rke2-charts/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch

--- charts-original/templates/cilium-agent/daemonset.yaml
+++ charts/templates/cilium-agent/daemonset.yaml
@@ -1,3 +1,11 @@
+{{- if empty .Values.global.clusterCIDRv4 }}
+{{- $_ := set .Values.ipv4 "enabled" false -}}
+{{- end }}
+
+{{- if not (empty .Values.global.clusterCIDRv6) }}
+{{- $_ := set .Values.ipv6 "enabled" true -}}
+{{- end }}
+
 {{- if and .Values.agent (not .Values.preflight.enabled) }}
 
 {{- /*  Default values with backwards compatibility */ -}}
@@ -95,7 +103,7 @@
       {{- end }}
       containers:
       - name: cilium-agent
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- if .Values.sleepAfterInit }}
         command:
@@ -397,7 +405,7 @@
         {{- end }}
       {{- if .Values.monitor.enabled }}
       - name: cilium-monitor
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
         - /bin/bash
@@ -428,8 +436,18 @@
       {{- toYaml .Values.extraContainers | nindent 6 }}
       {{- end }}
       initContainers:
+      {{- if eq .Values.cni.chainingMode "portmap" }}
+      - name: install-portmap-cni-plugin
+        image: "{{ template "system_default_registry" . }}{{ .Values.portmapPlugin.image.repository }}:{{ .Values.portmapPlugin.image.tag }}"
+        volumeMounts:
+        - mountPath: /host/opt/cni/bin
+          name: cni-path
+        env:
+        - name: SKIP_CNI_BINARIES
+          value: "bandwidth,bridge,dhcp,firewall,flannel,host-device,host-local,ipvlan,loopback,macvlan,ptp,sbr,static,tuning,vlan,vrf"
+      {{- end }}
       - name: config
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
         - cilium-dbg
@@ -482,7 +500,7 @@
       # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
       # We use nsenter command with host's cgroup and mount namespaces enabled.
       - name: mount-cgroup
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         env:
         - name: CGROUP_ROOT
@@ -530,7 +548,7 @@
       {{- end }}
       {{- if .Values.sysctlfix.enabled }}
       - name: apply-sysctl-overwrites
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.initResources }}
         resources:
@@ -579,7 +597,7 @@
       # from a privileged container because the mount propagation bidirectional
       # only works from privileged containers.
       - name: mount-bpf-fs
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.initResources }}
         resources:
@@ -603,7 +621,7 @@
       {{- end }}
       {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }}
       - name: wait-for-node-init
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.initResources }}
         resources:
@@ -621,9 +639,11 @@
         volumeMounts:
         - name: cilium-bootstrap-file-dir
           mountPath: "/tmp/cilium-bootstrap.d"
+        securityContext:
+          privileged: true
       {{- end }}
       - name: clean-cilium-state
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
         - /init-container.sh
@@ -692,7 +712,7 @@
         {{- end }}
       {{- if and .Values.waitForKubeProxy (and (ne (toString $kubeProxyReplacement) "strict") (ne (toString $kubeProxyReplacement) "true"))  }}
       - name: wait-for-kube-proxy
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.initResources }}
         resources:
@@ -730,7 +750,7 @@
       {{- if .Values.cni.install }}
       # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
       - name: install-cni-binaries
-        image: {{ include "cilium.image" .Values.image | quote }}
+        image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
           - "/install-plugin.sh"