Update flannel with the new images

Signed-off-by: Manuel Buil <[email protected]>

charts/rke2-flannel/rke2-flannel/v0.24.200/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+appVersion: v0.24.2
+description: Install Flannel Network Plugin.
+keywords:
+- Flannel
+name: rke2-flannel
+sources:
+- https://github.com/rancher/rke2-charts
+version: v0.24.200

charts/rke2-flannel/rke2-flannel/v0.24.200/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/rke2-flannel/rke2-flannel/v0.24.200/templates/config.yaml

@@ -0,0 +1,91 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-cfg
+  namespace: {{ .Release.Namespace }}
+  labels:
+    tier: node
+    app: flannel
+data:
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "flannel",
+          "delegate": {
+            "hairpinMode": true,
+            "isDefaultGateway": true
+          }
+        },
+        {
+          "type": "portmap",
+          "capabilities": {
+            "portMappings": true
+          }
+        }
+      ]
+    }
+  net-conf.json: |
+    {
+{{- if .Values.global.clusterCIDRv4 }}
+      "Network": {{ .Values.global.clusterCIDRv4 | quote }},
+{{- else }}
+      "EnableIPv4": false,
+{{- end }}
+{{- if .Values.global.clusterCIDRv6 }}
+      "IPv6Network": {{ .Values.global.clusterCIDRv6 | quote }},
+      "EnableIPv6": true,
+{{- end }}
+      "Backend": {
+{{- if eq .Values.flannel.backend "vxlan" }}
+{{- if .Values.flannel.backendPort }}
+        "Port": {{ .Values.flannel.backendPort }},
+{{- end }}
+{{- if .Values.flannel.vni }}
+        "VNI": {{ .Values.flannel.vni }},
+{{- end }}
+{{- if .Values.flannel.GBP }}
+        "GBP": {{ .Values.flannel.GBP }},
+{{- end }}
+{{- if .Values.flannel.directRouting }}
+        "DirectRouting": {{ .Values.flannel.directRouting }},
+{{- end }}
+{{- if .Values.flannel.mtu }}
+        "MTU": {{ .Values.flannel.mtu }},
+{{- end }}
+{{- if .Values.flannel.macPrefix }}
+        "MacPrefix": {{ .Values.flannel.macPrefix }},
+{{- end }}
+        "Type": {{ .Values.flannel.backend | quote }}
+{{- else if eq .Values.flannel.backend "wireguard" }}
+{{- if .Values.flannel.backendPort }}
+        "ListenPort": {{ .Values.flannel.backendPort }},
+{{- end }}
+{{- if .Values.flannel.backendPortv6 }}
+        "ListenPortV6": {{ .Values.flannel.backendPortv6 }},
+{{- end }}
+{{- if .Values.flannel.psk }}
+        "PSK": {{ .Values.flannel.psk | quote }},
+{{- end }}
+{{- if .Values.flannel.mtu }}
+        "MTU": {{ .Values.flannel.mtu }},
+{{- end }}
+{{- if .Values.flannel.tunnelMode }}
+        "Mode": {{ .Values.flannel.tunnelMode }},
+{{- end }}
+{{- if .Values.flannel.keepaliveInterval }}
+        "PersistentKeepaliveInterval": {{ .Values.flannel.keepaliveInterval }},
+{{- end }}
+        "Type": {{ .Values.flannel.backend | quote }}
+{{- else if eq .Values.flannel.backend "udp" }}
+{{- if .Values.flannel.backendPort }}
+        "Port": {{ .Values.flannel.backendPort }},
+{{- end }}
+        "Type": {{ .Values.flannel.backend | quote }}
+{{- else }}
+        "Type": {{ .Values.flannel.backend | quote }}
+{{- end }}
+      }
+    }

charts/rke2-flannel/rke2-flannel/v0.24.200/templates/daemonset.yaml

@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds
+  namespace: {{ .Release.Namespace }}
+  labels:
+    tier: node
+    app: flannel
+spec:
+  selector:
+    matchLabels:
+      app: flannel
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      serviceAccountName: flannel
+      initContainers:
+      - name: install-cni-plugins
+        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image_cni.repository }}:{{ .Values.flannel.image_cni.tag }}
+        volumeMounts:
+        - name: cni-plugin
+          mountPath: /host/opt/cni/bin
+      - name: install-cni
+        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
+        command:
+        - cp
+        args:
+        - -f
+        - /etc/kube-flannel/cni-conf.json
+        - /etc/cni/net.d/10-flannel.conflist
+        volumeMounts:
+        - name: cni
+          mountPath: /etc/cni/net.d
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+      containers:
+      - name: kube-flannel
+        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
+        command:
+        - "/opt/bin/flanneld"
+        {{- range .Values.flannel.args }}
+        - {{ . | quote }}
+        {{- end }}
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: false
+          capabilities:
+            add: ["NET_ADMIN", "NET_RAW"]
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: EVENT_QUEUE_DEPTH
+          value: "5000"
+        volumeMounts:
+        - name: run
+          mountPath: /run/flannel
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
+      volumes:
+      - name: run
+        hostPath:
+          path: /run/flannel
+      - name: cni-plugin
+        hostPath:
+          path: /opt/cni/bin
+          type: DirectoryOrCreate
+      - name: cni
+        hostPath:
+          path: /etc/cni/net.d
+      - name: flannel-cfg
+        configMap:
+          name: kube-flannel-cfg
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+      {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 6 }}
+      {{- end }}

charts/rke2-flannel/rke2-flannel/v0.24.200/templates/rbac.yaml

@@ -0,0 +1,45 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: flannel
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes/status
+  verbs:
+  - patch
+- apiGroups:
+  - "networking.k8s.io"
+  resources:
+  - clustercidrs
+  verbs:
+  - list
+  - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+- kind: ServiceAccount
+  name: flannel
+  namespace: {{ .Release.Namespace }}

charts/rke2-flannel/rke2-flannel/v0.24.200/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel
+  namespace: {{ .Release.Namespace }}

charts/rke2-flannel/rke2-flannel/v0.24.200/values.yaml

@@ -0,0 +1,51 @@
+---
+
+flannel:
+  # kube-flannel image
+  image:
+    repository: rancher/hardened-flannel
+    tag: v0.24.2-build20240122
+  image_cni:
+    repository: rancher/hardened-cni-plugins
+    tag: v1.4.0-build20240122
+  # flannel command arguments
+  args:
+  - "--ip-masq"
+  - "--kube-subnet-mgr"
+  # Backend for kube-flannel. Backend should not be changed
+  # at runtime. (vxlan, host-gw, wireguard, udp)
+  # Documentation at https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md
+  backend: "vxlan"
+  # Port used by the backend 0 means default value (VXLAN: 8472, Wireguard: 51821, UDP: 8285)
+  backendPort: 0
+  # MTU to use for outgoing packets (VXLAN and Wiregurad) if not defined the MTU of the external interface is used.
+  mtu: 1500 
+  #
+  # VXLAN Configs:
+  #
+  # VXLAN Identifier to be used. On Linux default is 1.
+  vni: 1
+  # Enable VXLAN Group Based Policy (Default false)
+  GBP: false
+  # Enable direct routes (default is false)
+  directRouting: false
+  # MAC prefix to be used on Windows. (Defaults is 0E-2A)
+  macPrefix: "0E-2A"
+  #
+  # Wireguard Configs:
+  #
+  # UDP listen port used with IPv6
+  backendPortv6: 51821
+  # Pre shared key to use
+  psk: 0
+  # IP version to use on Wireguard
+  tunnelMode: "separate"
+  # Persistent keep interval to use
+  keepaliveInterval: 0
+  #
+
+global:
+  systemDefaultRegistry: ""
+  clusterCIDRv4: ""
+  clusterCIDRv6: ""
+

index.yaml

@@ -7033,6 +7033,19 @@ entries:
     - assets/rke2-coredns/rke2-coredns-1.10.101-build2021022301.tgz
     version: 1.10.101-build2021022301
   rke2-flannel:
+  - apiVersion: v1
+    appVersion: v0.24.2
+    created: "2024-01-23T08:38:20.840832085Z"
+    description: Install Flannel Network Plugin.
+    digest: ad97a77b0583dd50513074af66c51214c23ff2b89d0261bd86fecaef35d0c2d4
+    keywords:
+    - Flannel
+    name: rke2-flannel
+    sources:
+    - https://github.com/rancher/rke2-charts
+    urls:
+    - assets/rke2-flannel/rke2-flannel-v0.24.200.tgz
+    version: v0.24.200
   - apiVersion: v1
     appVersion: v0.24.1
     created: "2024-01-17T10:28:16.666574831Z"