------------------------------------------------------------------- Wed Apr 28 13:20:33 UTC 2021 - Ralf Haferkamp - Sync manifest with upstream (0.13.0 release). Includes the following changes: * Fix typo and invalid indent in kube-flannel.yml * Use stable os and arch label for node * set priorityClassName to system-node-critical * Add NET_RAW capability to support cri-o * Use multi-arch Docker images in the Kubernetes manifest ------------------------------------------------------------------- Wed Mar 17 01:25:43 UTC 2021 - Jeff Kowalczyk - Set GO111MODULE=auto to build with go1.16+ * Default changed to GO111MODULE=on in go1.16 * Set temporarily until using upstream version with go.mod ------------------------------------------------------------------- Fri Feb 26 09:43:39 UTC 2021 - Alexandre Vicenzi - update to 0.13.0: * Use multi-arch Docker images in the Kubernetes manifest * Accept existing XMRF policies and update them intead of raising errors * Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64 * Use "docker manifest" to publish multi-arch Docker images * Add NET_RAW capability to support cri-o * remove glide * switch to go modules * Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers * documentation: set priorityClassName to system-node-critical * Added a hint for firewall rules * Disabling ipv6 accept_ra explicitely on the created interface * use alpine 3.12 everywhere * windows: replace old netsh (rakelkar/gonetsh) with powershell commands * fix CVE-2019-14697 * Bugfix: VtepMac would be empty when lease re-acquire for windows * Use stable os and arch label for node * doc(awsvpc): correct the required permissions ------------------------------------------------------------------- Sun Aug 16 17:14:50 UTC 2020 - Dirk Mueller - update to 0.12.0: * fix deleteLease * Use publicIP lookup iface if --public-ip indicated * kubernetes 1.16 cni error * Add cniVersion to general CNI plugin configuration. * Needs to clear NodeNetworkUnavailable flag on Kubernetes * Replaces gorillalabs go-powershell with bhendo/go-powershell * Make VXLAN device learning attribute configurable * change nodeSelector to nodeAffinity and schedule the pod to linux node * This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap * EnableNonPersistent flag for Windows Overlay networks * snap package. * Update lease with DR Mac * main.go: add the "net-config-path" flag * Deploy Flannel with unprivileged PSP * Enable local host to local pod connectivity in Windows VXLAN * Update hcsshim for HostRoute policy in Windows VXLAN ------------------------------------------------------------------- Tue Oct 29 13:30:38 UTC 2019 - Guillaume GARDET - Use Tumbleweed Kubic flannel containers instead of devel:kubic containers. This fixes aarch64 and ppc64* (boo#1152185) ------------------------------------------------------------------- Fri Oct 11 07:46:20 UTC 2019 - Fabian Vogt - It's apps/v1, not apps/v1beta1 - Fix some more typos ------------------------------------------------------------------- Thu Oct 10 15:03:40 UTC 2019 - Richard Brown - Fix typo in updated flannel manifest ------------------------------------------------------------------- Thu Oct 10 13:45:11 UTC 2019 - Richard Brown - Update flannel manifest to match upstream and support k8s 1.16 API ------------------------------------------------------------------- Fri Jul 19 10:56:20 CEST 2019 - kukuk@suse.de - Set cni version in flannel manifest ------------------------------------------------------------------- Thu Jul 18 09:06:33 UTC 2019 - Thorsten Kukuk - Use current kube-flannel.yaml from git to fix DNS problems ------------------------------------------------------------------- Sun Jun 9 15:24:02 UTC 2019 - Jan Engelhardt - Add missing words in descriptions. ------------------------------------------------------------------- Thu Jun 6 15:57:32 CEST 2019 - kukuk@suse.de - Fix path of flanneld in yaml file - Cleanup filelist ------------------------------------------------------------------- Tue Apr 9 11:45:05 CEST 2019 - kukuk@suse.de - Require minimal set of used network utilities ------------------------------------------------------------------- Mon Apr 8 13:56:16 CEST 2019 - kukuk@suse.de - Add flannel-k8s-yaml sub-package with the yaml file to deploy flannel. ------------------------------------------------------------------- Mon Apr 8 13:24:07 CEST 2019 - kukuk@suse.de - Update to flannel 0.11.0 - Drop standalone support, it's only for containers - Drop use-32-prefix-udp-backend.patch, included upstream ------------------------------------------------------------------- Wed Dec 19 16:55:33 UTC 2018 - clee@suse.com - Refactor go to go1.11 for BuildRequires ------------------------------------------------------------------- Wed Dec 19 01:18:01 UTC 2018 - clee@suse.com - Updated to a supported version of Go (due to security reasons) * bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during "go get -u" * bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths * bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service ------------------------------------------------------------------- Wed Dec 12 12:43:24 UTC 2018 - alvaro.saurin@suse.com - Updated to a supported version of Go (due to security reasons) ------------------------------------------------------------------- Tue Jun 5 09:33:44 UTC 2018 - dcassany@suse.com - Make use of %license macro ------------------------------------------------------------------- Tue May 29 11:11:34 UTC 2018 - rfernandezlopez@suse.com - Add use-32-prefix-udp-backend.patch: backend/udp: Use a /32 prefix for the flannel0 interface This avoids the kernel's creation of broadcast routes, which prevent communication from the host with the zeroth subnet to containers on any other hosts. Fixes: bsc#1094364 ------------------------------------------------------------------- Thu Feb 1 16:58:22 CET 2018 - ro@suse.de - do not build on s390, only on s390x (no go on s390) ------------------------------------------------------------------- Mon Nov 27 09:28:36 UTC 2017 - opensuse-packaging@opensuse.org - Update to version 0.9.1: * kube: Update manifests to v0.9.1 * network/iptables: Add iptables rules to FORWARD chain * kube-flannel.yml: Update to v0.9.0 and improve docs * Update README.md * Fix horrendous README typo * Always ensure iptables masquerade rules are installed * Makefile: Stop pulling the unused lib from kube-cross * subnet/*: Remove unused reservations code * use init container to install cni on flannel daemonset ------------------------------------------------------------------- Thu Nov 23 13:48:19 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Tue Aug 29 08:27:54 UTC 2017 - mmeister@suse.com - build with go1.8 this fixes the golang.org/x/net/context conflict ------------------------------------------------------------------- Thu Aug 24 07:56:44 UTC 2017 - vrothberg@suse.com - Update to version 0.8.0: * flannel reads from created subnet.env file on startup * Fix a bug with the iface-regex that always returned an error * Fix a bug where previously leased subnets would not update etcd leases * main.go: Fix logging options * Allow kube subnet manager to run outside of kubernetes * Added ability to specify multiple ifaces and iface regexes * Docs: Add kubernetes and troubleshooting info * Update manifest to v0.8.0 ------------------------------------------------------------------- Thu Aug 17 13:32:34 UTC 2017 - vrothberg@suse.com - Fix bsc#1054097 * We need to patch the Version variable to align with the package version * Do this by using `gofmt` (linker flags can't be set without changing the build) ------------------------------------------------------------------- Wed Apr 19 09:29:33 UTC 2017 - opensuse-packaging@opensuse.org - Update to version 0.7.1: * Add Kubernetes RBAC support * vendor: Revendor with more sensible pinnings * vendor: Make code compatible again * Simplify rbac creation process * Tolerate flannel running on master nodes * backend/vxlan: Don't recreate vxlan device on flanneld restart * backend/hostgw: Fix memory leak * Build tar.gz for ppc64le, arm and arm64 arch * kube-flannel: Add namespace for compatibility with RBAC rules * Explicitly state operator: Exists for master node toleration - as tolleration defaults to Equal by default which will result in the non scheduling of flannel on the master nodes * switch kube subnet manager to PATCH * Bump k8s manifest version to v0.7.1 * Correct the image in the k8s manifest files ------------------------------------------------------------------- Fri Jan 20 15:53:14 UTC 2017 - opensuse-packaging@opensuse.org - Update to version 0.7.0: * version: bump to v0.5.3+git * subnet: add infrastructure and tests for network watches * Refactoring: single ctx and pull out LeaseRenewer * Bug fix: remote mode errors out with bad backend type * Use a map for backend lookups * Split backend Init operation into New/Init and AddNetwork * Fix etcd implementation of getNetworks() * vendor: update etcd/client * aws-vpc: migrate to official AWS SDK * aws-vpc: use SDK to get metadata * Add network package to testing * Add/remove networks when registry changes * bug fix: no specified networks still led to multi-network path * Fix running multiple networks * Fix network watches when subnets change * Better handling of Ctrl+C * Add UnregisterNetwork backend method * Notify systemd service when server is ready to listen * Fix/improve docs * Masquerade host to flannel traffic. * Change copyright from CoreOS to flannel authors * remote: close response body during watch() * Refactor the backend interfaces for multi-networks * Go 1.5 compat change * test: add license header check + missing headers * travis: add logo to README, switch to go 1.4/1.5 * build: use `git describe` output in version * file rename as separate commit for better diffs * Use jonboulle/clockwork * Have registry deal with subnet and not etcd types * Actually track backends in the active map * Fix subnet watch key creation * Periodically retry getting initial networks * Version embedding for Go 1.4 and 1.5 * Ability to revoke lease * Add reservations to admin control subnet allocs * Revendor netlink library * Add mock etcd and etcd-backed registry testcases * tests: fix bug due to random numbers being used * Fixes a number of races * backend/udp: bind to the advertised interface * Add cli args for etcd basic auth * MAINTAINERS: remove eyakubovich; add tomdee, philips, steveej * DOCS: Add note to AWS docs about why it might be used * BUILDS: Use vendor directory instead of Godeps * Updating code.google.com/p/... dependencies * Add glide file * Add glide.lock and update GCE dependencies * Support quorum read option * vendor: bump netlink to latest master * network/ipmasq: RETURN instead of ACCEPT to allowe other rules * vendor: coreos/pkg: -> v2 * vendor: bump netlink to latest * vxlan: support group-based policy * scripts/build: compat header * hostgw: Check existence of and compare routes before attempting to add/update them * backend/hostgw: don't filter by LinkIndex * BUILDS: Replace some shell scripts with Makefile * deps: Update go-iptables version * mk-docker-opts.sh: replace with busybox shell compatible version * BUILDS: Overhaul build process * vxlan: error on sysctl fail * Fix a typo in format error. * Makefile: Disable static builds of flanneld * Makefile: Make the ARCH part of the tag name not the image name * Builds: Insert libpthread into busybox images * The docker daemon syntax change addressed * Makefile: gzip the dist tar.gz file * Add functional (end-to-end) testing * README: Update build instructions * Makefile: Push "latest" to flannel-git on quay.io * Run e2e tests on travis * glide: cfg change * glide: add k8s deps * fixup after etcd client update * add kube backed subnet manager * Update aws-vpc-backend.md * README: Kubernetes rename * Documentation: Fix sample kube-flannel config * backend: do not log in Register * Makefile: Push tags to flannel-git for all builds * Makefile: clean before flannel-git build * Makefile: Also push :latest for flannel-git * Fixed #521: flanneld hang on at initialEvtsBatch := <-evts because of empty batch list in WatchLeases of subnet/watch.go * Make the flannel daemonset multiarch * aws-vpc: Fix crash when route has vpc-endpoints * aws-vpc: remove "blackholes" * deps: update aws-sdk version to latest stable * backend: fixes and cleanups in awsvpc backend * vxlan: user verbose logging macros * subnet/kube: Use informer callbacks for lease events * subnet/kube: wait for cache sync before using subnet manager * network manager: Improve logging * subnet/kube: modify a copy of node object, rather than the cached object * Fix a typo in backend/vxlan/network.go * Documention: Add information on leases and reservations * e2e: Allow the backend list to be overridden * backend/vxlan: Improve the comments and logging * backend/vxlan: Set the netmask of the IP used for the vxlan device * Add a flag to configure the subnet lease renewal margin. (#559) * Replacing the user id with group id. * Removing the -it flag from the docker build commands. * Update kube-flannel.yaml * Add note to readme about -kube-subnet-mgr ------------------------------------------------------------------- Fri Nov 18 08:53:01 UTC 2016 - opensuse-packaging@opensuse.org - Update to version 0.5.5: * Remove code dup and use coreos/pkg/flagutil * version: bump to v0.5.3 * aws-vpc: migrate to official AWS SDK * aws-vpc: use SDK to get metadata * Notify systemd service when server is ready to listen * Masquerade host to flannel traffic. * remote: close response body during watch() * version: bump to v0.5.4 * Bug fix: running out of memory with vxlan+bonding * version: bump to v0.5.5 ------------------------------------------------------------------- Wed Sep 14 10:10:05 UTC 2016 - opensuse-packaging@opensuse.org - Update to version 0.6.1: * Support quorum read option * deps: Update go-iptables version * mk-docker-opts.sh: replace with busybox shell compatible version * BUILDS: Overhaul build process * vxlan: error on sysctl fail * Fix a typo in format error. * Makefile: Disable static builds of flanneld * Makefile: Make the ARCH part of the tag name not the image name * Builds: Insert libpthread into busybox images * Support VXLAN GBP * Add cli args for etcd basic auth * Add reservations to admin control subnet allocs * Ability to revoke lease * small docs changes * overhaul of the build system * improvements to stability and UX tweaks * refactoring mainly driven by reservation support ------------------------------------------------------------------- Fri Jul 15 15:45:36 UTC 2016 - kstreitova@suse.com - clean specfile by spec-cleaner - change 'PreReq: %fillup_prereq' to 'Requires(post)' ------------------------------------------------------------------- Thu Jul 7 11:37:03 UTC 2016 - tboerger@suse.com - Dropped rpmlintrc - Refactoring of the spec based on golang-packaging ------------------------------------------------------------------- Wed Jul 6 14:12:51 UTC 2016 - msabate@suse.com - Added go_provides ------------------------------------------------------------------- Wed Jul 6 13:24:52 UTC 2016 - msabate@suse.com - Removed kernel-devel build requirement I've also added golang-packaging as a build requirement and we will be using the %{go_nostrip} macro from that package. Moreover, I've done some minor improvements here and there. ------------------------------------------------------------------- Tue Jul 5 09:27:54 UTC 2016 - cbrauner@suse.com - add %ghost instruction: Files that are put into /run should be generated on the fly during runtime. To prevent them from getting installed we use %ghost. ------------------------------------------------------------------- Tue Jul 5 09:16:42 UTC 2016 - cbrauner@suse.com - add _constraints file to get more disk space on aarch64 ------------------------------------------------------------------- Tue Mar 22 14:35:36 UTC 2016 - fcastelli@suse.com - Fix issue inside of systemd unit file ------------------------------------------------------------------- Mon Mar 21 21:50:17 UTC 2016 - fcastelli@suse.com - First release v0.5.5