diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go index 0007581ded7e..0c545d5323bb 100644 --- a/pkg/constant/constant.go +++ b/pkg/constant/constant.go @@ -92,7 +92,7 @@ const ( EnvoyProxyImage = "quay.io/k0sproject/envoy-distroless" EnvoyProxyImageVersion = "v1.31.5" CalicoImage = "quay.io/k0sproject/calico-cni" - CalicoComponentImagesVersion = "v3.29.1-0" + CalicoComponentImagesVersion = "v3.29.2-0" CalicoNodeImage = "quay.io/k0sproject/calico-node" KubeControllerImage = "quay.io/k0sproject/calico-kube-controllers" KubeRouterCNIImage = "quay.io/k0sproject/kube-router" diff --git a/static/manifests/calico/ClusterRole/calico-kube-controllers.yaml b/static/manifests/calico/ClusterRole/calico-kube-controllers.yaml index 2215c84bba0a..e54cd60a83ca 100644 --- a/static/manifests/calico/ClusterRole/calico-kube-controllers.yaml +++ b/static/manifests/calico/ClusterRole/calico-kube-controllers.yaml @@ -1,5 +1,7 @@ --- # Source: calico/templates/calico-kube-controllers-rbac.yaml +# assuming datastore == "kubernetes" +# # Include a clusterrole for the kube-controllers component, # and bind it to the calico-kube-controllers serviceaccount. kind: ClusterRole @@ -34,6 +36,7 @@ rules: - blockaffinities - ipamblocks - ipamhandles + - tiers verbs: - get - list @@ -75,6 +78,7 @@ rules: verbs: # read its own config - get + - list # create a default if none exists - create # update status diff --git a/static/manifests/calico/CustomResourceDefinition/bgpconfigurations.crd.projectcalico.org.yaml b/static/manifests/calico/CustomResourceDefinition/bgpconfigurations.crd.projectcalico.org.yaml index a51a3d87b249..795602b9fc05 100644 --- a/static/manifests/calico/CustomResourceDefinition/bgpconfigurations.crd.projectcalico.org.yaml +++ b/static/manifests/calico/CustomResourceDefinition/bgpconfigurations.crd.projectcalico.org.yaml @@ -101,8 +101,14 @@ spec: a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: description: Specify whether the Secret or its key must be diff --git a/static/manifests/calico/CustomResourceDefinition/bgppeers.crd.projectcalico.org.yaml b/static/manifests/calico/CustomResourceDefinition/bgppeers.crd.projectcalico.org.yaml index f7627515ea6f..a92a16a9d364 100644 --- a/static/manifests/calico/CustomResourceDefinition/bgppeers.crd.projectcalico.org.yaml +++ b/static/manifests/calico/CustomResourceDefinition/bgppeers.crd.projectcalico.org.yaml @@ -80,8 +80,14 @@ spec: a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: description: Specify whether the Secret or its key must be