--- charts-original/values.yaml +++ charts/values.yaml @@ -145,12 +145,10 @@ # -- Agent container image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.15.1" pullPolicy: "IfNotPresent" - # cilium-digest - digest: "sha256:351d6685dc6f6ffbcd5451043167cfa8842c6decf80d8c8e426a417c73fb56d4" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: @@ -549,7 +547,9 @@ # - flannel # - generic-veth # - portmap - chainingMode: ~ + + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap # -- A CNI network name in to which the Cilium plugin should be added as a chained plugin. # This will cause the agent to watch for a CNI network with this network name. When it is @@ -964,10 +964,9 @@ certgen: image: override: ~ - repository: "quay.io/cilium/certgen" + repository: "rancher/mirrored-cilium-certgen" tag: "v0.1.9" - digest: "sha256:89a0847753686444daabde9474b48340993bd19c7bea66a46e45b2974b82041f" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 @@ -992,7 +991,7 @@ hubble: # -- Enable Hubble (true by default). - enabled: true + enabled: false # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble) annotations: {} @@ -1223,11 +1222,9 @@ # -- Hubble-relay container image. image: override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" tag: "v1.15.1" - # hubble-relay-digest - digest: "sha256:3254aaf85064bc1567e8ce01ad634b6dd269e91858c83be99e47e685d4bb8012" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -1460,10 +1457,9 @@ # -- Hubble-ui backend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui-backend" + repository: "rancher/mirrored-cilium-hubble-ui-backend" tag: "v0.13.0" - digest: "sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. @@ -1499,10 +1495,9 @@ # -- Hubble-ui frontend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui" + repository: "rancher/mirrored-cilium-hubble-ui" tag: "v0.13.0" - digest: "sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. @@ -1680,7 +1675,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ - mode: "cluster-pool" + mode: "kubernetes" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" operator: @@ -1974,7 +1969,7 @@ # -- Configure prometheus metrics on the configured port at /metrics prometheus: - enabled: false + enabled: true port: 9962 serviceMonitor: # -- Enable service monitors. @@ -2063,11 +2058,10 @@ # -- Envoy container image. image: override: ~ - repository: "quay.io/cilium/cilium-envoy" + repository: "rancher/mirrored-cilium-cilium-envoy" tag: "v1.27.3-713b673cccf1af661efd75ca20532336517ddcb9" pullPolicy: "IfNotPresent" - digest: "sha256:a811830c708296194eaf9cee6c1d22c5f8de3544b7eea6cbdfb810326522a4a2" - useDigest: true + useDigest: false # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] @@ -2363,10 +2357,9 @@ # -- cilium-etcd-operator image. image: override: ~ - repository: "quay.io/cilium/cilium-etcd-operator" + repository: "rancher/mirrored-cilium-cilium-etcd-operator" tag: "v2.0.7" - digest: "sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for cilium-etcd-operator @@ -2471,17 +2464,9 @@ # -- cilium-operator image. image: override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" tag: "v1.15.1" - # operator-generic-digest - genericDigest: "sha256:819c7281f5a4f25ee1ce2ec4c76b6fbc69a660c68b7825e9580b1813833fa743" - # operator-azure-digest - azureDigest: "sha256:7131758a0a6eb2103c52197eec67769ab339833adbd71f5ede0edafb78e0b587" - # operator-aws-digest - awsDigest: "sha256:9481ada434ac7c271906d672162c2d70ff87287b229ebb18b86e8af7f757307c" - # operator-alibabacloud-digest - alibabacloudDigest: "sha256:9745df85036c9b0deb89065c2bf35df350cfc89284cb0555072c675d2875d5d7" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" @@ -2653,8 +2638,7 @@ # -- Taint nodes where Cilium is scheduled but not running. This prevents pods # from being scheduled to nodes where Cilium is not the default CNI provider. - # @default -- same as removeNodeTaints - setNodeTaints: ~ + setNodeTaints: false # -- Set Node condition NetworkUnavailable to 'false' with the reason # 'CiliumIsUp' for nodes that have a healthy Cilium pod. @@ -2766,11 +2750,9 @@ # -- Cilium pre-flight image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.15.1" - # cilium-digest - digest: "sha256:351d6685dc6f6ffbcd5451043167cfa8842c6decf80d8c8e426a417c73fb56d4" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -2928,11 +2910,9 @@ # -- Clustermesh API server image. image: override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" tag: "v1.15.1" - # clustermesh-apiserver-digest - digest: "sha256:b353badd255c2ce47eaa8f394ee4cbf70666773d7294bd887693e0c33503dc37" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" etcd: @@ -3501,3 +3481,11 @@ agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s + +portmapPlugin: + image: + repository: "rancher/hardened-cni-plugins" + tag: "v1.4.0-build20240122" + +global: + systemDefaultRegistry: ""