Merge "Enable usage of calicoq utility"

calicoctl-utility/templates/bin/_utilscli-sudo.tpl

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-nobody ALL = (root) NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
+nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
   UNIX-RECV\:/dev/log\,reuseaddr stdout, \
   /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
   /usr/local/bin/calicoctl version

calicoctl-utility/templates/bin/_utilscli.tpl

@@ -15,4 +15,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-sudo /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
+sudo -E /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*

calicoctl-utility/templates/deployment-calicoctl-utility.yaml

@@ -95,7 +95,13 @@ spec:
           readinessProbe:
             exec:
               command:
+              {{- if .Values.conf.utility.match_versions }}
                 - /usr/local/bin/version_check.sh
+              {{- else }}
+                - sudo
+                - calicoctl
+                - version
+              {{- end }}
             initialDelaySeconds: 5
             periodSeconds: 15
           livenessProbe:

calicoctl-utility/values.yaml

@@ -170,6 +170,7 @@ conf:
 
       calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
       calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
+      calicoq_00: CommandFilter, calicoq, root
   calicoctl_rootwrap:
     DEFAULT:
       # Configuration for calicoctl-rootwrap
@@ -197,6 +198,9 @@ conf:
     # Set to true for development sites,
     # Set to false otherwise
     always_log_user: true
+    # Specify whether we need to check for exact match of calicoctl and cluster
+    # versions during readiness probe
+    match_versions: false
 
 manifests:
   configmap_bin: true