andata
/
rke2-charts
mirror of https://git.rancher.io/rke2-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update cilium to v1.14.0 

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
pull/366/head
Roberto Bonafiglia 2023-08-03 18:23:36 +02:00 committed by Roberto Bonafiglia
parent ee7586b6b3
commit 97bdb7eb6e
9 changed files with 152 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch
View File

@ -1,16 +1,16 @@
--- charts-original/Chart.yaml
+++ charts/Chart.yaml
@@ -105,8 +105,7 @@
@@ -124,8 +124,7 @@
apiVersion: v2
appVersion: 1.13.4
appVersion: 1.14.0
description: eBPF-based Networking, Security, and Observability
-home: https://cilium.io/
-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.13/Documentation/images/logo-solo.svg
-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.14/Documentation/images/logo-solo.svg
+home: https://docs.rke2.io/
keywords:
- BPF
- eBPF
@@ -116,7 +115,7 @@
@@ -135,7 +134,7 @@
- Observability
- Troubleshooting
kubeVersion: '>= 1.16.0-0'
@ -19,4 +19,4 @@
sources:
-- https://github.com/cilium/cilium
+- https://github.com/rancher/rke2-charts
version: 1.13.4
version: 1.14.0

30
packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch
View File

@ -21,7 +21,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.sleepAfterInit }}
command:
@@ -377,7 +385,7 @@
@@ -372,7 +380,7 @@
{{- end }}
{{- if .Values.monitor.enabled }}
- name: cilium-monitor
@ -30,7 +30,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /bin/bash
@@ -405,6 +413,16 @@
@@ -400,8 +408,18 @@
{{- toYaml .Values.extraContainers | nindent 6 }}
{{- end }}
initContainers:
@ -45,9 +45,12 @@
+ value: "bandwidth,bridge,dhcp,firewall,flannel,host-device,host-local,ipvlan,loopback,macvlan,ptp,sbr,static,tuning,vlan,vrf"
+ {{- end }}
- name: config
image: {{ include "cilium.image" .Values.image | quote }}
- image: {{ include "cilium.image" .Values.image | quote }}
+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -447,7 +465,7 @@
command:
- cilium
@@ -445,7 +463,7 @@
# Required to mount cgroup2 filesystem on the underlying Kubernetes node.
# We use nsenter command with host's cgroup and mount namespaces enabled.
- name: mount-cgroup
@ -56,7 +59,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: CGROUP_ROOT
@@ -493,7 +511,7 @@
@@ -491,7 +509,7 @@
- ALL
{{- end}}
- name: apply-sysctl-overwrites
@ -65,7 +68,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: BIN_PATH
@@ -538,7 +556,7 @@
@@ -536,7 +554,7 @@
# from a privileged container because the mount propagation bidirectional
# only works from privileged containers.
- name: mount-bpf-fs
@ -74,7 +77,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- 'mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf'
@@ -559,7 +577,7 @@
@@ -557,7 +575,7 @@
{{- end }}
{{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }}
- name: wait-for-node-init
@ -83,7 +86,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
@@ -573,9 +591,11 @@
@@ -571,9 +589,11 @@
volumeMounts:
- name: cilium-bootstrap-file-dir
mountPath: "/tmp/cilium-bootstrap.d"
@ -96,7 +99,7 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /init-container.sh
@@ -638,7 +658,7 @@
@@ -636,7 +656,7 @@
{{- end }}
{{- if and .Values.waitForKubeProxy (ne $kubeProxyReplacement "strict") }}
- name: wait-for-kube-proxy
@ -105,3 +108,12 @@
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
privileged: true
@@ -670,7 +690,7 @@
{{- if .Values.cni.install }}
# Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
- name: install-cni-binaries
- image: {{ include "cilium.image" .Values.image | quote }}
+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "/install-plugin.sh"

22
packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch
View File

@ -12,7 +12,7 @@
{{- if and (.Values.agent) (not .Values.preflight.enabled) }}
{{- /* Default values with backwards compatibility */ -}}
{{- $defaultEnableCnpStatusUpdates := "true" -}}
@@ -238,7 +246,11 @@
@@ -265,7 +273,11 @@
# Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
# address.
@ -25,16 +25,18 @@
{{- if .Values.cleanState }}
# If a serious issue occurs during Cilium startup, this
@@ -400,6 +412,8 @@
enable-local-node-route: "false"
{{- else if .Values.aksbyocni.enabled }}
tunnel: "vxlan"
+{{- else if not .Values.ipv4.enabled }}
+ tunnel: "disabled"
{{- else }}
tunnel: {{ .Values.tunnel | quote }}
@@ -434,7 +446,9 @@
tunnel-protocol: "vxlan"
{{- end }}
@@ -566,6 +580,8 @@
-{{- if eq .Values.tunnel "disabled" }}
+{{- if not .Values.ipv4.enabled }}
+ routing-mode: "native"
+{{- else if eq .Values.tunnel "disabled" }}
routing-mode: "native"
{{- else if eq .Values.tunnel "vxlan" }}
routing-mode: "tunnel"
@@ -625,6 +639,8 @@
{{- if .Values.ipv6NativeRoutingCIDR }}
ipv6-native-routing-cidr: {{ .Values.ipv6NativeRoutingCIDR }}

11
packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch Normal file
View File

@ -0,0 +1,11 @@
--- charts-original/templates/cilium-envoy/daemonset.yaml
+++ charts/templates/cilium-envoy/daemonset.yaml
@@ -58,7 +58,7 @@
{{- end }}
containers:
- name: cilium-envoy
- image: {{ include "cilium.image" .Values.envoy.image | quote }}
+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.envoy.image }}"
imagePullPolicy: {{ .Values.envoy.image.pullPolicy }}
command:
- /usr/bin/cilium-envoy

2
packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch
View File

@ -12,7 +12,7 @@
---
apiVersion: apps/v1
kind: Deployment
@@ -55,7 +62,7 @@
@@ -67,7 +74,7 @@
{{- end }}
containers:
- name: cilium-operator

15
packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/clustermesh-apiserver/deployment.yaml
+++ charts/templates/clustermesh-apiserver/deployment.yaml
@@ -41,7 +41,7 @@
@@ -44,7 +44,7 @@
{{- end }}
initContainers:
- name: etcd-init
@ -9,7 +9,7 @@
imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
command: ["/bin/sh", "-c"]
args:
@@ -82,7 +82,7 @@
@@ -89,7 +89,7 @@
{{- end }}
containers:
- name: etcd
@ -18,7 +18,7 @@
imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
command:
- /usr/local/bin/etcd
@@ -122,7 +122,7 @@
@@ -142,7 +142,7 @@
{{- toYaml . | nindent 10 }}
{{- end }}
- name: apiserver
@ -27,3 +27,12 @@
imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }}
command:
- /usr/bin/clustermesh-apiserver
@@ -220,7 +220,7 @@
{{- end }}
{{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }}
- name: kvstoremesh
- image: {{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image | quote }}
+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image }}"
imagePullPolicy: {{ .Values.clustermesh.apiserver.kvstoremesh.image.pullPolicy }}
command:
- /usr/bin/kvstoremesh

8
packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch
View File

@ -1,9 +1,9 @@
--- charts-original/templates/hubble-relay/deployment.yaml
+++ charts/templates/hubble-relay/deployment.yaml
@@ -46,7 +46,7 @@
{{- end }}
containers:
- name: hubble-relay
@@ -49,7 +49,7 @@
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
- image: {{ include "cilium.image" .Values.hubble.relay.image | quote }}
+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.hubble.relay.image }}"
imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}

132
packages/rke2-cilium/generated-changes/patch/values.yaml.patch
View File

@ -1,43 +1,45 @@
--- charts-original/values.yaml
+++ charts/values.yaml
@@ -113,12 +113,10 @@
@@ -142,12 +142,10 @@
# -- Agent container image.
image:
override: ~
- repository: "quay.io/cilium/cilium"
+ repository: "rancher/mirrored-cilium-cilium"
tag: "v1.13.4"
tag: "v1.14.0"
pullPolicy: "IfNotPresent"
- # cilium-digest
- digest: "sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b"
- digest: "sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a"
- useDigest: true
+ useDigest: false
# -- Affinity for cilium-agent.
affinity:
@@ -468,7 +466,9 @@
@@ -534,7 +532,9 @@
# - flannel
# - generic-veth
# - portmap
- chainingMode: none
- chainingMode: ~
+
+ # Otherwise rke2 hostPort does not work! Used for nginx
+ chainingMode: portmap
# -- Make Cilium take ownership over the `/etc/cni/net.d` directory on the
# node, renaming all non-Cilium CNI configurations to `*.cilium_bak`.
@@ -819,8 +819,8 @@
# -- A CNI network name in to which the Cilium plugin should be added as a chained plugin.
# This will cause the agent to watch for a CNI network with this network name. When it is
@@ -927,10 +927,9 @@
certgen:
image:
override: ~
- repository: "quay.io/cilium/certgen"
- tag: "v0.1.8@sha256:4a456552a5f192992a6edcec2febb1c54870d665173a33dc7d876129b199ddbd"
+ repository: "rancher/mirrored-cilium-certgen"
+ tag: "v0.1.8"
tag: "v0.1.8"
- digest: "sha256:4a456552a5f192992a6edcec2febb1c54870d665173a33dc7d876129b199ddbd"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Seconds after which the completed job pod will be deleted
ttlSecondsAfterFinished: 1800
@@ -838,7 +838,7 @@
@@ -952,7 +951,7 @@
hubble:
# -- Enable Hubble (true by default).
@ -46,52 +48,56 @@
# -- Buffer size of the channel Hubble uses to receive monitor events. If this
# value is not set, the queue size is set to the default monitor queue size.
@@ -1000,11 +1000,9 @@
@@ -1103,11 +1102,9 @@
# -- Hubble-relay container image.
image:
override: ~
- repository: "quay.io/cilium/hubble-relay"
+ repository: "rancher/mirrored-cilium-hubble-relay"
tag: "v1.13.4"
tag: "v1.14.0"
- # hubble-relay-digest
- digest: "sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871"
- digest: "sha256:bfe6ef86a1c0f1c3e8b105735aa31db64bcea97dd4732db6d0448c55a3c8e70c"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Specifies the resources for the hubble-relay pods
@@ -1201,8 +1199,8 @@
@@ -1325,10 +1322,9 @@
# -- Hubble-ui backend image.
image:
override: ~
- repository: "quay.io/cilium/hubble-ui-backend"
- tag: "v0.11.0@sha256:14c04d11f78da5c363f88592abae8d2ecee3cbe009f443ef11df6ac5f692d839"
+ repository: "rancher/mirrored-cilium-hubble-ui-backend"
+ tag: "v0.11.0"
tag: "v0.12.0"
- digest: "sha256:8a79a1aad4fc9c2aa2b3e4379af0af872a89fcec9d99e117188190671c66fc2e"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Hubble-ui backend security context.
@@ -1230,8 +1228,8 @@
@@ -1356,10 +1352,9 @@
# -- Hubble-ui frontend image.
image:
override: ~
- repository: "quay.io/cilium/hubble-ui"
- tag: "v0.11.0@sha256:bcb369c47cada2d4257d63d3749f7f87c91dde32e010b223597306de95d1ecc8"
+ repository: "rancher/mirrored-cilium-hubble-ui"
+ tag: "v0.11.0"
tag: "v0.12.0"
- digest: "sha256:1c876cfa1d5e35bc91e1025c9314f922041592a88b03313c22c1f97a5d2ba88f"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Hubble-ui frontend security context.
@@ -1360,7 +1358,7 @@
@@ -1485,7 +1480,7 @@
ipam:
# -- Configure IP Address Management mode.
# ref: https://docs.cilium.io/en/stable/network/concepts/ipam/
- mode: "cluster-pool"
+ mode: "kubernetes"
# -- Maximum rate at which the CiliumNode custom resource is updated.
ciliumNodeUpdateRate: "15s"
operator:
# -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
# IPv4 CIDR range to delegate to individual nodes for IPAM.
@@ -1623,7 +1621,7 @@
@@ -1763,7 +1758,7 @@
# -- Configure prometheus metrics on the configured port at /metrics
prometheus:
@ -100,38 +106,54 @@
port: 9962
serviceMonitor:
# -- Enable service monitors.
@@ -1748,8 +1746,8 @@
@@ -1841,11 +1836,10 @@
# -- Envoy container image.
image:
override: ~
- repository: "quay.io/cilium/cilium-envoy"
+ repository: "rancher/mirrored-cilium-cilium-envoy"
tag: "v1.25.9-f039e2bd380b7eef2f2feea5750676bb36133699"
pullPolicy: "IfNotPresent"
- digest: "sha256:023d09eeb8a44ae99b489f4af7ffed8b8b54f19a532e0bc6ab4c1e4b31acaab1"
- useDigest: true
+ useDigest: false
# -- Additional containers added to the cilium Envoy DaemonSet.
extraContainers: []
@@ -2123,10 +2117,9 @@
# -- cilium-etcd-operator image.
image:
override: ~
- repository: "quay.io/cilium/cilium-etcd-operator"
- tag: "v2.0.7@sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc"
+ repository: "rancher/mirrored-cilium-cilium-etcd-operator"
+ tag: "v2.0.7"
tag: "v2.0.7"
- digest: "sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- The priority class to use for cilium-etcd-operator
@@ -1851,17 +1849,9 @@
@@ -2228,17 +2221,9 @@
# -- cilium-operator image.
image:
override: ~
- repository: "quay.io/cilium/operator"
+ repository: "rancher/mirrored-cilium-operator"
tag: "v1.13.4"
tag: "v1.14.0"
- # operator-generic-digest
- genericDigest: "sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301"
- genericDigest: "sha256:3014d4bcb8352f0ddef90fa3b5eb1bbf179b91024813a90a0066eb4517ba93c9"
- # operator-azure-digest
- azureDigest: "sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e"
- azureDigest: "sha256:f510bf051684534b81d86bafcbbe7b7a9a6f7b1e7bb598b904d75d0e6b90071a"
- # operator-aws-digest
- awsDigest: "sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84"
- awsDigest: "sha256:396953225ca4b356a22e526a9e1e04e65d33f84a0447bc6374c14da12f5756cd"
- # operator-alibabacloud-digest
- alibabacloudDigest: "sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69"
- alibabacloudDigest: "sha256:85f658cd4494b70218b542f63f25377ba15e32a49a54d596655dd3aaefe4f4e8"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
suffix: ""
@@ -1992,7 +1982,7 @@
@@ -2369,7 +2354,7 @@
# -- Enable prometheus metrics for cilium-operator on the configured port at
# /metrics
prometheus:
@ -140,29 +162,29 @@
port: 9963
serviceMonitor:
# -- Enable service monitors.
@@ -2108,11 +2098,9 @@
@@ -2515,11 +2500,9 @@
# -- Cilium pre-flight image.
image:
override: ~
- repository: "quay.io/cilium/cilium"
+ repository: "rancher/mirrored-cilium-cilium"
tag: "v1.13.4"
tag: "v1.14.0"
- # cilium-digest
- digest: "sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b"
- digest: "sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- The priority class to use for the preflight pod.
@@ -2255,19 +2243,17 @@
@@ -2665,21 +2648,18 @@
# -- Clustermesh API server image.
image:
override: ~
- repository: "quay.io/cilium/clustermesh-apiserver"
+ repository: "rancher/mirrored-cilium-clustermesh-apiserver"
tag: "v1.13.4"
tag: "v1.14.0"
- # clustermesh-apiserver-digest
- digest: "sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a"
- digest: "sha256:2eb0f9ddd91682e1a591b23fcbd29563e6f9b2e1555903a2f417791516ffdf38"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
@ -172,21 +194,37 @@
image:
override: ~
- repository: "quay.io/coreos/etcd"
- tag: "v3.5.4@sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3"
+ repository: "rancher/mirrored-coreos-etcd"
+ tag: "v3.5.4"
tag: "v3.5.4"
- digest: "sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Specifies the resources for etcd container in the apiserver
@@ -2532,3 +2518,11 @@
sctp:
# -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming.
enabled: false
@@ -2712,11 +2692,9 @@
# -- KVStoreMesh image.
image:
override: ~
- repository: "quay.io/cilium/kvstoremesh"
+ repository: "rancher/mirrored-cilium-kvstoremesh"
tag: "v1.14.0"
- # kvstoremesh-digest
- digest: "sha256:efa5d069ec6227b14928da65c5df646d4013737fd5973b17c74d0ede654e47bb"
- useDigest: true
+ useDigest: false
pullPolicy: "IfNotPresent"
# -- Additional KVStoreMesh arguments.
@@ -3173,3 +3151,11 @@
agentSocketPath: /run/spire/sockets/agent/agent.sock
# -- SPIRE connection timeout
connectionTimeout: 30s
+
+portmapPlugin:
+ image:
+ repository: "rancher/hardened-cni-plugins"
+ tag: "v1.0.1-build20221011"
+ tag: "v1.2.0-build20230523"
+
+global:
+ systemDefaultRegistry: ""

2
packages/rke2-cilium/package.yaml
View File

@ -1,2 +1,2 @@
url: https://helm.cilium.io/cilium-1.13.4.tgz
url: https://helm.cilium.io/cilium-1.14.0.tgz
packageVersion: 00