--- charts-original/values.yaml +++ charts/values.yaml @@ -152,12 +152,10 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.16.0" pullPolicy: "IfNotPresent" - # cilium-digest - digest: "sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -581,7 +579,10 @@ # - flannel # - generic-veth # - portmap - chainingMode: ~ + + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap + # @schema # type: [null, string] # @schema @@ -1011,10 +1012,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/certgen" + repository: "rancher/mirrored-cilium-certgen" tag: "v0.2.0" - digest: "sha256:169d93fd8f2f9009db3b9d5ccd37c2b753d0989e1e7cd8fe79f9160c459eef4f" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 @@ -1035,7 +1035,7 @@ affinity: {} hubble: # -- Enable Hubble (true by default). - enabled: true + enabled: false # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble) annotations: {} # -- Buffer size of the channel Hubble uses to receive monitor events. If this @@ -1300,11 +1300,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" tag: "v1.16.0" - # hubble-relay-digest - digest: "sha256:33fca7776fc3d7b2abe08873319353806dc1c5e07e12011d7da4da05f836ce8d" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods resources: {} @@ -1533,10 +1531,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-ui-backend" + repository: "rancher/mirrored-cilium-hubble-ui-backend" tag: "v0.13.1" - digest: "sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. securityContext: {} @@ -1567,10 +1564,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-ui" + repository: "rancher/mirrored-cilium-hubble-ui" tag: "v0.13.1" - digest: "sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. securityContext: {} @@ -1744,7 +1740,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ - mode: "cluster-pool" + mode: "kubernetes" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" operator: @@ -2033,7 +2029,7 @@ port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: - enabled: false + enabled: true port: 9962 serviceMonitor: # -- Enable service monitors. @@ -2128,11 +2124,10 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium-envoy" + repository: "rancher/mirrored-cilium-cilium-envoy" tag: "v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51" pullPolicy: "IfNotPresent" - digest: "sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b" - useDigest: true + useDigest: false # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] # -- Additional envoy container arguments. @@ -2444,17 +2439,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" tag: "v1.16.0" - # operator-generic-digest - genericDigest: "sha256:d6621c11c4e4943bf2998af7febe05be5ed6fdcf812b27ad4388f47022190316" - # operator-azure-digest - azureDigest: "sha256:dd7562e20bc72b55c65e2110eb98dca1dd2bbf6688b7d8cea2bc0453992c121d" - # operator-aws-digest - awsDigest: "sha256:8dbe47a77ba8e1a5b111647a43db10c213d1c7dfc9f9aab5ef7279321ad21a2f" - # operator-alibabacloud-digest - alibabacloudDigest: "sha256:d2d9f450f2fc650d74d4b3935f4c05736e61145b9c6927520ea52e1ebcf4f3ea" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" # -- Number of replicas to run for the cilium-operator deployment @@ -2623,8 +2610,7 @@ # @schema # -- Taint nodes where Cilium is scheduled but not running. This prevents pods # from being scheduled to nodes where Cilium is not the default CNI provider. - # @default -- same as removeNodeTaints - setNodeTaints: ~ + setNodeTaints: false # -- Set Node condition NetworkUnavailable to 'false' with the reason # 'CiliumIsUp' for nodes that have a healthy Cilium pod. setNodeNetworkStatus: true @@ -2728,11 +2714,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.16.0" - # cilium-digest - digest: "sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. priorityClassName: "" @@ -2877,11 +2861,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" tag: "v1.16.0" - # clustermesh-apiserver-digest - digest: "sha256:a1597b7de97cfa03f1330e6b784df1721eb69494cd9efb0b3a6930680dfe7a8e" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. healthPort: 9880 @@ -3522,3 +3504,11 @@ agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s + +portmapPlugin: + image: + repository: "rancher/hardened-cni-plugins" + tag: "v1.4.1-build20240325" + +global: + systemDefaultRegistry: ""