diff --git a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch index 714178e..c8304f6 100644 --- a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch @@ -2,10 +2,10 @@ +++ charts/Chart.yaml @@ -81,8 +81,7 @@ apiVersion: v2 - appVersion: 1.15.4 + appVersion: 1.15.5 description: eBPF-based Networking, Security, and Observability -home: https://cilium.io/ --icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg +-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg +home: https://docs.rke2.io/ keywords: - BPF @@ -19,4 +19,4 @@ sources: -- https://github.com/cilium/cilium +- https://github.com/rancher/rke2-charts - version: 1.15.4 + version: 1.15.5 diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch index 527c46a..fb67303 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch @@ -12,7 +12,7 @@ {{- if and .Values.agent (not .Values.preflight.enabled) }} {{- /* Default values with backwards compatibility */ -}} -@@ -87,7 +95,7 @@ +@@ -94,7 +102,7 @@ {{- end }} containers: - name: cilium-agent @@ -21,7 +21,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.sleepAfterInit }} command: -@@ -387,7 +395,7 @@ +@@ -394,7 +402,7 @@ {{- end }} {{- if .Values.monitor.enabled }} - name: cilium-monitor @@ -30,7 +30,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash -@@ -418,8 +426,18 @@ +@@ -425,8 +433,18 @@ {{- toYaml .Values.extraContainers | nindent 6 }} {{- end }} initContainers: @@ -50,7 +50,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - cilium-dbg -@@ -466,7 +484,7 @@ +@@ -481,7 +499,7 @@ # Required to mount cgroup2 filesystem on the underlying Kubernetes node. # We use nsenter command with host's cgroup and mount namespaces enabled. - name: mount-cgroup @@ -59,7 +59,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: CGROUP_ROOT -@@ -512,7 +530,7 @@ +@@ -527,7 +545,7 @@ - ALL {{- end}} - name: apply-sysctl-overwrites @@ -68,7 +68,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -561,7 +579,7 @@ +@@ -576,7 +594,7 @@ # from a privileged container because the mount propagation bidirectional # only works from privileged containers. - name: mount-bpf-fs @@ -77,7 +77,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -586,7 +604,7 @@ +@@ -601,7 +619,7 @@ {{- end }} {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }} - name: wait-for-node-init @@ -86,7 +86,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -604,9 +622,11 @@ +@@ -619,9 +637,11 @@ volumeMounts: - name: cilium-bootstrap-file-dir mountPath: "/tmp/cilium-bootstrap.d" @@ -99,16 +99,16 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /init-container.sh -@@ -678,7 +698,7 @@ +@@ -693,7 +713,7 @@ {{- end }} - {{- if and .Values.waitForKubeProxy (and (ne $kubeProxyReplacement "strict") (ne $kubeProxyReplacement "true")) }} + {{- if and .Values.waitForKubeProxy (and (ne (toString $kubeProxyReplacement) "strict") (ne (toString $kubeProxyReplacement) "true")) }} - name: wait-for-kube-proxy - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -716,7 +736,7 @@ +@@ -731,7 +751,7 @@ {{- if .Values.cni.install }} # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent - name: install-cni-binaries diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch index e968304..39d8e6b 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-envoy/daemonset.yaml +++ charts/templates/cilium-envoy/daemonset.yaml -@@ -62,7 +62,7 @@ +@@ -69,7 +69,7 @@ {{- end }} containers: - name: cilium-envoy diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch index d48a2da..2eccde7 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-nodeinit/daemonset.yaml +++ charts/templates/cilium-nodeinit/daemonset.yaml -@@ -47,7 +47,7 @@ +@@ -58,7 +58,7 @@ {{- end }} containers: - name: node-init diff --git a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch index 71a8b0b..e9ba6d6 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch @@ -9,7 +9,7 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - /usr/bin/clustermesh-apiserver -@@ -93,7 +93,7 @@ +@@ -101,7 +101,7 @@ containers: - name: etcd # The clustermesh-apiserver container image includes an etcd binary. @@ -18,7 +18,7 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - /usr/bin/etcd -@@ -153,7 +153,7 @@ +@@ -165,7 +165,7 @@ {{- toYaml . | nindent 10 }} {{- end }} - name: apiserver @@ -27,7 +27,7 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - /usr/bin/clustermesh-apiserver -@@ -240,7 +240,7 @@ +@@ -252,7 +252,7 @@ {{- end }} {{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }} - name: kvstoremesh diff --git a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch index 603ae00..8449786 100644 --- a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch @@ -6,41 +6,40 @@ override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.15.4" + tag: "v1.15.5" pullPolicy: "IfNotPresent" - # cilium-digest -- digest: "sha256:b760a4831f5aab71c711f7537a107b751d0d0ce90dd32d8b358df3c5da385426" +- digest: "sha256:4ce1666a73815101ec9a4d360af6c5b7f1193ab00d89b7124f8505dee147ca40" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: -@@ -559,8 +557,10 @@ +@@ -561,7 +559,9 @@ # - flannel # - generic-veth # - portmap - chainingMode: ~ - ++ + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap -+ + # -- A CNI network name in to which the Cilium plugin should be added as a chained plugin. # This will cause the agent to watch for a CNI network with this network name. When it is - # found, this will be used as the basis for Cilium's CNI configuration file. If this is -@@ -974,10 +974,9 @@ +@@ -976,10 +976,9 @@ certgen: image: override: ~ - repository: "quay.io/cilium/certgen" + repository: "rancher/mirrored-cilium-certgen" - tag: "v0.1.11" -- digest: "sha256:5586de5019abc104637a9818a626956cd9b1e827327b958186ec412ae3d5dea6" + tag: "v0.1.12" +- digest: "sha256:bbc5e65e9dc65bc6b58967fe536b7f3b54e12332908aeb0a96a36866b4372b4e" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 -@@ -1002,7 +1001,7 @@ +@@ -1004,7 +1003,7 @@ hubble: # -- Enable Hubble (true by default). @@ -49,21 +48,21 @@ # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble) annotations: {} -@@ -1233,11 +1232,9 @@ +@@ -1235,11 +1234,9 @@ # -- Hubble-relay container image. image: override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" - tag: "v1.15.4" + tag: "v1.15.5" - # hubble-relay-digest -- digest: "sha256:03ad857feaf52f1b4774c29614f42a50b370680eb7d0bfbc1ae065df84b1070a" +- digest: "sha256:1d24b24e3477ccf9b5ad081827db635419c136a2bd84a3e60f37b26a38dd0781" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods -@@ -1470,10 +1467,9 @@ +@@ -1472,10 +1469,9 @@ # -- Hubble-ui backend image. image: override: ~ @@ -76,7 +75,7 @@ pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. -@@ -1509,10 +1505,9 @@ +@@ -1511,10 +1507,9 @@ # -- Hubble-ui frontend image. image: override: ~ @@ -89,7 +88,7 @@ pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. -@@ -1690,7 +1685,7 @@ +@@ -1692,7 +1687,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ @@ -98,7 +97,7 @@ # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" operator: -@@ -1984,7 +1979,7 @@ +@@ -1986,7 +1981,7 @@ # -- Configure prometheus metrics on the configured port at /metrics prometheus: @@ -107,21 +106,21 @@ port: 9962 serviceMonitor: # -- Enable service monitors. -@@ -2073,11 +2068,10 @@ +@@ -2079,11 +2074,10 @@ # -- Envoy container image. image: override: ~ - repository: "quay.io/cilium/cilium-envoy" + repository: "rancher/mirrored-cilium-cilium-envoy" - tag: "v1.27.4-21905253931655328edaacf3cd16aeda73bbea2f" + tag: "v1.28.3-31ec52ec5f2e4d28a8e19a0bfb872fa48cf7a515" pullPolicy: "IfNotPresent" -- digest: "sha256:d52f476c29a97c8b250fdbfbb8472191a268916f6a8503671d0da61e323b02cc" +- digest: "sha256:bc8dcc3bc008e3a5aab98edb73a0985e6ef9469bda49d5bb3004c001c995c380" - useDigest: true + useDigest: false # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] -@@ -2386,10 +2380,9 @@ +@@ -2394,10 +2388,9 @@ # -- cilium-etcd-operator image. image: override: ~ @@ -134,27 +133,27 @@ pullPolicy: "IfNotPresent" # -- The priority class to use for cilium-etcd-operator -@@ -2494,17 +2487,9 @@ +@@ -2502,17 +2495,9 @@ # -- cilium-operator image. image: override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" - tag: "v1.15.4" + tag: "v1.15.5" - # operator-generic-digest -- genericDigest: "sha256:404890a83cca3f28829eb7e54c1564bb6904708cdb7be04ebe69c2b60f164e9a" +- genericDigest: "sha256:f5d3d19754074ca052be6aac5d1ffb1de1eb5f2d947222b5f10f6d97ad4383e8" - # operator-azure-digest -- azureDigest: "sha256:4c1a31502931681fa18a41ead2a3904b97d47172a92b7a7b205026bd1e715207" +- azureDigest: "sha256:0a56f2cfdcdf13da21b7fdcc870e29fef82e71e599cd8dd74eb65c377e035522" - # operator-aws-digest -- awsDigest: "sha256:8675486ce8938333390c37302af162ebd12aaebc08eeeaf383bfb73128143fa9" +- awsDigest: "sha256:f9c0eaea023ce5a75b3ed1fc4b783f390c5a3c7dc1507a2dc4dbc667b80d1bd9" - # operator-alibabacloud-digest -- alibabacloudDigest: "sha256:7c0e5346483a517e18a8951f4d4399337fb47020f2d9225e2ceaa8c5d9a45a5f" +- alibabacloudDigest: "sha256:d76d45e308f23398b786f1f05504863759849046c20c741ebb64ad80613f8fd3" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" -@@ -2676,8 +2661,7 @@ +@@ -2684,8 +2669,7 @@ # -- Taint nodes where Cilium is scheduled but not running. This prevents pods # from being scheduled to nodes where Cilium is not the default CNI provider. @@ -164,35 +163,35 @@ # -- Set Node condition NetworkUnavailable to 'false' with the reason # 'CiliumIsUp' for nodes that have a healthy Cilium pod. -@@ -2791,11 +2775,9 @@ +@@ -2803,11 +2787,9 @@ # -- Cilium pre-flight image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.15.4" + tag: "v1.15.5" - # cilium-digest -- digest: "sha256:b760a4831f5aab71c711f7537a107b751d0d0ce90dd32d8b358df3c5da385426" +- digest: "sha256:4ce1666a73815101ec9a4d360af6c5b7f1193ab00d89b7124f8505dee147ca40" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. -@@ -2953,11 +2935,9 @@ +@@ -2965,11 +2947,9 @@ # -- Clustermesh API server image. image: override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" - tag: "v1.15.4" + tag: "v1.15.5" - # clustermesh-apiserver-digest -- digest: "sha256:3fadf85d2aa0ecec09152e7e2d57648bda7e35bdc161b25ab54066dd4c3b299c" +- digest: "sha256:914549caf4376a844b5e7696019182dd2a655b89d6a3cad10f9d0f9821759fd7" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" etcd: -@@ -3526,3 +3506,11 @@ +@@ -3538,3 +3518,11 @@ agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s diff --git a/packages/rke2-cilium/package.yaml b/packages/rke2-cilium/package.yaml index bc1e3b1..6c0b4a6 100644 --- a/packages/rke2-cilium/package.yaml +++ b/packages/rke2-cilium/package.yaml @@ -1,2 +1,2 @@ -url: https://helm.cilium.io/cilium-1.15.4.tgz +url: https://helm.cilium.io/cilium-1.15.5.tgz packageVersion: 00