Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added all upstream changes to templates #44

Merged
merged 4 commits into from
Oct 18, 2022
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Changed

- Updated all templates with changes from upstream release v1.11.9

## [0.4.2] - 2022-10-14

### Fixed
Expand Down
71 changes: 0 additions & 71 deletions helm/cilium/files/envoy/envoy.yaml

This file was deleted.

4 changes: 2 additions & 2 deletions helm/cilium/files/nodeinit/prestop.bash
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ if ip link show cilium_host; then
fi

{{- if not (eq .Values.nodeinit.bootstrapFile "") }}
rm -f {{ .Values.nodeinit.bootstrapFile }}
rm -f {{ .Values.nodeinit.bootstrapFile | quote }}
{{- end }}

rm -f /tmp/node-init.cilium.io
Expand All @@ -46,7 +46,7 @@ echo "Restarting the kubelet"
systemctl restart kubelet
{{- end }}

{{- if (and .Values.gke.enabled (or .Values.masquerade .Values.gke.disableDefaultSnat))}}
{{- if (and .Values.gke.enabled (or .Values.enableIPv4Masquerade .Values.gke.disableDefaultSnat))}}
# If the IP-MASQ chain exists, add back default jump rule from the GKE instance configure script
if iptables -w -t nat -L IP-MASQ > /dev/null; then
iptables -w -t nat -A POSTROUTING -m comment --comment "ip-masq: ensure nat POSTROUTING directs all non-LOCAL destination traffic to our custom IP-MASQ chain" -m addrtype ! --dst-type LOCAL -j IP-MASQ
Expand Down
13 changes: 8 additions & 5 deletions helm/cilium/files/nodeinit/startup.bash
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,11 @@ fi
{{- end }}

{{- if .Values.nodeinit.reconfigureKubelet }}
# Check if we're running on a GKE containerd flavor.
# Check if we're running on a GKE containerd flavor as indicated by the presence
# of the '--container-runtime-endpoint' flag in '/etc/default/kubelet'.
GKE_KUBERNETES_BIN_DIR="/home/kubernetes/bin"
if [[ -f "${GKE_KUBERNETES_BIN_DIR}/gke" ]] && command -v containerd &>/dev/null; then
KUBELET_DEFAULTS_FILE="/etc/default/kubelet"
if [[ -f "${GKE_KUBERNETES_BIN_DIR}/gke" ]] && [[ $(grep -cF -- '--container-runtime-endpoint' "${KUBELET_DEFAULTS_FILE}") == "1" ]]; then
echo "GKE *_containerd flavor detected..."

# (GKE *_containerd) Upon node restarts, GKE's containerd images seem to reset
Expand Down Expand Up @@ -98,13 +100,13 @@ else
# (Generic) Alter the kubelet configuration to run in CNI mode
echo "Changing kubelet configuration to --network-plugin=cni --cni-bin-dir={{ .Values.cni.binPath }}"
mkdir -p {{ .Values.cni.binPath }}
sed -i "s:--network-plugin=kubenet:--network-plugin=cni\ --cni-bin-dir={{ .Values.cni.binPath }}:g" /etc/default/kubelet
sed -i "s:--network-plugin=kubenet:--network-plugin=cni\ --cni-bin-dir={{ .Values.cni.binPath }}:g" "${KUBELET_DEFAULTS_FILE}"
fi
echo "Restarting the kubelet..."
systemctl restart kubelet
{{- end }}

{{- if (and .Values.gke.enabled (or .Values.masquerade .Values.gke.disableDefaultSnat))}}
{{- if (and .Values.gke.enabled (or .Values.enableIPv4Masquerade .Values.gke.disableDefaultSnat))}}
# If Cilium is configured to manage masquerading of traffic leaving the node,
# we need to disable the IP-MASQ chain because even if ip-masq-agent
# is not installed, the node init script installs some default rules into
Expand All @@ -118,7 +120,8 @@ iptables -w -t nat -D POSTROUTING -m comment --comment "ip-masq: ensure nat POST
{{- end }}

{{- if not (eq .Values.nodeinit.bootstrapFile "") }}
date > {{ .Values.nodeinit.bootstrapFile }}
mkdir -p {{ .Values.nodeinit.bootstrapFile | dir | quote }}
date > {{ .Values.nodeinit.bootstrapFile | quote }}
{{- end }}

{{- if .Values.azure.enabled }}
Expand Down
4 changes: 2 additions & 2 deletions helm/cilium/templates/NOTES.txt
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@
You have successfully installed {{ title .Chart.Name }}.
{{- end }}

Your release version is {{ .Chart.AppVersion }}.
Your release version is {{ .Chart.Version }}.

For any further help, visit https://docs.cilium.io/en/v{{ (semver .Chart.AppVersion).Major }}.{{ (semver .Chart.AppVersion).Minor }}/gettinghelp
For any further help, visit https://docs.cilium.io/en/v{{ (semver .Chart.Version).Major }}.{{ (semver .Chart.Version).Minor }}/gettinghelp
4 changes: 4 additions & 0 deletions helm/cilium/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,12 @@ will return `quay.io/cilium/cilium:v1.10.1@abcdefgh`
*/}}
{{- define "cilium.image" -}}
{{- $digest := (.useDigest | default false) | ternary (printf "@%s" .digest) "" -}}
{{- if .override -}}
{{- printf "%s" .override -}}
{{- else -}}
{{- printf "%s:%s%s" .repository .tag $digest -}}
{{- end -}}
{{- end -}}

{{/*
Return user specify priorityClass or default criticalPriorityClass
Expand Down
31 changes: 4 additions & 27 deletions helm/cilium/templates/cilium-agent/clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,39 +28,22 @@ rules:
resources:
- namespaces
- services
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- pods/finalizers
verbs:
- get
- list
- watch
- update
- delete
- apiGroups:
- ""
resources:
- endpoints
- nodes
verbs:
- get
- list
- watch
- update
{{- if .Values.annotateK8sNode }}
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
# To annotate the k8s node with Cilium's metadata
- patch
{{- end }}
- apiGroups:
- apiextensions.k8s.io
resources:
Expand Down Expand Up @@ -89,21 +72,15 @@ rules:
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
- ciliumnetworkpolicies/finalizers
- ciliumclusterwidenetworkpolicies
- ciliumclusterwidenetworkpolicies/status
- ciliumclusterwidenetworkpolicies/finalizers
- ciliumendpoints
- ciliumendpoints/status
- ciliumendpoints/finalizers
- ciliumnodes
- ciliumnodes/status
- ciliumnodes/finalizers
- ciliumidentities
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies
- ciliumlocalredirectpolicies/status
- ciliumlocalredirectpolicies/finalizers
- ciliumegressnatpolicies
- ciliumendpointslices
verbs:
Expand Down
Loading