--- charts-original/values.yaml +++ charts/values.yaml @@ -89,12 +89,10 @@ # -- Agent container image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.12.5" pullPolicy: "IfNotPresent" - # cilium-digest - digest: "sha256:06ce2b0a0a472e73334a7504ee5c5d8b2e2d7b72ef728ad94e564740dd505be5" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: @@ -361,7 +359,9 @@ # - flannel # - generic-veth # - portmap - chainingMode: none + + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap # -- Make Cilium take ownership over the `/etc/cni/net.d` directory on the # node, renaming all non-Cilium CNI configurations to `*.cilium_bak`. @@ -639,8 +639,8 @@ certgen: image: override: ~ - repository: "quay.io/cilium/certgen" - tag: "v0.1.8@sha256:4a456552a5f192992a6edcec2febb1c54870d665173a33dc7d876129b199ddbd" + repository: "rancher/mirrored-cilium-certgen" + tag: "v0.1.8" pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 @@ -652,7 +652,7 @@ hubble: # -- Enable Hubble (true by default). - enabled: true + enabled: false # -- Buffer size of the channel Hubble uses to receive monitor events. If this # value is not set, the queue size is set to the default monitor queue size. @@ -793,11 +793,9 @@ # -- Hubble-relay container image. image: override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" tag: "v1.12.5" - # hubble-relay-digest - digest: "sha256:22039a7a6cb1322badd6b0e5149ba7b11d35a54cf3ac93ce651bebe5a71ac91a" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -981,8 +979,8 @@ # -- Hubble-ui backend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.9.2@sha256:a3ac4d5b87889c9f7cc6323e86d3126b0d382933bd64f44382a92778b0cde5d7" + repository: "rancher/mirrored-cilium-hubble-ui-backend" + tag: "v0.10.0" pullPolicy: "IfNotPresent" # -- Additional hubble-ui backend environment variables. @@ -1001,8 +999,8 @@ # -- Hubble-ui frontend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui" - tag: "v0.9.2@sha256:d3596efc94a41c6b772b9afe6fe47c17417658956e04c3e2a28d293f2670663e" + repository: "rancher/mirrored-cilium-hubble-ui" + tag: "v0.10.0" pullPolicy: "IfNotPresent" # -- Additional hubble-ui frontend environment variables. @@ -1121,7 +1119,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/ - mode: "cluster-pool" + mode: "kubernetes" operator: # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList. # IPv4 CIDR range to delegate to individual nodes for IPAM. @@ -1343,7 +1341,7 @@ # -- Configure prometheus metrics on the configured port at /metrics prometheus: - enabled: false + enabled: true port: 9962 serviceMonitor: # -- Enable service monitors. @@ -1455,8 +1453,8 @@ # -- cilium-etcd-operator image. image: override: ~ - repository: "quay.io/cilium/cilium-etcd-operator" - tag: "v2.0.7@sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc" + repository: "rancher/mirrored-cilium-cilium-etcd-operator" + tag: "v2.0.7" pullPolicy: "IfNotPresent" # -- The priority class to use for cilium-etcd-operator @@ -1543,17 +1541,9 @@ # -- cilium-operator image. image: override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" tag: "v1.12.5" - # operator-generic-digest - genericDigest: "sha256:b296eb7f0f7656a5cc19724f40a8a7121b7fd725278b7d61dc91fe0b7ffd7c0e" - # operator-azure-digest - azureDigest: "sha256:60dee3a53aefc3b8cda426ee87c55fd61a19a6c8d7e0995348345e1af93b451f" - # operator-aws-digest - awsDigest: "sha256:adbcd8bd2852cf9e39b02482ff1d3c7fc90ffac6675ea7512ef28aff50b7f492" - # operator-alibabacloud-digest - alibabacloudDigest: "sha256:a452b58e2de9aca5ea0a2d84ab999442fe0293723f028f288992bf546ee72a4a" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" @@ -1668,7 +1658,7 @@ # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: - enabled: false + enabled: true port: 9963 serviceMonitor: # -- Enable service monitors. @@ -1783,11 +1773,9 @@ # -- Cilium pre-flight image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "v1.12.5" - # cilium-digest - digest: "sha256:06ce2b0a0a472e73334a7504ee5c5d8b2e2d7b72ef728ad94e564740dd505be5" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -1920,19 +1908,17 @@ # -- Clustermesh API server image. image: override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" tag: "v1.12.5" - # clustermesh-apiserver-digest - digest: "sha256:15c5d7fc2e78bce33b5351eb8788ac06f39c19cea5fef70da7f1beabdd106dd3" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" etcd: # -- Clustermesh API server etcd image. image: override: ~ - repository: "quay.io/coreos/etcd" - tag: "v3.5.4@sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3" + repository: "rancher/mirrored-coreos-etcd" + tag: "v3.5.4" pullPolicy: "IfNotPresent" service: @@ -2137,3 +2123,11 @@ proxyPort: 0 # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information. proxyResponseMaxDelay: 100ms + +portmapPlugin: + image: + repository: "rancher/hardened-cni-plugins" + tag: "v1.0.1-build20221011" + +global: + systemDefaultRegistry: ""