--- charts-original/values.yaml +++ charts/values.yaml @@ -152,12 +152,10 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "CILIUM_IMAGE_VERSION" pullPolicy: "IfNotPresent" - # cilium-digest - digest: "CILIUM_IMAGE_DIGEST" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -581,7 +579,10 @@ # - flannel # - generic-veth # - portmap - chainingMode: ~ + + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap + # @schema # type: [null, string] # @schema @@ -1011,10 +1012,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/certgen" + repository: "rancher/mirrored-cilium-certgen" tag: "CILIUM_CERTGEN_VERSION" - digest: "CILIUM_CERTGEN_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 @@ -1035,7 +1035,7 @@ affinity: {} hubble: # -- Enable Hubble (true by default). - enabled: true + enabled: false # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble) annotations: {} # -- Buffer size of the channel Hubble uses to receive monitor events. If this @@ -1312,11 +1312,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" tag: "CILIUM_HUBBLE_RELAY_VERSION" - # hubble-relay-digest - digest: "CILIUM_HUBBLE_RELAY_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods resources: {} @@ -1561,10 +1559,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-ui-backend" + repository: "rancher/mirrored-cilium-hubble-ui-backend" tag: "CILIUM_HUBBLE_UI_BACKEND_VERSION" - digest: "CILIUM_HUBBLE_UI_BACKEND_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. securityContext: {} @@ -1595,10 +1592,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/hubble-ui" + repository: "rancher/mirrored-cilium-hubble-ui" tag: "CILIUM_HUBBLE_UI_VERSION" - digest: "CILIUM_HUBBLE_UI_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. securityContext: {} @@ -1772,7 +1768,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ - mode: "cluster-pool" + mode: "kubernetes" # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" operator: @@ -2066,7 +2062,7 @@ port: 6060 # -- Configure prometheus metrics on the configured port at /metrics prometheus: - enabled: false + enabled: true port: 9962 serviceMonitor: # -- Enable service monitors. @@ -2161,11 +2157,10 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium-envoy" + repository: "rancher/mirrored-cilium-cilium-envoy" tag: "CILIUM_ENVOY_VERSION" pullPolicy: "IfNotPresent" - digest: "CILIUM_ENVOY_DIGEST" - useDigest: true + useDigest: false # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] # -- Additional envoy container arguments. @@ -2477,17 +2472,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" tag: "CILIUM_OPERATOR_VERSION" - # operator-generic-digest - genericDigest: "CILIUM_OPERATOR_DIGEST" - # operator-azure-digest - azureDigest: "CILIUM_AZURE_OPERATOR_DIGEST" - # operator-aws-digest - awsDigest: "CILIUM_AWS_OPERATOR_DIGEST" - # operator-alibabacloud-digest - alibabacloudDigest: "CILIUM_ALIBA_OPERATOR_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" # -- Number of replicas to run for the cilium-operator deployment @@ -2656,8 +2643,7 @@ # @schema # -- Taint nodes where Cilium is scheduled but not running. This prevents pods # from being scheduled to nodes where Cilium is not the default CNI provider. - # @default -- same as removeNodeTaints - setNodeTaints: ~ + setNodeTaints: false # -- Set Node condition NetworkUnavailable to 'false' with the reason # 'CiliumIsUp' for nodes that have a healthy Cilium pod. setNodeNetworkStatus: true @@ -2761,11 +2747,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" tag: "CILIUM_IMAGE_VERSION" - # cilium-digest - digest: "CILIUM_IMAGE_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. priorityClassName: "" @@ -2910,11 +2894,9 @@ # type: [null, string] # @schema override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" tag: "CILIUM_CLUSTERMESH_VERSION" - # clustermesh-apiserver-digest - digest: "CILIUM_CLUSTERMESH_DIGEST" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. healthPort: 9880 @@ -3555,3 +3537,11 @@ agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s + +portmapPlugin: + image: + repository: "rancher/hardened-cni-plugins" + tag: "v1.5.1-build20240805" + +global: + systemDefaultRegistry: ""