From 4b7b81ae64a337cd7b35697f1d5b2e7e837fc78b Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Thu, 20 Jan 2022 11:56:21 +0100 Subject: [PATCH 1/3] cilium: Fix the usage of `system_default_registry` template Before this change, we tried to include `system_default_registry` template inside `cilium.image`. But it seems like nested templates can't access Values. This change fixes that by using `system_default_registry` directly in yaml manifests. Signed-off-by: Michal Rostecki --- .../patch/templates/_helpers.tpl.patch | 11 ----- .../cilium-agent/daemonset.yaml.patch | 44 ++++++++++++++++++- .../cilium-operator/_helpers.tpl.patch | 12 ----- 3 files changed, 42 insertions(+), 25 deletions(-) delete mode 100644 packages/cilium/generated-changes/patch/templates/cilium-operator/_helpers.tpl.patch diff --git a/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch b/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch index 833cec0..d551335 100644 --- a/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch +++ b/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch @@ -15,14 +15,3 @@ {{/* Render full image name from given values, e.g: ``` -@@ -18,8 +26,9 @@ - will return `quay.io/cilium/cilium:v1.10.1@abcdefgh` - */}} - {{- define "cilium.image" -}} -+{{- $registry := include "system_default_registry" . -}} - {{- $digest := (.useDigest | default false) | ternary (printf "@%s" .digest) "" -}} --{{- printf "%s:%s%s" .repository .tag $digest -}} -+{{- printf "%s%s:%s%s" $registry .repository .tag $digest -}} - {{- end -}} - - {{/* diff --git a/packages/cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch b/packages/cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch index 4da3ab3..76aa4c9 100644 --- a/packages/cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch +++ b/packages/cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch @@ -1,6 +1,42 @@ --- charts-original/templates/cilium-agent/daemonset.yaml +++ charts/templates/cilium-agent/daemonset.yaml -@@ -390,6 +390,8 @@ +@@ -70,7 +70,7 @@ + {{- end }} + containers: + - name: cilium-agent +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.sleepAfterInit }} + command: +@@ -321,7 +321,7 @@ + {{- end }} + {{- if .Values.monitor.enabled }} + - name: cilium-monitor +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["cilium"] + args: +@@ -348,7 +348,7 @@ + # Required to mount cgroup2 filesystem on the underlying Kubernetes node. + # We use nsenter command with host's cgroup and mount namespaces enabled. + - name: mount-cgroup +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: CGROUP_ROOT +@@ -377,7 +377,7 @@ + {{- end }} + {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }} + - name: wait-for-node-init +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - sh +@@ -390,9 +390,11 @@ volumeMounts: - name: cilium-bootstrap-file mountPath: {{ .Values.nodeinit.bootstrapFile }} @@ -8,4 +44,8 @@ + privileged: true {{- end }} - name: clean-cilium-state - image: {{ include "cilium.image" .Values.image | quote }} +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /init-container.sh diff --git a/packages/cilium/generated-changes/patch/templates/cilium-operator/_helpers.tpl.patch b/packages/cilium/generated-changes/patch/templates/cilium-operator/_helpers.tpl.patch deleted file mode 100644 index e144996..0000000 --- a/packages/cilium/generated-changes/patch/templates/cilium-operator/_helpers.tpl.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- charts-original/templates/cilium-operator/_helpers.tpl -+++ charts/templates/cilium-operator/_helpers.tpl -@@ -26,7 +26,8 @@ - Return cilium operator image - */}} - {{- define "cilium.operator.image" -}} -+{{- $registry := include "system_default_registry" . }} - {{- $cloud := include "cilium.operator.cloud" . }} - {{- $imageDigest := include "cilium.operator.imageDigestName" . }} --{{- printf "%s-%s%s:%s%s" .Values.operator.image.repository $cloud .Values.operator.image.suffix .Values.operator.image.tag $imageDigest -}} -+{{- printf "%s%s-%s%s:%s%s" $registry .Values.operator.image.repository $cloud .Values.operator.image.suffix .Values.operator.image.tag $imageDigest -}} - {{- end -}} From e740d3623e92663fbbd6506f74f9f9f32ab32255 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Thu, 20 Jan 2022 12:13:41 +0100 Subject: [PATCH 2/3] cilium: Remove values.schema.json That file doesn't seem to be used anywhere. Signed-off-by: Michal Rostecki --- .../rke2-cilium/charts/values.schema.json | 253 ------------------ 1 file changed, 253 deletions(-) delete mode 100644 packages/rke2-cilium/charts/values.schema.json diff --git a/packages/rke2-cilium/charts/values.schema.json b/packages/rke2-cilium/charts/values.schema.json deleted file mode 100644 index 7cdf91c..0000000 --- a/packages/rke2-cilium/charts/values.schema.json +++ /dev/null @@ -1,253 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-09/schema", - "type": "object", - "properties": { - "cilium": { - "type": "object", - "properties": { - "azure": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "cni": { - "type": "object", - "properties": { - "chainingMode": { - "type": "string" - }, - "customConf": { - "type": "boolean" - } - } - }, - "eni": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - }, - "required": ["repository", "tag" ] - }, - "imagePullSecrets": { - "type": "array" - }, - "ipam": { - "type": "object", - "properties": { - "mode": { - "type": "string" - } - } - }, - "masquerade": { - "type": "boolean" - }, - "nodeinit": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - }, - "required": ["repository", "tag" ] - } - }, - "required": ["image" ] - }, - "operator": { - "type": "object", - "properties": { - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - }, - "required": ["repository", "tag" ] - } - }, - "required": ["image" ] - }, - "preflight": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - }, - "required": ["repository", "tag" ] - } - } - }, - "tunnel": { - "type": "string" - }, - "ipv6": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - } - }, - "required": ["image", "operator", "nodeinit" ] - }, - "global": { - "type": "object", - "properties": { - "systemDefaultRegistry": { - "type": "string" - } - } - } - }, - "required": ["cilium"], - "allOf": [ - { "$ref" : "#/$defs/azure-requires-config" }, - { "$ref" : "#/$defs/aws-requires-config" }, - { "$ref" : "#/$defs/azure-aws-are-exclusive" }, - { "$ref" : "#/$defs/preflight-requires-config" } - ], - "$defs": { - "is-azure": { - "properties" : { - "cilium": { - "properties": { - "azure": { - "properties": { - "enabled": { "const": true } - } - } - } - } - } - }, - "azure-requires-config" : { - "anyOf": [ - { "not": { "$ref": "#/$defs/is-azure" } }, - { - "properties": { - "cilium": { - "properties": { - "masquerade": { "const": true }, - "cni": { - "properties": { - "chainingMode": { "const": "generic-veth" }, - "customConf": { "const": true }, - "configMap": { "const": "cni-configuration"} - }, - "required": [ "chainingMode", "customConf", "configMap" ] - } - }, - "required": [ "cni" ] - } - } - } - ] - }, - "is-aws": { - "properties" : { - "cilium": { - "properties": { - "eni": { "const": true } - } - } - } - }, - "aws-requires-config": { - "anyOf": [ - { "not": { "$ref": "#/$defs/is-aws" } }, - { - "properties": { - "cilium": { - "properties": { - "tunnel": { "const": "disabled" }, - "egressMasqueradeInterfaces": { "const": "eth0" }, - "ipam": { - "properties": { - "mode": { "const": "eni" } - }, - "required": [ "mode" ] - } - }, - "required": [ "tunnel", "egressMasqueradeInterfaces", "ipam" ] - } - } - } - ] - }, - "azure-aws-are-exclusive": { - "not": { - "allOf": [ - { "$ref": "#/$defs/is-azure" }, - { "$ref": "#/$defs/is-aws" } - ] - } - }, - "is-preflight": { - "properties" : { - "cilium": { - "properties": { - "preflight": { - "properties": { - "enabled": { "const": true } - } - } - } - } - } - }, - "preflight-requires-config" : { - "anyOf": [ - { "not": { "$ref": "#/$defs/is-preflight" } }, - { - "properties": { - "cilium": { - "properties": { - "preflight": { - "required": [ "image" ] - } - } - } - } - } - ] - } - } -} From 83ed370956d6876e49eef69d704d4c4e23c005ec Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Thu, 20 Jan 2022 12:12:59 +0100 Subject: [PATCH 3/3] cilium: Update to 1.11.1 https://github.com/cilium/cilium/releases/tag/v1.11.1 Ref: rancher/rke2#2242 Signed-off-by: Michal Rostecki --- packages/cilium/package.yaml | 2 +- packages/rke2-cilium/charts/Chart.yaml | 2 +- packages/rke2-cilium/charts/values.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/cilium/package.yaml b/packages/cilium/package.yaml index 531205c..5dba198 100644 --- a/packages/cilium/package.yaml +++ b/packages/cilium/package.yaml @@ -1,4 +1,4 @@ -url: https://helm.cilium.io/cilium-1.11.0.tgz +url: https://helm.cilium.io/cilium-1.11.1.tgz packageVersion: 01 releaseCandidateVersion: 00 # This package is meant to be consumed as a subchart of another package, diff --git a/packages/rke2-cilium/charts/Chart.yaml b/packages/rke2-cilium/charts/Chart.yaml index e4ff03f..6c1fa7c 100644 --- a/packages/rke2-cilium/charts/Chart.yaml +++ b/packages/rke2-cilium/charts/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: rke2-cilium description: eBPF-based Networking, Security, and Observability -version: 1.11.0 +version: 1.11.1 kubeVersion: ">= 1.12.0-0" home: https://cilium.io/ keywords: diff --git a/packages/rke2-cilium/charts/values.yaml b/packages/rke2-cilium/charts/values.yaml index 0f67851..01055d2 100644 --- a/packages/rke2-cilium/charts/values.yaml +++ b/packages/rke2-cilium/charts/values.yaml @@ -5,12 +5,12 @@ cilium: imagePullSecrets: [] image: repository: rancher/mirrored-cilium-cilium - tag: v1.11.0 + tag: v1.11.1 useDigest: false operator: image: repository: rancher/mirrored-cilium-operator - tag: v1.11.0 + tag: v1.11.1 useDigest: false nodeinit: image: @@ -21,7 +21,7 @@ cilium: enabled: false image: repository: rancher/mirrored-cilium-cilium - tag: v1.11.0 + tag: v1.11.1 useDigest: false #