From bd6faf3b911e898dd02a02a277c0c284f7c1314c Mon Sep 17 00:00:00 2001 From: Michael Fritch Date: Wed, 7 Feb 2024 19:13:23 -0700 Subject: [PATCH] Update to Cilium v1.15.0 Issue: https://github.com/rancher/rke2/issues/5354 Signed-off-by: Michael Fritch --- .../generated-changes/patch/Chart.yaml.patch | 10 +- .../cilium-agent/daemonset.yaml.patch | 24 ++-- .../templates/cilium-configmap.yaml.patch | 18 ++- .../cilium-envoy/daemonset.yaml.patch | 4 +- .../cilium-nodeinit/daemonset.yaml.patch | 2 +- .../cilium-operator/deployment.yaml.patch | 2 +- .../cilium-preflight/daemonset.yaml.patch | 6 +- .../cilium-preflight/deployment.yaml.patch | 2 +- .../deployment.yaml.patch | 36 +++--- ...cilium-etcd-operator-deployment.yaml.patch | 2 +- .../hubble-relay/deployment.yaml.patch | 2 +- .../templates/hubble-ui/deployment.yaml.patch | 4 +- .../generated-changes/patch/values.yaml.patch | 109 ++++++------------ packages/rke2-cilium/package.yaml | 2 +- 14 files changed, 93 insertions(+), 130 deletions(-) diff --git a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch index c2eb1ec51..7ca012a83 100644 --- a/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/Chart.yaml.patch @@ -1,16 +1,16 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml -@@ -124,8 +124,7 @@ +@@ -81,8 +81,7 @@ apiVersion: v2 - appVersion: 1.14.5 + appVersion: 1.15.0 description: eBPF-based Networking, Security, and Observability -home: https://cilium.io/ --icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.14/Documentation/images/logo-solo.svg +-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg +home: https://docs.rke2.io/ keywords: - BPF - eBPF -@@ -135,7 +134,7 @@ +@@ -92,7 +91,7 @@ - Observability - Troubleshooting kubeVersion: '>= 1.16.0-0' @@ -19,4 +19,4 @@ sources: -- https://github.com/cilium/cilium +- https://github.com/rancher/rke2-charts - version: 1.14.5 + version: 1.15.0 diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch index 072710719..b296c720d 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-agent/daemonset.yaml.patch @@ -12,7 +12,7 @@ {{- if and .Values.agent (not .Values.preflight.enabled) }} {{- /* Default values with backwards compatibility */ -}} -@@ -83,7 +91,7 @@ +@@ -87,7 +95,7 @@ {{- end }} containers: - name: cilium-agent @@ -21,7 +21,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.sleepAfterInit }} command: -@@ -372,7 +380,7 @@ +@@ -386,7 +394,7 @@ {{- end }} {{- if .Values.monitor.enabled }} - name: cilium-monitor @@ -30,7 +30,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /bin/bash -@@ -403,8 +411,18 @@ +@@ -417,8 +425,18 @@ {{- toYaml .Values.extraContainers | nindent 6 }} {{- end }} initContainers: @@ -49,8 +49,8 @@ + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - - cilium -@@ -448,7 +466,7 @@ + - cilium-dbg +@@ -465,7 +483,7 @@ # Required to mount cgroup2 filesystem on the underlying Kubernetes node. # We use nsenter command with host's cgroup and mount namespaces enabled. - name: mount-cgroup @@ -59,7 +59,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: CGROUP_ROOT -@@ -494,7 +512,7 @@ +@@ -511,7 +529,7 @@ - ALL {{- end}} - name: apply-sysctl-overwrites @@ -68,7 +68,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -543,7 +561,7 @@ +@@ -560,7 +578,7 @@ # from a privileged container because the mount propagation bidirectional # only works from privileged containers. - name: mount-bpf-fs @@ -77,7 +77,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -568,7 +586,7 @@ +@@ -585,7 +603,7 @@ {{- end }} {{- if and .Values.nodeinit.enabled .Values.nodeinit.bootstrapFile }} - name: wait-for-node-init @@ -86,7 +86,7 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -586,9 +604,11 @@ +@@ -603,9 +621,11 @@ volumeMounts: - name: cilium-bootstrap-file-dir mountPath: "/tmp/cilium-bootstrap.d" @@ -99,16 +99,16 @@ imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /init-container.sh -@@ -654,7 +674,7 @@ +@@ -677,7 +697,7 @@ {{- end }} - {{- if and .Values.waitForKubeProxy (ne $kubeProxyReplacement "strict") }} + {{- if and .Values.waitForKubeProxy (and (ne $kubeProxyReplacement "strict") (ne $kubeProxyReplacement "true")) }} - name: wait-for-kube-proxy - image: {{ include "cilium.image" .Values.image | quote }} + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.image }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.initResources }} resources: -@@ -692,7 +712,7 @@ +@@ -715,7 +735,7 @@ {{- if .Values.cni.install }} # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent - name: install-cni-binaries diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch index a6c773475..d52b1275c 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-configmap.yaml.patch @@ -11,8 +11,8 @@ + {{- if and (.Values.agent) (not .Values.preflight.enabled) }} {{- /* Default values with backwards compatibility */ -}} - {{- $defaultEnableCnpStatusUpdates := "true" -}} -@@ -269,7 +277,11 @@ + {{- $defaultBpfMapDynamicSizeRatio := 0.0 -}} +@@ -289,7 +297,11 @@ # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6 # address. @@ -25,18 +25,16 @@ {{- if .Values.cleanState }} # If a serious issue occurs during Cilium startup, this -@@ -439,7 +451,9 @@ +@@ -463,6 +475,8 @@ + tunnel-protocol: "vxlan" {{- else if .Values.routingMode }} routing-mode: {{ .Values.routingMode | quote }} - {{- else }} -- {{- if eq .Values.tunnel "disabled" }} -+{{- if not .Values.ipv4.enabled }} ++{{- else if not .Values.ipv4.enabled }} + routing-mode: "native" -+{{- else if eq .Values.tunnel "disabled" }} - routing-mode: "native" - {{- else if eq .Values.tunnel "vxlan" }} + {{- else }} + # Default case routing-mode: "tunnel" -@@ -630,6 +644,8 @@ +@@ -657,6 +671,8 @@ {{- if .Values.ipv6NativeRoutingCIDR }} ipv6-native-routing-cidr: {{ .Values.ipv6NativeRoutingCIDR }} diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch index beacd51dd..e968304ee 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-envoy/daemonset.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-envoy/daemonset.yaml +++ charts/templates/cilium-envoy/daemonset.yaml -@@ -58,7 +58,7 @@ +@@ -62,7 +62,7 @@ {{- end }} containers: - name: cilium-envoy @@ -8,4 +8,4 @@ + image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.envoy.image }}" imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} command: - - /usr/bin/cilium-envoy + - /usr/bin/cilium-envoy-starter diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch index 474a8d983..d48a2daae 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-nodeinit/daemonset.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-nodeinit/daemonset.yaml +++ charts/templates/cilium-nodeinit/daemonset.yaml -@@ -43,7 +43,7 @@ +@@ -47,7 +47,7 @@ {{- end }} containers: - name: node-init diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch index c3feb89c6..3a341df18 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-operator/deployment.yaml.patch @@ -12,7 +12,7 @@ --- apiVersion: apps/v1 kind: Deployment -@@ -67,7 +74,7 @@ +@@ -71,7 +78,7 @@ {{- end }} containers: - name: cilium-operator diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/daemonset.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/daemonset.yaml.patch index 2b6e4521c..4058f4b3d 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/daemonset.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/daemonset.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-preflight/daemonset.yaml +++ charts/templates/cilium-preflight/daemonset.yaml -@@ -38,7 +38,7 @@ +@@ -42,7 +42,7 @@ {{- end }} initContainers: - name: clean-cilium-state @@ -9,7 +9,7 @@ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }} command: ["/bin/echo"] args: -@@ -46,7 +46,7 @@ +@@ -50,7 +50,7 @@ terminationMessagePolicy: FallbackToLogsOnError containers: - name: cilium-pre-flight-check @@ -18,7 +18,7 @@ imagePullPolicy: {{ .Values.preflight.image.pullPolicy }} command: ["/bin/sh"] args: -@@ -97,7 +97,7 @@ +@@ -106,7 +106,7 @@ terminationMessagePolicy: FallbackToLogsOnError {{- if ne .Values.preflight.tofqdnsPreCache "" }} - name: cilium-pre-flight-fqdn-precache diff --git a/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/deployment.yaml.patch index 47ed76875..8a00828a0 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/cilium-preflight/deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/cilium-preflight/deployment.yaml +++ charts/templates/cilium-preflight/deployment.yaml -@@ -33,7 +33,7 @@ +@@ -37,7 +37,7 @@ {{- end }} containers: - name: cnp-validator diff --git a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch index 0721a91e8..71a8b0b76 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/clustermesh-apiserver/deployment.yaml.patch @@ -1,24 +1,24 @@ --- charts-original/templates/clustermesh-apiserver/deployment.yaml +++ charts/templates/clustermesh-apiserver/deployment.yaml -@@ -44,7 +44,7 @@ +@@ -48,7 +48,7 @@ {{- end }} initContainers: - name: etcd-init -- image: {{ include "cilium.image" .Values.clustermesh.apiserver.etcd.image | quote }} -+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.etcd.image }}" - imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }} - command: ["/bin/sh", "-c"] - args: -@@ -92,7 +92,7 @@ - {{- end }} +- image: {{ include "cilium.image" .Values.clustermesh.apiserver.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.image }}" + imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} + command: + - /usr/bin/clustermesh-apiserver +@@ -93,7 +93,7 @@ containers: - name: etcd -- image: {{ include "cilium.image" .Values.clustermesh.apiserver.etcd.image | quote }} -+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.etcd.image }}" - imagePullPolicy: {{ .Values.clustermesh.apiserver.etcd.image.pullPolicy }} + # The clustermesh-apiserver container image includes an etcd binary. +- image: {{ include "cilium.image" .Values.clustermesh.apiserver.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.image }}" + imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - - /usr/local/bin/etcd -@@ -148,7 +148,7 @@ + - /usr/bin/etcd +@@ -153,7 +153,7 @@ {{- toYaml . | nindent 10 }} {{- end }} - name: apiserver @@ -27,12 +27,12 @@ imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - /usr/bin/clustermesh-apiserver -@@ -226,7 +226,7 @@ +@@ -240,7 +240,7 @@ {{- end }} {{- if .Values.clustermesh.apiserver.kvstoremesh.enabled }} - name: kvstoremesh -- image: {{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image | quote }} -+ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.kvstoremesh.image }}" - imagePullPolicy: {{ .Values.clustermesh.apiserver.kvstoremesh.image.pullPolicy }} +- image: {{ include "cilium.image" .Values.clustermesh.apiserver.image | quote }} ++ image: "{{ template "system_default_registry" . }}{{ include "cilium.image" .Values.clustermesh.apiserver.image }}" + imagePullPolicy: {{ .Values.clustermesh.apiserver.image.pullPolicy }} command: - - /usr/bin/kvstoremesh + - /usr/bin/clustermesh-apiserver diff --git a/packages/rke2-cilium/generated-changes/patch/templates/etcd-operator/cilium-etcd-operator-deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/etcd-operator/cilium-etcd-operator-deployment.yaml.patch index 9ab94faee..4376f8946 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/etcd-operator/cilium-etcd-operator-deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/etcd-operator/cilium-etcd-operator-deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/etcd-operator/cilium-etcd-operator-deployment.yaml +++ charts/templates/etcd-operator/cilium-etcd-operator-deployment.yaml -@@ -90,7 +90,7 @@ +@@ -94,7 +94,7 @@ value: "revision" - name: CILIUM_ETCD_META_ETCD_AUTO_COMPACTION_RETENTION value: "25000" diff --git a/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch index 916c99b82..f9f84f0eb 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/hubble-relay/deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/hubble-relay/deployment.yaml +++ charts/templates/hubble-relay/deployment.yaml -@@ -49,7 +49,7 @@ +@@ -53,7 +53,7 @@ securityContext: {{- toYaml . | nindent 12 }} {{- end }} diff --git a/packages/rke2-cilium/generated-changes/patch/templates/hubble-ui/deployment.yaml.patch b/packages/rke2-cilium/generated-changes/patch/templates/hubble-ui/deployment.yaml.patch index 410e2b029..99acbd598 100644 --- a/packages/rke2-cilium/generated-changes/patch/templates/hubble-ui/deployment.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/templates/hubble-ui/deployment.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/hubble-ui/deployment.yaml +++ charts/templates/hubble-ui/deployment.yaml -@@ -51,7 +51,7 @@ +@@ -55,7 +55,7 @@ {{- end }} containers: - name: frontend @@ -9,7 +9,7 @@ imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }} ports: - name: http -@@ -79,7 +79,7 @@ +@@ -91,7 +91,7 @@ {{- toYaml . | trim | nindent 10 }} {{- end }} - name: backend diff --git a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch index 259163a50..c55183850 100644 --- a/packages/rke2-cilium/generated-changes/patch/values.yaml.patch +++ b/packages/rke2-cilium/generated-changes/patch/values.yaml.patch @@ -1,21 +1,21 @@ --- charts-original/values.yaml +++ charts/values.yaml -@@ -142,12 +142,10 @@ +@@ -145,12 +145,10 @@ # -- Agent container image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.14.5" + tag: "v1.15.0" pullPolicy: "IfNotPresent" - # cilium-digest -- digest: "sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b" +- digest: "sha256:9cfd6a0a3a964780e73a11159f93cc363e616f7d9783608f62af6cfdf3759619" - useDigest: true + useDigest: false # -- Affinity for cilium-agent. affinity: -@@ -537,7 +535,9 @@ +@@ -549,7 +547,9 @@ # - flannel # - generic-veth # - portmap @@ -26,7 +26,7 @@ # -- A CNI network name in to which the Cilium plugin should be added as a chained plugin. # This will cause the agent to watch for a CNI network with this network name. When it is -@@ -936,10 +936,9 @@ +@@ -964,10 +964,9 @@ certgen: image: override: ~ @@ -39,56 +39,56 @@ pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted ttlSecondsAfterFinished: 1800 -@@ -961,7 +960,7 @@ +@@ -992,7 +991,7 @@ hubble: # -- Enable Hubble (true by default). - enabled: true + enabled: false - # -- Buffer size of the channel Hubble uses to receive monitor events. If this - # value is not set, the queue size is set to the default monitor queue size. -@@ -1112,11 +1111,9 @@ + # -- Annotations to be added to all top-level hubble objects (resources under templates/hubble) + annotations: {} +@@ -1223,11 +1222,9 @@ # -- Hubble-relay container image. image: override: ~ - repository: "quay.io/cilium/hubble-relay" + repository: "rancher/mirrored-cilium-hubble-relay" - tag: "v1.14.5" + tag: "v1.15.0" - # hubble-relay-digest -- digest: "sha256:dbef89f924a927043d02b40c18e417c1ea0e8f58b44523b80fef7e3652db24d4" +- digest: "sha256:45b3ea70b73aee01644f800b8f6138c36446bfb130d2b88b0f75775ebe6a9ab6" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods -@@ -1340,10 +1337,9 @@ +@@ -1460,10 +1457,9 @@ # -- Hubble-ui backend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui-backend" + repository: "rancher/mirrored-cilium-hubble-ui-backend" - tag: "v0.12.1" -- digest: "sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe" + tag: "v0.12.3" +- digest: "sha256:1cd84251cec46e20f9e839ee0afba9b51c8de59d35681234f701d7f42062f138" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui backend security context. -@@ -1371,10 +1367,9 @@ +@@ -1499,10 +1495,9 @@ # -- Hubble-ui frontend image. image: override: ~ - repository: "quay.io/cilium/hubble-ui" + repository: "rancher/mirrored-cilium-hubble-ui" - tag: "v0.12.1" -- digest: "sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267" + tag: "v0.12.3" +- digest: "sha256:e6b825302fc1e406b1305363fe0bcd1fdf95730b32c2b99a2b36dfa37bdaeec2" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- Hubble-ui frontend security context. -@@ -1500,7 +1495,7 @@ +@@ -1680,7 +1675,7 @@ ipam: # -- Configure IP Address Management mode. # ref: https://docs.cilium.io/en/stable/network/concepts/ipam/ @@ -97,7 +97,7 @@ # -- Maximum rate at which the CiliumNode custom resource is updated. ciliumNodeUpdateRate: "15s" operator: -@@ -1778,7 +1773,7 @@ +@@ -1974,7 +1969,7 @@ # -- Configure prometheus metrics on the configured port at /metrics prometheus: @@ -106,21 +106,21 @@ port: 9962 serviceMonitor: # -- Enable service monitors. -@@ -1856,11 +1851,10 @@ +@@ -2063,11 +2058,10 @@ # -- Envoy container image. image: override: ~ - repository: "quay.io/cilium/cilium-envoy" + repository: "rancher/mirrored-cilium-cilium-envoy" - tag: "v1.26.6-ad82c7c56e88989992fd25d8d67747de865c823b" + tag: "v1.27.2-13f6142b9c02268b10d547c8b093ef16724538e3" pullPolicy: "IfNotPresent" -- digest: "sha256:992998398dadfff7117bfa9fdb7c9474fefab7f0237263f7c8114e106c67baca" +- digest: "sha256:bf37c46d3d6bd5f51ff11d09de81671ced070e27912e080083c58a6d3fbb740f" - useDigest: true + useDigest: false # -- Additional containers added to the cilium Envoy DaemonSet. extraContainers: [] -@@ -2148,10 +2142,9 @@ +@@ -2363,10 +2357,9 @@ # -- cilium-etcd-operator image. image: override: ~ @@ -133,36 +133,27 @@ pullPolicy: "IfNotPresent" # -- The priority class to use for cilium-etcd-operator -@@ -2253,17 +2246,9 @@ +@@ -2471,17 +2464,9 @@ # -- cilium-operator image. image: override: ~ - repository: "quay.io/cilium/operator" + repository: "rancher/mirrored-cilium-operator" - tag: "v1.14.5" + tag: "v1.15.0" - # operator-generic-digest -- genericDigest: "sha256:303f9076bdc73b3fc32aaedee64a14f6f44c8bb08ee9e3956d443021103ebe7a" +- genericDigest: "sha256:e26ecd316e742e4c8aa1e302ba8b577c2d37d114583d6c4cdd2b638493546a79" - # operator-azure-digest -- azureDigest: "sha256:9203f5583aa34e716d7a6588ebd144e43ce3b77873f578fc12b2679e33591353" +- azureDigest: "sha256:498a9e940cddd4e58d401a13005b0784ed9597bfe1e5cf2f52b6ba9ccceee768" - # operator-aws-digest -- awsDigest: "sha256:785ccf1267d0ed3ba9e4bd8166577cb4f9e4ce996af26b27c9d5c554a0d5b09a" +- awsDigest: "sha256:cf45167a8bb336c763046553c6a97c0d7f12f7e2a498dfb2340fa27832a81b3a" - # operator-alibabacloud-digest -- alibabacloudDigest: "sha256:e0152c498ba73c56a82eee2a706c8f400e9a6999c665af31a935bdf08e659bc3" +- alibabacloudDigest: "sha256:ee03349caef5519f8e9123132cf17c85b771f8fff095c57f00a2af8bb3224b79" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" suffix: "" -@@ -2394,7 +2379,7 @@ - # -- Enable prometheus metrics for cilium-operator on the configured port at - # /metrics - prometheus: -- enabled: false -+ enabled: true - port: 9963 - serviceMonitor: - # -- Enable service monitors. -@@ -2430,8 +2415,7 @@ +@@ -2653,8 +2638,7 @@ # -- Taint nodes where Cilium is scheduled but not running. This prevents pods # from being scheduled to nodes where Cilium is not the default CNI provider. @@ -172,61 +163,35 @@ # -- Set Node condition NetworkUnavailable to 'false' with the reason # 'CiliumIsUp' for nodes that have a healthy Cilium pod. -@@ -2540,11 +2524,9 @@ +@@ -2766,11 +2750,9 @@ # -- Cilium pre-flight image. image: override: ~ - repository: "quay.io/cilium/cilium" + repository: "rancher/mirrored-cilium-cilium" - tag: "v1.14.5" + tag: "v1.15.0" - # cilium-digest -- digest: "sha256:d3b287029755b6a47dee01420e2ea469469f1b174a2089c10af7e5e9289ef05b" +- digest: "sha256:9cfd6a0a3a964780e73a11159f93cc363e616f7d9783608f62af6cfdf3759619" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. -@@ -2690,21 +2672,18 @@ +@@ -2928,11 +2910,9 @@ # -- Clustermesh API server image. image: override: ~ - repository: "quay.io/cilium/clustermesh-apiserver" + repository: "rancher/mirrored-cilium-clustermesh-apiserver" - tag: "v1.14.5" + tag: "v1.15.0" - # clustermesh-apiserver-digest -- digest: "sha256:7eaa35cf5452c43b1f7d0cde0d707823ae7e49965bcb54c053e31ea4e04c3d96" +- digest: "sha256:43feb49dfbaa82388dc653ce12c7626ce40ae375e9853d71b9f5cff0ce61d54a" - useDigest: true + useDigest: false pullPolicy: "IfNotPresent" etcd: - # -- Clustermesh API server etcd image. - image: - override: ~ -- repository: "quay.io/coreos/etcd" -+ repository: "rancher/mirrored-coreos-etcd" - tag: "v3.5.4" -- digest: "sha256:795d8660c48c439a7c3764c2330ed9222ab5db5bb524d8d0607cac76f7ba82a3" -- useDigest: true -+ useDigest: false - pullPolicy: "IfNotPresent" - - # -- Specifies the resources for etcd container in the apiserver -@@ -2737,11 +2716,9 @@ - # -- KVStoreMesh image. - image: - override: ~ -- repository: "quay.io/cilium/kvstoremesh" -+ repository: "rancher/mirrored-cilium-kvstoremesh" - tag: "v1.14.5" -- # kvstoremesh-digest -- digest: "sha256:d7137edd0efa2b1407b20088af3980a9993bb616d85bf9b55ea2891d1b99023a" -- useDigest: true -+ useDigest: false - pullPolicy: "IfNotPresent" - - # -- Additional KVStoreMesh arguments. -@@ -3222,3 +3199,11 @@ +@@ -3501,3 +3481,11 @@ agentSocketPath: /run/spire/sockets/agent/agent.sock # -- SPIRE connection timeout connectionTimeout: 30s diff --git a/packages/rke2-cilium/package.yaml b/packages/rke2-cilium/package.yaml index c36db02a4..9f02b8211 100644 --- a/packages/rke2-cilium/package.yaml +++ b/packages/rke2-cilium/package.yaml @@ -1,2 +1,2 @@ -url: https://helm.cilium.io/cilium-1.14.5.tgz +url: https://helm.cilium.io/cilium-1.15.0.tgz packageVersion: 00