From 5141129ab3205b21174cb18c2e2ec62550fe9f27 Mon Sep 17 00:00:00 2001
From: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Date: Thu, 6 Oct 2022 16:45:26 +0200
Subject: [PATCH] Fixed mounted volume on calico to update serviceAccount token

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---
 .../charts/templates/daemonset.yaml           | 19 +++++++++++++++++++
 .../rke2-canal/charts/templates/rbac.yaml     |  1 +
 packages/rke2-canal/package.yaml              |  2 +-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/packages/rke2-canal/charts/templates/daemonset.yaml b/packages/rke2-canal/charts/templates/daemonset.yaml
index 6784aad..db4b9f7 100644
--- a/packages/rke2-canal/charts/templates/daemonset.yaml
+++ b/packages/rke2-canal/charts/templates/daemonset.yaml
@@ -184,6 +184,12 @@ spec:
           resources:
             requests:
               cpu: 250m
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                - /bin/calico-node
+                - -shutdown
           livenessProbe:
             exec:
               command:
@@ -192,13 +198,19 @@ spec:
             periodSeconds: 10
             initialDelaySeconds: 10
             failureThreshold: 6
+            timeoutSeconds: 10
           readinessProbe:
             httpGet:
               path: /readiness
               port: 9099
               host: localhost
             periodSeconds: 10
+            timeoutSeconds: 10
           volumeMounts:
+            # For maintaining CNI plugin API credentials.
+            - mountPath: /host/etc/cni/net.d
+              name: cni-net-dir
+              readOnly: false
             - mountPath: /lib/modules
               name: lib-modules
               readOnly: true
@@ -213,6 +225,9 @@ spec:
               readOnly: false
             - name: policysync
               mountPath: /var/run/nodeagent
+            - name: cni-log-dir
+              mountPath: /var/log/calico/cni
+              readOnly: true
         # This container runs flannel using the kube-subnet-mgr backend
         # for allocating subnets.
         - name: kube-flannel
@@ -275,6 +290,10 @@ spec:
         - name: cni-net-dir
           hostPath:
             path: /etc/cni/net.d
+        # Used to access CNI logs.
+        - name: cni-log-dir
+          hostPath:
+            path: /var/log/calico/cni
         # Used to create per-pod Unix Domain Sockets
         - name: policysync
           hostPath:
diff --git a/packages/rke2-canal/charts/templates/rbac.yaml b/packages/rke2-canal/charts/templates/rbac.yaml
index 502fc20..e5b0900 100644
--- a/packages/rke2-canal/charts/templates/rbac.yaml
+++ b/packages/rke2-canal/charts/templates/rbac.yaml
@@ -87,6 +87,7 @@ rules:
       - globalbgpconfigs
       - bgpconfigurations
       - ippools
+      - ipreservations
       - ipamblocks
       - globalnetworkpolicies
       - globalnetworksets
diff --git a/packages/rke2-canal/package.yaml b/packages/rke2-canal/package.yaml
index 85d97b2..be04e61 100644
--- a/packages/rke2-canal/package.yaml
+++ b/packages/rke2-canal/package.yaml
@@ -1,2 +1,2 @@
 url: local
-packageVersion: 01
+packageVersion: 02