Fix Calico bug

Signed-off-by: Manuel Buil <mbuil@suse.com>

packages/rke2-calico-1.21-1.22/generated-changes/overlay/templates/felixconfig.yaml

@@ -0,0 +1,7 @@
+apiVersion: crd.projectcalico.org/v1
+kind: FelixConfiguration
+metadata:
+  name: default
+spec:
+  wireguardEnabled: {{ .Values.felixConfiguration.wireguardEnabled }}
+  featureDetectOverride: {{ .Values.felixConfiguration.featureDetectOverride }}

packages/rke2-calico-1.21-1.22/generated-changes/overlay/templates/ipamconfig.yaml

@@ -0,0 +1,7 @@
+apiVersion: crd.projectcalico.org/v1
+kind: IPAMConfig
+metadata:
+  name: default
+spec:
+  strictAffinity: {{ .Values.ipamConfig.strictAffinity }}
+  autoAllocateBlocks: {{ .Values.ipamConfig.autoAllocateBlocks }}

packages/rke2-calico-1.21-1.22/generated-changes/patch/Chart.yaml.patch

@@ -0,0 +1,11 @@
+--- charts-original/Chart.yaml
++++ charts/Chart.yaml
+@@ -1,5 +1,7 @@
+ apiVersion: v2
+ appVersion: v3.21.4
+ description: Installs the Tigera operator for Calico
+-name: tigera-operator
++name: rke2-calico
+ version: v3.21.4
++annotations:
++  catalog.cattle.io/namespace: tigera-operator

packages/rke2-calico-1.21-1.22/generated-changes/patch/crds/operator.tigera.io_apiservers_crd.yaml.patch

@@ -0,0 +1,11 @@
+--- charts-original/crds/operator.tigera.io_apiservers_crd.yaml
++++ charts/crds/operator.tigera.io_apiservers_crd.yaml
+@@ -2,8 +2,6 @@
+ kind: CustomResourceDefinition
+ metadata:
+   name: apiservers.operator.tigera.io
+-  annotations:
+-    helm.sh/hook: crd-install
+ spec:
+   group: operator.tigera.io
+   names:

packages/rke2-calico-1.21-1.22/generated-changes/patch/templates/_helpers.tpl.patch

@@ -0,0 +1,16 @@
+--- charts-original/templates/_helpers.tpl
++++ charts/templates/_helpers.tpl
+@@ -1,7 +1,10 @@
+ {{/* generate the image name for a component*/}}
+ {{- define "tigera-operator.image" -}}
+-{{- if .registry -}}
+-    {{- .registry | trimSuffix "/" -}}/
++{{- if .Values.global.systemDefaultRegistry -}}
++{{- $_ := set .Values.tigeraOperator "registry" .Values.global.systemDefaultRegistry -}}
+ {{- end -}}
+-{{- .image -}}:{{- .version -}}
++{{- if .Values.tigeraOperator.registry -}}
++    {{- .Values.tigeraOperator.registry | trimSuffix "/" -}}/
++{{- end -}}
++{{- .Values.tigeraOperator.image -}}:{{- .Values.tigeraOperator.version -}}
+ {{- end -}}

packages/rke2-calico-1.21-1.22/generated-changes/patch/templates/crs/custom-resources.yaml.patch

@@ -0,0 +1,30 @@
+--- charts-original/templates/crs/custom-resources.yaml
++++ charts/templates/crs/custom-resources.yaml
+@@ -6,6 +6,27 @@
+ {{ $secrets = append $secrets $item }}
+ {{ end }}
+ {{ $_ := set $installSpec "imagePullSecrets" $secrets }}
++{{ $defaultRegistry := get $installSpec "registry" }}
++{{ $finalRegistry := coalesce .Values.global.systemDefaultRegistry $defaultRegistry }}
++{{ $_ := set $installSpec "registry" $finalRegistry }}
++{{ $defaultipPools := get .Values.installation.calicoNetwork "ipPools" | first }}
++{{ $defaultCIDR := get $defaultipPools "cidr" }}
++{{ $finalCIDR := coalesce .Values.global.clusterCIDRv4 $defaultCIDR }}
++{{ $_ := set $defaultipPools "cidr" $finalCIDR }}
++{{- /*
++If there is a defined ipv6 CIDR, we must add it as a new IPPool, disable any encapsulation and enable bgp
++*/}}
++{{ if not (empty .Values.global.clusterCIDRv6) }}
++{{ $myIP6Dict := dict "natOutgoing" "Enabled" "cidr" .Values.global.clusterCIDRv6 }}
++{{ $allIpPools := get .Values.installation.calicoNetwork "ipPools" }}
++{{ range $allIpPools }}
++{{ $_ := set . "encapsulation" "None" }}
++{{ end }}
++{{ $finalIpPoolList := append $allIpPools $myIP6Dict }}
++{{ $calicoNetwork := get .Values.installation "calicoNetwork" }}
++{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }}
++{{ $_ := set $calicoNetwork "bgp" "Enabled" }}
++{{ end }}
+ 
+ apiVersion: operator.tigera.io/v1
+ kind: Installation

packages/rke2-calico-1.21-1.22/generated-changes/patch/templates/tigera-operator/02-role-tigera-operator.yaml.patch

@@ -0,0 +1,42 @@
+--- charts-original/templates/tigera-operator/02-role-tigera-operator.yaml
++++ charts/templates/tigera-operator/02-role-tigera-operator.yaml
+@@ -1,4 +1,3 @@
+-# Permissions required when running the operator for a Calico cluster.
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+@@ -29,11 +28,11 @@
+       - nodes
+     verbs:
+       # Need to update node labels when migrating nodes.
+-      - get
+-      - patch
+-      - list
++      - 'get'
++      - 'patch'
++      - 'list'
+       # We need this for Typha autoscaling
+-      - watch
++      - 'watch'
+   - apiGroups:
+       - rbac.authorization.k8s.io
+     resources:
+@@ -126,6 +125,13 @@
+       - delete
+       - watch
+   - apiGroups:
++      - monitoring.coreos.com
++    resources:
++      - servicemonitors
++    verbs:
++      - get
++      - create
++  - apiGroups:
+       - policy
+     resources:
+       - poddisruptionbudgets
+@@ -270,3 +276,4 @@
+     verbs:
+       - list
+ {{- end }}
++

packages/rke2-calico-1.21-1.22/generated-changes/patch/templates/tigera-operator/02-tigera-operator.yaml.patch

@@ -0,0 +1,24 @@
+--- charts-original/templates/tigera-operator/02-tigera-operator.yaml
++++ charts/templates/tigera-operator/02-tigera-operator.yaml
+@@ -29,7 +29,7 @@
+       dnsPolicy: ClusterFirstWithHostNet
+       containers:
+         - name: tigera-operator
+-          image: {{ template "tigera-operator.image" .Values.tigeraOperator}}
++          image: {{ template "tigera-operator.image" . }}
+           imagePullPolicy: IfNotPresent
+           command:
+             - operator
+@@ -74,7 +74,6 @@
+           command:
+             - calicoctl
+           args:
+-            - --allow-version-mismatch
+             - create
+             - --skip-exists
+             - --skip-empty
+@@ -84,3 +83,4 @@
+             - name: calico-resources
+               mountPath: /calico-resources
+ {{- end}}
++

packages/rke2-calico-1.21-1.22/generated-changes/patch/values.yaml.patch

@@ -0,0 +1,56 @@
+--- charts-original/values.yaml
++++ charts/values.yaml
+@@ -1,8 +1,24 @@
+ imagePullSecrets: {}
+ 
+ installation:
++  controlPlaneTolerations:
++  - key: "node-role.kubernetes.io/control-plane"
++    operator: "Exists"
++    effect: "NoSchedule"
++  - key: "node-role.kubernetes.io/etcd"
++    operator: "Exists"
++    effect: "NoExecute"
+   enabled: true
+   kubernetesProvider: ""
++  calicoNetwork:
++    bgp: Disabled
++    ipPools:
++    - natOutgoing: Enabled
++      encapsulation: VXLAN
++      cidr: 10.42.0.0/16
++      blockSize: 24
++  imagePath: "rancher"
++  imagePrefix: "mirrored-calico-"
+ 
+ apiServer:
+   enabled: true
+@@ -20,9 +36,24 @@
+ 
+ # Configuration for the tigera operator
+ tigeraOperator:
+-  image: tigera/operator
+-  version: v1.23.5
+-  registry: quay.io
++  image: rancher/mirrored-calico-operator
++  version: v1.23.6
++  registry: docker.io
+ calicoctl:
+-  image: docker.io/calico/ctl
++  image: rancher/mirrored-calico-ctl
+   tag: v3.21.4
++
++global:
++  systemDefaultRegistry: ""
++  clusterCIDRv4: ""
++  clusterCIDRv6: ""
++
++# Config required by Windows nodes
++ipamConfig:
++  strictAffinity: true
++  autoAllocateBlocks: true
++
++felixConfiguration:
++  wireguardEnabled: false
++  # Config required to fix RKE2 issue #1541
++  featureDetectOverride: "ChecksumOffloadBroken=true"

packages/rke2-calico-1.21-1.22/package.yaml

@@ -0,0 +1,8 @@
+url: https://github.com/projectcalico/calico/releases/download/v3.21.4/tigera-operator-v3.21.4.tgz
+packageVersion: 02
+additionalCharts:
+  - workingDir: charts-crd
+    crdOptions:
+      templateDirectory: crd-template
+      crdDirectory: templates
+      addCRDValidationToMainChart: true

packages/rke2-calico-1.21-1.22/templates/crd-template/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+version: v3.21.4
+description: Installs the CRDs for rke2-calico
+name: rke2-calico-crd
+type: application

packages/rke2-calico/generated-changes/patch/Chart.yaml.patch

@@ -10,6 +10,6 @@
  - https://github.com/projectcalico/calico/tree/master/calico/_includes/charts/tigera-operator
  - https://github.com/tigera/operator
  - https://github.com/projectcalico/calico
- version: v3.22.0
+ version: v3.22.1
 +annotations:
 +  catalog.cattle.io/namespace: tigera-operator

packages/rke2-calico/generated-changes/patch/values.yaml.patch

@@ -30,14 +30,15 @@
  # Configuration for the tigera operator
  tigeraOperator:
 -  image: tigera/operator
-+  image: rancher/mirrored-calico-operator
-   version: v1.25.0
+-  version: v1.25.2
 -  registry: quay.io
++  image: rancher/mirrored-calico-operator
++  version: v1.25.3
 +  registry: docker.io
  calicoctl:
 -  image: docker.io/calico/ctl
 +  image: rancher/mirrored-calico-ctl
-   tag: v3.22.0
+   tag: v3.22.1
 +
 +global:
 +  systemDefaultRegistry: ""

packages/rke2-calico/package.yaml

@@ -1,4 +1,4 @@
-url: https://github.com/projectcalico/calico/releases/download/v3.22.0/tigera-operator-v3.22.0.tgz
+url: https://github.com/projectcalico/calico/releases/download/v3.22.1/tigera-operator-v3.22.1.tgz
 packageVersion: 01
 additionalCharts:
   - workingDir: charts-crd