From 97bdb7eb6e8a37e2b1bb20e61b8815d40a2e11af Mon Sep 17 00:00:00 2001 From: Roberto Bonafiglia Date: Thu, 3 Aug 2023 18:23:36 +0200 Subject: [PATCH] Update cilium to v1.14.0 Signed-off-by: Roberto Bonafiglia --- .../generated-changes/patch/Chart.yaml.patch | 10 +- .../cilium-agent/daemonset.yaml.patch | 30 ++-- .../templates/cilium-configmap.yaml.patch | 22 +-- .../cilium-envoy/daemonset.yaml.patch | 11 ++ .../cilium-operator/deployment.yaml.patch | 2 +- .../deployment.yaml.patch | 15 +- .../hubble-relay/deployment.yaml.patch | 8 +- .../generated-changes/patch/values.yaml.patch | 132 +++++++++++------- packages/rke2-cilium/package.yaml | 2 +- 9 files changed, 152 insertions(+), 80 deletions(-) create mode 100644 packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch diff --git a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch index e40ee91d..8529c287 100644 --- a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch @@ -1,16 +1,16 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml -@@ -105,8 +105,7 @@ +@@ -124,8 +124,7 @@ apiVersion: v2 - appVersion: 1.13.4 + appVersion: 1.14.0 description: eBPF-based Networking, Security, and Observability -home: https://cilium.io/ --icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.13/Documentation/images/logo-solo.svg +-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.14/Documentation/images/logo-solo.svg +home: https://docs.rke2.io/ keywords: - BPF - eBPF -@@ -116,7 +115,7 @@ +@@ -135,7 +134,7 @@ - Observability - Troubleshooting kubeVersion: '>= 1.16.0-0' @@ -19,4 +19,4 @@ sources: -- https://github.com/cilium/cilium +- https://github.com/rancher/rke2-charts - version: 1.13.4 + version: 1.14.0 diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch index 3a95eff5..c82c5613 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch @@ -21,7 +21,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.sleepAfterInit }} command: -@@ -377,7 +385,7 @@ +@@ -372,7 +380,7 @@ {{- end }} {{- if .Values.monitor.enabled }} - name: cilium-monitor @@ -30,7 +30,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash -@@ -405,6 +413,16 @@ +@@ -400,8 +408,18 @@ {{- toYaml .Values.extraContainers | nindent 6 }} {{- end }} initContainers: @@ -45,9 +45,12 @@ + value: "bandwidth,bridge,dhcp,firewall,flannel,host-device,host-local,ipvlan,loopback,macvlan,ptp,sbr,static,tuning,vlan,vrf" + {{- end }} - name: config - image: {{ include "cilium.image" .Values.image | quote }} +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} -@@ -447,7 +465,7 @@ + command: + - cilium +@@ -445,7 +463,7 @@ # Required to mount cgroup2 filesystem on the underlying Kubernetes node. # We use nsenter command with host's cgroup and mount namespaces enabled. - name: mount-cgroup @@ -56,7 +59,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: CGROUP_ROOT -@@ -493,7 +511,7 @@ +@@ -491,7 +509,7 @@ - ALL {{- end}} - name: apply-sysctl-overwrites @@ -65,7 +68,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: BIN_PATH -@@ -538,7 +556,7 @@ +@@ -536,7 +554,7 @@ # from a privileged container because the mount propagation bidirectional # only works from privileged containers. - name: mount-bpf-fs @@ -74,7 +77,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} args: - 'mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf' -@@ -559,7 +577,7 @@ +@@ -557,7 +575,7 @@ {{- end }} {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }} - name: wait-for-node-init @@ -83,7 +86,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - sh -@@ -573,9 +591,11 @@ +@@ -571,9 +589,11 @@ volumeMounts: - name: cilium-bootstrap-file-dir mountPath: "/tmp/cilium-bootstrap.d" @@ -96,7 +99,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /init-container.sh -@@ -638,7 +658,7 @@ +@@ -636,7 +656,7 @@ {{- end }} {{- if and .Values.waitForKubeProxy (ne $kubeProxyReplacement "strict") }} - name: wait-for-kube-proxy @@ -105,3 +108,12 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: privileged: true +@@ -670,7 +690,7 @@ + {{- if .Values.cni.install }} + # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent + - name: install-cni-binaries +- image: {{ include "cilium.image" .Values.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/install-plugin.sh" diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch index c04e8d4d..7b2739b7 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch @@ -12,7 +12,7 @@ {{- if and (.Values.agent) (not .Values.preflight.enabled) }} {{- /* Default values with backwards compatibility */ -}} {{- $defaultEnableCnpStatusUpdates := "true" -}} -@@ -238,7 +246,11 @@ +@@ -265,7 +273,11 @@ # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6 # address. @@ -25,16 +25,18 @@ {{- if .Values.cleanState }} # If a serious issue occurs during Cilium startup, this -@@ -400,6 +412,8 @@ - enable-local-node-route: "false" - {{- else if .Values.aksbyocni.enabled }} - tunnel: "vxlan" -+{{- else if not .Values.ipv4.enabled }} -+ tunnel: "disabled" - {{- else }} - tunnel: {{ .Values.tunnel | quote }} +@@ -434,7 +446,9 @@ + tunnel-protocol: "vxlan" {{- end }} -@@ -566,6 +580,8 @@ + +-{{- if eq .Values.tunnel "disabled" }} ++{{- if not .Values.ipv4.enabled }} ++ routing-mode: "native" ++{{- else if eq .Values.tunnel "disabled" }} + routing-mode: "native" + {{- else if eq .Values.tunnel "vxlan" }} + routing-mode: "tunnel" +@@ -625,6 +639,8 @@ {{- if .Values.ipv6NativeRoutingCIDR }} ipv6-native-routing-cidr: {{ .Values.ipv6NativeRoutingCIDR }} diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch new file mode 100644 index 00000000..beacd51d --- /dev/null +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch @@ -0,0 +1,11 @@ +--- charts-original/templates/cilium-envoy/daemonset.yaml ++++ charts/templates/cilium-envoy/daemonset.yaml +@@ -58,7 +58,7 @@ + {{- end }} + containers: + - name: cilium-envoy +- image: {{ include "cilium.image" .Values.envoy.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.envoy.image }}" + imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} + command: + - /usr/bin/cilium-envoy diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch index 707a319b..c3feb89c 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch @@ -12,7 +12,7 @@ --- apiVersion: apps/v1 kind: Deployment -@@ -55,7 +62,7 @@ +@@ -67,7 +74,7 @@ {{- end }} containers: - name: cilium-operator diff --git a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch index eb4d9542..dfd288ae 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/clustermesh-apiserver/deployment.yaml +++ charts/templates/clustermesh-apiserver/deployment.yaml -@@ -41,7 +41,7 @@ +@@ -44,7 +44,7 @@ {{- end }} initContainers: - name: etcd-init @@ -9,7 +9,7 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }} command: ["/bin/sh", "-c"] args: -@@ -82,7 +82,7 @@ +@@ -89,7 +89,7 @@ {{- end }} containers: - name: etcd @@ -18,7 +18,7 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }} command: - /usr/local/bin/etcd -@@ -122,7 +122,7 @@ +@@ -142,7 +142,7 @@ {{- toYaml . | nindent 10 }} {{- end }} - name: apiserver @@ -27,3 +27,12 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - /usr/bin/clustermesh-apiserver +@@ -220,7 +220,7 @@ + {{- end }} + {{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }} + - name: kvstoremesh +- image: {{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image }}" + imagePullPolicy: {{ .Values.clustermesh.apiserver.kvstoremesh.image.pullPolicy }} + command: + - /usr/bin/kvstoremesh diff --git a/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch index 0eea6625..916c99b8 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch @@ -1,9 +1,9 @@ --- charts-original/templates/hubble-relay/deployment.yaml +++ charts/templates/hubble-relay/deployment.yaml -@@ -46,7 +46,7 @@ - {{- end }} - containers: - - name: hubble-relay +@@ -49,7 +49,7 @@ + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} - image: {{ include "cilium.image" .Values.hubble.relay.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.hubble.relay.image }}" imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }} diff --git a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch index 8c30f3ab..9ed4b72d 100644 --- a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch @@ -1,43 +1,45 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -113,12 +113,10 @@ +@@ -142,12 +142,10 @@ # -- Agent container image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.13.4" + tag: "v1.14.0" pullPolicy: "IfNotPresent" - # cilium-digest -- digest: "sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b" +- digest: "sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: -@@ -468,7 +466,9 @@ +@@ -534,7 +532,9 @@ # - flannel # - generic-veth # - portmap -- chainingMode: none +- chainingMode: ~ + + # Otherwise rke2 hostPort does not work! Used for nginx + chainingMode: portmap - # -- Make Cilium take ownership over the `/etc/cni/net.d` directory on the - # node, renaming all non-Cilium CNI configurations to `*.cilium_bak`. -@@ -819,8 +819,8 @@ + # -- A CNI network name in to which the Cilium plugin should be added as a chained plugin. + # This will cause the agent to watch for a CNI network with this network name. When it is +@@ -927,10 +927,9 @@ certgen: image: override: ~ - repository: "quay.io/cilium/certgen" -- tag: "v0.1.8@sha256:4a456552a5f192992a6edcec2febb1c54870d665173a33dc7d876129b199ddbd" + repository: "rancher/mirrored-cilium-certgen" -+ tag: "v0.1.8" + tag: "v0.1.8" +- digest: "sha256:4a456552a5f192992a6edcec2febb1c54870d665173a33dc7d876129b199ddbd" +- useDigest: true ++ useDigest: false pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 -@@ -838,7 +838,7 @@ +@@ -952,7 +951,7 @@ hubble: # -- Enable Hubble (true by default). @@ -46,52 +48,56 @@ # -- Buffer size of the channel Hubble uses to receive monitor events. If this # value is not set, the queue size is set to the default monitor queue size. -@@ -1000,11 +1000,9 @@ +@@ -1103,11 +1102,9 @@ # -- Hubble-relay container image. image: override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" - tag: "v1.13.4" + tag: "v1.14.0" - # hubble-relay-digest -- digest: "sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871" +- digest: "sha256:bfe6ef86a1c0f1c3e8b105735aa31db64bcea97dd4732db6d0448c55a3c8e70c" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods -@@ -1201,8 +1199,8 @@ +@@ -1325,10 +1322,9 @@ # -- Hubble-ui backend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui-backend" -- tag: "v0.11.0@sha256:14c04d11f78da5c363f88592abae8d2ecee3cbe009f443ef11df6ac5f692d839" + repository: "rancher/mirrored-cilium-hubble-ui-backend" -+ tag: "v0.11.0" + tag: "v0.12.0" +- digest: "sha256:8a79a1aad4fc9c2aa2b3e4379af0af872a89fcec9d99e117188190671c66fc2e" +- useDigest: true ++ useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. -@@ -1230,8 +1228,8 @@ +@@ -1356,10 +1352,9 @@ # -- Hubble-ui frontend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui" -- tag: "v0.11.0@sha256:bcb369c47cada2d4257d63d3749f7f87c91dde32e010b223597306de95d1ecc8" + repository: "rancher/mirrored-cilium-hubble-ui" -+ tag: "v0.11.0" + tag: "v0.12.0" +- digest: "sha256:1c876cfa1d5e35bc91e1025c9314f922041592a88b03313c22c1f97a5d2ba88f" +- useDigest: true ++ useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. -@@ -1360,7 +1358,7 @@ +@@ -1485,7 +1480,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ - mode: "cluster-pool" + mode: "kubernetes" + # -- Maximum rate at which the CiliumNode custom resource is updated. + ciliumNodeUpdateRate: "15s" operator: - # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList. - # IPv4 CIDR range to delegate to individual nodes for IPAM. -@@ -1623,7 +1621,7 @@ +@@ -1763,7 +1758,7 @@ # -- Configure prometheus metrics on the configured port at /metrics prometheus: @@ -100,38 +106,54 @@ port: 9962 serviceMonitor: # -- Enable service monitors. -@@ -1748,8 +1746,8 @@ +@@ -1841,11 +1836,10 @@ + # -- Envoy container image. + image: + override: ~ +- repository: "quay.io/cilium/cilium-envoy" ++ repository: "rancher/mirrored-cilium-cilium-envoy" + tag: "v1.25.9-f039e2bd380b7eef2f2feea5750676bb36133699" + pullPolicy: "IfNotPresent" +- digest: "sha256:023d09eeb8a44ae99b489f4af7ffed8b8b54f19a532e0bc6ab4c1e4b31acaab1" +- useDigest: true ++ useDigest: false + + # -- Additional containers added to the cilium Envoy DaemonSet. + extraContainers: [] +@@ -2123,10 +2117,9 @@ # -- cilium-etcd-operator image. image: override: ~ - repository: "quay.io/cilium/cilium-etcd-operator" -- tag: "v2.0.7@sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc" + repository: "rancher/mirrored-cilium-cilium-etcd-operator" -+ tag: "v2.0.7" + tag: "v2.0.7" +- digest: "sha256:04b8327f7f992693c2cb483b999041ed8f92efc8e14f2a5f3ab95574a65ea2dc" +- useDigest: true ++ useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for cilium-etcd-operator -@@ -1851,17 +1849,9 @@ +@@ -2228,17 +2221,9 @@ # -- cilium-operator image. image: override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" - tag: "v1.13.4" + tag: "v1.14.0" - # operator-generic-digest -- genericDigest: "sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301" +- genericDigest: "sha256:3014d4bcb8352f0ddef90fa3b5eb1bbf179b91024813a90a0066eb4517ba93c9" - # operator-azure-digest -- azureDigest: "sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e" +- azureDigest: "sha256:f510bf051684534b81d86bafcbbe7b7a9a6f7b1e7bb598b904d75d0e6b90071a" - # operator-aws-digest -- awsDigest: "sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84" +- awsDigest: "sha256:396953225ca4b356a22e526a9e1e04e65d33f84a0447bc6374c14da12f5756cd" - # operator-alibabacloud-digest -- alibabacloudDigest: "sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69" +- alibabacloudDigest: "sha256:85f658cd4494b70218b542f63f25377ba15e32a49a54d596655dd3aaefe4f4e8" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" -@@ -1992,7 +1982,7 @@ +@@ -2369,7 +2354,7 @@ # -- Enable prometheus metrics for cilium-operator on the configured port at # /metrics prometheus: @@ -140,29 +162,29 @@ port: 9963 serviceMonitor: # -- Enable service monitors. -@@ -2108,11 +2098,9 @@ +@@ -2515,11 +2500,9 @@ # -- Cilium pre-flight image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.13.4" + tag: "v1.14.0" - # cilium-digest -- digest: "sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b" +- digest: "sha256:5a94b561f4651fcfd85970a50bc78b201cfbd6e2ab1a03848eab25a82832653a" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. -@@ -2255,19 +2243,17 @@ +@@ -2665,21 +2648,18 @@ # -- Clustermesh API server image. image: override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" - tag: "v1.13.4" + tag: "v1.14.0" - # clustermesh-apiserver-digest -- digest: "sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a" +- digest: "sha256:2eb0f9ddd91682e1a591b23fcbd29563e6f9b2e1555903a2f417791516ffdf38" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" @@ -172,21 +194,37 @@ image: override: ~ - repository: "quay.io/coreos/etcd" -- tag: "v3.5.4@sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3" + repository: "rancher/mirrored-coreos-etcd" -+ tag: "v3.5.4" + tag: "v3.5.4" +- digest: "sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3" +- useDigest: true ++ useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for etcd container in the apiserver -@@ -2532,3 +2518,11 @@ - sctp: - # -- Enable SCTP support. NOTE: Currently, SCTP support does not support rewriting ports or multihoming. - enabled: false +@@ -2712,11 +2692,9 @@ + # -- KVStoreMesh image. + image: + override: ~ +- repository: "quay.io/cilium/kvstoremesh" ++ repository: "rancher/mirrored-cilium-kvstoremesh" + tag: "v1.14.0" +- # kvstoremesh-digest +- digest: "sha256:efa5d069ec6227b14928da65c5df646d4013737fd5973b17c74d0ede654e47bb" +- useDigest: true ++ useDigest: false + pullPolicy: "IfNotPresent" + + # -- Additional KVStoreMesh arguments. +@@ -3173,3 +3151,11 @@ + agentSocketPath: /run/spire/sockets/agent/agent.sock + # -- SPIRE connection timeout + connectionTimeout: 30s + +portmapPlugin: + image: + repository: "rancher/hardened-cni-plugins" -+ tag: "v1.0.1-build20221011" ++ tag: "v1.2.0-build20230523" + +global: + systemDefaultRegistry: "" diff --git a/packages/rke2-cilium/package.yaml b/packages/rke2-cilium/package.yaml index e90f30da..97f303bc 100644 --- a/packages/rke2-cilium/package.yaml +++ b/packages/rke2-cilium/package.yaml @@ -1,2 +1,2 @@ -url: https://helm.cilium.io/cilium-1.13.4.tgz +url: https://helm.cilium.io/cilium-1.14.0.tgz packageVersion: 00