From dbd66a2662b33094908e30c7bd549c6ef8243b24 Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Thu, 29 Apr 2021 00:16:16 +0000
Subject: [PATCH] Add ability to configure calico failsafe ports

Made FailsafeOutboundHostPorts and FailsafeInboundHostPorts configurable
to allow users to have custom network policy for example SSH (22)

Previously failsafe rules would always have opened 22 even if user had
custom GlobalNetworkPolicy applied on the node.

Fixes https://github.com/rancher/rke2/issues/921
---
 .../rke2-canal-v3.13.300-build2021022303.tgz  | Bin 0 -> 6078 bytes
 .../v3.13.300-build2021022303/Chart.yaml      |  13 +
 .../templates/NOTES.txt                       |   3 +
 .../templates/_helpers.tpl                    |   7 +
 .../templates/config.yaml                     |  67 +++++
 .../templates/crd.yaml                        | 197 +++++++++++++
 .../templates/daemonset.yaml                  | 266 ++++++++++++++++++
 .../templates/rbac.yaml                       | 163 +++++++++++
 .../templates/serviceaccount.yaml             |   6 +
 .../v3.13.300-build2021022303/values.yaml     |  80 ++++++
 index.yaml                                    |  17 ++
 11 files changed, 819 insertions(+)
 create mode 100755 assets/rke2-canal/rke2-canal-v3.13.300-build2021022303.tgz
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/Chart.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/NOTES.txt
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/_helpers.tpl
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/config.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/crd.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/daemonset.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/rbac.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/serviceaccount.yaml
 create mode 100755 charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/values.yaml

diff --git a/assets/rke2-canal/rke2-canal-v3.13.300-build2021022303.tgz b/assets/rke2-canal/rke2-canal-v3.13.300-build2021022303.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..2a42a081ae1c81cc21b5da1911d24cf66b5b3cc7
GIT binary patch
literal 6078
zcmV;v7eVMBiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBja~iqQ=ziu`bm6*{FCM@zadx@4Ze0R6q1MJ+gLn7TsZ*?&
zX+Xz9nj>kjIXQWL`%{wUodMff+u41}^C1Z{Qg^G>YPI@Bk+*p4`GgbJ>@JDajSX3`
zAD;JVwOXyS(^LC*tJNz1-8y}L^uy6<>-6~K!~2ut)(@?tlcS^7572sMIx3$?X(E4U
z{b5|?!Tm)Z64GB#Dk^vz)<-oGhS|@P#?eXRq!ys^B@MNGIp9hY#-M9N28O8bguI0j
zix!kOYD=-gHY~LcRlC`|ySr<IQv4Hr?Gr|Q(GYUctli?~PRKyDYaUq1tE~v-noy3?
zzQh%wtPQ@ANA>?C;r<e3!xyU>04D~+wR;B_WTtBFRVK(aB_ipg1(lGppn4h242)(B
zujx8i9JO_6%&nF;izo|@TgOMO<KvUoN$q=2)C)bi^}i-8LiGX);DPo3{<w8oUjHYj
zAKupgYdoIk)oKSYSt1NZ>r?P)AR!cjffnFPBpN|*Fig@>2y_lya0I-kN~;EpL;!=4
zf;-9>%&>L<{!%F9FqdKldPx;X!WY=6g(B$EK(?WN)M}g_H(HHW^XRNztIZkV99g>t
zZ~(W_488ab&=px=4cy=6JAlMcD5{0rv>{o@OCkg07$p5{LroTKShvh-Zh3LbqvE2r
z2+hDL*C^-2M~D;#Fxxn_1al!_DU^o)<NaUv4_~ZS5vM*e%CKPp4CcUau3^RqzdZ!K
zL~j1b0i`NoN~9=X*soj!_)b{>0nSOpG)NI?G%%^@)rNX~n<EB4;Q<i2h*rq8f*P0~
z%5cYny64f*TM_lIdh*+LSJ8~4_Ern&V16Y2E%Lw)Fb}_xeo;#iu>iQxFhiq>`2qvm
zmuQd?*K}oRow@dHsITuC;dRS<_tc!uck|jE4uHC?!}89}se#~gI(X##I)J(9b;`P8
zR^9Gon4BRpzn&k{Im7$4U@%C~%-xIU$J8U5C@my{-h^o9&WdRR2HO0~OcYXWwna0i
z61heNLIP?(Fq8!efXODrwrj*uqZ7kl3Dp*8kl_(PIn|Uf`foe7J3{rjkSQf?&@w{D
zalz+w5lM7%3}ms8xNvhlBW76%4xtF3JLp{-Sdqe!2+Xe>lpa-N#t=S!8d*4$FYMGg
zGlTNQ$3)(Y7IKJLq%=y$6hm=<T+{i+F0%kbCN^fJ*zZ=}TzkiZ`t6VE&~mX}z(1!9
zfr-V!tXC!Acf%}SGxJXU4u%+IS?b!KQ-&9=b;V!?qxG2?{m&`Gt(+jE_k(bKHjctj
zNZp1xVaoL!p`;=>1j<37FL<C1&APi=Qh(_>f<%vmA)~0km}4~52A495T4M&@y}ib{
zM710km9!?T4QDNjC+!t4W5d5lIoYxR4ioL9%qJ3Q0kg<S8(~TqkyEJ6H$K-!))+2`
zzbWHSXU#ycn8&E$+zuq+vKCOMd@kxKb1uYUjBAusZ^phv<ZUnwZ2vxY^JGCRkubgV
zm+0T7oj==mu33<ql(=Ik#R~NjBLyqelKLv?I7+`<x)0khl8ODTH-e7uBSYx~ohZ0N
z2!z#}%FQcK4R=&8K|~Uw8U0|FL%O$FoWJ!(DV9tMeqEwn%|cpuT7c2)5lRvuXi4UC
z>YKL#DoweiK-rcC9px5=Sp;U)#Vg3LCj*ijQZ^sRgHTXz@!35u*`J7S$EXE#y50V0
zlCrwz8ua6i6Y*In-SORd!L==^2t(E7<R%t3189wU8C_0p+HiFG-U;Vq6E2C_JmW=X
zb(l6U$0*m-$Dy_RQ$=8w7ej3ou(uX0TA>%(bBPyF8EfWW?0a`y=~3B+=9<VRqqF9%
z>)v!dT}P)Gor(s^XCgA2CZSA`x#6ocCQyGB>J2C@jTEntaFs5a2HYrwcZS4wcBT^b
zl7OId*oX+0WR2z@62u(`8L^y-IFH*79D2jskwKgq2r+pg(%+T7s~CTgz}kX|8L`Hl
z+9-{ySXi!cL6tT;V!i%9^=S2%cyi}IjjNCmjjB1kn)JsFeXpMf$3y;~<D>HV@ARzo
zcK&;nC$^MhKaNv-up|m*h&(abjqa@(p=cXhb450w$*tLa?_foFWb90HBuKnMc5h4i
zTGQXyQwq$<#oFXE^u@}w0Er~nIHRTUrU$;mQ@Q@9OJpHR)zIN{xPl&9|0k`J()xdY
z`r&Q;zsmFFi)YLM$`R^rhn~jP!Bob3bRE2}Uu&izokQan=OuLedZThvPuqu*ay^Io
z|5DBR(|RIPnEt3|6qrLw`QP80g@5U%a{c?(Qhzp2@B{1r<o$>D<@JAZeEPQjU*qvS
zuXX@q8!>6eXNkNd*cV<-Agr^Ps`xZ_NkVf(vwl-8z)z2O1QfElXHJk9Bz8g00obVB
zQXaH3Ftt)7YK58vM3Z(J^!f4y8rR5>C~TOsAAJ296Baj7p>>=(m#0-PwFJVx<K$Gi
z^W-!`6RWB?YE?dT!hhgjk<f;KKdTSfBA>>d<lKl7N3Z>oAIEEX9JaZeLs6z@m&YJ>
z7))0>s)Cp}6Sm-)i8AJBV(up5N)pdTVzUYkNc^Q`aRY2W6{1fGvv6Fb%-F9s!r{Oq
zF%awIS`kfs!q^5v5k_V$1+lYx8Y7>&UTye~XT85)V%K@yNMYT%CcRJuUfjNZm^AQt
zvQSL3R^y~`lzogH7xgy$J@v(Z$$91LdJ|gkj#p_%`;Cdkl;IkgX<(gkh0m#Hc$xso
ze8|O?hHuF@rqiEqKK8GN{Yig39bWbN(_!bbKb;nPtaMaw!*tpm4yKoro9VRhm4;+h
zZx;qq7>rq19uq!c1*o=-3x1eZvCEkTG9Rb-TEG+vM*Yn`T(>`}-Q9BxsQ_WU$adN@
z#&oZS=Yvnv^T9=b)R}yqP7A<m6=*7_GZa#<NLXa5;=~MG%LohaeG-xxWmHo~r|o@7
z!jSTXiaR_W^^EY~js|*J-;X3~w}m18*FS3RR~%V!F|W$S+JH+DakI5hu7y<(S&S^s
zC5R&jc8_TMQ<;6`KgFdMr!UkCN+b?c=9EXexMDwcVQT9W$A$_en|Rd=+eJ3sKZWI5
zZU4#OInw|hu>U@MI4$S@oSq$@z1e@S@jPJv-3Ec@%fMxY)Cx8l2`S!d<mQ)Z-2SK<
zR5aH|Gt}fLG43Lz#p)VeLQc;dGpSj<6~^6c5f&D>Y8WBh${wnjZP<E~eGy_iiT>39
z7E(lE8>)L5dm%F|V{6exXC0*<KaIM1^!8K8B1u>UZT73N!y-oH_V-%NaP>ub6(Y*l
zXVC~PoC0SoCEE-!uV0)GO!&9PDCKsOd1ZDO<Q<26Q)Eh!tTJzMUpFt!p*YxWOgXvw
z9_uQGGsp-iu&RQ-61%oryfn{jRO@@{A{&R@t&J+^EAec*#Y^+d`SfB-&6?1!z8*hW
z5@L&PWUcrD+bT&cF>brfi?7fEN`?A+a&3%yH_Hrd``D#WzcjC`Gbzq8cx66)7Aj3}
zDDbF2Q;9$MZ!gUob3(RT%PTWxFzQ^|t+2qAjG7Wl(hsk}52pgZ14FurSF*^Fn4Suj
z#BR)2;K`EkfW5YEHaz)k5pVG%rl*1@?#s*bBou<ZIzL82uo5pU9b0@bZ(o`R-?VQJ
z6Nh{7huN`v)84;bzv@Q)<SqL78C2e%ckj%(J^6w2f2IE?Ah;4-;WJf(?f3s2pB|kZ
zm;66xt&^iS|IceYkBk4=I7mMFw<4U*QRyUNqO1$ng}hP+?4e7DWu_N#ExN-&oMaTI
z0~MURAb9P-MP63KW_6o3rUA-0o1X*8B~mBH!z7y6vw~~ZNl_7ms`<E(V!>6rBc=$z
z$P8JsLVr{q3C-GewP%SEK!&~+(luHU?JqBKy|(%RL}5TQj<qBj7aP}1+bs2K!5HO>
z8{5E@6y)C|5Le{>hLbg+jLaCe!KjjCCSx*k3@{HXP*g#ac?jo1yK`pN(uu(#5GMG-
z<u}{umDI+)Izb?~y5ejDTBPaGGi2iKFb88r<gH30hC~4YKZXD#2t2_L0lA87>MGT+
zNHm@69!e@C)f-U$5`)Na#0rdF5)D)<kg;M{KqQ)9DA!gUClKh|fW<XR3mb4v{Ww(T
zo)|L924UfnG_v@P*-R2*y-);gc=yg};aCF9V`O$*kOa%-0uZ6vz$lOI<L~Cw5G(vN
zLEFkg%E-bzT#{P^70G1v*>NOf+o}t~Tq%sohUEdy=jiJ;48=HZn~U9u&|ng>4SieZ
zRX`_i_s*D&cuUNtB#-qLH|+``c?{}2$^CouBmD@9<H&x;_eI3DOBm0~_5oZ{PFM8b
z2!Xh>RZS2$aU;nhgD70s=(La!AVV_){~I(imRCetKp=oXeJ-SrDfpyAJ*$c>&VC?#
zn{VS|s8!QUIuj&N%}}^Mng<%?Dh{@LVs1n&oygp$Pm=iP>PE({WTXwPxLLAJx{N60
znBY{I)$3j|fpKeN0(C`Jk6T>wnRYL#exulDloOelX|9V|j@uD;S6@>IvghVGHq0G#
z&*wBZ&#n~E=<P(a?MYi}z}K(a*#SwxStF~<g0ElOdm3u8$YOWqiOcZX@b`K%M`uGV
z>;K3#L%wboLcj;sC<HN2S(fKVT5#DYbV?Y~9S)}5tKqo~pO+%bHX*^5Rytd*Vc;^V
zbiIVXIs;;7>cdV#hW*K}SJyvJUG%z&nsX^u?a~K`@m-SeXWU%le7nJ;l6}gLRV&-M
z6{WF{QCq$n1#6IGb!q19?T^Zt80J&;z^n2Y9zXOsMHcKBv;8(AdfB$yN5c?eMqL_#
znYqi!O`I14Ya*%H>UYl4<>cm1F*QlDPH8wJiECTLYHi0<uh`OI#SlZIedofolGQUZ
zzUcQyJJy0Nq{_>`tL(9P1FBsDw=!?t1T>9&G)1VJKBvtY<+Um%_?&vPw6th1DAc|M
z#ZfncoxnKi5-^2+WYxCd8t-+H<WSNzWw^){rX_6c1cBL?&l%o>t9OE)q{havhLO`T
zrbUR-Y$tHT={@wsick(?;orK7KEjx|gC4y#mUv#L+dRJ{hYg+a=W54<LxSLr@-W_T
zA3CGKwsw!JWWB%=_Ph!{UxE9ek}ovgqv+o?BPE+Q#mLA+Gw#<=%Xf$H&Qs>k>L&I(
zHGjr0+?e0};}N1+%`Tf&S&)V;ncL#)w+NG8X$4$IT$N9H>8_Eph|=6Snirm|ODM%c
zl9kGePn^&glfmXOssw7TyBXZJH04gI6_Z!sXWiapFqILfh0XC9<Ss2Re^BVMmRk~6
zVKdw)%=5J~8YHLb8S!t8j!YBts<mXVGwF;cSJ(aN<Zq)Lro%Rog>v!j9HxZ2Cl`Ki
z(|0rOPe)h1scG?8>az0j-K3=@?Y0zrKaYOx3?|d_tLtgXtjAJPE{fkxk1;@=YI7Jv
z<JIkqp5X5^AWv%Xci4fQi$V7)F$D+1Pt%W`?$7;U@3EZQD(l}PWlyN`uO{~5W<2R%
zKWPQzt_nyf+al~4O7*viJ?~!(ewz+Plg`JB{`k6oe%&8`9t<b_>t8w-kEMR!4FEfa
zQ;q+LvszX8zmt7K0fP~cAdslcPJlt)`;w<=u*=S?I^rbx@b*fZZ@<l^2zbZMHqc!X
z?yfK}FD+R><~lneJ7s8rF3GwKmW$Z4(QpUs`0ACpkrkI$55Id}EQ_8`1NnQS1fsMe
z2cut3M^{%D+Y0p{e^&hIxN&s$V|o!!vE5T|!q}d$n3&#RY^2C0I8QIGK7AStE6<B<
zs2kIxOvg7~Ot4Lklj&anymNCg=?{COtHE$Gx%zxHo^-mC!PW3d^1bKIgWXDO|AipC
zNFI!SIUC=MMpxI9CoaMCZjt?4(vEvL_K<XO^=aJyrGGt`{B7L5?)RU@yRCaYc9B;^
z`nlh^n0)RJjWj(?85QmV+06^gT@Av^cZ2MrYIJ>d*`Ivw-;6K&lj}iu{4E6Tx^v`l
zjQOoM`WB?wr6Z3+bKV(Tj63K3!SLhN&9G+{j*-dnlaTJZ&Ejb!T-{8bfrhOcE2@e3
zwqrPC!G~fGiT{dFl|2vuei*gk_<d`Yd(Y?^IVv@hVur;Ic%MZXQV`n*9>+s_9IZYi
zxdxtPjA!r_hgWncAGHc!<IACX$jD|_n>nE@k~mo!^Fy$p4QB-&k$~<P;Zp1H6YBD4
zLU+nddzL@jtCW6f{q$4mgV{3LU{B{;$LD>+e5}`q(OGjPf{0<6Bqza)&b;dHW++#j
zZMGz+j6z1ddGGA1Mw)U}#uGR2DjH;nl1qkmVOkSuvE^<jE8|%c>B)$Dl}(<8$*}GL
zOon^kfXM-Hjs>;heyMZSkj?ra3*<WIbtnZsWW-fkZj{wymaf`MF4fAxF=tW2j0|dP
zPT96<+n<rYlkb^)6lvk-eg{Rd*-n30(WPRYrOxAJdk1;j;ma4#8OmEYh+L>5c+aZr
zYBiix{6C9s-tw{}oF85FUdFATgx(vxeB3Uh9*;WR7shXs8mjl%i_UP^zvxW|=TD;I
zCF43-Df0s)kEWNM@&Er*5S<k@KVmC+f|h?k$M4pLnJ3vUKF^;QY0p!D+HdAnP_ve&
zzu*kM$rrnCE3)cM&+NYzRdKoQ-bcNM_ME*CcWh?fL)*)PKr8kwZ~qMK1-W<PT_(^u
zWq2jK){#*$3yEgkBBy%RQ~7UK$k-!fK1Q4i9(RWov7YKs*<MyuMc=%=!Lq&Jsv~e2
z`LSnccRXxc6f13tY9id!^{BLIK%1@kgKbf*GD6C{-j458O#8mD(I2I@I+#|vVG+K5
z%|`QIQK0?|MbB?f`c&rs${F#Wu>ky``tR1sS-JlE!`bm${_kr%59I%*l2EH1z<~QK
z3J^$=b}I$LG{BbgFJyVRhc%Z2HlsWMYJIomwsDRgaXEVFy+97bwP0At<+TKnNH2w?
z|8`eFq?!Fy1+Y1%hrPG7UAPD)zVDDD1~!Fnff_;)s6&@9dFXPK6N}lN)I1;|{Uk*c
zsy6(+9w&TlIeR<{C;ef;)$-ceLA0;dC}+8j3!CQuXgtO0GxH|qXa(?W7YV5HZMsI>
z*v38V`7~Ig)KuXLc^Yc>;Ew1t5bpt_=}uAs(q6Ts8l?dp*zk&t*pf&KFF=jXVJ^5m
z@seN_&jj&(R4Thr3RWb18uML0)9o2JY$va&G|^EdPlq;a<!)qWNNoD(Py`rf@#d1U
zjUl$k7!&50dH`K_k*^IRD^OyEr3;F3MbKcR)~udfc6J6gN;1U{;8%mfk!COPw_MF-
z6Xa`eXr+W_QQCN=?O{|!xlW1om2#9>urUt|y>U87ZqR>V`4tyjZjr=lr;^s3lxKu*
zDGxh|s4T)*NS;jSPT|UAB$bbq;8Y8#Z2F&w6m+k9Zt2Fiv~44=EIZmwk*n*?Rgq_0
z+f{sSz7;Nm$l#>6V-#BMfRQhQbH59Pq#4vIQQP{eFsBuF^{8sQ>s|u$ZM)*v4yoeO
zhf1xpSG1BTj#QGTXLlgCo}Egtvz^7T|M+Z|S-x+Ick!h(Qa^uWD5#?+>9{ycCdov8
zn!f(V8JH|l*^}UkDqA>cOGgA}8ymTiG*<LUQGm?`SRXgeoUPy!cMIMOLE=iRF^E$E
zazzA!gH6ULqz6>#j3-Xy?p0M-nU9*QnzIX&JGk=J*a3_p#ta+G&@29fEni3!Dscuk
zXH3kRuAHmc6Tba_Yb<>QACu=S%@uoI`!8{#r?%hI_m5|=9Ui^8Jd;V1>>6$oKT=y0
zmEDk*<85Y;bHZR;D3_@)#SJLR7k|tm=Y*xf4ReBsU9ZW=_du+bu9dOUQJ!iQ&CH6i
z|NWb5T^v@ClHFx~<#OV^<J`%qT?~l*hR-<u{88t*c<{YXr*F?oKb8KU(vkd+dV(Ih
z|NZEseE;8v*8BHw{-4))%33bfWhI5NLyx_wj<@ISd3)ZTzv%Pd0RRC1{}vm^;{bdB
E0J?hg2><{9

literal 0
HcmV?d00001

diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/Chart.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/Chart.yaml
new file mode 100755
index 0000000..5fa179d
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+appVersion: v3.13.3
+description: Install Canal Network Plugin.
+home: https://www.projectcalico.org/
+keywords:
+- canal
+maintainers:
+- email: charts@rancher.com
+  name: Rancher Labs
+name: rke2-canal
+sources:
+- https://github.com/rancher/rke2-charts
+version: v3.13.300-build2021022303
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/NOTES.txt b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/NOTES.txt
new file mode 100755
index 0000000..12a30ff
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/NOTES.txt
@@ -0,0 +1,3 @@
+Canal network plugin has been installed.
+
+NOTE: It may take few minutes until Canal image install CNI files and node become in ready state.
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/_helpers.tpl b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/_helpers.tpl
new file mode 100755
index 0000000..b647c75
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/config.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/config.yaml
new file mode 100755
index 0000000..37f28ef
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/config.yaml
@@ -0,0 +1,67 @@
+---
+# Source: calico/templates/calico-config.yaml
+# This ConfigMap is used to configure a self-hosted Canal installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-config
+  namespace: kube-system
+data:
+  # Typha is disabled.
+  typha_service_name: {{ .Values.calico.typhaServiceName | quote }}
+  # The interface used by canal for host <-> host communication.
+  # If left blank, then the interface is chosen using the node's
+  # default route.
+  canal_iface: {{ .Values.flannel.iface | quote }}
+
+  # Whether or not to masquerade traffic to destinations not within
+  # the pod network.
+  masquerade: {{ .Values.calico.masquerade | quote }}
+
+  # Configure the MTU to use
+  veth_mtu: {{ .Values.calico.vethuMTU | quote }}
+
+  # The CNI network configuration to install on each node.  The special
+  # values in this config will be automatically populated.
+  cni_network_config: |-
+    {
+      "name": "k8s-pod-network",
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "calico",
+          "log_level": "info",
+          "datastore_type": "kubernetes",
+          "nodename": "__KUBERNETES_NODE_NAME__",
+          "mtu": __CNI_MTU__,
+          "ipam": {
+              "type": "host-local",
+              "subnet": "usePodCidr"
+          },
+          "policy": {
+              "type": "k8s"
+          },
+          "kubernetes": {
+              "kubeconfig": "__KUBECONFIG_FILEPATH__"
+          }
+        },
+        {
+          "type": "portmap",
+          "snat": true,
+          "capabilities": {"portMappings": true}
+        },
+        {
+          "type": "bandwidth",
+          "capabilities": {"bandwidth": true}
+        }
+      ]
+    }
+
+  # Flannel network configuration. Mounted into the flannel container.
+  net-conf.json: |
+    {
+      "Network": {{ .Values.podCidr | quote }},
+      "Backend": {
+        "Type": {{ .Values.flannel.backend | quote }}
+      }
+    }
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/crd.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/crd.yaml
new file mode 100755
index 0000000..0351759
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/crd.yaml
@@ -0,0 +1,197 @@
+---
+# Source: calico/templates/kdd-crds.yaml
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bgpconfigurations.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: BGPConfiguration
+    plural: bgpconfigurations
+    singular: bgpconfiguration
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: bgppeers.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: BGPPeer
+    plural: bgppeers
+    singular: bgppeer
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: blockaffinities.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: BlockAffinity
+    plural: blockaffinities
+    singular: blockaffinity
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterinformations.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: ClusterInformation
+    plural: clusterinformations
+    singular: clusterinformation
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: felixconfigurations.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: FelixConfiguration
+    plural: felixconfigurations
+    singular: felixconfiguration
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: globalnetworkpolicies.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: GlobalNetworkPolicy
+    plural: globalnetworkpolicies
+    singular: globalnetworkpolicy
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: globalnetworksets.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: GlobalNetworkSet
+    plural: globalnetworksets
+    singular: globalnetworkset
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: hostendpoints.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: HostEndpoint
+    plural: hostendpoints
+    singular: hostendpoint
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamblocks.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMBlock
+    plural: ipamblocks
+    singular: ipamblock
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamconfigs.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMConfig
+    plural: ipamconfigs
+    singular: ipamconfig
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ipamhandles.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPAMHandle
+    plural: ipamhandles
+    singular: ipamhandle
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ippools.crd.projectcalico.org
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: IPPool
+    plural: ippools
+    singular: ippool
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: networkpolicies.crd.projectcalico.org
+spec:
+  scope: Namespaced
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: NetworkPolicy
+    plural: networkpolicies
+    singular: networkpolicy
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: networksets.crd.projectcalico.org
+spec:
+  scope: Namespaced
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: NetworkSet
+    plural: networksets
+    singular: networkset
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/daemonset.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/daemonset.yaml
new file mode 100755
index 0000000..8b9520c
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/daemonset.yaml
@@ -0,0 +1,266 @@
+---
+# Source: calico/templates/calico-node.yaml
+# This manifest installs the canal container, as well
+# as the CNI plugins and network config on
+# each master and worker node in a Kubernetes cluster.
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ .Release.Name | quote }}
+  namespace: kube-system
+  labels:
+    k8s-app: canal
+spec:
+  selector:
+    matchLabels:
+      k8s-app: canal
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        k8s-app: canal
+      annotations:
+        # This, along with the CriticalAddonsOnly toleration below,
+        # marks the pod as a critical add-on, ensuring it gets
+        # priority scheduling and that its resources are reserved
+        # if it ever gets evicted.
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      nodeSelector:
+        kubernetes.io/os: linux
+      hostNetwork: true
+      tolerations:
+        # Make sure canal gets scheduled on all nodes.
+        - effect: NoSchedule
+          operator: Exists
+        # Mark the pod as a critical add-on for rescheduling.
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+      serviceAccountName: canal
+      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+      terminationGracePeriodSeconds: 0
+      priorityClassName: system-node-critical
+      initContainers:
+        # This container installs the CNI binaries
+        # and CNI network config file on each node.
+        - name: install-cni
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.cniImage.repository }}:{{ .Values.calico.cniImage.tag }}
+          command: ["/install-cni.sh"]
+          env:
+            # Name of the CNI config file to create.
+            - name: CNI_CONF_NAME
+              value: "10-canal.conflist"
+            # The CNI network config to install on each node.
+            - name: CNI_NETWORK_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: cni_network_config
+            # Set the hostname based on the k8s node name.
+            - name: KUBERNETES_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            # CNI MTU Config variable
+            - name: CNI_MTU
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: veth_mtu
+            # Prevents the container from sleeping forever.
+            - name: SLEEP
+              value: "false"
+          volumeMounts:
+            - mountPath: /host/opt/cni/bin
+              name: cni-bin-dir
+            - mountPath: /host/etc/cni/net.d
+              name: cni-net-dir
+          securityContext:
+            privileged: true
+        # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
+        # to communicate with Felix over the Policy Sync API.
+        - name: flexvol-driver
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.flexvolImage.repository }}:{{ .Values.calico.flexvolImage.tag }}
+          command: ['/usr/local/bin/flexvol.sh', '-s', '/usr/local/bin/flexvol', '-i', 'flexvoldriver']
+          volumeMounts:
+          - name: flexvol-driver-host
+            mountPath: /host/driver
+          securityContext:
+            privileged: true
+      containers:
+        # Runs canal container on each Kubernetes node.  This
+        # container programs network policy and routes on each
+        # host.
+        - name: calico-node
+          command:
+          - "start_runit"
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.nodeImage.repository }}:{{ .Values.calico.nodeImage.tag }}
+          env:
+            # Use Kubernetes API as the backing datastore.
+            - name: DATASTORE_TYPE
+              value: {{ .Values.calico.datastoreType | quote }}
+            # Configure route aggregation based on pod CIDR.
+            - name: USE_POD_CIDR
+              value: {{ .Values.calico.usePodCIDR | quote }}
+            # Wait for the datastore.
+            - name: WAIT_FOR_DATASTORE
+              value: {{ .Values.calico.waitForDatastore | quote }}
+            # Set based on the k8s node name.
+            - name: NODENAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            # Don't enable BGP.
+            - name: CALICO_NETWORKING_BACKEND
+              value: {{ .Values.calico.networkingBackend | quote }}
+            # Cluster type to identify the deployment type
+            - name: CLUSTER_TYPE
+              value: {{ .Values.calico.clusterType | quote}}
+            # Period, in seconds, at which felix re-applies all iptables state
+            - name: FELIX_IPTABLESREFRESHINTERVAL
+              value: {{ .Values.calico.felixIptablesRefreshInterval | quote}}
+            - name: FELIX_IPTABLESBACKEND
+              value: {{ .Values.calico.felixIptablesBackend | quote}}
+            # No IP address needed.
+            - name: IP
+              value: ""
+            # The default IPv4 pool to create on startup if none exists. Pod IPs will be
+            # chosen from this range. Changing this value after installation will have
+            # no effect. This should fall within `--cluster-cidr`.
+            # - name: CALICO_IPV4POOL_CIDR
+            #   value: "192.168.0.0/16"
+            # Disable file logging so `kubectl logs` works.
+            - name: CALICO_DISABLE_FILE_LOGGING
+              value: "true"
+            # Set Felix endpoint to host default action to ACCEPT.
+            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
+              value: {{ .Values.calico.felixDefaultEndpointToHostAction | quote }}
+            # Disable IPv6 on Kubernetes.
+            - name: FELIX_IPV6SUPPORT
+              value: {{ .Values.calico.felixIpv6Support | quote }}
+            # Set Felix logging to "info"
+            - name: FELIX_LOGSEVERITYSCREEN
+              value: {{ .Values.calico.felixLogSeverityScreen | quote }}
+            - name: FELIX_HEALTHENABLED
+              value: {{ .Values.calico.felixHealthEnabled | quote }}
+            # enable promentheus metrics
+            - name: FELIX_PROMETHEUSMETRICSENABLED
+              value: {{ .Values.calico.felixPrometheusMetricsEnabled | quote }}
+            - name: FELIX_XDPENABLED
+              value: {{ .Values.calico.felixXDPEnabled | quote }}
+            - name: FELIX_FAILSAFEINBOUNDHOSTPORTS
+              value: {{ .Values.calico.felixFailsafeInboundHostPorts | quote }}
+            - name: FELIX_FAILSAFEOUTBOUNDHOSTPORTS
+              value: {{ .Values.calico.felixFailsafeOutboundHostPorts | quote }}
+          securityContext:
+            privileged: true
+          resources:
+            requests:
+              cpu: 250m
+          livenessProbe:
+            exec:
+              command:
+              - /bin/calico-node
+              - -felix-live
+            periodSeconds: 10
+            initialDelaySeconds: 10
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /readiness
+              port: 9099
+              host: localhost
+            periodSeconds: 10
+          volumeMounts:
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+            - mountPath: /run/xtables.lock
+              name: xtables-lock
+              readOnly: false
+            - mountPath: /var/run/calico
+              name: var-run-calico
+              readOnly: false
+            - mountPath: /var/lib/calico
+              name: var-lib-calico
+              readOnly: false
+            - name: policysync
+              mountPath: /var/run/nodeagent
+        # This container runs flannel using the kube-subnet-mgr backend
+        # for allocating subnets.
+        - name: kube-flannel
+          image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
+          command:
+          - "/opt/bin/flanneld"
+          {{- range .Values.flannel.args }}
+          - {{ . | quote }}
+          {{- end }}
+          securityContext:
+            privileged: true
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: FLANNELD_IFACE
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: canal_iface
+            - name: FLANNELD_IP_MASQ
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-config
+                  key: masquerade
+          volumeMounts:
+          - mountPath: /run/xtables.lock
+            name: xtables-lock
+            readOnly: false
+          - name: flannel-cfg
+            mountPath: /etc/kube-flannel/
+      volumes:
+        # Used by canal.
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
+        - name: var-run-calico
+          hostPath:
+            path: /var/run/calico
+        - name: var-lib-calico
+          hostPath:
+            path: /var/lib/calico
+        - name: xtables-lock
+          hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+        # Used by flannel.
+        - name: flannel-cfg
+          configMap:
+            name: {{ .Release.Name }}-config
+        # Used to install CNI.
+        - name: cni-bin-dir
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni-net-dir
+          hostPath:
+            path: /etc/cni/net.d
+        # Used to create per-pod Unix Domain Sockets
+        - name: policysync
+          hostPath:
+            type: DirectoryOrCreate
+            path: /var/run/nodeagent
+        # Used to install Flex Volume Driver
+        - name: flexvol-driver-host
+          hostPath:
+            type: DirectoryOrCreate
+            path: {{ .Values.calico.flexVolumePluginDir }}/nodeagent~uds
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/rbac.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/rbac.yaml
new file mode 100755
index 0000000..cd39730
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/rbac.yaml
@@ -0,0 +1,163 @@
+---
+# Source: calico/templates/rbac.yaml
+
+# Include a clusterrole for the calico-node DaemonSet,
+# and bind it to the calico-node serviceaccount.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: calico-node
+rules:
+  # The CNI plugin needs to get pods, nodes, and namespaces.
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+      - namespaces
+    verbs:
+      - get
+  - apiGroups: [""]
+    resources:
+      - endpoints
+      - services
+    verbs:
+      # Used to discover service IPs for advertisement.
+      - watch
+      - list
+      # Used to discover Typhas.
+      - get
+  # Pod CIDR auto-detection on kubeadm needs access to config maps.
+  - apiGroups: [""]
+    resources:
+      - configmaps
+    verbs:
+      - get
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      # Needed for clearing NodeNetworkUnavailable flag.
+      - patch
+      # Calico stores some configuration information in node annotations.
+      - update
+  # Watch for changes to Kubernetes NetworkPolicies.
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+      - networkpolicies
+    verbs:
+      - watch
+      - list
+  # Used by Calico for policy information.
+  - apiGroups: [""]
+    resources:
+      - pods
+      - namespaces
+      - serviceaccounts
+    verbs:
+      - list
+      - watch
+  # The CNI plugin patches pods/status.
+  - apiGroups: [""]
+    resources:
+      - pods/status
+    verbs:
+      - patch
+  # Calico monitors various CRDs for config.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - globalfelixconfigs
+      - felixconfigurations
+      - bgppeers
+      - globalbgpconfigs
+      - bgpconfigurations
+      - ippools
+      - ipamblocks
+      - globalnetworkpolicies
+      - globalnetworksets
+      - networkpolicies
+      - networksets
+      - clusterinformations
+      - hostendpoints
+      - blockaffinities
+    verbs:
+      - get
+      - list
+      - watch
+  # Calico must create and update some CRDs on startup.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - ippools
+      - felixconfigurations
+      - clusterinformations
+    verbs:
+      - create
+      - update
+  # Calico stores some configuration information on the node.
+  - apiGroups: [""]
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  # These permissions are only requried for upgrade from v2.6, and can
+  # be removed after upgrade or on fresh installations.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - bgpconfigurations
+      - bgppeers
+    verbs:
+      - create
+      - update
+
+---
+# Flannel ClusterRole
+# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: flannel
+rules:
+  - apiGroups: [""]
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups: [""]
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+---
+# Bind the flannel ClusterRole to the canal ServiceAccount.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: canal-flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+- kind: ServiceAccount
+  name: canal
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: canal-calico
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calico-node
+subjects:
+- kind: ServiceAccount
+  name: canal
+  namespace: kube-system
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/serviceaccount.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/serviceaccount.yaml
new file mode 100755
index 0000000..582d55b
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: canal
+  namespace: kube-system
diff --git a/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/values.yaml b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/values.yaml
new file mode 100755
index 0000000..feeaa7d
--- /dev/null
+++ b/charts/rke2-canal/rke2-canal/v3.13.300-build2021022303/values.yaml
@@ -0,0 +1,80 @@
+---
+
+# The IPv4 cidr pool to create on startup if none exists. Pod IPs will be
+# chosen from this range.
+podCidr: "10.42.0.0/16"
+
+flannel:
+  # kube-flannel image
+  image:
+    repository: rancher/hardened-flannel
+    tag: v0.13.0-rancher1-build20210223
+  # The interface used by canal for host <-> host communication.
+  # If left blank, then the interface is chosen using the node's
+  # default route.
+  iface: ""
+  # kube-flannel command arguments 
+  args:
+  - "--ip-masq"
+  - "--kube-subnet-mgr"
+  # Backend for kube-flannel. Backend should not be changed
+  # at runtime.
+  backend: "vxlan"
+          
+calico:
+  # CNI installation image.
+  cniImage:
+    repository: rancher/hardened-calico
+    tag: v3.13.3-build20210223
+  # Canal node image.
+  nodeImage:
+    repository: rancher/hardened-calico
+    tag: v3.13.3-build20210223
+  # Flexvol Image.
+  flexvolImage:
+    repository: rancher/hardened-calico
+    tag: v3.13.3-build20210223
+  # Datastore type for canal. It can be either kuberentes or etcd.
+  datastoreType: kubernetes
+  # Wait for datastore to initialize.
+  waitForDatastore: true
+  # Configure route aggregation based on pod CIDR.
+  usePodCIDR: true
+  # Disable BGP routing.
+  networkingBackend: none
+  # Cluster type to identify the deployment type.
+  clusterType: "k8s,canal"
+  # Disable file logging so `kubectl logs` works.
+  disableFileLogging: true
+  # Disable IPv6 on Kubernetes.
+  felixIpv6Support: false
+  # Period, in seconds, at which felix re-applies all iptables state
+  felixIptablesRefreshInterval: 60
+  # iptables backend to use for felix, defaults to auto but can also be set to nft or legacy
+  felixIptablesBackend: auto
+  # Set Felix logging to "info".
+  felixLogSeverityScreen: info
+  # Enable felix healthcheck.
+  felixHealthEnabled: true
+  # Enable prometheus metrics
+  felixPrometheusMetricsEnabled: true
+  # Disable XDP Acceleration as we do not support it with our ubi7 base image
+  felixXDPEnabled: false
+  # Whether or not to masquerade traffic to destinations not within
+  # the pod network.
+  masquerade: true
+  # Set Felix endpoint to host default action to ACCEPT.
+  felixDefaultEndpointToHostAction: ACCEPT
+  # Configure the MTU to use.
+  vethuMTU: 1450
+  # Typha is disabled.
+  typhaServiceName: none
+  # Kubelet flex-volume-plugin-dir
+  flexVolumePluginDir: /var/lib/kubelet/volumeplugins
+  # calico inbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
+  felixFailsafeInboundHostPorts: ""
+  # calico outbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
+  felixFailsafeOutboundHostPorts: ""
+
+global:
+  systemDefaultRegistry: ""
diff --git a/index.yaml b/index.yaml
index 1cb41f0..dd9d7cb 100755
--- a/index.yaml
+++ b/index.yaml
@@ -1,6 +1,23 @@
 apiVersion: v1
 entries:
   rke2-canal:
+  - apiVersion: v1
+    appVersion: v3.13.3
+    created: "2021-04-29T00:16:16.864175502Z"
+    description: Install Canal Network Plugin.
+    digest: 6e444eda17a9470676e7b16d6e43c07d6c260de37baea9c704ea9a0d9f2f745f
+    home: https://www.projectcalico.org/
+    keywords:
+    - canal
+    maintainers:
+    - email: charts@rancher.com
+      name: Rancher Labs
+    name: rke2-canal
+    sources:
+    - https://github.com/rancher/rke2-charts
+    urls:
+    - assets/rke2-canal/rke2-canal-v3.13.300-build2021022303.tgz
+    version: v3.13.300-build2021022303
   - apiVersion: v1
     appVersion: v3.13.3
     created: "2021-03-10T21:22:09.901795809Z"