Merge pull request #5037 from ozdanborne/calico-2.4

Bump Calico to v2.4.1

roles/calico/README.md

@@ -6,12 +6,6 @@ Configure Calico components for the Master host.
 
 * Ansible 2.2
 
-## Warning: This Calico Integration is in Alpha
-
-Calico shares the etcd instance used by OpenShift, and distributes client etcd certificates to each node.
-For this reason, **we do not (yet) recommend running Calico on any production-like
-cluster, or using it for any purpose besides early access testing.**
-
 ## Installation
 
 To install, set the following inventory configuration parameters:
@@ -20,7 +14,19 @@ To install, set the following inventory configuration parameters:
 * `openshift_use_openshift_sdn=False`
 * `os_sdn_network_plugin_name='cni'`
 
-## Additional Calico/Node and Felix Configuration Options
+For more information, see [Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd)
+
+## Improving security with BYO-etcd
+
+By default, Calico uses the etcd set up by OpenShift. To accomplish this, it generates and distributes client etcd certificates to each node.
+Distributing these certs across the cluster in this way weakens the overall security,
+so Calico should not be deployed in production in this mode.
+
+Instead, Calico can be installed in BYO-etcd mode, where it connects to an externally
+set up etcd. For information on deploying Calico in BYO-etcd mode, see 
+[Calico's official OpenShift Installation Documentation](https://docs.projectcalico.org/latest/getting-started/openshift/installation#bring-your-own-etcd)
+
+## Calico Configuration Options
 
 Additional parameters that can be defined in the inventory are:
 

roles/calico/defaults/main.yaml

@@ -5,11 +5,11 @@ cni_conf_dir: "/etc/cni/net.d/"
 cni_bin_dir: "/opt/cni/bin/"
 cni_url: "https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-amd64-v0.5.2.tgz"
 
-calico_url_cni: "https://github.com/projectcalico/cni-plugin/releases/download/v1.8.3/calico"
-calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/v1.8.3/calico-ipam"
+calico_url_cni: "https://github.com/projectcalico/cni-plugin/releases/download/v1.10.0/calico"
+calico_url_ipam: "https://github.com/projectcalico/cni-plugin/releases/download/v1.10.0/calico-ipam"
 
 calico_ipv4pool_ipip: "always"
 calico_ipv4pool_cidr: "192.168.0.0/16"
 
 calico_log_dir: "/var/log/calico"
-calico_node_image: "calico/node:v1.2.1"
+calico_node_image: "calico/node:v2.4.1"

roles/calico_master/defaults/main.yaml

@@ -3,5 +3,5 @@ kubeconfig: "{{ openshift.common.config_base }}/master/openshift-master.kubeconf
 
 calicoctl_bin_dir: "/usr/local/bin/"
 
-calico_url_calicoctl: "https://github.com/projectcalico/calicoctl/releases/download/v1.1.3/calicoctl"
-calico_url_policy_controller: "quay.io/calico/kube-policy-controller:v0.5.4"
+calico_url_calicoctl: "https://github.com/projectcalico/calicoctl/releases/download/v1.4.0/calicoctl"
+calico_url_policy_controller: "quay.io/calico/kube-policy-controller:v0.7.0"