/net/context conflict
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 24 07:56:44 UTC 2017 - vrothberg@suse.com
|
||||
|
||||
- Update to version 0.8.0:
|
||||
* flannel reads from created subnet.env file on startup
|
||||
* Fix a bug with the iface-regex that always returned an error
|
||||
* Fix a bug where previously leased subnets would not update etcd leases
|
||||
* main.go: Fix logging options
|
||||
* Allow kube subnet manager to run outside of kubernetes
|
||||
* Added ability to specify multiple ifaces and iface regexes
|
||||
* Docs: Add kubernetes and troubleshooting info
|
||||
* Update manifest to v0.8.0
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 17 13:32:34 UTC 2017 - vrothberg@suse.com
|
||||
|
||||
- Fix bsc#1054097
|
||||
* We need to patch the Version variable to align with the package version
|
||||
* Do this by using `gofmt` (linker flags can't be set without changing the build)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 19 09:29:33 UTC 2017 - opensuse-packaging@opensuse.org
|
||||
|
||||
- Update to version 0.7.1:
|
||||
* Add Kubernetes RBAC support
|
||||
* vendor: Revendor with more sensible pinnings
|
||||
* vendor: Make code compatible again
|
||||
* Simplify rbac creation process
|
||||
* Tolerate flannel running on master nodes
|
||||
* backend/vxlan: Don't recreate vxlan device on flanneld restart
|
||||
* backend/hostgw: Fix memory leak
|
||||
* Build tar.gz for ppc64le, arm and arm64 arch
|
||||
* kube-flannel: Add namespace for compatibility with RBAC rules
|
||||
* Explicitly state operator: Exists for master node toleration - as tolleration defaults to Equal by default which will result in the non scheduling of flannel on the master nodes
|
||||
* switch kube subnet manager to PATCH
|
||||
* Bump k8s manifest version to v0.7.1
|
||||
* Correct the image in the k8s manifest files
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 20 15:53:14 UTC 2017 - opensuse-packaging@opensuse.org
|
||||
|
||||
- Update to version 0.7.0:
|
||||
* version: bump to v0.5.3+git
|
||||
* subnet: add infrastructure and tests for network watches
|
||||
* Refactoring: single ctx and pull out LeaseRenewer
|
||||
* Bug fix: remote mode errors out with bad backend type
|
||||
* Use a map for backend lookups
|
||||
* Split backend Init operation into New/Init and AddNetwork
|
||||
* Fix etcd implementation of getNetworks()
|
||||
* vendor: update etcd/client
|
||||
* aws-vpc: migrate to official AWS SDK
|
||||
* aws-vpc: use SDK to get metadata
|
||||
* Add network package to testing
|
||||
* Add/remove networks when registry changes
|
||||
* bug fix: no specified networks still led to multi-network path
|
||||
* Fix running multiple networks
|
||||
* Fix network watches when subnets change
|
||||
* Better handling of Ctrl+C
|
||||
* Add UnregisterNetwork backend method
|
||||
* Notify systemd service when server is ready to listen
|
||||
* Fix/improve docs
|
||||
* Masquerade host to flannel traffic.
|
||||
* Change copyright from CoreOS to flannel authors
|
||||
* remote: close response body during watch()
|
||||
* Refactor the backend interfaces for multi-networks
|
||||
* Go 1.5 compat change
|
||||
* test: add license header check + missing headers
|
||||
* travis: add logo to README, switch to go 1.4/1.5
|
||||
* build: use `git describe` output in version
|
||||
* file rename as separate commit for better diffs
|
||||
* Use jonboulle/clockwork
|
||||
* Have registry deal with subnet and not etcd types
|
||||
* Actually track backends in the active map
|
||||
* Fix subnet watch key creation
|
||||
* Periodically retry getting initial networks
|
||||
* Version embedding for Go 1.4 and 1.5
|
||||
* Ability to revoke lease
|
||||
* Add reservations to admin control subnet allocs
|
||||
* Revendor netlink library
|
||||
* Add mock etcd and etcd-backed registry testcases
|
||||
* tests: fix bug due to random numbers being used
|
||||
* Fixes a number of races
|
||||
* backend/udp: bind to the advertised interface
|
||||
* Add cli args for etcd basic auth
|
||||
* MAINTAINERS: remove eyakubovich; add tomdee, philips, steveej
|
||||
* DOCS: Add note to AWS docs about why it might be used
|
||||
* BUILDS: Use vendor directory instead of Godeps
|
||||
* Updating code.google.com/p/... dependencies
|
||||
* Add glide file
|
||||
* Add glide.lock and update GCE dependencies
|
||||
* Support quorum read option
|
||||
* vendor: bump netlink to latest master
|
||||
* network/ipmasq: RETURN instead of ACCEPT to allowe other rules
|
||||
* vendor: coreos/pkg: -> v2
|
||||
* vendor: bump netlink to latest
|
||||
* vxlan: support group-based policy
|
||||
* scripts/build: compat header
|
||||
* hostgw: Check existence of and compare routes before attempting to add/update them
|
||||
* backend/hostgw: don't filter by LinkIndex
|
||||
* BUILDS: Replace some shell scripts with Makefile
|
||||
* deps: Update go-iptables version
|
||||
* mk-docker-opts.sh: replace with busybox shell compatible version
|
||||
* BUILDS: Overhaul build process
|
||||
* vxlan: error on sysctl fail
|
||||
* Fix a typo in format error.
|
||||
* Makefile: Disable static builds of flanneld
|
||||
* Makefile: Make the ARCH part of the tag name not the image name
|
||||
* Builds: Insert libpthread into busybox images
|
||||
* The docker daemon syntax change addressed
|
||||
* Makefile: gzip the dist tar.gz file
|
||||
* Add functional (end-to-end) testing
|
||||
* README: Update build instructions
|
||||
* Makefile: Push "latest" to flannel-git on quay.io
|
||||
* Run e2e tests on travis
|
||||
* glide: cfg change
|
||||
* glide: add k8s deps
|
||||
* fixup after etcd client update
|
||||
* add kube backed subnet manager
|
||||
* Update aws-vpc-backend.md
|
||||
* README: Kubernetes rename
|
||||
* Documentation: Fix sample kube-flannel config
|
||||
* backend: do not log in Register
|
||||
* Makefile: Push tags to flannel-git for all builds
|
||||
* Makefile: clean before flannel-git build
|
||||
* Makefile: Also push :latest for flannel-git
|
||||
* Fixed #521: flanneld hang on at initialEvtsBatch := <-evts because of empty batch list in WatchLeases of subnet/watch.go
|
||||
* Make the flannel daemonset multiarch
|
||||
* aws-vpc: Fix crash when route has vpc-endpoints
|
||||
* aws-vpc: remove "blackholes"
|
||||
* deps: update aws-sdk version to latest stable
|
||||
* backend: fixes and cleanups in awsvpc backend
|
||||
* vxlan: user verbose logging macros
|
||||
* subnet/kube: Use informer callbacks for lease events
|
||||
* subnet/kube: wait for cache sync before using subnet manager
|
||||
* network manager: Improve logging
|
||||
* subnet/kube: modify a copy of node object, rather than the cached object
|
||||
* Fix a typo in backend/vxlan/network.go
|
||||
* Documention: Add information on leases and reservations
|
||||
* e2e: Allow the backend list to be overridden
|
||||
* backend/vxlan: Improve the comments and logging
|
||||
* backend/vxlan: Set the netmask of the IP used for the vxlan device
|
||||
* Add a flag to configure the subnet lease renewal margin. (#559)
|
||||
* Replacing the user id with group id.
|
||||
* Removing the -it flag from the docker build commands.
|
||||
* Update kube-flannel.yaml
|
||||
* Add note to readme about -kube-subnet-mgr
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 18 08:53:01 UTC 2016 - opensuse-packaging@opensuse.org
|
||||
|
||||
- Update to version 0.5.5:
|
||||
* Remove code dup and use coreos/pkg/flagutil
|
||||
* version: bump to v0.5.3
|
||||
* aws-vpc: migrate to official AWS SDK
|
||||
* aws-vpc: use SDK to get metadata
|
||||
* Notify systemd service when server is ready to listen
|
||||
* Masquerade host to flannel traffic.
|
||||
* remote: close response body during watch()
|
||||
* version: bump to v0.5.4
|
||||
* Bug fix: running out of memory with vxlan+bonding
|
||||
* version: bump to v0.5.5
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 14 10:10:05 UTC 2016 - opensuse-packaging@opensuse.org
|
||||
|
||||
- Update to version 0.6.1:
|
||||
* Support quorum read option
|
||||
* deps: Update go-iptables version
|
||||
* mk-docker-opts.sh: replace with busybox shell compatible version
|
||||
* BUILDS: Overhaul build process
|
||||
* vxlan: error on sysctl fail
|
||||
* Fix a typo in format error.
|
||||
* Makefile: Disable static builds of flanneld
|
||||
* Makefile: Make the ARCH part of the tag name not the image name
|
||||
* Builds: Insert libpthread into busybox images
|
||||
* Support VXLAN GBP
|
||||
* Add cli args for etcd basic auth
|
||||
* Add reservations to admin control subnet allocs
|
||||
* Ability to revoke lease
|
||||
* small docs changes
|
||||
* overhaul of the build system
|
||||
* improvements to stability and UX tweaks
|
||||
* refactoring mainly driven by reservation support
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 15 15:45:36 UTC 2016 - kstreitova@suse.com
|
||||
|
||||
- clean specfile by spec-cleaner
|
||||
- change 'PreReq: %fillup_prereq' to 'Requires(post)'
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 7 11:37:03 UTC 2016 - tboerger@suse.com
|
||||
|
||||
- Dropped rpmlintrc
|
||||
- Refactoring of the spec based on golang-packaging
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 6 14:12:51 UTC 2016 - msabate@suse.com
|
||||
|
||||
- Added go_provides
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 6 13:24:52 UTC 2016 - msabate@suse.com
|
||||
|
||||
- Removed kernel-devel build requirement
|
||||
|
||||
I've also added golang-packaging as a build requirement and we will be using
|
||||
the %{go_nostrip} macro from that package. Moreover, I've done some minor
|
||||
improvements here and there.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 5 09:27:54 UTC 2016 - cbrauner@suse.com
|
||||
|
||||
- add %ghost instruction: Files that are put into /run should be generated on
|
||||
the fly during runtime. To prevent them from getting installed we use
|
||||
%ghost.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 5 09:16:42 UTC 2016 - cbrauner@suse.com
|
||||
|
||||
- add _constraints file to get more disk space on aarch64
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 22 14:35:36 UTC 2016 - fcastelli@suse.com
|
||||
|
||||
- Fix issue inside of systemd unit file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 21 21:50:17 UTC 2016 - fcastelli@suse.com
|
||||
|
||||
- First release v0.5.5
|
||||
|
109
flannel.spec
Normal file
109
flannel.spec
Normal file
@ -0,0 +1,109 @@
|
||||
#
|
||||
# spec file for package flannel
|
||||
#
|
||||
# Copyright (c) 2017, 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
||||
%if ! %{defined _fillupdir}
|
||||
%define _fillupdir /var/adm/fillup-templates
|
||||
%endif
|
||||
|
||||
# Use Tumbleweed Kubic containers
|
||||
%define flannel_container_path registry.opensuse.org/kubic/flannel
|
||||
|
||||
Name: flannel
|
||||
Version: 0.14.0
|
||||
Release: 0
|
||||
Summary: An etcd backed network fabric for containers
|
||||
License: Apache-2.0
|
||||
Group: System/Management
|
||||
Url: https://github.com/flannel-io/flannel
|
||||
Source: https://github.com/flannel-io/flannel/archive/v%{version}.tar.gz
|
||||
Source1: kube-flannel.yaml
|
||||
Requires: iproute2
|
||||
# arp is used:
|
||||
Requires: net-tools-deprecated
|
||||
Requires: iptables
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: golang(API) >= 1.16
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
ExcludeArch: s390
|
||||
%{go_nostrip}
|
||||
%{go_provides}
|
||||
|
||||
%description
|
||||
flannel is a virtual network that gives a subnet to each host for use with
|
||||
container runtimes.
|
||||
|
||||
Platforms like Google's Kubernetes assume that each container (pod) has a
|
||||
unique, routable IP address inside the cluster. The advantage of this model is that it
|
||||
reduces the complexity of doing port mapping.
|
||||
|
||||
This package contains the binary to be included into a container image
|
||||
|
||||
%package k8s-yaml
|
||||
Summary: Kubernetes yaml file to run flannel container
|
||||
Group: System/Management
|
||||
BuildArch: noarch
|
||||
|
||||
%description k8s-yaml
|
||||
This package contains the yaml file requried to download and run the
|
||||
flannel container in a kubernetes cluster.
|
||||
|
||||
flannel is a virtual network that gives a subnet to each host for use with
|
||||
container runtimes.
|
||||
|
||||
Platforms like Google's Kubernetes assume that each container (pod) has a
|
||||
unique, routable IP address inside the cluster. The advantage of this model is that it
|
||||
reduces the complexity of doing port mapping.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
gofmt -w -r "x -> \"%{version}\"" version/version.go
|
||||
%{goprep} github.com/flannel-io/flannel
|
||||
# go1.16+ default is GO111MODULE=on set to auto temporarily
|
||||
# until using an upstream version with go.mod
|
||||
export GO111MODULE=auto
|
||||
%{gobuild}
|
||||
|
||||
%install
|
||||
%{goinstall}
|
||||
rm -rf %{buildroot}/%{_libdir}/go/contrib
|
||||
|
||||
# Install provided yaml file to download and run the flannel container
|
||||
mkdir -p %{buildroot}%{_datadir}/k8s-yaml/flannel
|
||||
#install -m 0644 Documentation/kube-flannel.yml %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
|
||||
install -m 0644 %{SOURCE1} %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
|
||||
sed -i -e 's|image: quay.io/coreos/flannel:.*|image: %{flannel_container_path}:%{version}|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
|
||||
sed -i -e 's|/opt/bin/flanneld|/usr/sbin/flanneld|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
|
||||
|
||||
# Move
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
mv %{buildroot}%{_bindir}/flannel %{buildroot}%{_sbindir}/flanneld
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc README.md DCO NOTICE
|
||||
%license LICENSE
|
||||
%{_sbindir}/flanneld
|
||||
|
||||
%files k8s-yaml
|
||||
%dir %{_datarootdir}/k8s-yaml
|
||||
%dir %{_datarootdir}/k8s-yaml/flannel
|
||||
%{_datarootdir}/k8s-yaml/flannel/kube-flannel.yaml
|
||||
|
||||
%changelog
|
223
kube-flannel.yaml
Normal file
223
kube-flannel.yaml
Normal file
@ -0,0 +1,223 @@
|
||||
---
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: psp.flannel.unprivileged
|
||||
annotations:
|
||||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
|
||||
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
|
||||
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
|
||||
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
|
||||
spec:
|
||||
privileged: false
|
||||
volumes:
|
||||
- configMap
|
||||
- secret
|
||||
- emptyDir
|
||||
- hostPath
|
||||
allowedHostPaths:
|
||||
- pathPrefix: "/etc/cni/net.d"
|
||||
- pathPrefix: "/etc/kube-flannel"
|
||||
- pathPrefix: "/run/flannel"
|
||||
readOnlyRootFilesystem: false
|
||||
# Users and groups
|
||||
runAsUser:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
# Privilege Escalation
|
||||
allowPrivilegeEscalation: false
|
||||
defaultAllowPrivilegeEscalation: false
|
||||
# Capabilities
|
||||
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
|
||||
defaultAddCapabilities: []
|
||||
requiredDropCapabilities: []
|
||||
# Host namespaces
|
||||
hostPID: false
|
||||
hostIPC: false
|
||||
hostNetwork: true
|
||||
hostPorts:
|
||||
- min: 0
|
||||
max: 65535
|
||||
# SELinux
|
||||
seLinux:
|
||||
# SELinux is unused in CaaSP
|
||||
rule: 'RunAsAny'
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: flannel
|
||||
rules:
|
||||
- apiGroups: ['extensions']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: ['psp.flannel.unprivileged']
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/status
|
||||
verbs:
|
||||
- patch
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: flannel
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: flannel
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: flannel
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: flannel
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-flannel-cfg
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
data:
|
||||
cni-conf.json: |
|
||||
{
|
||||
"name": "cbr0",
|
||||
"cniVersion": "0.3.1",
|
||||
"plugins": [
|
||||
{
|
||||
"type": "flannel",
|
||||
"delegate": {
|
||||
"hairpinMode": true,
|
||||
"isDefaultGateway": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "portmap",
|
||||
"capabilities": {
|
||||
"portMappings": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
net-conf.json: |
|
||||
{
|
||||
"Network": "10.244.0.0/16",
|
||||
"Backend": {
|
||||
"Type": "vxlan"
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-flannel-ds
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: flannel
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
tier: node
|
||||
app: flannel
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: kubernetes.io/os
|
||||
operator: In
|
||||
values:
|
||||
- linux
|
||||
hostNetwork: true
|
||||
priorityClassName: system-node-critical
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
effect: NoSchedule
|
||||
serviceAccountName: flannel
|
||||
initContainers:
|
||||
- name: install-cni
|
||||
image: quay.io/coreos/flannel:v0.14.0
|
||||
command:
|
||||
- cp
|
||||
args:
|
||||
- -f
|
||||
- /etc/kube-flannel/cni-conf.json
|
||||
- /etc/cni/net.d/10-flannel.conflist
|
||||
volumeMounts:
|
||||
- name: cni
|
||||
mountPath: /etc/cni/net.d
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
containers:
|
||||
- name: kube-flannel
|
||||
image: quay.io/coreos/flannel:v0.14.0
|
||||
command:
|
||||
- /opt/bin/flanneld
|
||||
args:
|
||||
- --ip-masq
|
||||
- --kube-subnet-mgr
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
securityContext:
|
||||
privileged: false
|
||||
capabilities:
|
||||
add: ["NET_ADMIN", "NET_RAW"]
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
volumeMounts:
|
||||
- name: run
|
||||
mountPath: /run/flannel
|
||||
- name: flannel-cfg
|
||||
mountPath: /etc/kube-flannel/
|
||||
volumes:
|
||||
- name: run
|
||||
hostPath:
|
||||
path: /run/flannel
|
||||
- name: cni
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
- name: flannel-cfg
|
||||
configMap:
|
||||
name: kube-flannel-cfg
|
BIN
v0.14.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
v0.14.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user