Commit Graph

253 Commits (e898161f65b8d83bb7acbb7485839425aa459d1a)

Author SHA1 Message Date
Brian Downs 09e1932f90 Update ingress-nginx chart.
Update package version
Convert from deployment to daemonset
Enable host port

Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-06 13:05:17 -07:00
Manuel Buil 62da0673f7
Merge pull request #77 from manuelbuil/cidr_global_2
Add pod_cidr option and systemDefaultRegistry
2021-05-05 09:11:46 +02:00
Manuel Buil d0393b2489 Add pod_cidr option and systemDefaultRegistry
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-05-04 11:13:28 +00:00
Manuel Buil 797fa74eb5
Merge pull request #75 from mrostecki/cilium-selinux
cilium: Make the wait-for-note-init container privileged
2021-05-04 10:26:44 +02:00
Manuel Buil b8194ba10d
Merge pull request #72 from jcaamano/sriov
Add multus & sr-iov charts
2021-05-04 10:25:00 +02:00
Michal Rostecki 7b841da6e9 cilium: Make the wait-for-note-init container privileged
Before this change, wait-for-node-init container was not able to execute
properly with SELinux enabled, due to lack of ability to access the bind
mounted file. Due to lack of ability to set the container_file_t label
through Kubernetes, the other possible solution, done in this commit, is
making the container privileged. All the other containers accessing the
bootstrap file are already privileged as well, so it should not be that
harmful.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
2021-05-03 19:48:58 +02:00
Manuel Buil 352b66abee
Merge pull request #76 from manuelbuil/calico
Add the calicoctl and operator images
2021-04-30 20:43:18 +02:00
Manuel Buil fa98b97a33 Add the calicoctl and operator images
Consume the images from our rancher/mirrored-xxx images

Unfortunately, we can't consume the rest of the images. This feature is
unavailable

Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-04-30 20:12:31 +02:00
Manuel Buil 515320182b
Merge pull request #74 from manuelbuil/calico
Add Calico helm chart
2021-04-30 10:55:45 +02:00
Manuel Buil 97e2c7dd55
Merge pull request #70 from mrostecki/cilium-1.9.6
cilium: Update to 1.9.6
2021-04-29 16:37:22 +02:00
Jaime Caamaño Ruiz b67bef6057 Add multus & sr-iov charts
Adds charts for sriov and multus.

Details:

* Multus chart, on deployment installs number of cnis, not only multus
  itself but also other cnis ussually combined with it, like host-device
  and macvlan.
* Multus includes a CRD, NetworkAttachmentDefinition, which is the
  means to attach interfaces to pods by specifying a delegated cni for
  each.
* Multus replaces the existing cni with itself, and sets up a default
  NetworkAttachmentDefinition with that existing cni that will setup the
  first interface of the pod just as if multus was not there.
* The NetworkAttachmentDefinition CRD is included along other multus
  templates in the chart and no specific chart is setup for the CRD.
  This CRD is no consumed on deployment and is unlikely to change
  frequently.
* Sriov depends on NetworkAttachmentDefinition CRD but no dependency is
  set between Multus and Sriov. Sriov charts checks on the presence of
  NetworkAttachmentDefinition CRD via capabilities and fails deployment
  if unavailable.
* Sriov includes a number of CRDs which are setup as separate chart.
* Sriov operator depends on certificates to be able to deploy its
  webhooks. The charts depends and checks for the presence of
  cert-manager to generate these certificates. Optionally, via chart
  value, cert-manager integration can be disabled in which case the
  chart will generate certificates with 1 year validity as a means to
  quickly test or trial, but not the intended setup for production
  clusters.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-04-29 16:05:55 +02:00
Manuel Buil d8ad84be5a Add Calico helm chart
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-04-29 16:00:13 +02:00
Jonas Falck 22324fa3fc Add ability to configure calico failsafe ports
Made FailsafeOutboundHostPorts and FailsafeInboundHostPorts configurable
to allow users to have custom network policy for example SSH (22)

Previously failsafe rules would always have opened 22 even if user had
custom GlobalNetworkPolicy applied on the node.

Fixes https://github.com/rancher/rke2/issues/921
2021-04-28 17:14:54 -07:00
Brad Davidson 1b4dda478d
Update coredns and kube-proxy charts to use passthrough values (#73)
* Update coredns and kube-proxy charts to use passthrough values
* bump kube-proxy versions back to v1.21.0

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-27 15:58:35 -07:00
Michal Rostecki fe4f204537 cilium: generated-changes: Regenerate patches after update to 1.9.6
This change contains only autoregenerated patches after the update of
Cilium to 1.9.6. Those patches had to be regenerated due to upstream
changes in Cilium Helm charts.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
2021-04-26 18:16:21 +01:00
Michal Rostecki e2952f85f1 cilium: Update to 1.9.6
This change updates the Cilium version from 1.9.4 to 1.9.6. This release
updates Envoy to 1.17.2 to address CVE-2021-28682, CVE-2021-28683 and
CVE-2021-29258.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
2021-04-26 18:13:55 +01:00
Jaime Caamaño Ruiz 0b7a4647af
Merge pull request #69 from manuelbuil/ipam
Change the default ipam mode of cilium
2021-04-19 20:26:05 +02:00
Manuel Buil d666fe9746 Change the default ipam mode of cilium
Cilium's default ipam mode does not honor the pod CIDR set in kube-controller-manager.
The benefits of that mode are not relevant when deploying with rke2

Fixes issue rke2/891

Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-04-19 20:12:55 +02:00
Chris Kim 62c26ac835
Merge pull request #68 from Oats87/issues/rke2/843
Change rke2-kube-proxy to v1.20.6-build20210419
2021-04-19 10:16:55 -07:00
Chris Kim 12a5661c37
Merge pull request #67 from Oats87/issues/rke2/842
Change rke2-kube-proxy to v1.18.18-build20210419
2021-04-19 10:11:57 -07:00
Chris Kim 37bf4a2df3 Change rke2-kube-proxy to v1.20.6-build20210419
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-04-19 10:08:39 -07:00
Chris Kim ac7c9bacd6
Merge pull request #66 from Oats87/issues/rke2/841
Change rke2-kube-proxy to v1.18.18
2021-04-19 10:06:57 -07:00
Chris Kim 0dc3240167 Change rke2-kube-proxy to v1.18.18-build20210419
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-04-19 10:04:13 -07:00
Chris Kim 5a3e8ffe34 Change rke2-kube-proxy to v1.18.18
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-04-19 09:54:27 -07:00
Brian Downs d0a34506c7
Merge pull request #65 from briandowns/update_kube_proxy_v1.20
Update kube-proxy to v1.21.0
2021-04-13 10:56:03 -07:00
Brian Downs f75d23a263 update kube-proxy to v1.21.0
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 10:46:59 -07:00
Manuel Buil 692ae53e5d
Merge pull request #64 from manuelbuil/dual-stack
Allow users to deploy Cilium with dual stack config
2021-04-12 19:28:05 +02:00
Manuel Buil b7d773f99a Allow users to deploy Cilium with dual stack config
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-04-09 10:32:28 +02:00
David Nuzik cef1dde9fd
Merge pull request #46 from jcaamano/main-source
Add cilium chart
2021-04-08 07:58:42 -07:00
Brad Davidson 87e567bead update kube-proxy version to v1.20.5-build20210405
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-06 10:17:30 -07:00
Jaime Caamaño Ruiz 3d1dedcf2b Add cilium chart
The chart is organized in subcharts to clearly delimit supported vs
non-supported customization options, as follows:

- The main rke2-cilium chart which only supplies supported customization
  options through its values.yaml.
- Cilium upstream chart is pulled in as a subchart dependency and is
  patched to support a system default registry as a global variable.
- A rke2-cilium-hard-defaults subchart which supplies cilium options
  that change from upstream defaults for which we don't intend to
  support any customization.

All cilium options are scoped & accessible, for example:
`helm install rke2-cilium --set cilium.preflight.enabled=true`

Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
2021-04-06 12:55:27 +02:00
Brad Davidson 7ca69fe3b6
Strip 'nginx-' prefix from image tags when using semverCompare (#62)
* Revert rke2-ingress-nginx to 1.36.3
* Add trimPrefix calls to rke2-ingress-nginx daemonset manifest
* Add trimPrefix call to rke2-ingress-nginx deployment with defaultBackend disabled

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-05 15:47:34 -07:00
David Nuzik 67559cb642
Merge pull request #59 from aiyengar2/bump_scripts_0_1_0
[Source] Bump scripts to v0.1.0
2021-04-05 10:17:24 -07:00
Menna Elmasry b82df0f267
update kube-proxy version to v1.18.17 (#61) 2021-03-19 00:14:31 +02:00
Menna Elmasry 544195db21
update kube-proxy version to v1.19.9 (#58) 2021-03-18 23:55:20 +02:00
Arvind Iyengar a948537b2a
make docs 2021-03-18 14:49:03 -07:00
Arvind Iyengar 1f7d0288ec
Bump scripts version to v0.1.0 2021-03-18 14:48:44 -07:00
Menna Elmasry 5380bf3c90
update kube-proxy version to v1.20.5 (#57) 2021-03-18 23:39:16 +02:00
Erik Wilson dcf10ac5d8
Merge pull request #56 from brandond/fix_682
Update flexvol path
2021-03-10 14:20:38 -07:00
Brad Davidson 491707bbeb Update flexvol path
Update flex volume plugin dir to match new RKE2 default; make it a Value
so that it can be changed by users to match the kubelet setting if
necessary.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-10 11:18:48 -08:00
Brad Davidson 83ceb61b60 Update kube-proxy chart to v1.20.4-build20210302
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-02 12:21:57 -08:00
Jacob Blain Christen bf713e8df1
Merge pull request #52 from aiyengar2/migrate-source
[Source] Migrate to charts-build-scripts
2021-03-01 17:26:22 -07:00
Arvind Iyengar 019321a949
remove execute permissions 2021-03-01 11:16:06 -08:00
Arvind Iyengar 2ffa6c04f9
Revert "Temporarily point to fork"
This reverts commit 7b92af17fd.

Context:

The purpose behind introducing the previous change was to run a `make validate`, which checks if the `make prepare`, `make charts`, and `make sync` workflows worked as expected against the fork we plan to migrate to. This worked, as seen below:
```bash
arvindiyengar: ~/Rancher/rke2-charts/src/github.com/rancher/rke2-charts
$ make validate
./bin/charts-build-scripts validate
INFO[0000] Validating against released charts in migrate-live
... (omitted for brevity) ...
INFO[0002] Successfully validated against migrate-live!
```
2021-02-25 18:48:36 -08:00
Arvind Iyengar 7b92af17fd
Temporarily point to fork 2021-02-25 18:45:59 -08:00
Arvind Iyengar d4bda1833c
Bump all packageVersions and introduce comment
Why do we need to bump all the packageVersions?

The new charts-build-scripts treat Chart.yaml and requirements.yaml as "managed files", which means that the scripts themselves can make changes to those files.

When the scripts touch those files (e.g. to add a new dependency based on the contents of generated-changes/dependencies or to patch a rcVersion or packageVersion to the chart), dumping back out the YAML results in slight changes due to the unmarshalling process, such as the re-ordering of annotations.

Since these minor changes comprise a change introduced by Rancher and the scripts refuse changes that modify already released packages, the simple fix for this is just to universally bump the packageVersion as part of the migration process.

As part of creating this PR, I generated these minor changes in https://github.com/aiyengar2/charts-diff/tree/rke2-charts/diff so that we can sign off that these are indeed inconsequential to the migration. For context, the process used to generate these files was:
- Pull in the current branch. Run make charts with the old scripts
- Pull in the migration branch. Run make charts with the new scripts
- Dump the diff between them in a patch file

Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-02-25 18:45:59 -08:00
Arvind Iyengar 36569143f0
Migrate all packages
Just needed to run:
```bash
REPOSITORY=https://github.com/rancher/rke2-charts BRANCH=main-source ./scripts/regenerate-packages
```

Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-02-25 17:35:31 -08:00
Arvind Iyengar 4b27993510
Fixup bug with regenerate-packages
Will be tracked in https://github.com/rancher/charts-build-scripts/pull/19

Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-02-25 17:35:30 -08:00
Arvind Iyengar 0c64e73122
make docs
Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-02-25 17:35:30 -08:00
Arvind Iyengar 5fa88363c2
Update workflows and configuration.yaml
Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-02-25 17:35:30 -08:00