Merge pull request #46 from jcaamano/main-source

Add cilium chart
2021-04-08 07:58:42 -07:00 · 2021-04-08 07:58:42 -07:00 · cef1dde9fd
parent 87e567bead 3d1dedcf2b
commit cef1dde9fd
22 changed files with 587 additions and 0 deletions
--- a/packages/cilium/generated-changes/patch/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl.patch
+++ b/packages/cilium/generated-changes/patch/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl	2021-02-08 14:38:47.439463526 +0100
+@@ -10,7 +10,7 @@
+       serviceAccountName: clustermesh-apiserver-generate-certs
+       containers:
+         - name: certgen
+-          image: {{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+           imagePullPolicy: {{ .Values.certgen.image.pullPolicy }}
+           command:
+             - "/usr/bin/cilium-certgen"
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/_helpers.tpl charts/templates/_helpers.tpl
--- a/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch
+++ b/packages/cilium/generated-changes/patch/templates/_helpers.tpl.patch
@ -0,0 +1,15 @@
+--- charts-original/templates/_helpers.tpl	2021-02-08 14:24:33.605473204 +0100
+++ charts/templates/_helpers.tpl	2021-02-08 14:38:47.443463553 +0100
+@@ -122,3 +122,11 @@
+ tls.crt: {{ $cert.Cert | b64enc }}
+ tls.key: {{ $cert.Key | b64enc }}
+ {{- end }}
+  
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end }}
+{{- end }}
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/_hubble-generate-certs-job-spec.tpl charts/templates/_hubble-generate-certs-job-spec.tpl
--- a/packages/cilium/generated-changes/patch/templates/_hubble-generate-certs-job-spec.tpl.patch
+++ b/packages/cilium/generated-changes/patch/templates/_hubble-generate-certs-job-spec.tpl.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/_hubble-generate-certs-job-spec.tpl	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/_hubble-generate-certs-job-spec.tpl	2021-02-08 14:38:47.451463609 +0100
+@@ -10,7 +10,7 @@
+       serviceAccountName: hubble-generate-certs
+       containers:
+         - name: certgen
+-          image: {{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.certgen.image.repository }}:{{ .Values.certgen.image.tag }}
+           imagePullPolicy: {{ .Values.certgen.image.pullPolicy }}
+           command:
+             - "/usr/bin/cilium-certgen"
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/hubble-relay-deployment.yaml charts/templates/hubble-relay-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-agent-daemonset.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-agent-daemonset.yaml.patch
@ -0,0 +1,39 @@
+--- charts-original/templates/cilium-agent-daemonset.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-agent-daemonset.yaml	2021-02-08 14:38:47.471463747 +0100
+@@ -193,7 +193,7 @@
+ {{- with .Values.extraEnv }}
+ {{ toYaml . | trim | indent 8 }}
+ {{- end }}
+-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.cni.install }}
+         lifecycle:
+@@ -311,7 +311,7 @@
+ {{- range $type := .Values.monitor.eventTypes }}
+         - --type={{ $type }}
+ {{- end }}
+-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         volumeMounts:
+         - mountPath: /var/run/cilium
+@@ -331,7 +331,7 @@
+ {{- if and .Values.nodeinit.enabled (not (eq .Values.nodeinit.bootstrapFile "")) }}
+       - name: wait-for-node-init
+         command: ['sh', '-c', 'until stat {{ .Values.nodeinit.bootstrapFile }} > /dev/null 2>&1; do echo "Waiting on node-init to run..."; sleep 1; done']
+-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         volumeMounts:
+         - mountPath: {{ .Values.nodeinit.bootstrapFile }}
+@@ -369,7 +369,7 @@
+ {{- if .Values.extraEnv }}
+ {{ toYaml .Values.extraEnv | indent 8 }}
+ {{- end }}
+-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         name: clean-cilium-state
+         securityContext:
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/cilium-etcd-operator-deployment.yaml charts/templates/cilium-etcd-operator-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-etcd-operator-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-etcd-operator-deployment.yaml.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/cilium-etcd-operator-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-etcd-operator-deployment.yaml	2021-02-08 14:38:47.511464021 +0100
+@@ -64,7 +64,7 @@
+           value: "revision"
+         - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_RETENTION
+           value: "25000"
+-        image: {{ .Values.etcd.image.repository }}:{{ .Values.etcd.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.etcd.image.repository }}:{{ .Values.etcd.image.tag }}
+         imagePullPolicy: {{ .Values.etcd.image.pullPolicy }}
+         name: cilium-etcd-operator
+       dnsPolicy: ClusterFirst
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/cilium-nodeinit-daemonset.yaml charts/templates/cilium-nodeinit-daemonset.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-nodeinit-daemonset.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-nodeinit-daemonset.yaml.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/cilium-nodeinit-daemonset.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-nodeinit-daemonset.yaml	2021-02-08 14:38:47.519464077 +0100
+@@ -34,7 +34,7 @@
+ {{- end }}
+       containers:
+         - name: node-init
+-          image: {{ .Values.nodeinit.image.repository }}:{{ .Values.nodeinit.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.nodeinit.image.repository }}:{{ .Values.nodeinit.image.tag }}
+           imagePullPolicy: {{ .Values.nodeinit.image.pullPolicy }}
+           securityContext:
+             privileged: true
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/cilium-operator-deployment.yaml charts/templates/cilium-operator-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-operator-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-operator-deployment.yaml.patch
@ -0,0 +1,18 @@
+--- charts-original/templates/cilium-operator-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-operator-deployment.yaml	2021-02-08 14:38:47.531464160 +0100
+@@ -136,11 +136,11 @@
+           value: {{ $value }}
+ {{- end }}
+ {{- if .Values.eni }}
+-        image: {{ .Values.operator.image.repository }}-aws:{{ .Values.operator.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.operator.image.repository }}-aws:{{ .Values.operator.image.tag }}
+ {{- else if .Values.azure.enabled }}
+-        image: {{ .Values.operator.image.repository }}-azure:{{ .Values.operator.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.operator.image.repository }}-azure:{{ .Values.operator.image.tag }}
+ {{- else }}
+-        image: {{ .Values.operator.image.repository }}-generic:{{ .Values.operator.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.operator.image.repository }}-generic:{{ .Values.operator.image.tag }}
+ {{- end }}
+         imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
+         name: cilium-operator
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/cilium-preflight-daemonset.yaml charts/templates/cilium-preflight-daemonset.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-preflight-daemonset.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-preflight-daemonset.yaml.patch
@ -0,0 +1,29 @@
+--- charts-original/templates/cilium-preflight-daemonset.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-preflight-daemonset.yaml	2021-02-08 14:38:47.555464324 +0100
+@@ -25,14 +25,14 @@
+ {{- end }}
+       initContainers:
+         - name: clean-cilium-state
+-          image: {{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           command: ["/bin/echo"]
+           args:
+           - "hello"
+       containers:
+         - name: cilium-pre-flight-check
+-          image: {{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           command: ["/bin/sh"]
+           args:
+@@ -68,7 +68,7 @@
+ 
+ {{- if ne .Values.preflight.tofqdnsPreCache "" }}
+         - name: cilium-pre-flight-fqdn-precache
+-          image: {{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           name: cilium-pre-flight-fqdn-precache
+           command: ["/bin/sh"]
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/cilium-preflight-deployment.yaml charts/templates/cilium-preflight-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/cilium-preflight-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/cilium-preflight-deployment.yaml.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/cilium-preflight-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/cilium-preflight-deployment.yaml	2021-02-08 14:38:47.559464353 +0100
+@@ -37,7 +37,7 @@
+       containers:
+ {{- if .Values.preflight.validateCNPs }}
+         - name: cnp-validator
+-          image: {{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.preflight.image.repository }}:{{ .Values.preflight.image.tag }}
+           imagePullPolicy: {{ .Values.preflight.image.pullPolicy }}
+           command: ["/bin/sh"]
+           args:
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/clustermesh-apiserver-deployment.yaml charts/templates/clustermesh-apiserver-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/clustermesh-apiserver-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/clustermesh-apiserver-deployment.yaml.patch
@ -0,0 +1,30 @@
+--- charts-original/templates/clustermesh-apiserver-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/clustermesh-apiserver-deployment.yaml	2021-02-08 14:38:47.591464573 +0100
+@@ -30,7 +30,7 @@
+       serviceAccount: clustermesh-apiserver
+       initContainers:
+       - name: etcd-init
+-        image: {{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+         imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
+         env:
+         - name: ETCDCTL_API
+@@ -67,7 +67,7 @@
+           name: etcd-data-dir
+       containers:
+       - name: etcd
+-        image: {{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.clustermesh.apiserver.etcd.image.repository }}:{{ .Values.clustermesh.apiserver.etcd.image.tag }}
+         imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }}
+         env:
+         - name: ETCDCTL_API
+@@ -96,7 +96,7 @@
+         - mountPath: /var/run/etcd
+           name: etcd-data-dir
+       - name: "apiserver"
+-        image: {{ .Values.clustermesh.apiserver.image.repository }}:{{ .Values.clustermesh.apiserver.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.clustermesh.apiserver.image.repository }}:{{ .Values.clustermesh.apiserver.image.tag }}
+         imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }}
+         command:
+           - /usr/bin/clustermesh-apiserver
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl charts/templates/_clustermesh-apiserver-generate-certs-job-spec.tpl
--- a/packages/cilium/generated-changes/patch/templates/hubble-relay-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/hubble-relay-deployment.yaml.patch
@ -0,0 +1,12 @@
+--- charts-original/templates/hubble-relay-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/hubble-relay-deployment.yaml	2021-02-08 14:38:47.683465207 +0100
+@@ -45,7 +45,7 @@
+ {{- end }}
+       containers:
+         - name: hubble-relay
+-          image: {{ .Values.hubble.relay.image.repository }}:{{ .Values.hubble.relay.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.hubble.relay.image.repository }}:{{ .Values.hubble.relay.image.tag }}
+           imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}
+           command:
+             - hubble-relay
+diff -x '*.tgz' -x '*.lock' -uNr charts-original/templates/hubble-ui-deployment.yaml charts/templates/hubble-ui-deployment.yaml
--- a/packages/cilium/generated-changes/patch/templates/hubble-ui-deployment.yaml.patch
+++ b/packages/cilium/generated-changes/patch/templates/hubble-ui-deployment.yaml.patch
@ -0,0 +1,29 @@
+--- charts-original/templates/hubble-ui-deployment.yaml	2021-02-04 01:17:41.000000000 +0100
+++ charts/templates/hubble-ui-deployment.yaml	2021-02-08 14:38:47.715465428 +0100
+@@ -40,7 +40,7 @@
+ {{- end }}
+       containers:
+         - name: frontend
+-          image: "{{ .Values.hubble.ui.frontend.image.repository }}:{{ .Values.hubble.ui.frontend.image.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.hubble.ui.frontend.image.repository }}:{{ .Values.hubble.ui.frontend.image.tag }}"
+           imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }}
+           ports:
+             - containerPort: 8080
+@@ -48,7 +48,7 @@
+           resources:
+             {{- toYaml .Values.hubble.ui.frontend.resources | trim | nindent 12 }}
+         - name: backend
+-          image: "{{ .Values.hubble.ui.backend.image.repository }}:{{ .Values.hubble.ui.backend.image.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.hubble.ui.backend.image.repository }}:{{ .Values.hubble.ui.backend.image.tag }}"
+           imagePullPolicy: {{ .Values.hubble.ui.backend.image.pullPolicy }}
+           env:
+             - name: EVENTS_SERVER_PORT
+@@ -61,7 +61,7 @@
+           resources:
+             {{- toYaml .Values.hubble.ui.backend.resources  | trim | nindent 12 }}
+         - name: proxy
+-          image: "{{ .Values.hubble.ui.proxy.image.repository }}:{{ .Values.hubble.ui.proxy.image.tag }}"
+          image: "{{ template "system_default_registry" . }}{{ .Values.hubble.ui.proxy.image.repository }}:{{ .Values.hubble.ui.proxy.image.tag }}"
+           imagePullPolicy: {{ .Values.hubble.ui.proxy.image.pullPolicy }}
+           ports:
+             - containerPort: 8081
--- a/packages/cilium/package.yaml
+++ b/packages/cilium/package.yaml
@ -0,0 +1,6 @@
+url: https://helm.cilium.io/cilium-1.9.4.tgz
+packageVersion: 01
+releaseCandidateVersion: 00
+# This package is meant to be consumed as a subchart of another package,
+# not directly.
+doNotRelease: true
--- a/packages/rke2-cilium/charts/Chart.yaml
+++ b/packages/rke2-cilium/charts/Chart.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+name: rke2-cilium
+description: eBPF-based Networking, Security, and Observability
+version: 1.9.4
+kubeVersion: '>= 1.12.0-0'
+home: https://cilium.io/
+keywords:
+  - cilium
+sources:
+  - https://github.com/rancher/rke2-charts
+maintainers:
+  - name: Rancher Labs
+    email: charts@rancher.com
--- a/packages/rke2-cilium/charts/requirements.yaml
+++ b/packages/rke2-cilium/charts/requirements.yaml
@ -0,0 +1,7 @@
+dependencies:
+- name: cilium
+  repository: file://./charts/cilium
+- import-values:
+  - defaults
+  name: rke2-cilium-hard-defaults
+  repository: file://./charts/rke2-cilium-hard-defaults
--- a/packages/rke2-cilium/charts/values.schema.json
+++ b/packages/rke2-cilium/charts/values.schema.json
@ -0,0 +1,240 @@
+{
+    "$schema": "http://json-schema.org/draft-09/schema",
+    "type": "object",
+    "properties": {
+        "cilium": {
+            "type": "object",
+            "properties": {
+                "azure": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "cni": {
+                    "type": "object",
+                    "properties": {
+                        "chainingMode": {
+                            "type": "string"
+                        },
+                        "customConf": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "eni": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    },
+                    "required": ["repository", "tag" ]
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "ipam": {
+                    "type": "object",
+                    "properties": {
+                        "mode": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "masquerade": {
+                    "type": "boolean"
+                },
+                "nodeinit": {
+                    "type": "object",
+                    "properties": {
+                        "image": {
+                            "type": "object",
+                            "properties": {
+                                "repository": {
+                                    "type": "string"
+                                },
+                                "tag": {
+                                    "type": "string"
+                                }
+                            },
+                            "required": ["repository", "tag" ]
+                        }
+                    },
+                    "required": ["image" ]
+                },
+                "operator": {
+                    "type": "object",
+                    "properties": {
+                        "image": {
+                            "type": "object",
+                            "properties": {
+                                "repository": {
+                                    "type": "string"
+                                },
+                                "tag": {
+                                    "type": "string"
+                                }
+                            },
+                            "required": ["repository", "tag" ]
+                        }
+                    },
+                    "required": ["image" ]
+                },
+                "preflight": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "image": {
+                            "type": "object",
+                            "properties": {
+                                "repository": {
+                                    "type": "string"
+                                },
+                                "tag": {
+                                    "type": "string"
+                                }
+                            },
+                            "required": ["repository", "tag" ]
+                        }
+                    }
+                },
+                "tunnel": {
+                    "type": "string"
+                }
+            },
+            "required": ["image", "operator", "nodeinit" ]
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "systemDefaultRegistry": {
+                    "type": "string"
+                }
+            }
+        }
+    },
+    "required": ["cilium"],
+    "allOf": [
+        { "$ref" : "#/$defs/azure-requires-config" },
+        { "$ref" : "#/$defs/aws-requires-config" },
+        { "$ref" : "#/$defs/azure-aws-are-exclusive" },
+        { "$ref" : "#/$defs/preflight-requires-config" }
+    ],
+    "$defs": {
+        "is-azure": {
+            "properties" : {
+                "cilium": {
+                    "properties": {
+                        "azure": {
+                            "properties": {
+                                "enabled": { "const": true }
+                            }
+                        }
+                    }
+                }
+            }
+        },
+        "azure-requires-config" : {
+            "anyOf": [
+                { "not": { "$ref": "#/$defs/is-azure" } },
+                { 
+                    "properties": {
+                        "cilium": {
+                            "properties": {
+                                "masquerade": { "const": true },
+                                "cni": {
+                                    "properties": {
+                                        "chainingMode": { "const": "generic-veth" },
+                                        "customConf": { "const": true },
+                                        "configMap": { "const": "cni-configuration"}
+                                    },
+                                    "required": [ "chainingMode", "customConf", "configMap" ]
+                                }
+                            },
+                            "required": [ "cni" ]
+                        }
+                    }
+                }
+            ]
+        },
+        "is-aws": {
+            "properties" : {
+                "cilium": {
+                    "properties": {
+                        "eni": { "const": true }
+                    }
+                }
+            }
+        },
+        "aws-requires-config": {
+            "anyOf": [
+                { "not": { "$ref": "#/$defs/is-aws" } },
+                {
+                    "properties": {
+                        "cilium": {
+                            "properties": {
+                                "tunnel": { "const": "disabled" },
+                                "egressMasqueradeInterfaces": { "const": "eth0" },
+                                "ipam": {
+                                    "properties": {
+                                        "mode": { "const": "eni" }
+                                    },
+                                    "required": [ "mode" ]
+                                }
+                            },
+                            "required": [ "tunnel", "egressMasqueradeInterfaces", "ipam" ]
+                        }
+                    }
+                }
+            ]
+        },
+        "azure-aws-are-exclusive": {
+            "not": {
+                "allOf": [
+                    { "$ref": "#/$defs/is-azure" },
+                    { "$ref": "#/$defs/is-aws" }
+                ]
+            }
+        },
+        "is-preflight": {
+            "properties" : {
+                "cilium": {
+                    "properties": {
+                        "preflight": {
+                            "properties": {
+                                "enabled": { "const": true }
+                            }
+                        }
+                    }
+                }
+            }
+        },
+        "preflight-requires-config" : {
+            "anyOf": [
+                { "not": { "$ref": "#/$defs/is-preflight" } },
+                { 
+                    "properties": {
+                        "cilium": {
+                            "properties": {
+                                "preflight": {
+                                    "required": [ "image" ]
+                                }
+                            }
+                        }
+                    }
+                }
+            ]
+        }
+    }
+}
--- a/packages/rke2-cilium/charts/values.yaml
+++ b/packages/rke2-cilium/charts/values.yaml
@ -0,0 +1,53 @@
+# Cilium specific options that can be customized for RKE2
+# Set with '--set cilium.<option>=<value>'
+cilium:
+
+  # imagePullSecrets specifies the key to access the registry
+  imagePullSecrets: []
+  image:
+    repository: rancher/mirrored-cilium-cilium
+    tag: v1.9.4
+  operator:
+    image:
+      repository: rancher/mirrored-cilium-operator
+      tag: v1.9.4
+  nodeinit:
+    image:
+      repository: rancher/mirrored-cilium-startup-script
+      tag: 62bfbe88c17778aad7bef9fa57ff9e2d4a9ba0d8
+  preflight:
+    # preflight enable to optionally prepare cilium prior to an upgrade
+    enabled: false
+    image:
+      repository: rancher/mirrored-cilium-cilium
+      tag: v1.9.4
+
+  #
+  # Enable Azure integration.
+  #
+  azure:
+    enabled: false
+  cni:
+    # Set to "generic-veth" for Azure integration.
+    chainingMode: none
+    # Set to "true" for Azure integration.
+    customConf: false
+    # Set to "cni-configuration" for Azure integration.
+    # configMap: cni-configuration
+  # Set to "true" for Azure integration.
+  masquerade: true
+
+  #
+  # Enable Elastic Network Interface (ENI) for AWS integration.
+  #
+  eni: false
+  ipam:
+    # Set mode to "eni" for ENI AWS intetgration.
+    mode: "cluster-pool"
+  # Set tunnel to "disable" if ENI AWS or Azure integrations are enabled.
+  tunnel: "vxlan"
+  # Set to "eth0" for ENI AWS intetgration.
+  #egressMasqueradeInterfaces: eth0
+
+global:
+  systemDefaultRegistry: ""
--- a/packages/rke2-cilium/generated-changes/dependencies/cilium/dependency.yaml
+++ b/packages/rke2-cilium/generated-changes/dependencies/cilium/dependency.yaml
@ -0,0 +1,2 @@
+workingDir: ""
+url: packages/cilium
--- a/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/charts/Chart.yaml
+++ b/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/charts/Chart.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+name: rke2-cilium-hard-defaults
+description: Default options for cilium in RKE2
+version: 1.0.0
+home: https://docs.rke2.io/
+keywords:
+  - cilium
+sources:
+  - https://github.com/rancher/rke2-charts
+maintainers:
+  - name: Rancher Labs
+    email: charts@rancher.com
--- a/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/charts/values.yaml
+++ b/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/charts/values.yaml
@ -0,0 +1,17 @@
+exports:
+  defaults:
+    # These are the default options override of cilium for RKE2
+    # for which no customization is allowed
+    cilium:
+      
+      # Enable all metrics
+      prometheus:
+        enabled: true
+      operator:
+        prometheus:
+          enabled: true
+      
+      # Enable node init to correctly setup the node as required for cilium
+      # throughout all the supported OS
+      nodeinit:
+        enabled: true
--- a/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/dependency.yaml
+++ b/packages/rke2-cilium/generated-changes/dependencies/rke2-cilium-hard-defaults/dependency.yaml
@ -0,0 +1,2 @@
+workingDir: ""
+url: local
--- a/packages/rke2-cilium/package.yaml
+++ b/packages/rke2-cilium/package.yaml
@ -0,0 +1,3 @@
+url: local
+packageVersion: 01
+releaseCandidateVersion: 00