Merge pull request #282 from manuelbuil/update-cilium

Update Cilium and remove the node-init daemonSet
2022-08-18 10:36:27 +02:00 · 2022-08-18 10:36:27 +02:00 · 0ad9cba46f
parent 64be947c04 6e62c2be06
commit 0ad9cba46f
6 changed files with 24 additions and 126 deletions
--- a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch
@ -2,7 +2,7 @@
 +++ charts/Chart.yaml
@@ -106,8 +106,7 @@
 apiVersion: v2
- appVersion: 1.12.0
+ appVersion: 1.12.1
 description: eBPF-based Networking, Security, and Observability
 -home: https://cilium.io/
 -icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.12/Documentation/images/logo-solo.svg
@ -19,4 +19,4 @@
 sources:
 -- https://github.com/cilium/cilium
 +- https://github.com/rancher/rke2-charts
- version: 1.12.0
+ version: 1.12.1
--- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch
+++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch
@ -12,7 +12,7 @@
 {{- if and (.Values.agent) (not .Values.preflight.enabled) }}
 {{- /*  Default values with backwards compatibility */ -}}
 {{- $defaultEnableCnpStatusUpdates := "true" -}}
-@@ -220,7 +228,11 @@
+@@ -221,7 +229,11 @@
 
   # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
   # address.
@ -25,7 +25,7 @@
 
 {{- if .Values.cleanState }}
   # If a serious issue occurs during Cilium startup, this
-@@ -386,6 +398,8 @@
+@@ -387,6 +399,8 @@
   enable-local-node-route: "false"
 {{- else if .Values.aksbyocni.enabled }}
   tunnel: "vxlan"
@ -34,7 +34,7 @@
 {{- else }}
   tunnel: {{ .Values.tunnel | quote }}
 {{- end }}
-@@ -545,6 +559,8 @@
+@@ -539,6 +553,8 @@
 
 {{- if hasKey .Values "ipv6NativeRoutingCIDR" }}
   ipv6-native-routing-cidr: {{ .Values.ipv6NativeRoutingCIDR }}
--- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch
+++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch
@ -1,11 +1,11 @@
 --- charts-original/templates/cilium-nodeinit/daemonset.yaml
 +++ charts/templates/cilium-nodeinit/daemonset.yaml
-@@ -45,7 +45,7 @@
-         name: xtables-lock
+@@ -39,7 +39,7 @@
+       {{- end }}
       containers:
         - name: node-init
 -          image: {{ include "cilium.image" .Values.nodeinit.image | quote }}
 +          image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.nodeinit.image }}"
           imagePullPolicy: {{ .Values.nodeinit.image.pullPolicy }}
-           volumeMounts:
-             # To access iptables concurrently with other processes (e.g. kube-proxy)
+           lifecycle:
+             {{- if .Values.eni.enabled }}
--- a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch
+++ b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch
@ -6,10 +6,10 @@
   override: ~
 -  repository: "quay.io/cilium/cilium"
 +  repository: "rancher/mirrored-cilium-cilium"
-   tag: "v1.12.0"
+   tag: "v1.12.1"
   pullPolicy: "IfNotPresent"
 -  # cilium-digest
-  digest: "sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
+-  digest: "sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b"
 -  useDigest: true
 +  useDigest: false
 
@ -33,7 +33,7 @@
   operator:
     # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
     # IPv4 CIDR range to delegate to individual nodes for IPAM.
-@@ -1335,7 +1333,7 @@
+@@ -1327,7 +1325,7 @@
 
 # -- Configure prometheus metrics on the configured port at /metrics
 prometheus:
@ -42,27 +42,27 @@
   port: 9962
   serviceMonitor:
     # -- Enable service monitors.
-@@ -1531,17 +1529,9 @@
+@@ -1523,17 +1521,9 @@
   # -- cilium-operator image.
   image:
     override: ~
 -    repository: "quay.io/cilium/operator"
 +    repository: "rancher/mirrored-cilium-operator"
-     tag: "v1.12.0"
+     tag: "v1.12.1"
 -    # operator-generic-digest
-    genericDigest: "sha256:bb2a42eda766e5d4a87ee8a5433f089db81b72dd04acf6b59fcbb445a95f9410"
+-    genericDigest: "sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1"
 -    # operator-azure-digest
-    azureDigest: "sha256:98ffa2c8ebff33d4e91762fb57d4c36f152bb044c4e2141e15362cf95ecc24ba"
+-    azureDigest: "sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac"
 -    # operator-aws-digest
-    awsDigest: "sha256:cb73df18b03b4fc914c80045d0ddb6c9256972449382e3c4b294fd9c371ace22"
+-    awsDigest: "sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3"
 -    # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:93dddf88e92119a141a913b44ab9cb909f19b9a7bf01e30b98c1e8afeec51cd5"
+-    alibabacloudDigest: "sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58"
 -    useDigest: true
 +    useDigest: false
     pullPolicy: "IfNotPresent"
     suffix: ""
 
-@@ -1653,7 +1643,7 @@
+@@ -1645,7 +1635,7 @@
   # -- Enable prometheus metrics for cilium-operator on the configured port at
   # /metrics
   prometheus:
@ -71,36 +71,21 @@
     port: 9963
     serviceMonitor:
       # -- Enable service monitors.
-@@ -1684,12 +1674,12 @@
- 
- nodeinit:
-   # -- Enable the node initialization DaemonSet
-  enabled: false
-+  enabled: true
- 
-   # -- node-init image.
-   image:
-     override: ~
-    repository: "quay.io/cilium/startup-script"
-+    repository: "rancher/mirrored-cilium-startup-script"
-     tag: "d69851597ea019af980891a4628fb36b7880ec26"
-     pullPolicy: "IfNotPresent"
- 
-@@ -1764,11 +1754,9 @@
+@@ -1756,11 +1746,9 @@
   # -- Cilium pre-flight image.
   image:
     override: ~
 -    repository: "quay.io/cilium/cilium"
 +    repository: "rancher/mirrored-cilium-cilium"
-     tag: "v1.12.0"
+     tag: "v1.12.1"
 -    # cilium-digest
-    digest: "sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
+-    digest: "sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b"
 -    useDigest: true
 +    useDigest: false
     pullPolicy: "IfNotPresent"
 
   # -- The priority class to use for the preflight pod.
-@@ -2118,3 +2106,6 @@
+@@ -2110,3 +2098,6 @@
   proxyPort: 0
   # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information.
   proxyResponseMaxDelay: 100ms
--- a/packages/rke2-cilium/generated-changes/patch/values.yaml.tmpl.patch
+++ b/packages/rke2-cilium/generated-changes/patch/values.yaml.tmpl.patch
@ -1,87 +0,0 @@
--- charts-original/values.yaml.tmpl
-+++ charts/values.yaml.tmpl
-@@ -89,8 +89,6 @@
-   repository: "${CILIUM_REPO}"
-   tag: "${CILIUM_VERSION}"
-   pullPolicy: "${PULL_POLICY}"
-  # cilium-digest
-  digest: ${CILIUM_DIGEST}
-   useDigest: ${USE_DIGESTS}
- 
- # -- Affinity for cilium-agent.
-@@ -645,7 +643,7 @@
- 
- hubble:
-   # -- Enable Hubble (true by default).
-  enabled: true
-+  enabled: false
- 
-   # -- Buffer size of the channel Hubble uses to receive monitor events. If this
-   # value is not set, the queue size is set to the default monitor queue size.
-@@ -1102,7 +1100,7 @@
- ipam:
-   # -- Configure IP Address Management mode.
-   # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
-  mode: "cluster-pool"
-+  mode: "kubernetes"
-   operator:
-     # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
-     # IPv4 CIDR range to delegate to individual nodes for IPAM.
-@@ -1332,7 +1330,7 @@
- 
- # -- Configure prometheus metrics on the configured port at /metrics
- prometheus:
-  enabled: false
-+  enabled: true
-   port: 9962
-   serviceMonitor:
-     # -- Enable service monitors.
-@@ -1530,14 +1528,6 @@
-     override: ~
-     repository: "${CILIUM_OPERATOR_BASE_REPO}"
-     tag: "${CILIUM_VERSION}"
-    # operator-generic-digest
-    genericDigest: ${OPERATOR_GENERIC_DIGEST}
-    # operator-azure-digest
-    azureDigest: ${OPERATOR_AZURE_DIGEST}
-    # operator-aws-digest
-    awsDigest: ${OPERATOR_AWS_DIGEST}
-    # operator-alibabacloud-digest
-    alibabacloudDigest: ${OPERATOR_ALIBABACLOUD_DIGEST}
-     useDigest: ${USE_DIGESTS}
-     pullPolicy: "${PULL_POLICY}"
-     suffix: "${CILIUM_OPERATOR_SUFFIX}"
-@@ -1650,7 +1640,7 @@
-   # -- Enable prometheus metrics for cilium-operator on the configured port at
-   # /metrics
-   prometheus:
-    enabled: false
-+    enabled: true
-     port: 9963
-     serviceMonitor:
-       # -- Enable service monitors.
-@@ -1681,7 +1671,7 @@
- 
- nodeinit:
-   # -- Enable the node initialization DaemonSet
-  enabled: false
-+  enabled: true
- 
-   # -- node-init image.
-   image:
-@@ -1763,8 +1753,6 @@
-     override: ~
-     repository: "${CILIUM_REPO}"
-     tag: "${CILIUM_VERSION}"
-    # cilium-digest
-    digest: ${CILIUM_DIGEST}
-     useDigest: ${USE_DIGESTS}
-     pullPolicy: "${PULL_POLICY}"
- 
-@@ -2115,3 +2103,6 @@
-   proxyPort: 0
-   # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information.
-   proxyResponseMaxDelay: 100ms
-+
-+global:
-+  systemDefaultRegistry: ""
--- a/packages/rke2-cilium/package.yaml
+++ b/packages/rke2-cilium/package.yaml
@ -1,2 +1,2 @@
-url: https://helm.cilium.io/cilium-1.12.0.tgz
+url: https://helm.cilium.io/cilium-1.12.1.tgz
 packageVersion: 01