rke2-charts/packages/rke2-cilium/generated-changes/patch/values.yaml.patch

--- charts-original/values.yaml
+++ charts/values.yaml
@@ -145,12 +145,10 @@
 # -- Agent container image.
 image:
   override: ~
-  repository: "quay.io/cilium/cilium"
+  repository: "rancher/mirrored-cilium-cilium"
   tag: "v1.15.7"
   pullPolicy: "IfNotPresent"
-  # cilium-digest
-  digest: "sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0"
-  useDigest: true
+  useDigest: false
 
 # -- Affinity for cilium-agent.
 affinity:
@@ -561,7 +559,9 @@
   #  - flannel
   #  - generic-veth
   #  - portmap
-  chainingMode: ~
+
+  # Otherwise rke2 hostPort does not work! Used for nginx
+  chainingMode: portmap
 
   # -- A CNI network name in to which the Cilium plugin should be added as a chained plugin.
   # This will cause the agent to watch for a CNI network with this network name. When it is
@@ -976,10 +976,9 @@
 certgen:
   image:
     override: ~
-    repository: "quay.io/cilium/certgen"
+    repository: "rancher/mirrored-cilium-certgen"
     tag: "v0.1.13"
-    digest: "sha256:01802e6a153a9473b06ebade7ee5730f8f2c6cc8db8768508161da3cdd778641"
-    useDigest: true
+    useDigest: false
     pullPolicy: "IfNotPresent"
   # -- Seconds after which the completed job pod will be deleted
   ttlSecondsAfterFinished: 1800
@@ -1004,7 +1003,7 @@
 
 hubble:
   # -- Enable Hubble (true by default).
-  enabled: true
+  enabled: false
 
   # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble)
   annotations: {}
@@ -1235,11 +1234,9 @@
     # -- Hubble-relay container image.
     image:
       override: ~
-      repository: "quay.io/cilium/hubble-relay"
+      repository: "rancher/mirrored-cilium-hubble-relay"
       tag: "v1.15.7"
-       # hubble-relay-digest
-      digest: "sha256:12870e87ec6c105ca86885c4ee7c184ece6b706cc0f22f63d2a62a9a818fd68f"
-      useDigest: true
+      useDigest: false
       pullPolicy: "IfNotPresent"
 
     # -- Specifies the resources for the hubble-relay pods
@@ -1472,10 +1469,9 @@
       # -- Hubble-ui backend image.
       image:
         override: ~
-        repository: "quay.io/cilium/hubble-ui-backend"
+        repository: "rancher/mirrored-cilium-hubble-ui-backend"
         tag: "v0.13.1"
-        digest: "sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b"
-        useDigest: true
+        useDigest: false
         pullPolicy: "IfNotPresent"
 
       # -- Hubble-ui backend security context.
@@ -1511,10 +1507,9 @@
       # -- Hubble-ui frontend image.
       image:
         override: ~
-        repository: "quay.io/cilium/hubble-ui"
+        repository: "rancher/mirrored-cilium-hubble-ui"
         tag: "v0.13.1"
-        digest: "sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6"
-        useDigest: true
+        useDigest: false
         pullPolicy: "IfNotPresent"
 
       # -- Hubble-ui frontend security context.
@@ -1692,7 +1687,7 @@
 ipam:
   # -- Configure IP Address Management mode.
   # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/
-  mode: "cluster-pool"
+  mode: "kubernetes"
   # -- Maximum rate at which the CiliumNode custom resource is updated.
   ciliumNodeUpdateRate: "15s"
   operator:
@@ -1986,7 +1981,7 @@
 
 # -- Configure prometheus metrics on the configured port at /metrics
 prometheus:
-  enabled: false
+  enabled: true
   port: 9962
   serviceMonitor:
     # -- Enable service monitors.
@@ -2079,11 +2074,10 @@
   # -- Envoy container image.
   image:
     override: ~
-    repository: "quay.io/cilium/cilium-envoy"
+    repository: "rancher/mirrored-cilium-cilium-envoy"
     tag: "v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51"
     pullPolicy: "IfNotPresent"
-    digest: "sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b"
-    useDigest: true
+    useDigest: false
 
   # -- Additional containers added to the cilium Envoy DaemonSet.
   extraContainers: []
@@ -2394,10 +2388,9 @@
   # -- cilium-etcd-operator image.
   image:
     override: ~
-    repository: "quay.io/cilium/cilium-etcd-operator"
+    repository: "rancher/mirrored-cilium-cilium-etcd-operator"
     tag: "v2.0.7"
-    digest: "sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc"
-    useDigest: true
+    useDigest: false
     pullPolicy: "IfNotPresent"
 
   # -- The priority class to use for cilium-etcd-operator
@@ -2502,17 +2495,9 @@
   # -- cilium-operator image.
   image:
     override: ~
-    repository: "quay.io/cilium/operator"
+    repository: "rancher/mirrored-cilium-operator"
     tag: "v1.15.7"
-    # operator-generic-digest
-    genericDigest: "sha256:6840a6dde703b3e73dd31e03390327a9184fcb888efbad9d9d098d65b9035b54"
-    # operator-azure-digest
-    azureDigest: "sha256:8e189549bc3c31a44a1171cc970b8e502ae8bf55cd07035735c4b3a24a16f80b"
-    # operator-aws-digest
-    awsDigest: "sha256:bb4085da666a5c7a7c6f8135f0de10f0b6895dbf561e9fccda0e272b51bb936e"
-    # operator-alibabacloud-digest
-    alibabacloudDigest: "sha256:2dcd7e3305cb47e4b5fbbb9bc2451d6aacb18788a87cab95cf86aec65ec19329"
-    useDigest: true
+    useDigest: false
     pullPolicy: "IfNotPresent"
     suffix: ""
 
@@ -2684,8 +2669,7 @@
 
   # -- Taint nodes where Cilium is scheduled but not running. This prevents pods
   # from being scheduled to nodes where Cilium is not the default CNI provider.
-  # @default -- same as removeNodeTaints
-  setNodeTaints: ~
+  setNodeTaints: false
 
   # -- Set Node condition NetworkUnavailable to 'false' with the reason
   # 'CiliumIsUp' for nodes that have a healthy Cilium pod.
@@ -2803,11 +2787,9 @@
   # -- Cilium pre-flight image.
   image:
     override: ~
-    repository: "quay.io/cilium/cilium"
+    repository: "rancher/mirrored-cilium-cilium"
     tag: "v1.15.7"
-    # cilium-digest
-    digest: "sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0"
-    useDigest: true
+    useDigest: false
     pullPolicy: "IfNotPresent"
 
   # -- The priority class to use for the preflight pod.
@@ -2965,11 +2947,9 @@
     # -- Clustermesh API server image.
     image:
       override: ~
-      repository: "quay.io/cilium/clustermesh-apiserver"
+      repository: "rancher/mirrored-cilium-clustermesh-apiserver"
       tag: "v1.15.7"
-      # clustermesh-apiserver-digest
-      digest: "sha256:f8fc26060e0f0c131200b762667f91788a4499362fc72209ce30b4032e926c68"
-      useDigest: true
+      useDigest: false
       pullPolicy: "IfNotPresent"
 
     etcd:
@@ -3553,3 +3533,11 @@
       agentSocketPath: /run/spire/sockets/agent/agent.sock
       # -- SPIRE connection timeout
       connectionTimeout: 30s
+
+portmapPlugin:
+  image:
+    repository: "rancher/hardened-cni-plugins"
+    tag: "v1.4.1-build20240325"
+
+global:
+  systemDefaultRegistry: ""