Bump flannel to v0.26.4, which includes golang.org/x/net/http2
at v0.34.0, fixes bsc#1236522 (CVE-2023-45288)
- add `go-modules` for automated creation of go vendored modules tarball - bump go version: `BuildRequires: golang(API) >= 1.23` - delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball OBS-URL: https://build.opensuse.org/package/show/devel:kubic/flannel?expand=0&rev=18
This commit is contained in:
Normal file
Normal file
@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
Normal file
Normal file
@ -0,0 +1 @@
Normal file
Normal file
@ -0,0 +1,23 @@
<service name="obs_scm" mode="disabled">
<param name="url">https://github.com/flannel-io/flannel.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="revision">v0.26.4</param>
<param name="changesgenerate">enable</param>
<service name="tar" mode="disabled"/>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">gz</param>
<service name="set_version" mode="disabled">
<param name="basename">flannel</param>
<service name="go_modules" mode="disabled">
<param name="archive">flannel-0.26.4.tar.gz</param>
Normal file
Normal file
@ -0,0 +1,4 @@
<service name="tar_scm">
<param name="url">https://github.com/flannel-io/flannel.git</param>
<param name="changesrevision">c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6</param></service></servicedata>
Normal file
Normal file
@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:320baa7e3a40c87cc1a000c33d2a2db52664ece2f6f676f6cedc91dfaad8105b
size 2387361
(Stored with Git LFS)
Normal file
(Stored with Git LFS)
Normal file
Binary file not shown.
Normal file
Normal file
@ -0,0 +1,570 @@
Fri Feb 7 11:23:27 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
- add `go-modules` for automated creation of go vendored modules tarball
- bump go version: `BuildRequires: golang(API) >= 1.23`
- delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball
Fri Feb 7 11:16:55 UTC 2025 - Priyanka Saggu <priyanka.saggu@suse.com>
- Update to version 0.26.4:
* Moved to github container registry
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
* fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff
* Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
* Bump alpine from 20240923 to 20250108 in /images
* Bump golang.org/x/net from 0.31.0 to 0.33.0
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
* feat: add bool to control CNI config installation using Helm
* fix: add missing MY_NODE_NAME env in chart
* Bump k8s deps to 0.29.12
* Don't panic upon shutdown when running in standalone mode
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0
* Bump alpine from 20240807 to 20240923 in /images
* Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
* Use the standard context library
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Updated flannel cni image to 1.6.0
* Updated CNI plugins version on the README
* Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
* Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
* Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
* Added check to not check br_filter in case of windows
* Bumo golangci-lint to latest version
* Bump to go 1.23
* Added checks for br_netfilter module
* Try not to cleanup multiple peers behind same PublicIP
* fix trivy check
* check that the lease includes an IP address of the requested family before configuring the flannel interface
* Fixed IPv6 chosen in case of public-ipv6 configured
* add timeout to e2e test pipelines
* Update k8s version ine2e tests to v1.29.8
* Update netlink to v1.3.0
* Fixed values file on flannel chart
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
* Updated Flannel chart with Netpol containter and removed clustercidr
* Fix bug in hostgw-windows
* Fix bug in the logic polling the interface
* Added node-public-ip annotation
* Try several times to contact kube-api before failing
* Fixed IPv6 0 initialization
* wireguard backend: avoid error message if route already exists
* Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
* use wait.PollUntilContextTimeout instead of deprecated wait.Poll
* troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT
* Added configuration for pulic-ip through node annotation
* extension/vxlan: remove arp commands from vxlan examples
* Refactor TrafficManager windows files to clarify logs
* Add persistent-mac option to v6 too
* fix comparison with previous networks in SetupAndEnsureMasqRules
* show content of stdout and stderr when running iptables-restore returns an error
* Add extra check before contacting kube-api
* remove unimplemented error in windows trafficmngr
* remove --dirty flags in git describe
* Added leaseAttr string method with logs on VxLan
* remove multiClusterCidr related-code.
* Implement nftables masquerading for flannel
* fix: ipv6 iptables rules were created even when IPv6 was disabled
* Add tolerations to the flannel chart
* Added additional check for n.spec.podCIDRs
* Remove net-tools since it's an old package that we are not using
* fix iptables_windows.go
* Clean-up Makefile and use docker buildx locally
* Use manual test to ensure iptables-* binaries are present
* Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
* Bump github.com/joho/godotenv
* SubnetManager should use the main context
* Simplify TrafficManager interface
* refactor iptables package to prepare for nftables-based implementation
- flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes bsc#1236522 (CVE-2023-45288)
Fri Apr 19 17:51:42 UTC 2024 - Jeff Mahoney <jeffm@suse.com>
- Remove dependency on net-tools-deprecated. It's not actually used.
Wed Jan 31 13:05:53 UTC 2024 - Priyanka Saggu <priyanka.saggu@suse.com>
- sync `kube-flannel.yaml` manifest with upstream release, v0.24.2 (bsc#1218694)
- refactor, clean spec file. Include following change:
* bump go version build requirements: `BuildRequires: golang(API) >= 1.20`
* include go modules dependencies as vendor tar - vendor.tar.gz, update following %prep, %build, %install sections accordingly
Wed Jan 31 07:20:42 UTC 2024 - priyanka.saggu@suse.com
- Update to version 0.24.2:
* Prepare for v0.24.2 release
* Increase the time out for interface checking in windows
* Prepare for v0.24.1 release
* Provide support to select the interface in Windows
* Improve the log from powershell
* Wait all the jobs to finish before deploy the github-page
* remove remaining references to mips64le
* add multi-arch dockerfile
* add missing riscv64 in docker manifest create step
* prepare for v0.24.0 release
* Bump golang.org/x/crypto from 0.15.0 to 0.17.0
* Add the VNI to the error message in Windows
* chart: add possibility for defining image pull secrets in daemonset
* Remove multiclustercidr logic from code
* Update opentelemetry dependencies
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
* Add riscv64 arch in GH actions
* vxlan vni should not be type uint16
* Quote wireguard psk in helm chart
* add riscv64 support
Fri Jul 23 08:54:45 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Update to 0.14.0:
* Add tencent cloud VPC network support
* moving go modules to flannel-io/flannel and updating to go 1.16
* fix(windows): nil pointer panic
* Preserve environment for extension backend
* Fix flannel hang if lease expired
* Documentation for the Flannel upgrade/downgrade procedure
* Move from glog to klog
* fix(host-gw): failed to restart if gateway hnsep existed
* ipsec: use well known paths of charon daemon
* upgrade client-go to 1.19.4
* move from juju/errors to pkg/errors
* subnets: move forward the cursor to skip illegal subnet
* Fix Expired URL to Deploying Flannel with kubeadm
* Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
* preserve AccessKey & AccessKeySecret environment on sudo fix some typo in doc.
* iptables: handle errors that prevent rule deletes
- Sync kube-flannel.yaml manifest
- Change project URL to github.com/flannel-io/flannel
Wed Apr 28 13:20:33 UTC 2021 - Ralf Haferkamp <ralf@h4kamp.de>
- Sync manifest with upstream (0.13.0 release). Includes the
following changes:
* Fix typo and invalid indent in kube-flannel.yml
* Use stable os and arch label for node
* set priorityClassName to system-node-critical
* Add NET_RAW capability to support cri-o
* Use multi-arch Docker images in the Kubernetes manifest
Wed Mar 17 01:25:43 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Set GO111MODULE=auto to build with go1.16+
* Default changed to GO111MODULE=on in go1.16
* Set temporarily until using upstream version with go.mod
Fri Feb 26 09:43:39 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- update to 0.13.0:
* Use multi-arch Docker images in the Kubernetes manifest
* Accept existing XMRF policies and update them intead of raising errors
* Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64
* Use "docker manifest" to publish multi-arch Docker images
* Add NET_RAW capability to support cri-o
* remove glide
* switch to go modules
* Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers
* documentation: set priorityClassName to system-node-critical
* Added a hint for firewall rules
* Disabling ipv6 accept_ra explicitely on the created interface
* use alpine 3.12 everywhere
* windows: replace old netsh (rakelkar/gonetsh) with powershell commands
* fix CVE-2019-14697
* Bugfix: VtepMac would be empty when lease re-acquire for windows
* Use stable os and arch label for node
* doc(awsvpc): correct the required permissions
Sun Aug 16 17:14:50 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 0.12.0:
* fix deleteLease
* Use publicIP lookup iface if --public-ip indicated
* kubernetes 1.16 cni error
* Add cniVersion to general CNI plugin configuration.
* Needs to clear NodeNetworkUnavailable flag on Kubernetes
* Replaces gorillalabs go-powershell with bhendo/go-powershell
* Make VXLAN device learning attribute configurable
* change nodeSelector to nodeAffinity and schedule the pod to linux node
* This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap
* EnableNonPersistent flag for Windows Overlay networks
* snap package.
* Update lease with DR Mac
* main.go: add the "net-config-path" flag
* Deploy Flannel with unprivileged PSP
* Enable local host to local pod connectivity in Windows VXLAN
* Update hcsshim for HostRoute policy in Windows VXLAN
Tue Oct 29 13:30:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Use Tumbleweed Kubic flannel containers instead of devel:kubic
containers. This fixes aarch64 and ppc64* (boo#1152185)
Fri Oct 11 07:46:20 UTC 2019 - Fabian Vogt <fvogt@suse.com>
- It's apps/v1, not apps/v1beta1
- Fix some more typos
Thu Oct 10 15:03:40 UTC 2019 - Richard Brown <rbrown@suse.com>
- Fix typo in updated flannel manifest
Thu Oct 10 13:45:11 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update flannel manifest to match upstream and support k8s 1.16 API
Fri Jul 19 10:56:20 CEST 2019 - kukuk@suse.de
- Set cni version in flannel manifest
Thu Jul 18 09:06:33 UTC 2019 - Thorsten Kukuk <kukuk@suse.com>
- Use current kube-flannel.yaml from git to fix DNS problems
Sun Jun 9 15:24:02 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Add missing words in descriptions.
Thu Jun 6 15:57:32 CEST 2019 - kukuk@suse.de
- Fix path of flanneld in yaml file
- Cleanup filelist
Tue Apr 9 11:45:05 CEST 2019 - kukuk@suse.de
- Require minimal set of used network utilities
Mon Apr 8 13:56:16 CEST 2019 - kukuk@suse.de
- Add flannel-k8s-yaml sub-package with the yaml file to deploy
Mon Apr 8 13:24:07 CEST 2019 - kukuk@suse.de
- Update to flannel 0.11.0
- Drop standalone support, it's only for containers
- Drop use-32-prefix-udp-backend.patch, included upstream
Wed Dec 19 16:55:33 UTC 2018 - clee@suse.com
- Refactor go to go1.11 for BuildRequires
Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com
- Updated to a supported version of Go (due to security reasons)
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "go get -u"
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
Wed Dec 12 12:43:24 UTC 2018 - alvaro.saurin@suse.com
- Updated to a supported version of Go (due to security reasons)
Tue Jun 5 09:33:44 UTC 2018 - dcassany@suse.com
- Make use of %license macro
Tue May 29 11:11:34 UTC 2018 - rfernandezlopez@suse.com
- Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface
This avoids the kernel's creation of broadcast routes, which prevent
communication from the host with the zeroth subnet to containers on any
other hosts.
Fixes: bsc#1094364
Thu Feb 1 16:58:22 CET 2018 - ro@suse.de
- do not build on s390, only on s390x (no go on s390)
Mon Nov 27 09:28:36 UTC 2017 - opensuse-packaging@opensuse.org
- Update to version 0.9.1:
* kube: Update manifests to v0.9.1
* network/iptables: Add iptables rules to FORWARD chain
* kube-flannel.yml: Update to v0.9.0 and improve docs
* Update README.md
* Fix horrendous README typo
* Always ensure iptables masquerade rules are installed
* Makefile: Stop pulling the unused lib from kube-cross
* subnet/*: Remove unused reservations code
* use init container to install cni on flannel daemonset
Thu Nov 23 13:48:19 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
Tue Aug 29 08:27:54 UTC 2017 - mmeister@suse.com
- build with go1.8
this fixes the golang.org/x/net/context conflict
Thu Aug 24 07:56:44 UTC 2017 - vrothberg@suse.com
- Update to version 0.8.0:
* flannel reads from created subnet.env file on startup
* Fix a bug with the iface-regex that always returned an error
* Fix a bug where previously leased subnets would not update etcd leases
* main.go: Fix logging options
* Allow kube subnet manager to run outside of kubernetes
* Added ability to specify multiple ifaces and iface regexes
* Docs: Add kubernetes and troubleshooting info
* Update manifest to v0.8.0
Thu Aug 17 13:32:34 UTC 2017 - vrothberg@suse.com
- Fix bsc#1054097
* We need to patch the Version variable to align with the package version
* Do this by using `gofmt` (linker flags can't be set without changing the build)
Wed Apr 19 09:29:33 UTC 2017 - opensuse-packaging@opensuse.org
- Update to version 0.7.1:
* Add Kubernetes RBAC support
* vendor: Revendor with more sensible pinnings
* vendor: Make code compatible again
* Simplify rbac creation process
* Tolerate flannel running on master nodes
* backend/vxlan: Don't recreate vxlan device on flanneld restart
* backend/hostgw: Fix memory leak
* Build tar.gz for ppc64le, arm and arm64 arch
* kube-flannel: Add namespace for compatibility with RBAC rules
* Explicitly state operator: Exists for master node toleration - as tolleration defaults to Equal by default which will result in the non scheduling of flannel on the master nodes
* switch kube subnet manager to PATCH
* Bump k8s manifest version to v0.7.1
* Correct the image in the k8s manifest files
Fri Jan 20 15:53:14 UTC 2017 - opensuse-packaging@opensuse.org
- Update to version 0.7.0:
* version: bump to v0.5.3+git
* subnet: add infrastructure and tests for network watches
* Refactoring: single ctx and pull out LeaseRenewer
* Bug fix: remote mode errors out with bad backend type
* Use a map for backend lookups
* Split backend Init operation into New/Init and AddNetwork
* Fix etcd implementation of getNetworks()
* vendor: update etcd/client
* aws-vpc: migrate to official AWS SDK
* aws-vpc: use SDK to get metadata
* Add network package to testing
* Add/remove networks when registry changes
* bug fix: no specified networks still led to multi-network path
* Fix running multiple networks
* Fix network watches when subnets change
* Better handling of Ctrl+C
* Add UnregisterNetwork backend method
* Notify systemd service when server is ready to listen
* Fix/improve docs
* Masquerade host to flannel traffic.
* Change copyright from CoreOS to flannel authors
* remote: close response body during watch()
* Refactor the backend interfaces for multi-networks
* Go 1.5 compat change
* test: add license header check + missing headers
* travis: add logo to README, switch to go 1.4/1.5
* build: use `git describe` output in version
* file rename as separate commit for better diffs
* Use jonboulle/clockwork
* Have registry deal with subnet and not etcd types
* Actually track backends in the active map
* Fix subnet watch key creation
* Periodically retry getting initial networks
* Version embedding for Go 1.4 and 1.5
* Ability to revoke lease
* Add reservations to admin control subnet allocs
* Revendor netlink library
* Add mock etcd and etcd-backed registry testcases
* tests: fix bug due to random numbers being used
* Fixes a number of races
* backend/udp: bind to the advertised interface
* Add cli args for etcd basic auth
* MAINTAINERS: remove eyakubovich; add tomdee, philips, steveej
* DOCS: Add note to AWS docs about why it might be used
* BUILDS: Use vendor directory instead of Godeps
* Updating code.google.com/p/... dependencies
* Add glide file
* Add glide.lock and update GCE dependencies
* Support quorum read option
* vendor: bump netlink to latest master
* network/ipmasq: RETURN instead of ACCEPT to allowe other rules
* vendor: coreos/pkg: -> v2
* vendor: bump netlink to latest
* vxlan: support group-based policy
* scripts/build: compat header
* hostgw: Check existence of and compare routes before attempting to add/update them
* backend/hostgw: don't filter by LinkIndex
* BUILDS: Replace some shell scripts with Makefile
* deps: Update go-iptables version
* mk-docker-opts.sh: replace with busybox shell compatible version
* BUILDS: Overhaul build process
* vxlan: error on sysctl fail
* Fix a typo in format error.
* Makefile: Disable static builds of flanneld
* Makefile: Make the ARCH part of the tag name not the image name
* Builds: Insert libpthread into busybox images
* The docker daemon syntax change addressed
* Makefile: gzip the dist tar.gz file
* Add functional (end-to-end) testing
* README: Update build instructions
* Makefile: Push "latest" to flannel-git on quay.io
* Run e2e tests on travis
* glide: cfg change
* glide: add k8s deps
* fixup after etcd client update
* add kube backed subnet manager
* Update aws-vpc-backend.md
* README: Kubernetes rename
* Documentation: Fix sample kube-flannel config
* backend: do not log in Register
* Makefile: Push tags to flannel-git for all builds
* Makefile: clean before flannel-git build
* Makefile: Also push :latest for flannel-git
* Fixed #521: flanneld hang on at initialEvtsBatch := <-evts because of empty batch list in WatchLeases of subnet/watch.go
* Make the flannel daemonset multiarch
* aws-vpc: Fix crash when route has vpc-endpoints
* aws-vpc: remove "blackholes"
* deps: update aws-sdk version to latest stable
* backend: fixes and cleanups in awsvpc backend
* vxlan: user verbose logging macros
* subnet/kube: Use informer callbacks for lease events
* subnet/kube: wait for cache sync before using subnet manager
* network manager: Improve logging
* subnet/kube: modify a copy of node object, rather than the cached object
* Fix a typo in backend/vxlan/network.go
* Documention: Add information on leases and reservations
* e2e: Allow the backend list to be overridden
* backend/vxlan: Improve the comments and logging
* backend/vxlan: Set the netmask of the IP used for the vxlan device
* Add a flag to configure the subnet lease renewal margin. (#559)
* Replacing the user id with group id.
* Removing the -it flag from the docker build commands.
* Update kube-flannel.yaml
* Add note to readme about -kube-subnet-mgr
Fri Nov 18 08:53:01 UTC 2016 - opensuse-packaging@opensuse.org
- Update to version 0.5.5:
* Remove code dup and use coreos/pkg/flagutil
* version: bump to v0.5.3
* aws-vpc: migrate to official AWS SDK
* aws-vpc: use SDK to get metadata
* Notify systemd service when server is ready to listen
* Masquerade host to flannel traffic.
* remote: close response body during watch()
* version: bump to v0.5.4
* Bug fix: running out of memory with vxlan+bonding
* version: bump to v0.5.5
Wed Sep 14 10:10:05 UTC 2016 - opensuse-packaging@opensuse.org
- Update to version 0.6.1:
* Support quorum read option
* deps: Update go-iptables version
* mk-docker-opts.sh: replace with busybox shell compatible version
* BUILDS: Overhaul build process
* vxlan: error on sysctl fail
* Fix a typo in format error.
* Makefile: Disable static builds of flanneld
* Makefile: Make the ARCH part of the tag name not the image name
* Builds: Insert libpthread into busybox images
* Support VXLAN GBP
* Add cli args for etcd basic auth
* Add reservations to admin control subnet allocs
* Ability to revoke lease
* small docs changes
* overhaul of the build system
* improvements to stability and UX tweaks
* refactoring mainly driven by reservation support
Fri Jul 15 15:45:36 UTC 2016 - kstreitova@suse.com
- clean specfile by spec-cleaner
- change 'PreReq: %fillup_prereq' to 'Requires(post)'
Thu Jul 7 11:37:03 UTC 2016 - tboerger@suse.com
- Dropped rpmlintrc
- Refactoring of the spec based on golang-packaging
Wed Jul 6 14:12:51 UTC 2016 - msabate@suse.com
- Added go_provides
Wed Jul 6 13:24:52 UTC 2016 - msabate@suse.com
- Removed kernel-devel build requirement
I've also added golang-packaging as a build requirement and we will be using
the %{go_nostrip} macro from that package. Moreover, I've done some minor
improvements here and there.
Tue Jul 5 09:27:54 UTC 2016 - cbrauner@suse.com
- add %ghost instruction: Files that are put into /run should be generated on
the fly during runtime. To prevent them from getting installed we use
Tue Jul 5 09:16:42 UTC 2016 - cbrauner@suse.com
- add _constraints file to get more disk space on aarch64
Tue Mar 22 14:35:36 UTC 2016 - fcastelli@suse.com
- Fix issue inside of systemd unit file
Mon Mar 21 21:50:17 UTC 2016 - fcastelli@suse.com
- First release v0.5.5
Normal file
Normal file
@ -0,0 +1,4 @@
name: flannel
version: 0.26.4
mtime: 1738660448
commit: c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6
Normal file
Normal file
@ -0,0 +1,101 @@
# spec file for package flannel
# Copyright (c) 2017, 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
# Use Tumbleweed Kubic containers
%define flannel_container_path registry.opensuse.org/kubic/flannel
Name: flannel
Version: 0.26.4
Release: 0
Summary: An etcd backed network fabric for containers
License: Apache-2.0
Group: System/Management
Url: https://github.com/flannel-io/flannel
Source0: flannel-%{version}.tar.gz
Source1: vendor.tar.gz
Requires: iproute2
Requires: iptables
BuildRequires: golang-packaging
BuildRequires: golang(API) >= 1.23
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExcludeArch: s390
flannel is a virtual network that gives a subnet to each host for use with
container runtimes.
Platforms like Google's Kubernetes assume that each container (pod) has a
unique, routable IP address inside the cluster. The advantage of this model is that it
reduces the complexity of doing port mapping.
This package contains the binary to be included into a container image
%package k8s-yaml
Summary: Kubernetes yaml file to run flannel container
Group: System/Management
BuildArch: noarch
%description k8s-yaml
This package contains the yaml file requried to download and run the
flannel container in a kubernetes cluster.
flannel is a virtual network that gives a subnet to each host for use with
container runtimes.
Platforms like Google's Kubernetes assume that each container (pod) has a
unique, routable IP address inside the cluster. The advantage of this model is that it
reduces the complexity of doing port mapping.
%setup -q -a1 -n flannel-%{version}
%define project github.com/flannel-io/flannel
CGO_ENABLED=1 go build -mod=vendor -v -buildmode=pie -o dist/flanneld \
-ldflags '-s -w -X github.com/flannel-io/flannel/pkg/version.Version=v%{version}'
rm -rf %{buildroot}/%{_libdir}/go/contrib
# move the binary
install -D -m 0755 dist/flanneld %{buildroot}%{_sbindir}/flanneld
# Install provided yaml file to download and run the flannel container
mkdir -p %{buildroot}%{_datadir}/k8s-yaml/flannel
install -m 0644 Documentation/kube-flannel.yml %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
sed -i -e 's|image: docker.io/flannel/flannel:.*|image: %{flannel_container_path}:%{version}|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
sed -i -e 's|/opt/bin/flanneld|/usr/sbin/flanneld|g' %{buildroot}%{_datadir}/k8s-yaml/flannel/kube-flannel.yaml
%doc README.md DCO
%license LICENSE
%files k8s-yaml
%dir %{_datarootdir}/k8s-yaml
%dir %{_datarootdir}/k8s-yaml/flannel
Normal file
Normal file
@ -0,0 +1,223 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
name: psp.flannel.unprivileged
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
privileged: false
- configMap
- secret
- emptyDir
- hostPath
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
rule: RunAsAny
rule: RunAsAny
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
- min: 0
max: 65535
# SELinux
# SELinux is unused in CaaSP
rule: 'RunAsAny'
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
name: flannel
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
- pods
- get
- apiGroups:
- ""
- nodes
- list
- watch
- apiGroups:
- ""
- nodes/status
- patch
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
name: flannel
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
- kind: ServiceAccount
name: flannel
namespace: kube-system
apiVersion: v1
kind: ServiceAccount
name: flannel
namespace: kube-system
kind: ConfigMap
apiVersion: v1
name: kube-flannel-cfg
namespace: kube-system
tier: node
app: flannel
cni-conf.json: |
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
"type": "portmap",
"capabilities": {
"portMappings": true
net-conf.json: |
"Network": "",
"Backend": {
"Type": "vxlan"
apiVersion: apps/v1
kind: DaemonSet
name: kube-flannel-ds
namespace: kube-system
tier: node
app: flannel
app: flannel
tier: node
app: flannel
- matchExpressions:
- key: kubernetes.io/os
operator: In
- linux
hostNetwork: true
priorityClassName: system-node-critical
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
- name: install-cni
image: quay.io/coreos/flannel:v0.14.0
- cp
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: kube-flannel
image: quay.io/coreos/flannel:v0.14.0
- /opt/bin/flanneld
- --ip-masq
- --kube-subnet-mgr
cpu: "100m"
memory: "50Mi"
cpu: "100m"
memory: "50Mi"
privileged: false
add: ["NET_ADMIN", "NET_RAW"]
- name: POD_NAME
fieldPath: metadata.name
fieldPath: metadata.namespace
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: run
path: /run/flannel
- name: cni
path: /etc/cni/net.d
- name: flannel-cfg
name: kube-flannel-cfg
(Stored with Git LFS)
Normal file
(Stored with Git LFS)
Normal file
Binary file not shown.
Reference in New Issue
Block a user