From df0eb3eea981dfd5cac2e8f3cfff8ac607b826d6 Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Fri, 29 Oct 2021 06:49:40 +0000
Subject: [PATCH] Merge pull request #180 from manuelbuil/update_calico

Update Calico version
---
 assets/rke2-calico/rke2-calico-v3.20.201.tgz  | Bin 0 -> 5129 bytes
 .../rke2-calico/v3.20.201/Chart.yaml          |   7 +
 .../v3.20.201/templates/_helpers.tpl          |  10 +
 .../v3.20.201/templates/certs/certs-node.yaml |  13 +
 .../templates/certs/certs-typha.yaml          |  23 ++
 .../templates/crs/custom-resources.yaml       |  38 +++
 .../v3.20.201/templates/felixconfig.yaml      |   7 +
 .../v3.20.201/templates/ipamconfig.yaml       |   7 +
 .../00-namespace-tigera-operator.yaml         |  13 +
 .../tigera-operator/01-imagepullsecret.yaml   |  15 +
 .../02-configmap-calico-resources.yaml        |  27 ++
 .../02-podsecuritypolicy-tigera-operator.yaml |  47 +++
 .../02-role-tigera-operator.yaml              | 278 ++++++++++++++++++
 .../02-rolebinding-tigera-operator.yaml       |  12 +
 .../02-serviceaccount-tigera-operator.yaml    |   5 +
 .../tigera-operator/02-tigera-operator.yaml   |  85 ++++++
 .../templates/validate-install-crd.yaml       |  32 ++
 .../rke2-calico/v3.20.201/values.yaml         |  59 ++++
 index.yaml                                    |  11 +
 19 files changed, 689 insertions(+)
 create mode 100755 assets/rke2-calico/rke2-calico-v3.20.201.tgz
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml
 create mode 100755 charts/rke2-calico/rke2-calico/v3.20.201/values.yaml

diff --git a/assets/rke2-calico/rke2-calico-v3.20.201.tgz b/assets/rke2-calico/rke2-calico-v3.20.201.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..3b5ee275699ae1d97b47188af9a267036ddf31ed
GIT binary patch
literal 5129
zcmV+k6!z;MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBPa~rp^a9%(DiZ0q!wo~DVq_%vl$^#=Q3G2iXOY)8Hd2)d>
zO%g{KU;<z$^T_`1x3J90;i4sq&%H#YVhw<9G?re_4S@0%`<;+58j6FnIgvV8l9+w>
ztf|}Wc2ACu?7!V^xBhRpf7<)5choyPIqe-CpPqi#?HwL=55I%%^ODh=Ql*LfuKVP+
z>Ye)!NrZEuiKc?9K?@)xnlLd7LZUUpfQkc7VpItUaR8dmP?C;FP!cU<izM_9l!^*I
zfJMJWlBD=N4Eo)m--=L$k|x?_j=0i<F$H>#@WCR33>i#?gfqJiTc*hYlvZYIQN!Eq
zwf^pb`(KjE{J$V9MfLmwU<?2E``vDx|Bny%{Qn|}#$<-$l(8EOC2BQ*`>(AQb)0JD
zf)xvbYbn^65sn`OGc21)j1Ju5asX{EBJ4=PFt|-8C^>3WMt*qEPGVr&Eda=QegN%@
z&s1sUvT-`aP!FJeDQ?0!Mk%xPw>5w|jCRF)@fpKZTeQf@gkdxQEmLd(6iCNXENFxV
zP1}k@!yK2W?}WS^Sd5cdGJtccEC!oHld%v?x#A9RqOVdt6O_*eaKVdurrnSvD)nOv
zfBg6F!%JTj(nt=V*A0&PK{x0g^iF)igo*I>hW;A|&_8McxJe^=K7h6)Je;F!=h+gc
z^z#7PF_ltCj68RD+ASlnZ%{5!4ps)B6{6IZelyOlA7<R`AEwOzCE{4{OCz9L0D76s
z$&Pi+K>nQah~c2sdIe{KPw6am3&{$9qZD*iDYV@8RW`3#9|z!jeNgXY4hc}`jGoaM
zX51vssM2ydfJlV5C<7{54lvYg2kfC{rq^UvD7e;)i3zd5YN<5F=Qt%P)7N=ZZV|Cm
zX_RN9^XtV?L*9wa%f|&I{+UvV5loiwk@85~DLXN$MH3RcO14ccX{d+ODdkiz^TkY3
zEryJVkZAnbEFP6j^As8VTp4_W=8j67r9?&-*`k;drVOT4inM?!{S4Rtxab2_Dn)qJ
zJ3i{Q0H#QED)AgOhWcuOQql+q&_0`Ec&pO*YC2_tL_bS$i~J`;PkXP%|K?QI{~F_j
z5sm8L(;QiXQUyAB22)_0{eN=Wuj&8e)4l!wGU@*Q;Cq-MH)0d547M^5j16wZGBI*I
z5gfVx{^0A^*8P14BAil=(5`I=0t?!Pj;}_i5d7h6N+%_QMiH6UfBgvtKY>D>gH`1}
zv@-$Tei&lpQ4>*B?13zU8HHu4Z>#$Sw50J(IyEw}ePBC(u+r!nEN-YfU%w7ERPuUk
zr8Cbn|IPewjRE)nj!`>L+Y@Zz|6cd#sK)=NNB#bu|6d|m{-;wQd<mjp4LkLLnR*bi
zmTRp(pvEB4z$pVS7Yv#^s^=or@HP}YBpTkjJ!J#lcWcTl_IK|r;;&z;K89ZFmhxx-
zZm-gcQIm*hYk@kSf!!lmJU(lU=Rz+N9KcmV{!Fozp)hbkDD?pD?+bIM9j8iLp;XXr
zNo_ZD%KiyoU~+PVJOnF8ZgCmd9n4m&x43LXdW*{%PG?$oT&K5Fn;YWIH0Q;YR_^bu
zsChO?vrpe*+AjYsLq16XY?J?oCw2et=}G@+FaKX6ee3ey34FH)eNU3QK3G)&7QPdb
z%?cow`I%1wzO**UQO5*X?YbDPmckdHJVLJF=<C;3r_*UYP>cC4{H1ElliZ-kijv1D
zG6&tD$?}57sxnX4T3uEz-z&3S(i-_M)j^mlE#i(uB~lqaB`&bd|9^T~^Z)m|hsURT
z`Tr8hiS3M&%6|XAJBU5|y!K@`35I5yE@G-1;h^mS+Zm*Cp#=lQsM0=L5<WwCZ5<7R
zpNw=VR6#u|;WxkVnre(q?TCgN+T4l(hoaWjPe78yuza55U@Nk~0OUT0N(b9@3fcuC
z4;a;)4TGOxwt}W`Sa_%@<%E@CLO~d+5O?!vthBnh7e({6hO2$>(Tl7LjjN#&27$H*
zX~P$oQkhR`hVg84ew~j<t(A62BUv4gtopjasJPFojjRknb8Dq`ydUM@`_^a*dX5r}
zF+;ppD*~D<PQcXs0qzj279vpuR0A>9INrf%Y>@u|k&6LY>!}jh0m366VS&jkX_ZVQ
zV>P|SIMK^Zy*zoB^(<bF#wX`yy_eQ~9$sog`yyjE-_=c6Go*yE(Gw=U!oek6^~nf~
zFenX68`_tGV|$ei?esV_zZ)4bC>Xeezcd&gu1evCzCgQDwY|D<)^&D;wr!A;SyG;s
zN?$9cVD30|hFw6#L2ez6O0+lFh<=r~RD$7PMLvH4E&fSjR+yrF+xV&()U5w)lqj@D
z_cI&^*yjH~JgNKtPL7Ydd;R|ssk|IR83l<H|H4qa6%hzID^}z$E1|=!>#`}bcz>Vs
z=V~xAsMmL!gf)@H&8QlI_FI5zYUY2Mkoeiye>?y8>+!#n!{gqb|6d|Kfd5D1;d{qn
zJMew|U_yyiixUh%wU*=crn3vp(5p4~-2Kqh%>Ok<(?Pe}$=y($denETgxJRa$Gy|q
z{{QG?AOCxq)aaSK%;vhuIa%{T0#uF=`w%<+*}S1xJ!J=Nksw!dI@N9Pf%iPe9zYfm
zb`&xU-O;{w9tF3x8JS>q@UEG{=O;;~yu)yTYyj<Ug`U5AIv<>N<o{mBIz*C`G3N$(
zh+VLa|Bp@%Yy96oJ>K*GizIvQ2Ki#hnAy$-uzF0U(HYmezxUh!TU`DCuWc;HV%P-r
zusDd>)!w2v3w8+R1nyL)GhF|rOd|$`Bdr__aB-9BG2%LG<*dzLaPa0ENjvg?zvD(G
zCP{V}cK5)*7XI%YANA_`|MX<<|9_G6WaZe%(nY*>m8<K^XE)w{1s?>25{X8CO$c%f
zFu|#id47IgQ2~(%W_~qBK%&UvAsmovxdiL^B|NgH9z(&k1rgRKoFj*nn@*c73l%t8
zN;Q;2q~;=J5fH{;g3z#yI&`4#t#6u@;13L9iV8x)4J?Twcg$MPsVaujf?E`$DJ(?_
z99=buu~;CGf@VD@8t#Z%hst6xC_K>~1Jy8<B6j@|5|AmIc}HERBzD{kL<KGQnZyah
zj&nA5xbuN_l(!HD@WoaGD6f;I(ec&X`uWvj^A6P;)V{F1m|j6)@e#W_=}d*}=(#Z#
zbzY$`58XF_6buJ|pEXKOSjXU-5P#MkAltus^r%a)9q9f4AA{pw(Cc=C?m_>@Qc1si
z7<7YP@6Z$+W%}aV*A_d=|3pLz!&FkeOa!Cha`%1U7Wv=r^=kg#{>jnt@m~JFMDj5y
ze6094vXH7wkZ_@$pfExcBX@wD!&QR(#(;pw9<*MSGE;@hSb=tNof$#=S)U26v?SDs
zWCMgG3M#tBEy9CEZ-Sa+dS@)64A0n>KYRmg*jZs{lt_>*_<%5bc%@=662`<GMq??a
zl%d@+58%!BZ*mt{BI$xMoRzQBSfFuMaG^qyT?ET&WanSbrAW?5LMD_^P0`=A8~*-#
z3t%Bw8fRH==0fQ)(epR%Gt8vC|F)sVb1MC(m%SMIZ?~QEACb7@cSJ_R@#u{eZbPNg
z*ejI8481a1@(<U(4SuBwOqNcCx<Dh4D5l)0UNS|aeNu&iZ@q@&j1d}}rc5WYJ9gPE
zCfhOLucdV$rhEWhJ3%q|Jb;tq<HKWLZ8SbBhS0)|&P!vO@}c@K<?g+iPon|eyib+B
zHYJyWUkhQ!K;iF{r=KhJY@H!r+VV6>7{<soVZTa|CaM|b8<%T#NWO*{&0mC^P-}@$
zK67S<5E^C%QQ&L&e)jxlt*=vMTYcF^C6efhv!xlNUnoO&G$9+_{n4ub<g~N?H)hkr
zUB5PM*8jc!VXyB0IXvl~?DhXkq_Rqt6A}g_)pH@~zr6wQqpF-rICC=oTCiPw!$v@P
z;Y|`+mX{{0?XG9%`=FvE-w&!h%b1_#k9@7>nF{5CmO+q5i7*C4k+Z<^XYSG{BeBk^
zI#LpbBF#V-C?_Ri-Igf-oY~EX`<qc!e56TKt`{N0(&rt~;rtOJW$y&9Q1uEf{pQfM
zYU}yE5Zuj?LriCqXrmD<ib4^*nK^5~e<g;l(zof-o4l2e=y##U1~kUr2YWW0q*@r$
zhVoefd6!{o?Bd$Bx31^j+Av~CHDyjHHwv#PTbua;v+BM~>&04hwjZt=5R&+1+0ge0
z6DF2%WidwtW5HEr@oJ)RnzB6ek$p@my?DYpUg?vwn)C8i(|lX^5A4}2`frqtJ<Mrs
zBxm*b)w&jqS^s>Cq&l9v4qykobA|HR2Hwc4*$ooiX?1U&(zV^%Kx*Srf@X3{XU+V{
zofVQR1eeFJL{LHJa}h?9L<pw*m)ZRJw@esHwT<9{m=c8>nM1iZPd3l4?Y^YK>`FsM
zlzIv2)ktnEIMqTLazi0es2~*aI+DE_^)QVjmubw&Z*1A^{MU|-h$5<FYTuliq|xk&
z!tY7qj`{=GyC^i0(25CDqqmXs%3Xm~lARgg{V@4UTTFzv>qriTkP+p((94j#!0LO3
z;QcH3Xe=I?a&GJ$TJlHP6W+XLD&<nv8;HUB!Lr5WqXBE}G>23j7@eGMWq{^kdM+aJ
z49cgHC@s@ar?Po2cQgvJ1^EiD)(vkgB062d&Doh+JEFP6ZI|w3l|$z-3=5CpU(fF@
z1T+<li954W%uWZW0>Rm`%55P^O{X+;htQK$CPF!T+u_J7av@{F*wQRiWmYLE_CfYu
z<(e}nKXu`5PQy7&mWfpeW{4gB-^3j*P#R=aGBhf!ez4A<ynU)n%f4YtOR0V3LP!>C
z)>mH0mbp;6%s7Nckhvwjw-QJgqI#LBUt?YxiX0V<wxTLTrWqN9kf4mIGMi(SKT(yx
z7X_44ZR3W7a+K?(#I6>H-6G7A2Ft>iB$%1Go9w3Dj1|iRHp<pyF0PbT_7!FvS2x#X
zb7`F!T9!iF^z!OpK5#5)LSp-J+9rLP&o@=2>28?q>=~Ars@Mnt2<I5yx*hJ*=iP5y
zDW4k7YqTi~sbzh-F#LFv^MUi`f<o<lx{U-)a*5qQz`w+#w2hX6=NS*$Iy6`*HWbPf
zX3BUNxrjSS5-Ac%jm}L(RP@E!cV*^#v?W-HSZ0gx0h`Z85%G+q?5b>=?7b}-s~G6A
z6tjBR8sWCcStB5(CH;Vk&WxcX@z2z#3Fj{=l|xK8nb{zSQ3L+A=X&{9!o1C=vzCap
z9Q>br_VQau5Ay$e_t`_k09((0_K$1+|Kr}t{`}{Qq!qXR&u)%eI|l}~hXGVNF<MX!
zS{=xaeA<of(7Dw&gyuJ#3^NPz8mFe&)!4*_V85488+!GBNs{c$|J6vygG9hK{_h>t
z<A2Ae-TnQ~7fEYQWLMa8moqdQ81?V&;y!IiJM;hJLjN{x;s2wP<9_}A$I0nF{{JGW
z%>N`wR1xYw&!cQl6#&&sTDL!{4oQ**Gr^ymlbA3X66MY#<u|`9u-$t9Uc$DXplmgJ
zz)}|gsuXR);?i20p>$-}q7f0^R4BIKm4kyq4S-Ree)i?M`k;Qcy~&=f&tI+2%gQg^
zyNB)@!Lmp6x5KH5yuaKq6ivtU0GuzAD)(5*1nt2<yKOAhH+w|`k)JFtpBc;|A8;r5
z8*TT7Y>^?4xN@gCa~tm$DwY07_53%7-&f3?ag~AGJhl0w@Avoll3Dw*agbdHEJ2P_
z#xn9o(@UYp5*2b?suzklCOjIHvY-@yE@eAk>3e(Fq+Z?iV?ktx(Mk5pC{Rh+NxjP4
zWGOaS-LD25EQmZ{baJqQ1^J@6-H*c$XTN>A9KOG}84u4cYPjtkt3h^9r4Bp3I=7Hb
zK)*;44{8MfQ;IC|)_r4{>qo}bfoZ3)>8tU@_3*>h_1g9aE0f*ahYzD)FRq85a(tu9
z(T7i?_rqT=KK*fVeKWecY{q_nzxiF~%7Q|^SRIcn#`B&ejU(ddD`ZS&s;f@sq+J0K
zHabdJWu25x6<52ycFAQf{whsL;}Uz8TexMa8txHgDIc#YVg8MR_aedpbdS2-*6J{>
z#hNwisV-`C+%FtGwE5H1(}w1^V5gkwvkgMdc?LVC8YQf8Y;tLrzn+-6xSf!*kCCsI
zX)>#?)MhzxKKwAe`EYf8@#(`q$7?vQnC$IBGAE&wPvmSxI#!&bS!SoBZfVlNs*<dh
z#fe_li>9@VgAI#qyU5-E3^lpDQuVLCNYrfqF9@TNTS;y`hBErg-hVtiJg(pW>GqHJ
z`~Me7ue@BIX?V+!!&@fAZJI!Plh3aW?UJ*t4Q=z^yLZsF_oH9gA5M5Z6)BJMH|vT5
z`(m0aY_EH9=HTaF$CbyN+U~N!BhZWy<zu0l2ye5;X&#BgkJG3K>^&0E>g!vNL{zz3
z=?vHBz;uK9k!Xw!f8i~aN1_;whwtrdJpta0?Gq6EM%>%bk3=vQf;|%WAL#_oig5pP
ztdi$gAG@xM#%B-@hU1a@v9iYikBlkv$cD==FFpp|{j%ka4Xv)iyH_)U^3}dzI39T?
zj4IWnQ<xL=4_s#Lz18AIOUh>uyz}+`UyY<n6}#Im@MZ5;G=2HEJU;yZubr`E1h>ao
zq3A9CnOCu0t58xr-hG|@b#{I3?%~@QG@k`9wkHQOQ`g_Vml9PXZ0N~=KsYB-XBYc@
rRd;`lDpwd-y|cA@rH{W`*Y49k?bAMeOX+_C00960=G(j*0DJ%deFiFr

literal 0
HcmV?d00001

diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml
new file mode 100755
index 0000000..a17a2db
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/Chart.yaml
@@ -0,0 +1,7 @@
+annotations:
+  catalog.cattle.io/namespace: tigera-operator
+apiVersion: v2
+appVersion: v3.20.2
+description: Installs the Tigera operator for Calico
+name: rke2-calico
+version: v3.20.201
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl b/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl
new file mode 100755
index 0000000..3ac4a1c
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/_helpers.tpl
@@ -0,0 +1,10 @@
+{{/* generate the image name for a component*/}}
+{{- define "tigera-operator.image" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- $_ := set .Values.tigeraOperator "registry" .Values.global.systemDefaultRegistry -}}
+{{- end -}}
+{{- if .Values.tigeraOperator.registry -}}
+    {{- .Values.tigeraOperator.registry | trimSuffix "/" -}}/
+{{- end -}}
+{{- .Values.tigeraOperator.image -}}:{{- .Values.tigeraOperator.version -}}
+{{- end -}}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml
new file mode 100755
index 0000000..5830c2a
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-node.yaml
@@ -0,0 +1,13 @@
+{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}}
+{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: node-certs
+  namespace: tigera-operator
+type: Opaque
+data:
+  cert.crt: {{ required "must set certs.node.cert" .Values.certs.node.cert | b64enc }}
+  key.key: {{ required "must set certs.node.key" .Values.certs.node.key | b64enc }}
+  common-name: {{ required "must set certs.node.commonName" .Values.certs.node.commonName | b64enc }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml
new file mode 100755
index 0000000..4463e89
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/certs/certs-typha.yaml
@@ -0,0 +1,23 @@
+{{/* if any of .Values.certs.node or .Values.certs.typha is not nil */}}
+{{ if without (concat (values .Values.certs.node) (values .Values.certs.typha)) nil }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: typha-ca
+  namespace: tigera-operator
+data:
+  caBundle: |
+{{ required "must set certs.typha.caBundle" .Values.certs.typha.caBundle | indent 4}}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: typha-certs
+  namespace: tigera-operator
+type: Opaque
+data:
+  cert.crt: {{ required "must set certs.typha.cert" .Values.certs.typha.cert | b64enc }}
+  key.key: {{ required "must set certs.typha.key" .Values.certs.typha.key | b64enc }}
+  common-name: {{ required "must set certs.typha.commonName" .Values.certs.typha.commonName | b64enc }}
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml
new file mode 100755
index 0000000..702fe0e
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/crs/custom-resources.yaml
@@ -0,0 +1,38 @@
+{{ if .Values.installation.enabled }}
+{{ $installSpec := omit .Values.installation "enabled" }}
+{{ $secrets := list }}
+{{ range $name := keys .Values.imagePullSecrets -}}
+{{ $item := dict "name" $name }}
+{{ $secrets = append $secrets $item }}
+{{ end }}
+{{ $_ := set $installSpec "imagePullSecrets" $secrets }}
+{{ $defaultRegistry := get $installSpec "registry" }}
+{{ $finalRegistry := coalesce .Values.global.systemDefaultRegistry $defaultRegistry }}
+{{ $_ := set $installSpec "registry" $finalRegistry }}
+{{ $defaultipPools := get .Values.installation.calicoNetwork "ipPools" | first }}
+{{ $defaultCIDR := get $defaultipPools "cidr" }}
+{{ $finalCIDR := coalesce .Values.global.clusterCIDRv4 $defaultCIDR }}
+{{ $_ := set $defaultipPools "cidr" $finalCIDR }}
+{{- /*
+If there is a defined ipv6 CIDR, we must add it as a new IPPool, disable any encapsulation and enable bgp
+*/}}
+{{ if not (empty .Values.global.clusterCIDRv6) }}
+{{ $myIP6Dict := dict "natOutgoing" "Enabled" "cidr" .Values.global.clusterCIDRv6 }}
+{{ $allIpPools := get .Values.installation.calicoNetwork "ipPools" }}
+{{ range $allIpPools }}
+{{ $_ := set . "encapsulation" "None" }}
+{{ end }}
+{{ $finalIpPoolList := append $allIpPools $myIP6Dict }}
+{{ $calicoNetwork := get .Values.installation "calicoNetwork" }}
+{{ $_ := set $calicoNetwork "ipPools" $finalIpPoolList }}
+{{ $_ := set $calicoNetwork "bgp" "Enabled" }}
+{{ end }}
+
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+{{ $installSpec | toYaml | indent 2 }}
+
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml
new file mode 100755
index 0000000..4194c97
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/felixconfig.yaml
@@ -0,0 +1,7 @@
+apiVersion: crd.projectcalico.org/v1
+kind: FelixConfiguration
+metadata:
+  name: default
+spec:
+  wireguardEnabled: {{ .Values.felixConfiguration.wireguardEnabled }}
+  featureDetectOverride: {{ .Values.felixConfiguration.featureDetectOverride }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml
new file mode 100755
index 0000000..22dba0e
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/ipamconfig.yaml
@@ -0,0 +1,7 @@
+apiVersion: crd.projectcalico.org/v1
+kind: IPAMConfig
+metadata:
+  name: default
+spec:
+  strictAffinity: {{ .Values.ipamConfig.strictAffinity }}
+  autoAllocateBlocks: {{ .Values.ipamConfig.autoAllocateBlocks }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml
new file mode 100755
index 0000000..b7e260e
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/00-namespace-tigera-operator.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tigera-operator
+  annotations:
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+    openshift.io/node-selector: ""
+{{- end }}
+  labels:
+    name: tigera-operator
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+    openshift.io/run-level: "0"
+{{- end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml
new file mode 100755
index 0000000..b90407c
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/01-imagepullsecret.yaml
@@ -0,0 +1,15 @@
+{{- $envAll := . }}
+{{- if .Values.imagePullSecrets -}}
+
+{{range $key, $value := .Values.imagePullSecrets -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $key }}
+  namespace: tigera-operator
+data:
+  .dockerconfigjson: {{ $value | b64enc }}
+type: kubernetes.io/dockerconfigjson
+{{- end -}}
+
+{{- end -}}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml
new file mode 100755
index 0000000..2270813
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-configmap-calico-resources.yaml
@@ -0,0 +1,27 @@
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: calico-resources
+  namespace: tigera-operator
+data:
+  # To create Calico resources before Calico components are started add
+  # an entry here and the contents of the resource under the entry.
+  # The resources here should all be projectcalico.org/v3.
+  # Multiple resources/entries can be added to this ConfigMap.
+  #
+  # If you need to remove a resource that was added to this ConfigMap
+  # you should remove it from here or else it will be re-created.
+  #
+  # example-global-network-set.yaml: |
+  #   apiVersion: projectcalico.org/v3
+  #   kind: GlobalNetworkSet
+  #   metadata:
+  #     name: a-name-for-the-set
+  #     labels:
+  #       role: external-database
+  #   spec:
+  #     nets:
+  #     - 198.51.100.0/28
+  #     - 203.0.113.0/24
+{{- end}}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
new file mode 100755
index 0000000..97e5c04
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml
@@ -0,0 +1,47 @@
+{{ if ne .Values.installation.kubernetesProvider "openshift" }}
+# This should not be rendered for an OpenShift install.
+# OpenShift uses SecurityContextConstraints instead.
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: tigera-operator
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+  - ALL
+  volumes:
+  - 'hostPath'
+  - 'configMap'
+  - 'emptyDir'
+  - 'projected'
+  - 'secret'
+  - 'downwardAPI'
+  # Assume that persistentVolumes set up by the cluster admin are safe to use.
+  - 'persistentVolumeClaim'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{ end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml
new file mode 100755
index 0000000..f40bf57
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-role-tigera-operator.yaml
@@ -0,0 +1,278 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tigera-operator
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - podtemplates
+      - services
+      - endpoints
+      - events
+      - configmaps
+      - secrets
+      - serviceaccounts
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      # Need to update node labels when migrating nodes.
+      - 'get'
+      - 'patch'
+      - 'list'
+      # We need this for Typha autoscaling
+      - 'watch'
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+      - rolebindings
+      - roles
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+      - bind
+      - escalate
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - apps
+    resourceNames:
+      - tigera-operator
+    resources:
+      - deployments/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - operator.tigera.io
+    resources:
+      - '*'
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - patch
+      - delete
+      - watch
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+    - networkpolicies
+    verbs:
+      - create
+      - update
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+    - crd.projectcalico.org
+    resources:
+    - felixconfigurations
+    verbs:
+    - create
+    - patch
+    - list
+    - get
+    - watch
+  - apiGroups:
+    - crd.projectcalico.org
+    resources:
+    - ippools
+    - kubecontrollersconfigurations
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+      - scheduling.k8s.io
+    resources:
+      - priorityclasses
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+    verbs:
+      - get
+      - create
+  - apiGroups:
+      - policy
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  - apiGroups:
+      - apiregistration.k8s.io
+    resources:
+      - apiservices
+    verbs:
+      - list
+      - watch
+      - create 
+      - update
+  # Needed for operator lock
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+  # When running in OpenShift, we need to update networking config.
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - networks/status
+    verbs:
+      - get
+      - list
+      - update
+  - apiGroups:
+      - config.openshift.io
+    resources:
+      - networks
+      - infrastructures
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+  # On OpenShift, we need to modify SCCs.
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - delete
+      - watch
+  # The following rule is only for operator certification purposes.
+  # The operator normally runs in a namespace with openshift.io/run-level=0 which bypasses SCC.
+  # However in certification tests, the operator is run in a normal namespace so this
+  # rule is needed for host networking and hostPath volume access.
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    resourceNames:
+      - hostaccess
+    verbs:
+      - use
+  # Need these permissions for the calicoctl init container.
+  - apiGroups:
+      - crd.projectcalico.org
+    resources:
+      - bgpconfigurations
+      - bgppeers
+      - felixconfigurations
+      - kubecontrollersconfigurations
+      - globalnetworkpolicies
+      - globalnetworksets
+      - hostendpoints
+      - ippools
+      - networkpolicies
+      - networksets
+    verbs:
+      - create
+  - apiGroups:
+     - crd.projectcalico.org
+    resources:
+      - ipamblocks
+    verbs:
+      - list
+  # Need this permission for the calicoctl version mismatch checking
+  - apiGroups:
+      - crd.projectcalico.org
+    resources:
+      - clusterinformations
+    verbs:
+      - get
+  # For AWS security group setup.
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - create
+      - update
+      - list
+      - watch
+{{- else }}
+  # Add the appropriate pod security policy permissions
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    resourceNames:
+      - tigera-operator
+    verbs:
+      - use
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+# Add the permissions to monitor the status of certificatesigningrequests when certificate management is enabled.
+  - apiGroups:
+      - certificates.k8s.io
+    resources:
+      - certificatesigningrequests
+    verbs:
+      - list
+{{- end }}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
new file mode 100755
index 0000000..5689683
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-rolebinding-tigera-operator.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: tigera-operator
+subjects:
+- kind: ServiceAccount
+  name: tigera-operator
+  namespace: tigera-operator
+roleRef:
+  kind: ClusterRole
+  name: tigera-operator
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
new file mode 100755
index 0000000..14cd955
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tigera-operator
+  namespace: tigera-operator
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml
new file mode 100755
index 0000000..e705255
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/tigera-operator/02-tigera-operator.yaml
@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tigera-operator
+  namespace: tigera-operator
+  labels:
+    k8s-app: tigera-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: tigera-operator
+  template:
+    metadata:
+      labels:
+        name: tigera-operator
+        k8s-app: tigera-operator
+    spec:
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      serviceAccountName: tigera-operator
+      hostNetwork: true
+      # This must be set when hostNetwork is true or else the cluster services won't resolve
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: tigera-operator
+          image: {{ template "tigera-operator.image" . }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - operator
+          volumeMounts:
+            - name: var-lib-calico
+              readOnly: true
+              mountPath: /var/lib/calico
+          env:
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OPERATOR_NAME
+              value: "tigera-operator"
+            - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION
+              value: {{.Values.tigeraOperator.version}}
+          envFrom:
+            - configMapRef:
+                name: kubernetes-services-endpoint
+                optional: true
+      volumes:
+        - name: var-lib-calico
+          hostPath:
+            path: /var/lib/calico
+{{- if eq .Values.installation.kubernetesProvider "openshift" }}
+        - name: calico-resources
+          configMap:
+            defaultMode: 0400
+            name: calico-resources
+        - name: install-resources-script
+          configMap:
+            defaultMode: 0777
+            name: install-resources-script
+      initContainers:
+        - name: create-initial-resources
+          image: {{.Values.calicoctl.image}}:{{.Values.calicoctl.tag}}
+          env:
+            - name: DATASTORE_TYPE
+              value: kubernetes
+          command:
+            - calicoctl
+          args:
+            - create
+            - --skip-exists
+            - --skip-empty
+            - -f
+            - /calico-resources
+          volumeMounts:
+            - name: calico-resources
+              mountPath: /calico-resources
+{{- end}}
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml
new file mode 100755
index 0000000..4d2a69c
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/templates/validate-install-crd.yaml
@@ -0,0 +1,32 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "crd.projectcalico.org/v1/BGPConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/BGPPeer" false -}}
+# {{- set $found "crd.projectcalico.org/v1/BlockAffinity" false -}}
+# {{- set $found "crd.projectcalico.org/v1/ClusterInformation" false -}}
+# {{- set $found "crd.projectcalico.org/v1/FelixConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkPolicy" false -}}
+# {{- set $found "crd.projectcalico.org/v1/GlobalNetworkSet" false -}}
+# {{- set $found "crd.projectcalico.org/v1/HostEndpoint" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMBlock" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMConfig" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPAMHandle" false -}}
+# {{- set $found "crd.projectcalico.org/v1/IPPool" false -}}
+# {{- set $found "crd.projectcalico.org/v1/KubeControllersConfiguration" false -}}
+# {{- set $found "crd.projectcalico.org/v1/NetworkPolicy" false -}}
+# {{- set $found "crd.projectcalico.org/v1/NetworkSet" false -}}
+# {{- set $found "operator.tigera.io/v1/APIServer" false -}}
+# {{- set $found "operator.tigera.io/v1/ImageSet" false -}}
+# {{- set $found "operator.tigera.io/v1/Installation" false -}}
+# {{- set $found "operator.tigera.io/v1/TigeraStatus" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml b/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml
new file mode 100755
index 0000000..136df4b
--- /dev/null
+++ b/charts/rke2-calico/rke2-calico/v3.20.201/values.yaml
@@ -0,0 +1,59 @@
+imagePullSecrets: {}
+
+installation:
+  controlPlaneTolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+  - key: "node-role.kubernetes.io/etcd"
+    operator: "Exists"
+    effect: "NoExecute"
+  enabled: true
+  kubernetesProvider: ""
+  calicoNetwork:
+    bgp: Disabled
+    ipPools:
+    - natOutgoing: Enabled
+      encapsulation: VXLAN
+      cidr: 10.42.0.0/16
+      blockSize: 24
+  imagePath: "rancher"
+  imagePrefix: "mirrored-calico-"
+
+apiServer:
+  enabled: true
+
+certs:
+  node:
+    key:
+    cert:
+    commonName:
+  typha:
+    key:
+    cert:
+    commonName:
+    caBundle:
+
+# Configuration for the tigera operator
+tigeraOperator:
+  image: rancher/mirrored-calico-operator
+  version: v1.20.4
+  registry: docker.io
+calicoctl:
+  image: rancher/mirrored-calico-ctl
+  tag: v3.20.2
+
+global:
+  systemDefaultRegistry: ""
+  clusterCIDRv4: ""
+  clusterCIDRv6: ""
+
+# Config required by Windows nodes
+ipamConfig:
+  strictAffinity: true
+  autoAllocateBlocks: true
+
+felixConfiguration:
+  wireguardEnabled: false
+  # Config required to fix RKE2 issue #1541
+  featureDetectOverride: "ChecksumOffloadBroken=true"
diff --git a/index.yaml b/index.yaml
index aef54ca..6cb1f47 100755
--- a/index.yaml
+++ b/index.yaml
@@ -60,6 +60,17 @@ entries:
     urls:
     - assets/rke2-calico/rke2-calico-v3.1906.tgz
     version: v3.1906
+  - annotations:
+      catalog.cattle.io/namespace: tigera-operator
+    apiVersion: v2
+    appVersion: v3.20.2
+    created: "2021-10-29T06:49:39.787554662Z"
+    description: Installs the Tigera operator for Calico
+    digest: 9a299fa1c36937fd67f36f2ad45f9223ade4bb1b0342b5e78ffcfefed32c45cc
+    name: rke2-calico
+    urls:
+    - assets/rke2-calico/rke2-calico-v3.20.201.tgz
+    version: v3.20.201
   - annotations:
       catalog.cattle.io/namespace: tigera-operator
     apiVersion: v2