Change Cilium to consume all variables

Signed-off-by: Manuel Buil <mbuil@suse.com>

packages/rke2-cilium-legacy/generated-changes/dependencies/cilium/dependency.yaml

@@ -0,0 +1,2 @@
+workingDir: ""
+url: packages/cilium-legacy

packages/rke2-cilium-legacy/package.yaml

@@ -0,0 +1,3 @@
+url: local
+packageVersion: 01
+releaseCandidateVersion: 00

packages/rke2-cilium/generated-changes/dependencies/cilium/dependency.yaml

@@ -1,2 +0,0 @@
-workingDir: ""
-url: packages/cilium

packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch

@@ -0,0 +1,22 @@
+--- charts-original/Chart.yaml
++++ charts/Chart.yaml
+@@ -71,8 +71,7 @@
+ apiVersion: v2
+ appVersion: 1.11.1
+ description: eBPF-based Networking, Security, and Observability
+-home: https://cilium.io/
+-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.11.1/Documentation/images/logo-solo.svg
++home: https://docs.rke2.io/
+ keywords:
+ - BPF
+ - eBPF
+@@ -82,7 +81,7 @@
+ - Observability
+ - Troubleshooting
+ kubeVersion: '>= 1.16.0-0'
+-name: cilium
++name: rke2-cilium
+ sources:
+-- https://github.com/cilium/cilium
++- https://github.com/rancher/rke2-charts
+ version: 1.11.1

packages/rke2-cilium/generated-changes/patch/templates/_helpers.tpl.patch

@@ -0,0 +1,15 @@
+--- charts-original/templates/_helpers.tpl
++++ charts/templates/_helpers.tpl
+@@ -86,3 +86,12 @@
+ {{- print "batch/v1beta1" -}}
+ {{- end -}}
+ {{- end -}}
++
++{{- define "system_default_registry" -}}
++{{- if .Values.global.systemDefaultRegistry -}}
++{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
++{{- else -}}
++{{- "" -}}
++{{- end }}
++{{- end }}
++

packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch

@@ -0,0 +1,59 @@
+--- charts-original/templates/cilium-agent/daemonset.yaml
++++ charts/templates/cilium-agent/daemonset.yaml
+@@ -47,7 +47,6 @@
+         # cilium to be a critical pod in the cluster, which ensures cilium
+         # gets priority scheduling.
+         # https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
+-        scheduler.alpha.kubernetes.io/critical-pod: ""
+         {{- with .Values.podAnnotations }}
+         {{- toYaml . | nindent 8 }}
+         {{- end }}
+@@ -70,7 +69,7 @@
+       {{- end }}
+       containers:
+       - name: cilium-agent
+-        image: {{ include "cilium.image" .Values.image | quote }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         {{- if .Values.sleepAfterInit }}
+         command:
+@@ -321,7 +320,7 @@
+         {{- end }}
+       {{- if .Values.monitor.enabled }}
+       - name: cilium-monitor
+-        image: {{ include "cilium.image" .Values.image | quote }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         command: ["cilium"]
+         args:
+@@ -348,7 +347,7 @@
+       # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
+       # We use nsenter command with host's cgroup and mount namespaces enabled.
+       - name: mount-cgroup
+-        image: {{ include "cilium.image" .Values.image | quote }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         env:
+         - name: CGROUP_ROOT
+@@ -377,7 +376,7 @@
+       {{- end }}
+       {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }}
+       - name: wait-for-node-init
+-        image: {{ include "cilium.image" .Values.image | quote }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         command:
+         - sh
+@@ -390,9 +389,11 @@
+         volumeMounts:
+         - name: cilium-bootstrap-file
+           mountPath: {{ .Values.nodeinit.bootstrapFile }}
++        securityContext:
++          privileged: true
+       {{- end }}
+       - name: clean-cilium-state
+-        image: {{ include "cilium.image" .Values.image | quote }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         command:
+         - /init-container.sh

packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch

@@ -0,0 +1,11 @@
+--- charts-original/templates/cilium-nodeinit/daemonset.yaml
++++ charts/templates/cilium-nodeinit/daemonset.yaml
+@@ -42,7 +42,7 @@
+         name: xtables-lock
+       containers:
+         - name: node-init
+-          image: {{ include "cilium.image" .Values.nodeinit.image | quote }}
++          image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.nodeinit.image }}"
+           imagePullPolicy: {{ .Values.nodeinit.image.pullPolicy }}
+           securityContext:
+             privileged: true

packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch

@@ -0,0 +1,11 @@
+--- charts-original/templates/cilium-operator/deployment.yaml
++++ charts/templates/cilium-operator/deployment.yaml
+@@ -53,7 +53,7 @@
+       {{- end }}
+       containers:
+       - name: cilium-operator
+-        image: {{ include "cilium.operator.image" . }}
++        image: "{{ template "system_default_registry" . }}{{ include "cilium.operator.image" . }}"
+         imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
+         command:
+         - cilium-operator-{{ include "cilium.operator.cloud" . }}

packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/daemonset.yaml.patch

@@ -0,0 +1,28 @@
+--- charts-original/templates/cilium-preflight/daemonset.yaml
++++ charts/templates/cilium-preflight/daemonset.yaml
+@@ -28,14 +28,14 @@
+       {{- end }}
+       initContainers:
+         - name: clean-cilium-state
+-          image: {{ include "cilium.image" .Values.preflight.image | quote }}
++          image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.preflight.image | quote }}"
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           command: ["/bin/echo"]
+           args:
+           - "hello"
+       containers:
+         - name: cilium-pre-flight-check
+-          image: {{ include "cilium.image" .Values.preflight.image | quote }}
++          image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.preflight.image | quote }}"
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           command: ["/bin/sh"]
+           args:
+@@ -70,7 +70,7 @@
+           {{- end }}
+         {{- if ne .Values.preflight.tofqdnsPreCache "" }}
+         - name: cilium-pre-flight-fqdn-precache
+-          image: {{ include "cilium.image" .Values.preflight.image | quote }}
++          image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.preflight.image | quote }}"
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           name: cilium-pre-flight-fqdn-precache
+           command: ["/bin/sh"]

packages/rke2-cilium/generated-changes/patch/values.yaml.patch

@@ -0,0 +1,191 @@
+--- charts-original/values.yaml
++++ charts/values.yaml
+@@ -81,12 +81,10 @@
+ 
+ # -- Agent container image.
+ image:
+-  repository: quay.io/cilium/cilium
++  repository: rancher/mirrored-cilium-cilium
+   tag: v1.11.1
+   pullPolicy: IfNotPresent
+-  # cilium-digest
+-  digest: "sha256:251ff274acf22fd2067b29a31e9fda94253d2961c061577203621583d7e85bd2"
+-  useDigest: true
++  useDigest: false
+ 
+ # -- Pod affinity for cilium-agent.
+ affinity:
+@@ -98,12 +96,6 @@
+               operator: In
+               values:
+                 - linux
+-        # Compatible with Kubernetes 1.12.x and 1.13.x
+-        - matchExpressions:
+-            - key: beta.kubernetes.io/os
+-              operator: In
+-              values:
+-                - linux
+   podAntiAffinity:
+     requiredDuringSchedulingIgnoredDuringExecution:
+     - labelSelector:
+@@ -561,7 +553,7 @@
+ 
+ hubble:
+   # -- Enable Hubble (true by default).
+-  enabled: true
++  enabled: false
+ 
+   # -- Buffer size of the channel Hubble uses to receive monitor events. If this
+   # value is not set, the queue size is set to the default monitor queue size.
+@@ -694,7 +686,8 @@
+ 
+     # -- Node labels for pod assignment
+     # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-    nodeSelector: {}
++    nodeSelector:
++      kubernetes.io/os: linux
+ 
+     # -- Annotations to be added to hubble-relay pods
+     podAnnotations: {}
+@@ -864,7 +857,8 @@
+ 
+     # -- Node labels for pod assignment
+     # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-    nodeSelector: {}
++    nodeSelector:
++      kubernetes.io/os: linux
+ 
+     # -- Node tolerations for pod assignment on nodes with taints
+     # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+@@ -925,7 +919,7 @@
+ ipam:
+   # -- Configure IP Address Management mode.
+   # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
+-  mode: "cluster-pool"
++  mode: "kubernetes"
+   operator:
+     # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
+     # IPv4 CIDR range to delegate to individual nodes for IPAM.
+@@ -1122,7 +1116,7 @@
+ 
+ # -- Configure prometheus metrics on the configured port at /metrics
+ prometheus:
+-  enabled: false
++  enabled: true
+   port: 9090
+   serviceMonitor:
+     # -- Enable service monitors.
+@@ -1248,7 +1242,8 @@
+ 
+   # -- Node labels for cilium-etcd-operator pod assignment
+   # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-  nodeSelector: {}
++  nodeSelector:
++    kubernetes.io/os: linux
+ 
+   # -- Annotations to be added to cilium-etcd-operator pods
+   podAnnotations: {}
+@@ -1308,17 +1303,9 @@
+ 
+   # -- cilium-operator image.
+   image:
+-    repository: quay.io/cilium/operator
++    repository: rancher/mirrored-cilium-operator
+     tag: v1.11.1
+-    # operator-generic-digest
+-    genericDigest: "sha256:977240a4783c7be821e215ead515da3093a10f4a7baea9f803511a2c2b44a235"
+-    # operator-azure-digest
+-    azureDigest: "sha256:dbe0da6d8cd82d036bd8d1162140c203f1375ae5a6084a09f704ddc42485f0fb"
+-    # operator-aws-digest
+-    awsDigest: "sha256:61895007b65fdc703614c92072d8e81fd0562c02dd605c411a088c355840ea50"
+-    # operator-alibabacloud-digest
+-    alibabacloudDigest: "sha256:e4b52b5579167da21fd72ec596f72f9dd7a38963a9bccf855c58af33b1b984c4"
+-    useDigest: true
++    useDigest: false
+     pullPolicy: IfNotPresent
+     suffix: ""
+ 
+@@ -1387,7 +1374,8 @@
+ 
+   # -- Node labels for cilium-operator pod assignment
+   # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-  nodeSelector: {}
++  nodeSelector:
++    kubernetes.io/os: linux
+ 
+   # -- Annotations to be added to cilium-operator pods
+   podAnnotations: {}
+@@ -1427,7 +1415,7 @@
+   # -- Enable prometheus metrics for cilium-operator on the configured port at
+   # /metrics
+   prometheus:
+-    enabled: false
++    enabled: true
+     port: 6942
+     serviceMonitor:
+       # -- Enable service monitors.
+@@ -1442,11 +1430,11 @@
+ 
+ nodeinit:
+   # -- Enable the node initialization DaemonSet
+-  enabled: false
++  enabled: true
+ 
+   # -- node-init image.
+   image:
+-    repository: quay.io/cilium/startup-script
++    repository: rancher/mirrored-cilium-startup-script
+     tag: 62bfbe88c17778aad7bef9fa57ff9e2d4a9ba0d8
+     pullPolicy: IfNotPresent
+ 
+@@ -1489,7 +1477,8 @@
+ 
+   # -- Node labels for nodeinit pod assignment
+   # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-  nodeSelector: {}
++  nodeSelector:
++    kubernetes.io/os: linux
+ 
+   # -- Annotations to be added to node-init pods.
+   podAnnotations: {}
+@@ -1524,11 +1513,9 @@
+ 
+   # -- Cilium pre-flight image.
+   image:
+-    repository: quay.io/cilium/cilium
++    repository: rancher/mirrored-cilium-cilium
+     tag: v1.11.1
+-    # cilium-digest
+-    digest: "sha256:251ff274acf22fd2067b29a31e9fda94253d2961c061577203621583d7e85bd2"
+-    useDigest: true
++    useDigest: false
+     pullPolicy: IfNotPresent
+ 
+   # -- The priority class to use for the preflight pod.
+@@ -1578,7 +1565,8 @@
+ 
+   # -- Node labels for preflight pod assignment
+   # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-  nodeSelector: {}
++  nodeSelector:
++    kubernetes.io/os: linux
+ 
+   # -- Annotations to be added to preflight pods
+   podAnnotations: {}
+@@ -1663,7 +1651,8 @@
+ 
+     # -- Node labels for pod assignment
+     # ref: https://kubernetes.io/docs/user-guide/node-selection/
+-    nodeSelector: {}
++    nodeSelector:
++      kubernetes.io/os: linux
+ 
+     # -- Annotations to be added to clustermesh-apiserver pods
+     podAnnotations: {}
+@@ -1789,3 +1778,6 @@
+ # -- Configure whether to enable auto detect of terminating state for endpoints
+ # in order to support graceful termination.
+ enableK8sTerminatingEndpoint: true
++
++global:
++  systemDefaultRegistry: ""

packages/rke2-cilium/package.yaml

@@ -1,3 +1,2 @@
-url: local
-packageVersion: 01
-releaseCandidateVersion: 00
+url: https://helm.cilium.io/cilium-1.11.1.tgz
+packageVersion: 02