This version fixes the problems we had:
1 - Image prefix no possible
2 - Images on 3.19.0 instead of 3.19.1
Signed-off-by: Manuel Buil <mbuil@suse.com>
Seeing this error at runtime:
```
Error: parse error at (rke2-canal/templates/config.yaml:63): function "Values" not defined
```
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
Before this change, wait-for-node-init container was not able to execute
properly with SELinux enabled, due to lack of ability to access the bind
mounted file. Due to lack of ability to set the container_file_t label
through Kubernetes, the other possible solution, done in this commit, is
making the container privileged. All the other containers accessing the
bootstrap file are already privileged as well, so it should not be that
harmful.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Consume the images from our rancher/mirrored-xxx images
Unfortunately, we can't consume the rest of the images. This feature is
unavailable
Signed-off-by: Manuel Buil <mbuil@suse.com>
Adds charts for sriov and multus.
Details:
* Multus chart, on deployment installs number of cnis, not only multus
itself but also other cnis ussually combined with it, like host-device
and macvlan.
* Multus includes a CRD, NetworkAttachmentDefinition, which is the
means to attach interfaces to pods by specifying a delegated cni for
each.
* Multus replaces the existing cni with itself, and sets up a default
NetworkAttachmentDefinition with that existing cni that will setup the
first interface of the pod just as if multus was not there.
* The NetworkAttachmentDefinition CRD is included along other multus
templates in the chart and no specific chart is setup for the CRD.
This CRD is no consumed on deployment and is unlikely to change
frequently.
* Sriov depends on NetworkAttachmentDefinition CRD but no dependency is
set between Multus and Sriov. Sriov charts checks on the presence of
NetworkAttachmentDefinition CRD via capabilities and fails deployment
if unavailable.
* Sriov includes a number of CRDs which are setup as separate chart.
* Sriov operator depends on certificates to be able to deploy its
webhooks. The charts depends and checks for the presence of
cert-manager to generate these certificates. Optionally, via chart
value, cert-manager integration can be disabled in which case the
chart will generate certificates with 1 year validity as a means to
quickly test or trial, but not the intended setup for production
clusters.
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Signed-off-by: Manuel Buil <mbuil@suse.com>
Made FailsafeOutboundHostPorts and FailsafeInboundHostPorts configurable
to allow users to have custom network policy for example SSH (22)
Previously failsafe rules would always have opened 22 even if user had
custom GlobalNetworkPolicy applied on the node.
Fixes https://github.com/rancher/rke2/issues/921
* Update coredns and kube-proxy charts to use passthrough values
* bump kube-proxy versions back to v1.21.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This change contains only autoregenerated patches after the update of
Cilium to 1.9.6. Those patches had to be regenerated due to upstream
changes in Cilium Helm charts.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
This change updates the Cilium version from 1.9.4 to 1.9.6. This release
updates Envoy to 1.17.2 to address CVE-2021-28682, CVE-2021-28683 and
CVE-2021-29258.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Cilium's default ipam mode does not honor the pod CIDR set in kube-controller-manager.
The benefits of that mode are not relevant when deploying with rke2
Fixes issue rke2/891
Signed-off-by: Manuel Buil <mbuil@suse.com>
The chart is organized in subcharts to clearly delimit supported vs
non-supported customization options, as follows:
- The main rke2-cilium chart which only supplies supported customization
options through its values.yaml.
- Cilium upstream chart is pulled in as a subchart dependency and is
patched to support a system default registry as a global variable.
- A rke2-cilium-hard-defaults subchart which supplies cilium options
that change from upstream defaults for which we don't intend to
support any customization.
All cilium options are scoped & accessible, for example:
`helm install rke2-cilium --set cilium.preflight.enabled=true`
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Update flex volume plugin dir to match new RKE2 default; make it a Value
so that it can be changed by users to match the kubelet setting if
necessary.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Why do we need to bump all the packageVersions?
The new charts-build-scripts treat Chart.yaml and requirements.yaml as "managed files", which means that the scripts themselves can make changes to those files.
When the scripts touch those files (e.g. to add a new dependency based on the contents of generated-changes/dependencies or to patch a rcVersion or packageVersion to the chart), dumping back out the YAML results in slight changes due to the unmarshalling process, such as the re-ordering of annotations.
Since these minor changes comprise a change introduced by Rancher and the scripts refuse changes that modify already released packages, the simple fix for this is just to universally bump the packageVersion as part of the migration process.
As part of creating this PR, I generated these minor changes in https://github.com/aiyengar2/charts-diff/tree/rke2-charts/diff so that we can sign off that these are indeed inconsequential to the migration. For context, the process used to generate these files was:
- Pull in the current branch. Run make charts with the old scripts
- Pull in the migration branch. Run make charts with the new scripts
- Dump the diff between them in a patch file
Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
```bash
arvindiyengar: ~/Rancher/rke2-charts/src/github.com/rancher/rke2-charts
$ curl -s https://raw.githubusercontent.com/aiyengar2/charts-build-scripts/add_init_steps/init.sh > /dev/null | sh
Pulling in charts-build-scripts version v0.0.4
charts-build-scripts version v0.0.4 (567c991)
INFO[0000] Pulling rancher/charts-build-scripts[path=templates] from upstream into templates299650162
INFO[0002] Successfully pulled new updated docs into working directory.
Pulled in basic template for source into configuration.yaml and constructed charts directory
Next Steps:
1. Modify the configuration.yaml with your expected setup and re-run make docs to automatically update the repository.
2. Modify .github/workflows/pull-request.md and .github/workflows/push.md to set up automatic pushes to another branch.
```
Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
* allow private registry
* add pull image from private registry
* delete old assets
* add newline at the end of _helpers.tpl files
* standardize image fields
* add system default registry to ingress-nginx
Manuel Buil
Chris Kim
Michal Rostecki
Hussein Galal
Brad Davidson
Brad Davidson
Jacob Blain Christen
Erik Wilson
Brian Downs
Jaime Caamaño Ruiz
Jonas Falck
David Nuzik
Menna Elmasry
Arvind Iyengar
Jacob Blain Christen