Update Calico to 3.24.1

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-09-13 11:30:48 +02:00 · 2022-09-13 11:30:48 +02:00 · ae564a6015
parent 0f8ae11258
commit ae564a6015
11 changed files with 24 additions and 87 deletions
--- a/packages/rke2-calico/generated-changes/patch/Chart.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/Chart.yaml.patch
@ -10,6 +10,6 @@
 - https://github.com/projectcalico/calico/tree/master/calico/_includes/charts/tigera-operator
 - https://github.com/tigera/operator
 - https://github.com/projectcalico/calico
- version: v3.23.3
+ version: v3.24.1
 +annotations:
 +  catalog.cattle.io/namespace: tigera-operator
--- a/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_bgppeers.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_bgppeers.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/crds/calico/crd.projectcalico.org_bgppeers.yaml
 +++ charts/crds/calico/crd.projectcalico.org_bgppeers.yaml
-@@ -41,8 +41,8 @@
+@@ -42,8 +42,8 @@
                   in the specific branch of the Node on "bird.cfg".
                 type: boolean
               maxRestartTime:
--- a/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_felixconfigurations.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_felixconfigurations.yaml.patch
@ -1,63 +0,0 @@
--- charts-original/crds/calico/crd.projectcalico.org_felixconfigurations.yaml
-+++ charts/crds/calico/crd.projectcalico.org_felixconfigurations.yaml
-@@ -43,7 +43,7 @@
-                 type: boolean
-               awsSrcDstCheck:
-                 description: 'Set source-destination-check on AWS EC2 instances. Accepted
-                  value must be one of "DoNothing", "Enable" or "Disable". [Default:
-+                  value must be one of "DoNothing", "Enabled" or "Disabled". [Default:
-                   DoNothing]'
-                 enum:
-                 - DoNothing
-@@ -82,13 +82,6 @@
-                   BPF programs regardless of what is the per-interfaces or global
-                   setting. Possible values are Disabled or Strict. [Default: Strict]'
-                 type: string
-              bpfExtToServiceConnmark:
-                description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
-                  mark that is set on connections from an external client to a local
-                  service. This mark allows us to control how packets of that connection
-                  are routed within the host and how is routing intepreted by RPF
-                  check. [Default: 0]'
-                type: integer
-               bpfExternalServiceMode:
-                 description: 'BPFExternalServiceMode in BPF mode, controls how connections
-                   from outside the cluster to services (node ports and cluster IPs)
-@@ -99,6 +92,13 @@
-                   node appears to use the IP of the ingress node; this requires a
-                   permissive L2 network.  [Default: Tunnel]'
-                 type: string
-+              bpfExtToServiceConnmark:
-+                description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
-+                  mark that is set on connections from an external client to a local
-+                  service. This mark allows us to control how packets of that connection
-+                  are routed within the host and how is routing intepreted by RPF
-+                  check. [Default: 0]'
-+                type: integer
-               bpfKubeProxyEndpointSlicesEnabled:
-                 description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
-                   whether Felix's embedded kube-proxy accepts EndpointSlices or not.
-@@ -525,12 +525,6 @@
-                   to false. This reduces the number of metrics reported, reducing
-                   Prometheus load. [Default: true]'
-                 type: boolean
-              prometheusWireGuardMetricsEnabled:
-                description: 'PrometheusWireGuardMetricsEnabled disables wireguard
-                  metrics collection, which the Prometheus client does by default,
-                  when set to false. This reduces the number of metrics reported,
-                  reducing Prometheus load. [Default: true]'
-                type: boolean
-               removeExternalRoutes:
-                 description: Whether or not to remove device routes that have not
-                   been programmed by Felix. Disabling this will allow external applications
-@@ -637,10 +631,6 @@
-                 description: 'WireguardEnabled controls whether Wireguard is enabled.
-                   [Default: false]'
-                 type: boolean
-              wireguardHostEncryptionEnabled:
-                description: 'WireguardHostEncryptionEnabled controls whether Wireguard
-                  host-to-host encryption is enabled. [Default: false]'
-                type: boolean
-               wireguardInterfaceName:
-                 description: 'WireguardInterfaceName specifies the name to use for
-                   the Wireguard interface. [Default: wg.calico]'
--- a/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_globalnetworkpolicies.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_globalnetworkpolicies.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/crds/calico/crd.projectcalico.org_globalnetworkpolicies.yaml
 +++ charts/crds/calico/crd.projectcalico.org_globalnetworkpolicies.yaml
-@@ -169,8 +169,8 @@
+@@ -170,8 +170,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -11,7 +11,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -395,8 +395,8 @@
+@@ -396,8 +396,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -22,7 +22,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -542,8 +542,8 @@
+@@ -543,8 +543,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -33,7 +33,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -768,8 +768,8 @@
+@@ -769,8 +769,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
--- a/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_ippools.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_ippools.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/crds/calico/crd.projectcalico.org_ippools.yaml
 +++ charts/crds/calico/crd.projectcalico.org_ippools.yaml
-@@ -30,12 +30,6 @@
+@@ -31,12 +31,6 @@
           spec:
             description: IPPoolSpec contains the specification for an IPPool resource.
             properties:
@ -13,7 +13,7 @@
               blockSize:
                 description: The block size to use for IP address assignments from
                   this pool. Defaults to 26 for IPv4 and 122 for IPv6.
-@@ -43,10 +37,6 @@
+@@ -44,10 +38,6 @@
               cidr:
                 description: The pool CIDR.
                 type: string
--- a/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_networkpolicies.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/calico/crd.projectcalico.org_networkpolicies.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/crds/calico/crd.projectcalico.org_networkpolicies.yaml
 +++ charts/crds/calico/crd.projectcalico.org_networkpolicies.yaml
-@@ -158,8 +158,8 @@
+@@ -159,8 +159,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -11,7 +11,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -384,8 +384,8 @@
+@@ -385,8 +385,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -22,7 +22,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -531,8 +531,8 @@
+@@ -532,8 +532,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
@ -33,7 +33,7 @@
                           properties:
                             name:
                               description: Name specifies the name of a Kubernetes
-@@ -757,8 +757,8 @@
+@@ -758,8 +758,8 @@
                             within the selected service(s) will be matched, and only
                             to/from each endpoint's port. \n Services cannot be specified
                             on the same rule as Selector, NotSelector, NamespaceSelector,
--- a/packages/rke2-calico/generated-changes/patch/crds/operator.tigera.io_installations_crd.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/crds/operator.tigera.io_installations_crd.yaml.patch
@ -1,6 +1,6 @@
 --- charts-original/crds/operator.tigera.io_installations_crd.yaml
 +++ charts/crds/operator.tigera.io_installations_crd.yaml
-@@ -354,13 +354,6 @@
+@@ -4154,13 +4154,6 @@
                   nodes on which to run Calico components. This is globally applied
                   to all resources created by the operator excluding daemonsets.
                 type: object
@ -14,7 +14,7 @@
               controlPlaneTolerations:
                 description: ControlPlaneTolerations specify tolerations which are
                   then globally applied to all resources created by the operator.
-@@ -531,10 +524,6 @@
+@@ -4337,10 +4330,6 @@
                       or "OnDelete". Default is RollingUpdate.
                     type: string
                 type: object
@ -25,7 +25,7 @@
               registry:
                 description: "Registry is the default Docker registry used for component
                   Docker images. If specified then the given value must end with a
-@@ -1103,13 +1092,6 @@
+@@ -10305,13 +10294,6 @@
                       plane nodes on which to run Calico components. This is globally
                       applied to all resources created by the operator excluding daemonsets.
                     type: object
@ -39,7 +39,7 @@
                   controlPlaneTolerations:
                     description: ControlPlaneTolerations specify tolerations which
                       are then globally applied to all resources created by the operator.
-@@ -1282,10 +1264,6 @@
+@@ -10490,10 +10472,6 @@
                           or "OnDelete". Default is RollingUpdate.
                         type: string
                     type: object
--- a/packages/rke2-calico/generated-changes/patch/templates/tigera-operator/02-tigera-operator.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/templates/tigera-operator/02-tigera-operator.yaml.patch
@ -9,7 +9,7 @@
   labels:
     k8s-app: tigera-operator
 spec:
-@@ -29,7 +29,7 @@
+@@ -37,7 +37,7 @@
       dnsPolicy: ClusterFirstWithHostNet
       containers:
         - name: tigera-operator
@ -18,7 +18,7 @@
           imagePullPolicy: IfNotPresent
           command:
             - operator
-@@ -78,7 +78,6 @@
+@@ -86,7 +86,6 @@
           command:
             - calicoctl
           args:
--- a/packages/rke2-calico/generated-changes/patch/values.yaml.patch
+++ b/packages/rke2-calico/generated-changes/patch/values.yaml.patch
@ -25,19 +25,19 @@
 
 certs:
   node:
-@@ -22,9 +34,25 @@
+@@ -40,9 +52,32 @@
 
- # Configuration for the tigera operator
+ # Image and registry configuration for the tigera/operator pod.
 tigeraOperator:
 -  image: tigera/operator
 +  image: rancher/mirrored-calico-operator
-   version: v1.27.12
+   version: v1.28.1
 -  registry: quay.io
 +  registry: docker.io
 calicoctl:
 -  image: docker.io/calico/ctl
 +  image: rancher/mirrored-calico-ctl
-   tag: v3.23.3
+   tag: v3.24.1
 +
 +global:
 +  systemDefaultRegistry: ""
--- a/packages/rke2-calico/package.yaml
+++ b/packages/rke2-calico/package.yaml
@ -1,4 +1,4 @@
-url: https://github.com/projectcalico/calico/releases/download/v3.23.3/tigera-operator-v3.23.3.tgz
+url: https://github.com/projectcalico/calico/releases/download/v3.24.1/tigera-operator-v3.24.1.tgz
 packageVersion: 01
 additionalCharts:
  - workingDir: charts-crd
--- a/packages/rke2-calico/templates/crd-template/Chart.yaml
+++ b/packages/rke2-calico/templates/crd-template/Chart.yaml
@ -1,5 +1,5 @@
 apiVersion: v1
-version: v3.23.3
+version: v3.24.1
 description: Installs the CRDs for rke2-calico
 name: rke2-calico-crd
 type: application