--- charts-original/templates/cilium-agent/daemonset.yaml +++ charts/templates/cilium-agent/daemonset.yaml @@ -1,3 +1,11 @@ +{{- if empty .Values.global.clusterCIDRv4 }} +{{- $_ := set .Values.ipv4 "enabled" false -}} +{{- end }} + +{{- if not (empty .Values.global.clusterCIDRv6) }} +{{- $_ := set .Values.ipv6 "enabled" true -}} +{{- end }} + {{- if and .Values.agent (not .Values.preflight.enabled) }} {{- /* Default values with backwards compatibility */ -}} @@ -95,7 +103,7 @@ {{- end }} containers: - name: cilium-agent - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.sleepAfterInit }} command: @@ -397,7 +405,7 @@ {{- end }} {{- if .Values.monitor.enabled }} - name: cilium-monitor - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash @@ -428,8 +436,18 @@ {{- toYaml .Values.extraContainers | nindent 6 }} {{- end }} initContainers: + {{- if eq .Values.cni.chainingMode "portmap" }} + - name: install-portmap-cni-plugin + image: "{{ template "system_default_registry" . }}{{ .Values.portmapPlugin.image.repository }}:{{ .Values.portmapPlugin.image.tag }}" + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-path + env: + - name: SKIP_CNI_BINARIES + value: "bandwidth,bridge,dhcp,firewall,flannel,host-device,host-local,ipvlan,loopback,macvlan,ptp,sbr,static,tuning,vlan,vrf" + {{- end }} - name: config - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - cilium-dbg @@ -482,7 +500,7 @@ # Required to mount cgroup2 filesystem on the underlying Kubernetes node. # We use nsenter command with host's cgroup and mount namespaces enabled. - name: mount-cgroup - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: CGROUP_ROOT @@ -530,7 +548,7 @@ {{- end }} {{- if .Values.sysctlfix.enabled }} - name: apply-sysctl-overwrites - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: @@ -579,7 +597,7 @@ # from a privileged container because the mount propagation bidirectional # only works from privileged containers. - name: mount-bpf-fs - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: @@ -603,7 +621,7 @@ {{- end }} {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }} - name: wait-for-node-init - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: @@ -621,9 +639,11 @@ volumeMounts: - name: cilium-bootstrap-file-dir mountPath: "/tmp/cilium-bootstrap.d" + securityContext: + privileged: true {{- end }} - name: clean-cilium-state - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /init-container.sh @@ -692,7 +712,7 @@ {{- end }} {{- if and .Values.waitForKubeProxy (and (ne (toString $kubeProxyReplacement) "strict") (ne (toString $kubeProxyReplacement) "true")) }} - name: wait-for-kube-proxy - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: @@ -730,7 +750,7 @@ {{- if .Values.cni.install }} # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent - name: install-cni-binaries - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - "/install-plugin.sh"