Merge pull request #447 from thomasferrandiz/fix-canal-upgrade

Fix canal upgrade by reverting the creation of separate chart rke2-canal-crd

packages/rke2-canal/charts/templates/daemonset.yaml

@@ -129,14 +129,10 @@ spec:
             - name: CLUSTER_TYPE
               value: {{ .Values.calico.clusterType | quote}}
             # Period, in seconds, at which felix re-applies all iptables state
-{{- if .Values.calico.felixIptablesRefreshInterval }}
             - name: FELIX_IPTABLESREFRESHINTERVAL
               value: {{ .Values.calico.felixIptablesRefreshInterval | quote}}
-{{- end }}
-{{- if .Values.calico.felixIptablesBackend }}
             - name: FELIX_IPTABLESBACKEND
               value: {{ .Values.calico.felixIptablesBackend | quote}}
-{{- end }}
             # The default IPv4 pool to create on startup if none exists. Pod IPs will be
             # chosen from this range. Changing this value after installation will have
             # no effect. This should fall within `--cluster-cidr`.
@@ -146,50 +142,32 @@ spec:
             - name: CALICO_DISABLE_FILE_LOGGING
               value: "true"
             # Set Felix endpoint to host default action to ACCEPT.
-{{- if .Values.calico.felixDefaultEndpointToHostAction }}
             - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
               value: {{ .Values.calico.felixDefaultEndpointToHostAction | quote }}
-{{- end }}
 {{- if coalesce .Values.global.clusterCIDRv6 .Values.podCidrv6 }}
             - name: FELIX_IPV6SUPPORT
               value: "true"
 {{- else }}
             # Disable IPv6 on Kubernetes.
-{{- if .Values.calico.felixIpv6Support }}
             - name: FELIX_IPV6SUPPORT
               value: {{ .Values.calico.felixIpv6Support | quote }}
-{{- end }}
 {{- end }}
             # Set Felix logging to "info"
-{{- if .Values.calico.felixLogSeverityScreen }}
             - name: FELIX_LOGSEVERITYSCREEN
               value: {{ .Values.calico.felixLogSeverityScreen | quote }}
-{{- end}}
-{{- if .Values.calico.felixHealthEnabled }}
             - name: FELIX_HEALTHENABLED
               value: {{ .Values.calico.felixHealthEnabled | quote }}
-{{- end}}
             # enable promentheus metrics
-{{- if .Values.calico.felixPrometheusMetricsEnabled }}
             - name: FELIX_PROMETHEUSMETRICSENABLED
               value: {{ .Values.calico.felixPrometheusMetricsEnabled | quote }}
-{{- end}}
-{{- if .Values.calico.felixXDPEnabled }}
             - name: FELIX_XDPENABLED
               value: {{ .Values.calico.felixXDPEnabled | quote }}
-{{- end}}
-{{- if .Values.calico.felixFailsafeInboundHostPorts }}
             - name: FELIX_FAILSAFEINBOUNDHOSTPORTS
               value: {{ .Values.calico.felixFailsafeInboundHostPorts | quote }}
-{{- end}}
-{{- if .Values.calico.felixFailsafeOutboundHostPorts }}
             - name: FELIX_FAILSAFEOUTBOUNDHOSTPORTS
               value: {{ .Values.calico.felixFailsafeOutboundHostPorts | quote }}
-{{- end}}
-{{- if .Values.calico.felixIptablesMarkMask }}
             - name: FELIX_IPTABLESMARKMASK
               value: {{ .Values.calico.felixIptablesMarkMask | quote }}
-{{- end}}
 {{- if coalesce .Values.global.clusterCIDRv4 .Values.podCidr }}
             # The method to use to autodetect the IPv4 address for this host.
             - name: IP_AUTODETECTION_METHOD

packages/rke2-canal/charts/values.yaml

@@ -85,6 +85,22 @@ calico:
   clusterType: "k8s,canal"
   # Disable file logging so `kubectl logs` works.
   disableFileLogging: true
+  # Disable IPv6 on Kubernetes.
+  felixIpv6Support: false
+  # Period, in seconds, at which felix re-applies all iptables state
+  felixIptablesRefreshInterval: 60
+  # iptables backend to use for felix, defaults to auto but can also be set to nft or legacy
+  felixIptablesBackend: auto
+  # Set Felix logging to "info".
+  felixLogSeverityScreen: info
+  # Enable felix healthcheck.
+  felixHealthEnabled: true
+  # Enable prometheus metrics
+  felixPrometheusMetricsEnabled: true
+  # Disable XDP Acceleration as we do not support it with our ubi7 base image
+  felixXDPEnabled: false
+  # Configure the mask that felix selects its iptables mark bits from
+  felixIptablesMarkMask: "0xffff0000"
   # Whether or not to masquerade traffic to destinations not within
   # the pod network.
   masquerade: true
@@ -96,6 +112,10 @@ calico:
   typhaServiceName: none
   # Kubelet flex-volume-plugin-dir
   flexVolumePluginDir: /var/lib/kubelet/volumeplugins
+  # calico inbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
+  felixFailsafeInboundHostPorts: ""
+  # calico outbound failsafe ports. Empty string means defaults. Use 'none' to disable failsafe if you have your own rules.
+  felixFailsafeOutboundHostPorts: ""
   # The method to use to autodetect the IPv4 address for this host.
   ipAutoDetectionMethod: "first-found"
   # The method to use to autodetect the IPv6 address for this host.
@@ -110,21 +130,6 @@ calico:
       # limits:
       #   cpu: 250m
       #   memory: 256Mi
-  felixConfiguration:
-    wireguardEnabled: false
-    # Config required to fix SURE-6954
-    featureDetectOverride: "ChecksumOffloadBroken=true"
-    healthPort: 9099
-    logSeveritySys: "Info"
-    ipv6Support: false
-    #disabled by default for backward compatibility with previous charts
-    xdpEnabled: false
-    # Enable felix healthcheck.
-    healthEnabled: true
-    # Enable prometheus metrics
-    prometheusMetricsEnabled: true
-
-
 global:
   systemDefaultRegistry: ""
   clusterCIDRv4: ""

packages/rke2-canal/package.yaml

@@ -1,8 +1,2 @@
 url: local
-packageVersion: 00
-additionalCharts:
-  - workingDir: charts-crd
-    crdOptions:
-      templateDirectory: crd-template
-      crdDirectory: templates
-      addCRDValidationToMainChart: true
+packageVersion: 01