diff --git a/assets/rke2-calico/rke2-calico-v3.20.201.tgz b/assets/rke2-calico/rke2-calico-v3.20.201.tgz new file mode 100755 index 0000000..3b5ee27 Binary files /dev/null and b/assets/rke2-calico/rke2-calico-v3.20.201.tgz differ diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml new file mode 100755 index 0000000..a17a2db --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/namespace: tigera-operator +apiVersion: v2 +appVersion: v3.20.2 +description: Installs the Tigera operator for Calico +name: rke2-calico +version: v3.20.201 diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl b/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl new file mode 100755 index 0000000..3ac4a1c --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl @@ -0,0 +1,10 @@ +{{/* generate the image name for a component*/}} +{{- define "tigera-operator.image" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- $_ := set .Values.tigeraOperator "registry" .Values.global.systemDefaultRegistry -}} +{{- end -}} +{{- if .Values.tigeraOperator.registry -}} + {{- .Values.tigeraOperator.registry | trimSuffix "/" -}}/ +{{- end -}} +{{- .Values.tigeraOperator.image -}}:{{- .Values.tigeraOperator.version -}} +{{- end -}} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml new file mode 100755 index 0000000..5830c2a --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml @@ -0,0 +1,13 @@ +{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}} +{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }} +apiVersion: v1 +kind: Secret +metadata: + name: node-certs + namespace: tigera-operator +type: Opaque +data: + cert.crt: {{ required "must set certs.node.cert" .Values.certs.node.cert | b64enc }} + key.key: {{ required "must set certs.node.key" .Values.certs.node.key | b64enc }} + common-name: {{ required "must set certs.node.commonName" .Values.certs.node.commonName | b64enc }} +{{ end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml new file mode 100755 index 0000000..4463e89 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml @@ -0,0 +1,23 @@ +{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}} +{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: typha-ca + namespace: tigera-operator +data: + caBundle: | +{{ required "must set certs.typha.caBundle" .Values.certs.typha.caBundle | indent 4}} +--- + +apiVersion: v1 +kind: Secret +metadata: + name: typha-certs + namespace: tigera-operator +type: Opaque +data: + cert.crt: {{ required "must set certs.typha.cert" .Values.certs.typha.cert | b64enc }} + key.key: {{ required "must set certs.typha.key" .Values.certs.typha.key | b64enc }} + common-name: {{ required "must set certs.typha.commonName" .Values.certs.typha.commonName | b64enc }} +{{ end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml new file mode 100755 index 0000000..702fe0e --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml @@ -0,0 +1,38 @@ +{{ if .Values.installation.enabled }} +{{ $installSpec := omit .Values.installation "enabled" }} +{{ $secrets := list }} +{{ range $name := keys .Values.imagePullSecrets -}} +{{ $item := dict "name" $name }} +{{ $secrets = append $secrets $item }} +{{ end }} +{{ $_ := set $installSpec "imagePullSecrets" $secrets }} +{{ $defaultRegistry := get $installSpec "registry" }} +{{ $finalRegistry := coalesce .Values.global.systemDefaultRegistry $defaultRegistry }} +{{ $_ := set $installSpec "registry" $finalRegistry }} +{{ $defaultipPools := get .Values.installation.calicoNetwork "ipPools" | first }} +{{ $defaultCIDR := get $defaultipPools "cidr" }} +{{ $finalCIDR := coalesce .Values.global.clusterCIDRv4 $defaultCIDR }} +{{ $_ := set $defaultipPools "cidr" $finalCIDR }} +{{- /* +If there is a defined ipv6 CIDR, we must add it as a new IPPool, disable any encapsulation and enable bgp +*/}} +{{ if not (empty .Values.global.clusterCIDRv6) }} +{{ $myIP6Dict := dict "natOutgoing" "Enabled" "cidr" .Values.global.clusterCIDRv6 }} +{{ $allIpPools := get .Values.installation.calicoNetwork "ipPools" }} +{{ range $allIpPools }} +{{ $_ := set . "encapsulation" "None" }} +{{ end }} +{{ $finalIpPoolList := append $allIpPools $myIP6Dict }} +{{ $calicoNetwork := get .Values.installation "calicoNetwork" }} +{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }} +{{ $_ := set $calicoNetwork "bgp" "Enabled" }} +{{ end }} + +apiVersion: operator.tigera.io/v1 +kind: Installation +metadata: + name: default +spec: +{{ $installSpec | toYaml | indent 2 }} + +{{ end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml new file mode 100755 index 0000000..4194c97 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml @@ -0,0 +1,7 @@ +apiVersion: crd.projectcalico.org/v1 +kind: FelixConfiguration +metadata: + name: default +spec: + wireguardEnabled: {{ .Values.felixConfiguration.wireguardEnabled }} + featureDetectOverride: {{ .Values.felixConfiguration.featureDetectOverride }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml new file mode 100755 index 0000000..22dba0e --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml @@ -0,0 +1,7 @@ +apiVersion: crd.projectcalico.org/v1 +kind: IPAMConfig +metadata: + name: default +spec: + strictAffinity: {{ .Values.ipamConfig.strictAffinity }} + autoAllocateBlocks: {{ .Values.ipamConfig.autoAllocateBlocks }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml new file mode 100755 index 0000000..b7e260e --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tigera-operator + annotations: +{{- if eq .Values.installation.kubernetesProvider "openshift" }} + openshift.io/node-selector: "" +{{- end }} + labels: + name: tigera-operator +{{- if eq .Values.installation.kubernetesProvider "openshift" }} + openshift.io/run-level: "0" +{{- end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml new file mode 100755 index 0000000..b90407c --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml @@ -0,0 +1,15 @@ +{{- $envAll := . }} +{{- if .Values.imagePullSecrets -}} + +{{range $key, $value := .Values.imagePullSecrets -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $key }} + namespace: tigera-operator +data: + .dockerconfigjson: {{ $value | b64enc }} +type: kubernetes.io/dockerconfigjson +{{- end -}} + +{{- end -}} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml new file mode 100755 index 0000000..2270813 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml @@ -0,0 +1,27 @@ +{{- if eq .Values.installation.kubernetesProvider "openshift" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: calico-resources + namespace: tigera-operator +data: + # To create Calico resources before Calico components are started add + # an entry here and the contents of the resource under the entry. + # The resources here should all be projectcalico.org/v3. + # Multiple resources/entries can be added to this ConfigMap. + # + # If you need to remove a resource that was added to this ConfigMap + # you should remove it from here or else it will be re-created. + # + # example-global-network-set.yaml: | + # apiVersion: projectcalico.org/v3 + # kind: GlobalNetworkSet + # metadata: + # name: a-name-for-the-set + # labels: + # role: external-database + # spec: + # nets: + # - 198.51.100.0/28 + # - 203.0.113.0/24 +{{- end}} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml new file mode 100755 index 0000000..97e5c04 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml @@ -0,0 +1,47 @@ +{{ if ne .Values.installation.kubernetesProvider "openshift" }} +# This should not be rendered for an OpenShift install. +# OpenShift uses SecurityContextConstraints instead. +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tigera-operator + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'hostPath' + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + # Assume that persistentVolumes set up by the cluster admin are safe to use. + - 'persistentVolumeClaim' + hostNetwork: true + hostPorts: + - min: 0 + max: 65535 + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{ end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml new file mode 100755 index 0000000..f40bf57 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml @@ -0,0 +1,278 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tigera-operator +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - podtemplates + - services + - endpoints + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - create + - get + - list + - update + - delete + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + # Need to update node labels when migrating nodes. + - 'get' + - 'patch' + - 'list' + # We need this for Typha autoscaling + - 'watch' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - rolebindings + - roles + verbs: + - create + - get + - list + - update + - delete + - watch + - bind + - escalate + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - create + - get + - list + - patch + - update + - delete + - watch + - apiGroups: + - apps + resourceNames: + - tigera-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - operator.tigera.io + resources: + - '*' + verbs: + - create + - get + - list + - update + - patch + - delete + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - create + - update + - delete + - get + - list + - watch + - apiGroups: + - crd.projectcalico.org + resources: + - felixconfigurations + verbs: + - create + - patch + - list + - get + - watch + - apiGroups: + - crd.projectcalico.org + resources: + - ippools + - kubecontrollersconfigurations + verbs: + - get + - list + - watch + - apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - create + - get + - list + - update + - delete + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - list + - update + - delete + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - list + - watch + - create + - update + # Needed for operator lock + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - delete + - watch +{{- if eq .Values.installation.kubernetesProvider "openshift" }} + # When running in OpenShift, we need to update networking config. + - apiGroups: + - config.openshift.io + resources: + - networks/status + verbs: + - get + - list + - update + - apiGroups: + - config.openshift.io + resources: + - networks + - infrastructures + verbs: + - get + - list + - patch + - watch + # On OpenShift, we need to modify SCCs. + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - update + - delete + - watch + # The following rule is only for operator certification purposes. + # The operator normally runs in a namespace with openshift.io/run-level=0 which bypasses SCC. + # However in certification tests, the operator is run in a normal namespace so this + # rule is needed for host networking and hostPath volume access. + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - hostaccess + verbs: + - use + # Need these permissions for the calicoctl init container. + - apiGroups: + - crd.projectcalico.org + resources: + - bgpconfigurations + - bgppeers + - felixconfigurations + - kubecontrollersconfigurations + - globalnetworkpolicies + - globalnetworksets + - hostendpoints + - ippools + - networkpolicies + - networksets + verbs: + - create + - apiGroups: + - crd.projectcalico.org + resources: + - ipamblocks + verbs: + - list + # Need this permission for the calicoctl version mismatch checking + - apiGroups: + - crd.projectcalico.org + resources: + - clusterinformations + verbs: + - get + # For AWS security group setup. + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - create + - update + - list + - watch +{{- else }} + # Add the appropriate pod security policy permissions + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - tigera-operator + verbs: + - use + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - get + - list + - watch + - create + - update + - delete +# Add the permissions to monitor the status of certificatesigningrequests when certificate management is enabled. + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list +{{- end }} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml new file mode 100755 index 0000000..5689683 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tigera-operator +subjects: +- kind: ServiceAccount + name: tigera-operator + namespace: tigera-operator +roleRef: + kind: ClusterRole + name: tigera-operator + apiGroup: rbac.authorization.k8s.io diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml new file mode 100755 index 0000000..14cd955 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tigera-operator + namespace: tigera-operator diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml new file mode 100755 index 0000000..e705255 --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tigera-operator + namespace: tigera-operator + labels: + k8s-app: tigera-operator +spec: + replicas: 1 + selector: + matchLabels: + name: tigera-operator + template: + metadata: + labels: + name: tigera-operator + k8s-app: tigera-operator + spec: + nodeSelector: + kubernetes.io/os: linux + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + serviceAccountName: tigera-operator + hostNetwork: true + # This must be set when hostNetwork is true or else the cluster services won't resolve + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: tigera-operator + image: {{ template "tigera-operator.image" . }} + imagePullPolicy: IfNotPresent + command: + - operator + volumeMounts: + - name: var-lib-calico + readOnly: true + mountPath: /var/lib/calico + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "tigera-operator" + - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION + value: {{.Values.tigeraOperator.version}} + envFrom: + - configMapRef: + name: kubernetes-services-endpoint + optional: true + volumes: + - name: var-lib-calico + hostPath: + path: /var/lib/calico +{{- if eq .Values.installation.kubernetesProvider "openshift" }} + - name: calico-resources + configMap: + defaultMode: 0400 + name: calico-resources + - name: install-resources-script + configMap: + defaultMode: 0777 + name: install-resources-script + initContainers: + - name: create-initial-resources + image: {{.Values.calicoctl.image}}:{{.Values.calicoctl.tag}} + env: + - name: DATASTORE_TYPE + value: kubernetes + command: + - calicoctl + args: + - create + - --skip-exists + - --skip-empty + - -f + - /calico-resources + volumeMounts: + - name: calico-resources + mountPath: /calico-resources +{{- end}} diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml new file mode 100755 index 0000000..4d2a69c --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml @@ -0,0 +1,32 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "crd.projectcalico.org/v1/BGPConfiguration" false -}} +# {{- set $found "crd.projectcalico.org/v1/BGPPeer" false -}} +# {{- set $found "crd.projectcalico.org/v1/BlockAffinity" false -}} +# {{- set $found "crd.projectcalico.org/v1/ClusterInformation" false -}} +# {{- set $found "crd.projectcalico.org/v1/FelixConfiguration" false -}} +# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkPolicy" false -}} +# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkSet" false -}} +# {{- set $found "crd.projectcalico.org/v1/HostEndpoint" false -}} +# {{- set $found "crd.projectcalico.org/v1/IPAMBlock" false -}} +# {{- set $found "crd.projectcalico.org/v1/IPAMConfig" false -}} +# {{- set $found "crd.projectcalico.org/v1/IPAMHandle" false -}} +# {{- set $found "crd.projectcalico.org/v1/IPPool" false -}} +# {{- set $found "crd.projectcalico.org/v1/KubeControllersConfiguration" false -}} +# {{- set $found "crd.projectcalico.org/v1/NetworkPolicy" false -}} +# {{- set $found "crd.projectcalico.org/v1/NetworkSet" false -}} +# {{- set $found "operator.tigera.io/v1/APIServer" false -}} +# {{- set $found "operator.tigera.io/v1/ImageSet" false -}} +# {{- set $found "operator.tigera.io/v1/Installation" false -}} +# {{- set $found "operator.tigera.io/v1/TigeraStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml new file mode 100755 index 0000000..136df4b --- /dev/null +++ b/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml @@ -0,0 +1,59 @@ +imagePullSecrets: {} + +installation: + controlPlaneTolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/etcd" + operator: "Exists" + effect: "NoExecute" + enabled: true + kubernetesProvider: "" + calicoNetwork: + bgp: Disabled + ipPools: + - natOutgoing: Enabled + encapsulation: VXLAN + cidr: 10.42.0.0/16 + blockSize: 24 + imagePath: "rancher" + imagePrefix: "mirrored-calico-" + +apiServer: + enabled: true + +certs: + node: + key: + cert: + commonName: + typha: + key: + cert: + commonName: + caBundle: + +# Configuration for the tigera operator +tigeraOperator: + image: rancher/mirrored-calico-operator + version: v1.20.4 + registry: docker.io +calicoctl: + image: rancher/mirrored-calico-ctl + tag: v3.20.2 + +global: + systemDefaultRegistry: "" + clusterCIDRv4: "" + clusterCIDRv6: "" + +# Config required by Windows nodes +ipamConfig: + strictAffinity: true + autoAllocateBlocks: true + +felixConfiguration: + wireguardEnabled: false + # Config required to fix RKE2 issue #1541 + featureDetectOverride: "ChecksumOffloadBroken=true" diff --git a/index.yaml b/index.yaml index aef54ca..6cb1f47 100755 --- a/index.yaml +++ b/index.yaml @@ -60,6 +60,17 @@ entries: urls: - assets/rke2-calico/rke2-calico-v3.1906.tgz version: v3.1906 + - annotations: + catalog.cattle.io/namespace: tigera-operator + apiVersion: v2 + appVersion: v3.20.2 + created: "2021-10-29T06:49:39.787554662Z" + description: Installs the Tigera operator for Calico + digest: 9a299fa1c36937fd67f36f2ad45f9223ade4bb1b0342b5e78ffcfefed32c45cc + name: rke2-calico + urls: + - assets/rke2-calico/rke2-calico-v3.20.201.tgz + version: v3.20.201 - annotations: catalog.cattle.io/namespace: tigera-operator apiVersion: v2