From 12fe6a3ff6e9d34dd94b635d4b8c1c919ff61bc2 Mon Sep 17 00:00:00 2001 From: actions <actions@github.com> Date: Thu, 13 May 2021 00:03:19 +0000 Subject: [PATCH] rke2-canal: fix for templated config (#84) Seeing this error at runtime: ``` Error: parse error at (rke2-canal/templates/config.yaml:63): function "Values" not defined ``` Signed-off-by: Jacob Blain Christen <jacob@rancher.com> --- .../rke2-canal-v3.13.300-build2021022305.tgz | Bin 0 -> 6089 bytes .../v3.13.300-build2021022305/Chart.yaml | 13 + .../templates/NOTES.txt | 3 + .../templates/_helpers.tpl | 7 + .../templates/config.yaml | 67 +++++ .../templates/crd.yaml | 197 +++++++++++++ .../templates/daemonset.yaml | 266 ++++++++++++++++++ .../templates/rbac.yaml | 163 +++++++++++ .../templates/serviceaccount.yaml | 6 + .../v3.13.300-build2021022305/values.yaml | 80 ++++++ index.yaml | 17 ++ 11 files changed, 819 insertions(+) create mode 100755 assets/rke2-canal/rke2-canal-v3.13.300-build2021022305.tgz create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/Chart.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/NOTES.txt create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/_helpers.tpl create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/config.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/crd.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/daemonset.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/rbac.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/serviceaccount.yaml create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/values.yaml diff --git a/assets/rke2-canal/rke2-canal-v3.13.300-build2021022305.tgz b/assets/rke2-canal/rke2-canal-v3.13.300-build2021022305.tgz new file mode 100755 index 0000000000000000000000000000000000000000..280b75b982485cd3cb9502294a4429ee1394ec0c GIT binary patch literal 6089 zcmV;)7dGf0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBja~iqQ=ziu`bm6*{FCM@zadx@4Ze0R6q1MJ+gLn7TsZ*?& zX+Xz9nj>kjIXQWL`%{wUodMff+u41}^C1Z{Qg^G>YPI@Bk+*p4`GgbJ>@JDajSX3` zAD;JVwOXyS(^LC*tJNz1-8y}L^uy6<>-0nG?Chj<_CxFF<ml+^2WUMr9hFa{G?72F z{xGic;Qk^H3F$8=6&1V<>!TV8!|dlt<LIPuQVUS|l7`y89B`!xW6(7s14GnzLf*oN zMGMLswWU~L8<tv!s@-hf-Q6`pDgKGR_6eiDXb8Dz)^2fgCuE@7H4m)h)mDUZO(;ic zU*d{T)&}3mqxyf6aDR!i;fqxbfD?n^+P#AdGE+78Dih?I5|Q-Lf=WnPP`!+121YZ6 z*K{2$j@r63=2pv_MU(}{t>dHC@$pIPeeHWs)C)bi^}i-8LiGX);DPo3{<w8oUjHZW z-@mQ@*LXb7tJMx*vP2k+)~DdpKtd=411-RpNHl`rV3?$%5a=AZ;0Sn6l~xTHi2w#8 z1$UG&m|^Vz{H0LHVJ^iA^pYx&gfFmB3q{bSfowzlsMR<<ZnPS$=FwTbR+}@zIkI*Q z-~eu;8G7*>pewS#8o0mBcL0f@P*e-KX+yG*mqZ50F-ZE^hMFweux^>v-16d<N5w^L z5t@Nhu2Ig3j}R#gV775;3Fbn=QYa1o$NRtTAHG<vB2Il`lwrdH7|em;T*HhJetQUd ziQN2=14>oGlt@v&uwS_d@SU;%0-TeGX^<k)Xkb#)s}1$~Hb)G8!UG_35v`DG1vM}~ zl;MsCb<d-rw<79a_2jqhuA&)7?X4El!Td=4TjYTqU><%W{i2p4VgYcWVTMK%^92UB zFVP?)uIb9sI&<yYP+#9O!t0jz?x{JQ@8-2T8~}A&hvl7{Qv<>0bnwXebpUhI>y&lH zth(LFFgZhHemy^?bB6b8!C;V}nY$OykEusAQCdg@y$R9IofXpt47B-|nJA>%Y>Q@2 zC31}lgap)nU?>X`0FzCKZP$pSMkj{95~?lGAj2boa;hm|^xt-DcZBM5AyZ1)pk;)P z<ATrWB9iFj7|3EFapC5AM$EDj96}L5chI{wup)&c5tv^&C_Spkj3IpdG_r6gU)ZU0 zW(MVpkBPh)E#wfhNNJRgDTd+zxu)}tU1kA>Ol-_bvEQw{x%Q3+_1hoSq2*$|fPYRI z0uzgcS+7dK?}k~vX6Bvx9SkwbvedOdrwlJ#>x#h)M(Z;(`kzyVTRA~S?+4-fY#fE5 zkh%?X!j$VdLP<q%2$X|DU+_R3nss-#r2f)%1c@FALq<`7F~?}A4K8IAwZ;s*dwY#@ ziE248Drrqv8_rr5PueS9#)f~9a<XLs946XHnNK9r0%nnuHo}xJBBxNBZ+xzetT9{= ze^bVv&YFQ>F^^HhxgAKtWi6mi`CQaf=3I!y7}qGN-i&>T$lG8V*#3R)=E;IsB4K*z zFVVkEJAbzCT(clIDRIY8iWTZ5MhaG_CG}O(ag=_!bRV{1Boq5vZv-9RM~2b~I#F<k z5D2R`m77<f8t$lGf`}wUGy1_UhjeeVIDhMnQY@Ji{JKQDnuWCRv;d>oBa|dS(2~sO z)HiPfRGM;2fwC<PI?62!vk1(pi&v0gPX;76q-;Kr2ce+c;<I~RvOf{uj!_Hfbi4i0 zBxQBaHR#73C*reEy5qa^f@@n+5r(SE$xSS72GAPyGP<1HwBhLVy%WyKCR`G;dB%&( z>M(6yj!~|uk3(zsr;5NVFNWGGU~es0v_dbm=MpcVGS<w$*!S+Z(xb8s%{7rtMrX}i z*S+a_x{gjWIu#9+&qQQ4O+uL>bHi6@OrZWM)EiJ*8Yx~O;VNA;4Y*MV?+l6W>`W!< zB>_R_un`d~$r{Z+B#1i>GGaLuaUQoFIP`|MBZD|K5MuH~q`xbDS26w~fwct_Gh&T9 zwNV;Zv9Mg@f+}rx#CrXI>e1>i@#M~b8do7B8dY<6HR+EV`d&W|j)(j|$4BM!-|5-W z+xhQRp4d{3{WwnT!ICJLA@amzH@dfGgraS1%@x^zCbwqyy@M6yk+Cz)ks$F3*}X04 zYfXP+Pbn}b7i*Kx&=)Jy0wj`P<BXQZn;!TMPv!cbE|G;ORYQl*;R<?a{hzc>O6&jq z`_|j~f0gIU7tfdjlq1yL4n2*ngQ<-7=sI{`zt&7cI)}zD&P(X_^+x5Up0*Dq<$4bF z|D~Gsr}adpF#S=_C@_bV^1r_~3;)tj<@)!nrT%Q5;0M<K$=T^~dHtUpzpejQc|6an z9l+Q|Oxp2TA}<N{g_jcu>nx@!KFwW{&>YdM-&70m(<2@Mg>3Gb6C?(SU66ACHfpz& z2ki_@trUq`p(X**q@4zRzI=hkH8La$8|Lf>U%$qL#Z6Rb9jDIaY1K<Dfw1p5IaTgF zInB_-sw$3Jl@FcpANW@!v?1Wn>O;23r?DqFH=@MRYro{j@md~-ZSLk!l<C>!F^C-o z)0K{@ASTX)EqG?4j5(T^yNS4x#Iuputbzj)e`#6V0NYQ6=u^Th92Y4w_N$F>I50^J z#5%cFL{pzIwt-NDky%SY?ChS#$fvGX8~)>2@9&q`bzV18Sa+^TFBE|nx33>24Sb#~ z6w|ELIB6VZA7jTwy$yd)eeqv%UirG-gciKxRoc;hV`4F7xJG6gSZ7?}bLttMCO|SD za<Qf1TQZL6^yiz8{p(?W(jQNUSH1pp*tzUar^OyC9o5?~opy(V>E+~RIxT#qAz9Vi zg@F_XV-}Xjgilxjs%_(fAEs68a;AaI$0@!RFol9qf3pwQ?T>1A_Z&kiKv*xbo%W0| z-K*jG;M4ScaM2%iCZDI%0`OV|n#$=6h14q&7MZFzF$32!!oqu>gk(k;)zr~xdtZ_; zq<o>`4v$AYBRsgHfnL`4BgxurVTk|rkDB`xM^;?St8%e6;8H}~Y%P>)VbwzxBa3qh z;>dyBBO3oyW?%VFajC`W3w5VNd_fp0AIp|%95Lt)de`ZvIGUN$FzE`6o!y1`uTLDW zDl~E8dN1rL8B<=`ysftXWbmA601w!IA3mIx^M6jyPEOzKzt?yku>Wp@!1HC`vO;PF z8;yh%?=^DsOEqqPR1GSc>!TTJa+DZ%k<wyyjV>XlXO5ZFtlkRaZng*u3tTmf5N>4; z)yy_*y~(}^v7JQ!Y5)r<qOc9sy^Ot(nU=A&=%TZZ(vP1;-8_2xDP)l(tb#WC)!1PX zBXawDt!B9TqPz+b<?FL(gceSLGnSHVhM3nc&Icy^TVs@RyUDyVI}GxUL%u08rAStp zH@UBym*!Bsbs1AmuD-{*is1}00t&3Eps&QP?G`W1GaJ?Vp1R1!VRvhz3i?Vs+ivmF zJad*(Y^hlj`qkItCrd(X(T%JXUtn7$i6zEuw|VguT0p5#e^0KBQSWA%p=}?#6zZ4e zm31b?Sq87nr_VyA2@VAw6=*8)C;#oGd1Fq<c58WM#tcTCOS=^oxROy*VoCbpHTdCF z;CEn1H}OgqITF)T!IIdG`3gK)5+1PE*3E_|pDp4op2YN2@Wg$2d7gwquvh2DNC;Nq zg{5PQ59aMl^WdBI?P20@5B@Mac5mAIx9eBksGqz=KR<)Y`}6LdIkzW2aQ?6K{{#eA zf-8KcYOwwOpX1Y`vvU0Jtab9?&HwWn&*S2MHV%@H{;de7b5uHsm?-Olbs?|R0ek2Y zVwvehT#N2-5GNVM=|BbNE(l&baFLf4v02@wjcI@~&gSPpa*5Q*@i2)d_N?HVby8FW zp=v%Zq*(C6?uaP@Ffv1ytk55oM?$l<UF}(-1dySxg>;QpMElE&T(7Nu08tnajbkl| z#>K`p(>6=}S};cW;>I>`B?b963B(n-zu{y}C?hk5Z7`}NnaP-p90Sb53KUh)WFEq~ z(C(a>wRB=|2!si~aQV%4dL^}SuTBsMuC6%SfEH<b^bDD}JIujY5qYc9h#^rxz>gsS z2?9^>LqM(~o4QIhED}xUx`&bqN%aPlzr-Li9I*nUmqY{A3S_L<6%dK$7s|C&#|Z>F zH(+s%(!vH@Q$G&XxhIB<vO!q5B#kV-V>Xk7ST7Vo8{WNhS~!*f^B9>O7bL;5xd23{ zHZaPg`}n&#HN*-(P0+TokTS9`50~T?K}9lIeRdoP*|zF}FjoqrvSE3E^Evvu4MQ=G z+vZ|7A~cwUY(wAHc@@yf+r2YpBi<6TDam8K#Z9|HNFIYaPjder{YXE8;yAM3@qH0- z?GncGvV8!Tl+zXcH$oupY*iBkPTWYc$RG+AHaaaN1jx|L!2bq~jO7)P77z#^P@fCw zV+ua$P|vDji?bgH-{#x+7;4otlg<PQR5KLrkLH0!xr&4Bo|qd^OD8h->60Wry1J3E zD;a4+D{hvolP)7lIVLz&X7#$4OkmvFm_S{T)#DbIe5T!ts^2K~8RbMKW}53_mg9EB z-PP9=g6z3@jtz4M-Sauk&9f^7G<rMHY<tqy8u0b&c6LBgaMsA`vf%62_MV2CEV8hi zdEzp>HvGNb%+c9U%lbcZ&5*C#g%I$8H3~t@Q<mlVkrrGw3Y`*$bccg!_iA`<!{?>Q zvQ0>^rIpT>YZ$nUDqSz(ug-wjnfkDkkYRuF>(%woQy0CiqUKzRRlD>7Vtkh*{24db zINxsYsAQk=W7W!bZbfPAW7L-KM!^~+SzVfWd;6nuCWiS`J@BeLhQ|+mPLTyW#%#Zh zh+eks_R%nem{FHTU}o-eauespz?w*Ew)&m3bUC^CQ%p^gtWz4!NaETSv0B?P)ho7i zSTV%VXy3Uotz`9#j4%5A(T=rX3#sz*?<#w2-hgVCz^%+%Hvvr}A59VJrq5|}MtQA@ z2|lOZEG;eC3ktPwL2=ZLU?(t+x&%z2A6d06xW;>3Bsr9HO&Kn7g=q;}J3(Of<#UGj z;Od>AC#kV<tYPGIjA;>~G}{T>aC#3tu_BbiSopWDqK_~p?x06+jU}Gf={C<V$zelh z{JGjO;gBG>qdbf^+=tF+u&v$WDp@bEggvi<&sX3+sN@Tc_bB>z%}B|nO))Yu(Tw{w z)biaSyz`X#v$~1>PR*b33peI>|9FIGR<p}yRTiXSOXjxt`YpobS6Ttr5m)7tUb<`K zETS}bj^>3Y>k>+_kYuH@;u9w{#$>R0j4FYe>uv_OEls&oYQ^Lg_*u6%8BArwX<>7G z2DwWM%pVlGtmT%(RoDzS3iEvJj0VYRdPe+Pqa)MAylO4k>r6W1$<=j#I{DjZhv~3Q zWT9MqJ3T3(?#YGU+w|Rx`_s`?Z)#dRmb$Ebd^c%nNxLlt-_N68JA=ve{OWp|GV8IF zl#Akb(_;*fr`jCG(0Fw_qbK+~4ak#P{2g{+=VH*kN=(7Q@YD2Tr~7k%*n2GJw#xeV zNZAvr{Huw*xEW9S*H2mjxvK&a%C-o5hEn})V$b^*gWslu(WLY7qCdXwpI`UKp9jN9 z|N58C#bc@8cLTtV;Z););;dFx{_kYpP{3dWBnTubvlC#D_rBz58tk(3s*X5GKD@os z=G$+xDFWVcvki2Ygu5#Y%u7oakh#uI$W9qrpi8nYgXJRjY&6^fJHC2lZe+#f)x+<e z7t5mO(?I^-D1j)g$ie8B)6vz{#kN8{$e$H|I&K`D{g__FQ*8Itn=rN~EGDKm7#k_F z3C`1tt52T>!^-nw8|udNDAVzc7ZYrg<7B$mKkwXJO!~v#=xQ*WOs+m(jVGP%WN<Zn zl6>#E^I*3U+kYX*E|LeMU(UuiqtVs%<cUi#y<24embBv@jy)t@Tzwk%f9YQjCVv}u zulxO{@owv0k6q*yk$&!XE+(J*LnBR3Q$~fmKz8#2b611#^4%c2s2W{gUG^uR`#0mu z{^WYl9e)dfyY3u$9Akd#jlKnGcIn9D(42P$7vs)(e=z)bbu;Xlg=1uL{3N8iZnJnA z30F6hXP{y0#)@hpzU>$eS@5CQL*l<8RAmnYfFDL}IDX$+<=!*8Mvh92q?lo`1Kwv* zh7`p1fyeRC9!IMWNv?rs8RHpz#o-kl%15oj*Z6X%9x}4o)n-m8izH5##{3X0Xv0~7 zM<k#-M!3{E{DitZn$Vqc)1Kwe_9~^HT0i|%`e3$<HrUho*714YFdyqRVszGAi6CNF zCdo-KqcgAiyBW$AXPYevDx;7QZ{9n*s*$E#mGQ(4yov@HqU4gHU6|HHT5P%7$;x=v zM0zsfUS*S~VKS_H0F&X~H(+uAoMS<4xL@jAHDt3s$O5^}c^yiD4;gWlmK$aDn5C=s zl1sI6aLiehFe8K7np3u|+V*GU@8o+XA4OXDx!*xiY_`)MR&=RYXQ}ge+1^3kcKGte zbB6L34k8z-2;Q?QyIKt=75~qoo433y3Fk*wy_a$8C!zNSFCVwdsK=vD_l5D>q=xE! z_M$T!_Ah$V!TFP@c*(d<R?7SU$)o9IXZ-*F6hvo5&5zhho}lF)(DA#qVdhD;i_i1t zMcVTep!S=271XTd=`T2gZ}P?N+ls7u(=+?8MO9p`yZ2G=p*?3W#2uTN_t5t8Akd0^ z%iBLgdqM7<c$W!uP8nXwu61No%tE4Bx5%lU^;G`b6*Be+nU4|Yg2&xqMXaYfRJNBD zRna$ZZ?J4HxatU8Mt<xW+8qzu7R5@NqM8Udbv-I=8qj8I{$N{FtBjB`uealS71O>i zZ1hK|tq!J@Zdin`U$fEtR}`qX>w5lFPi6kEoDu&S3&0<$|8AX}mFvGhd}zJp|Gvia zK>lwk3ANe*47kst0D&ZFw^A@n18h0}LY9YnSaUgGGs**?)^}TO8|UZ|m!p^73*<0d z3x<VUUP};(^ioLrZ+8_$n%Q4f0Go4q*n3Ocg^OU~`wlr`U{m-Os38=AI&=w>hb~7s zv6$^i%>xqBPf|poYQx{_al+S@v&XY=(jOLFEw7y&MEh!ua+d43uxb8}##5|5GjC#! zRshd-k$@`SrfbBFZQR42PlGi|O%<+?r=fNa?ubqU@g6Xm?j#i;?Nv*vQ5w*J4X@aU zEs3=70@Uan=7QT3F9}xhOc38krLqg9U`4{GG2itw-JXHNcJi7^6CG9ZbZEm??nZWo z#HNo9MSyV@Z!Rg@7-EZzF=39W2hepF`Pv||0wq>hx}Ydm1Pw-N&FaZzXJ>GuBvbqV zel;i@Y4#F-%hg;qLB95eR!VplrHxnG9!6D^>y%huDMy(F8}q=>8>fTh2K@(?Uva_Z z7D=pjDrwD0c}Dn_^01SL$|8(~<jI8Y6s}B0Qu$a3PPLHArvHgZLHD}nmTr7Y+cxsb zvZLJ;xw_t56?w+BUB&0-Tj4T@3{HAGMxo^n82K_d_q$L?nnA4+wXLrTb6Rm%kE*u2 z?j<nawkv+^kSZ>HsMI=pMJt)&NF{lCb_a6n*{K9O+gS|zkI#0Q<@=_17hg&v_47xD zf;xJVj*GKol1${M>FaNtfyok;JqfO;vW0`TbVP8rv5^}|V@0171=wtW^>O3O*$O^! zx8ThXB(B67gE$o+S41E<*kp`CdO(%Vc;ZCvUR8ya`KY<7IlC~qgDY>19l$7J%&@@> zz2ZOE@`Xg95@&F8#>A}Y%DI|7;oJYW#?n{tF?r6?T(Rf1{}Ly9YWqEX|9A%5;nADR zGnpjGuHh!}BegYA*$rtq-ev|lCk)1ga+wNK+<>Bd@y9H3PFNb;FeixE^_q-)55!vO zS{W-H<*8QD%&Zvu-@m!m#bFgG*<I#WE+^hQ&Yhgv#empv_>AMvA9bFK2jBa2`u4o^ zQ|bRH9m)TwC+MO3-;Ykp_y2upot?b-e_rD$Yq?aHl@!JfJ@%$L-k!JT?Rk6tqR)Q^ P00960e#=hS0DJ%d_ed6e literal 0 HcmV?d00001 diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/Chart.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/Chart.yaml new file mode 100755 index 0000000..3a929a7 --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +appVersion: v3.13.3 +description: Install Canal Network Plugin. +home: https://www.projectcalico.org/ +keywords: +- canal +maintainers: +- email: charts@rancher.com + name: Rancher Labs +name: rke2-canal +sources: +- https://github.com/rancher/rke2-charts +version: v3.13.300-build2021022305 diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/NOTES.txt b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/NOTES.txt new file mode 100755 index 0000000..12a30ff --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/NOTES.txt @@ -0,0 +1,3 @@ +Canal network plugin has been installed. + +NOTE: It may take few minutes until Canal image install CNI files and node become in ready state. diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/_helpers.tpl b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/_helpers.tpl new file mode 100755 index 0000000..b647c75 --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/config.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/config.yaml new file mode 100755 index 0000000..420a353 --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/config.yaml @@ -0,0 +1,67 @@ +--- +# Source: calico/templates/calico-config.yaml +# This ConfigMap is used to configure a self-hosted Canal installation. +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-config + namespace: kube-system +data: + # Typha is disabled. + typha_service_name: {{ .Values.calico.typhaServiceName | quote }} + # The interface used by canal for host <-> host communication. + # If left blank, then the interface is chosen using the node's + # default route. + canal_iface: {{ .Values.flannel.iface | quote }} + + # Whether or not to masquerade traffic to destinations not within + # the pod network. + masquerade: {{ .Values.calico.masquerade | quote }} + + # Configure the MTU to use + veth_mtu: {{ .Values.calico.vethuMTU | quote }} + + # The CNI network configuration to install on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "name": "k8s-pod-network", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "calico", + "log_level": "info", + "datastore_type": "kubernetes", + "nodename": "__KUBERNETES_NODE_NAME__", + "mtu": __CNI_MTU__, + "ipam": { + "type": "host-local", + "subnet": "usePodCidr" + }, + "policy": { + "type": "k8s" + }, + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__" + } + }, + { + "type": "portmap", + "snat": true, + "capabilities": {"portMappings": true} + }, + { + "type": "bandwidth", + "capabilities": {"bandwidth": true} + } + ] + } + + # Flannel network configuration. Mounted into the flannel container. + net-conf.json: | + { + "Network": {{ .coalesce .Values.global.clusterCIDR .Values.podCidr | quote }}, + "Backend": { + "Type": {{ .Values.flannel.backend | quote }} + } + } diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/crd.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/crd.yaml new file mode 100755 index 0000000..0351759 --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/crd.yaml @@ -0,0 +1,197 @@ +--- +# Source: calico/templates/kdd-crds.yaml + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgpconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: BGPConfiguration + plural: bgpconfigurations + singular: bgpconfiguration + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bgppeers.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: BGPPeer + plural: bgppeers + singular: bgppeer + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockaffinities.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: BlockAffinity + plural: blockaffinities + singular: blockaffinity + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterinformations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: ClusterInformation + plural: clusterinformations + singular: clusterinformation + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: felixconfigurations.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: FelixConfiguration + plural: felixconfigurations + singular: felixconfiguration + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworkpolicies.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: GlobalNetworkPolicy + plural: globalnetworkpolicies + singular: globalnetworkpolicy + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: globalnetworksets.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: GlobalNetworkSet + plural: globalnetworksets + singular: globalnetworkset + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: hostendpoints.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: HostEndpoint + plural: hostendpoints + singular: hostendpoint + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamblocks.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: IPAMBlock + plural: ipamblocks + singular: ipamblock + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamconfigs.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: IPAMConfig + plural: ipamconfigs + singular: ipamconfig + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ipamhandles.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: IPAMHandle + plural: ipamhandles + singular: ipamhandle + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.projectcalico.org +spec: + scope: Cluster + group: crd.projectcalico.org + version: v1 + names: + kind: IPPool + plural: ippools + singular: ippool + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + version: v1 + names: + kind: NetworkPolicy + plural: networkpolicies + singular: networkpolicy + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networksets.crd.projectcalico.org +spec: + scope: Namespaced + group: crd.projectcalico.org + version: v1 + names: + kind: NetworkSet + plural: networksets + singular: networkset diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/daemonset.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/daemonset.yaml new file mode 100755 index 0000000..8b9520c --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/daemonset.yaml @@ -0,0 +1,266 @@ +--- +# Source: calico/templates/calico-node.yaml +# This manifest installs the canal container, as well +# as the CNI plugins and network config on +# each master and worker node in a Kubernetes cluster. +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name | quote }} + namespace: kube-system + labels: + k8s-app: canal +spec: + selector: + matchLabels: + k8s-app: canal + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: canal + annotations: + # This, along with the CriticalAddonsOnly toleration below, + # marks the pod as a critical add-on, ensuring it gets + # priority scheduling and that its resources are reserved + # if it ever gets evicted. + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + tolerations: + # Make sure canal gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + serviceAccountName: canal + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 0 + priorityClassName: system-node-critical + initContainers: + # This container installs the CNI binaries + # and CNI network config file on each node. + - name: install-cni + image: {{ template "system_default_registry" . }}{{ .Values.calico.cniImage.repository }}:{{ .Values.calico.cniImage.tag }} + command: ["/install-cni.sh"] + env: + # Name of the CNI config file to create. + - name: CNI_CONF_NAME + value: "10-canal.conflist" + # The CNI network config to install on each node. + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: cni_network_config + # Set the hostname based on the k8s node name. + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # CNI MTU Config variable + - name: CNI_MTU + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: veth_mtu + # Prevents the container from sleeping forever. + - name: SLEEP + value: "false" + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + securityContext: + privileged: true + # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes + # to communicate with Felix over the Policy Sync API. + - name: flexvol-driver + image: {{ template "system_default_registry" . }}{{ .Values.calico.flexvolImage.repository }}:{{ .Values.calico.flexvolImage.tag }} + command: ['/usr/local/bin/flexvol.sh', '-s', '/usr/local/bin/flexvol', '-i', 'flexvoldriver'] + volumeMounts: + - name: flexvol-driver-host + mountPath: /host/driver + securityContext: + privileged: true + containers: + # Runs canal container on each Kubernetes node. This + # container programs network policy and routes on each + # host. + - name: calico-node + command: + - "start_runit" + image: {{ template "system_default_registry" . }}{{ .Values.calico.nodeImage.repository }}:{{ .Values.calico.nodeImage.tag }} + env: + # Use Kubernetes API as the backing datastore. + - name: DATASTORE_TYPE + value: {{ .Values.calico.datastoreType | quote }} + # Configure route aggregation based on pod CIDR. + - name: USE_POD_CIDR + value: {{ .Values.calico.usePodCIDR | quote }} + # Wait for the datastore. + - name: WAIT_FOR_DATASTORE + value: {{ .Values.calico.waitForDatastore | quote }} + # Set based on the k8s node name. + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Don't enable BGP. + - name: CALICO_NETWORKING_BACKEND + value: {{ .Values.calico.networkingBackend | quote }} + # Cluster type to identify the deployment type + - name: CLUSTER_TYPE + value: {{ .Values.calico.clusterType | quote}} + # Period, in seconds, at which felix re-applies all iptables state + - name: FELIX_IPTABLESREFRESHINTERVAL + value: {{ .Values.calico.felixIptablesRefreshInterval | quote}} + - name: FELIX_IPTABLESBACKEND + value: {{ .Values.calico.felixIptablesBackend | quote}} + # No IP address needed. + - name: IP + value: "" + # The default IPv4 pool to create on startup if none exists. Pod IPs will be + # chosen from this range. Changing this value after installation will have + # no effect. This should fall within `--cluster-cidr`. + # - name: CALICO_IPV4POOL_CIDR + # value: "192.168.0.0/16" + # Disable file logging so `kubectl logs` works. + - name: CALICO_DISABLE_FILE_LOGGING + value: "true" + # Set Felix endpoint to host default action to ACCEPT. + - name: FELIX_DEFAULTENDPOINTTOHOSTACTION + value: {{ .Values.calico.felixDefaultEndpointToHostAction | quote }} + # Disable IPv6 on Kubernetes. + - name: FELIX_IPV6SUPPORT + value: {{ .Values.calico.felixIpv6Support | quote }} + # Set Felix logging to "info" + - name: FELIX_LOGSEVERITYSCREEN + value: {{ .Values.calico.felixLogSeverityScreen | quote }} + - name: FELIX_HEALTHENABLED + value: {{ .Values.calico.felixHealthEnabled | quote }} + # enable promentheus metrics + - name: FELIX_PROMETHEUSMETRICSENABLED + value: {{ .Values.calico.felixPrometheusMetricsEnabled | quote }} + - name: FELIX_XDPENABLED + value: {{ .Values.calico.felixXDPEnabled | quote }} + - name: FELIX_FAILSAFEINBOUNDHOSTPORTS + value: {{ .Values.calico.felixFailsafeInboundHostPorts | quote }} + - name: FELIX_FAILSAFEOUTBOUNDHOSTPORTS + value: {{ .Values.calico.felixFailsafeOutboundHostPorts | quote }} + securityContext: + privileged: true + resources: + requests: + cpu: 250m + livenessProbe: + exec: + command: + - /bin/calico-node + - -felix-live + periodSeconds: 10 + initialDelaySeconds: 10 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /readiness + port: 9099 + host: localhost + periodSeconds: 10 + volumeMounts: + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico + name: var-lib-calico + readOnly: false + - name: policysync + mountPath: /var/run/nodeagent + # This container runs flannel using the kube-subnet-mgr backend + # for allocating subnets. + - name: kube-flannel + image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }} + command: + - "/opt/bin/flanneld" + {{- range .Values.flannel.args }} + - {{ . | quote }} + {{- end }} + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: FLANNELD_IFACE + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: canal_iface + - name: FLANNELD_IP_MASQ + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: masquerade + volumeMounts: + - mountPath: /run/xtables.lock + name: xtables-lock + readOnly: false + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + volumes: + # Used by canal. + - name: lib-modules + hostPath: + path: /lib/modules + - name: var-run-calico + hostPath: + path: /var/run/calico + - name: var-lib-calico + hostPath: + path: /var/lib/calico + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate + # Used by flannel. + - name: flannel-cfg + configMap: + name: {{ .Release.Name }}-config + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d + # Used to create per-pod Unix Domain Sockets + - name: policysync + hostPath: + type: DirectoryOrCreate + path: /var/run/nodeagent + # Used to install Flex Volume Driver + - name: flexvol-driver-host + hostPath: + type: DirectoryOrCreate + path: {{ .Values.calico.flexVolumePluginDir }}/nodeagent~uds diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/rbac.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/rbac.yaml new file mode 100755 index 0000000..cd39730 --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/rbac.yaml @@ -0,0 +1,163 @@ +--- +# Source: calico/templates/rbac.yaml + +# Include a clusterrole for the calico-node DaemonSet, +# and bind it to the calico-node serviceaccount. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: calico-node +rules: + # The CNI plugin needs to get pods, nodes, and namespaces. + - apiGroups: [""] + resources: + - pods + - nodes + - namespaces + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + - services + verbs: + # Used to discover service IPs for advertisement. + - watch + - list + # Used to discover Typhas. + - get + # Pod CIDR auto-detection on kubeadm needs access to config maps. + - apiGroups: [""] + resources: + - configmaps + verbs: + - get + - apiGroups: [""] + resources: + - nodes/status + verbs: + # Needed for clearing NodeNetworkUnavailable flag. + - patch + # Calico stores some configuration information in node annotations. + - update + # Watch for changes to Kubernetes NetworkPolicies. + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + # Used by Calico for policy information. + - apiGroups: [""] + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch + # The CNI plugin patches pods/status. + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + # Calico monitors various CRDs for config. + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch + # Calico must create and update some CRDs on startup. + - apiGroups: ["crd.projectcalico.org"] + resources: + - ippools + - felixconfigurations + - clusterinformations + verbs: + - create + - update + # Calico stores some configuration information on the node. + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - watch + # These permissions are only requried for upgrade from v2.6, and can + # be removed after upgrade or on fresh installations. + - apiGroups: ["crd.projectcalico.org"] + resources: + - bgpconfigurations + - bgppeers + verbs: + - create + - update + +--- +# Flannel ClusterRole +# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: flannel +rules: + - apiGroups: [""] + resources: + - pods + verbs: + - get + - apiGroups: [""] + resources: + - nodes + verbs: + - list + - watch + - apiGroups: [""] + resources: + - nodes/status + verbs: + - patch +--- +# Bind the flannel ClusterRole to the canal ServiceAccount. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: canal-flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: canal + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: canal-calico +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: +- kind: ServiceAccount + name: canal + namespace: kube-system diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/serviceaccount.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/serviceaccount.yaml new file mode 100755 index 0000000..582d55b --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: canal + namespace: kube-system diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/values.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/values.yaml new file mode 100755 index 0000000..feeaa7d --- /dev/null +++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022305/values.yaml @@ -0,0 +1,80 @@ +--- + +# The IPv4 cidr pool to create on startup if none exists. Pod IPs will be +# chosen from this range. +podCidr: "10.42.0.0/16" + +flannel: + # kube-flannel image + image: + repository: rancher/hardened-flannel + tag: v0.13.0-rancher1-build20210223 + # The interface used by canal for host <-> host communication. + # If left blank, then the interface is chosen using the node's + # default route. + iface: "" + # kube-flannel command arguments + args: + - "--ip-masq" + - "--kube-subnet-mgr" + # Backend for kube-flannel. Backend should not be changed + # at runtime. + backend: "vxlan" + +calico: + # CNI installation image. + cniImage: + repository: rancher/hardened-calico + tag: v3.13.3-build20210223 + # Canal node image. + nodeImage: + repository: rancher/hardened-calico + tag: v3.13.3-build20210223 + # Flexvol Image. + flexvolImage: + repository: rancher/hardened-calico + tag: v3.13.3-build20210223 + # Datastore type for canal. It can be either kuberentes or etcd. + datastoreType: kubernetes + # Wait for datastore to initialize. + waitForDatastore: true + # Configure route aggregation based on pod CIDR. + usePodCIDR: true + # Disable BGP routing. + networkingBackend: none + # Cluster type to identify the deployment type. + clusterType: "k8s,canal" + # Disable file logging so `kubectl logs` works. + disableFileLogging: true + # Disable IPv6 on Kubernetes. + felixIpv6Support: false + # Period, in seconds, at which felix re-applies all iptables state + felixIptablesRefreshInterval: 60 + # iptables backend to use for felix, defaults to auto but can also be set to nft or legacy + felixIptablesBackend: auto + # Set Felix logging to "info". + felixLogSeverityScreen: info + # Enable felix healthcheck. + felixHealthEnabled: true + # Enable prometheus metrics + felixPrometheusMetricsEnabled: true + # Disable XDP Acceleration as we do not support it with our ubi7 base image + felixXDPEnabled: false + # Whether or not to masquerade traffic to destinations not within + # the pod network. + masquerade: true + # Set Felix endpoint to host default action to ACCEPT. + felixDefaultEndpointToHostAction: ACCEPT + # Configure the MTU to use. + vethuMTU: 1450 + # Typha is disabled. + typhaServiceName: none + # Kubelet flex-volume-plugin-dir + flexVolumePluginDir: /var/lib/kubelet/volumeplugins + # calico inbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules. + felixFailsafeInboundHostPorts: "" + # calico outbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules. + felixFailsafeOutboundHostPorts: "" + +global: + systemDefaultRegistry: "" diff --git a/index.yaml b/index.yaml index d3975dd..a5c5e58 100755 --- a/index.yaml +++ b/index.yaml @@ -63,6 +63,23 @@ entries: - assets/rke2-calico/rke2-calico-crd-v1.0.001.tgz version: v1.0.001 rke2-canal: + - apiVersion: v1 + appVersion: v3.13.3 + created: "2021-05-13T00:03:19.403750188Z" + description: Install Canal Network Plugin. + digest: 14f2d2a767622f7af169cb0b471132a8f035231204e6ffa2a404276e15d17d5a + home: https://www.projectcalico.org/ + keywords: + - canal + maintainers: + - email: charts@rancher.com + name: Rancher Labs + name: rke2-canal + sources: + - https://github.com/rancher/rke2-charts + urls: + - assets/rke2-canal/rke2-canal-v3.13.300-build2021022305.tgz + version: v3.13.300-build2021022305 - apiVersion: v1 appVersion: v3.13.3 created: "2021-05-12T21:12:29.0241624Z"