diff --git a/channels-rke2.yaml b/channels-rke2.yaml index eee5f127a..f33bb38ff 100644 --- a/channels-rke2.yaml +++ b/channels-rke2.yaml @@ -2440,6 +2440,38 @@ releases: repo: rancher-rke2-charts version: v4.1.301 featureVersions: *featureVersions-v1 + - version: v1.29.12+rke2r1 + minChannelServerVersion: v2.9.0-alpha1 + maxChannelServerVersion: v2.9.99 + serverArgs: *serverArgs-v1-28-9-rke2r1 + agentArgs: *agentArgs-v1-28-8-rke2r1 + charts: &charts-v1-29-12-rke2r1 + <<: *charts-v1-29-11-rke2r1 + rke2-cilium: + repo: rancher-rke2-charts + version: 1.16.400 + rke2-canal: + repo: rancher-rke2-charts + version: v3.29.1-build2024121100 + rke2-calico: + repo: rancher-rke2-charts + version: v3.29.100 + rke2-calico-crd: + repo: rancher-rke2-charts + version: v3.29.100 + rke2-coredns: + repo: rancher-rke2-charts + version: 1.36.102 + rke2-ingress-nginx: + repo: rancher-rke2-charts + version: 4.10.503 + rke2-flannel: + repo: rancher-rke2-charts + version: v0.26.101 + harvester-csi-driver: + repo: rancher-rke2-charts + version: 0.1.2100 + featureVersions: *featureVersions-v1 - version: v1.30.1+rke2r1 minChannelServerVersion: v2.9.0-alpha1 maxChannelServerVersion: v2.9.99 @@ -2651,3 +2683,35 @@ releases: repo: rancher-rke2-charts version: v4.1.301 featureVersions: *featureVersions-v1 + - version: v1.30.8+rke2r1 + minChannelServerVersion: v2.9.0-alpha1 + maxChannelServerVersion: v2.9.99 + serverArgs: *serverArgs-v1-28-11-rke2r1 + agentArgs: *agentArgs-v1-28-11-rke2r1 + charts: &charts-v1-30-8-rke2r1 + <<: *charts-v1-30-7-rke2r1 + rke2-cilium: + repo: rancher-rke2-charts + version: 1.16.400 + rke2-canal: + repo: rancher-rke2-charts + version: v3.29.1-build2024121100 + rke2-calico: + repo: rancher-rke2-charts + version: v3.29.100 + rke2-calico-crd: + repo: rancher-rke2-charts + version: v3.29.100 + rke2-coredns: + repo: rancher-rke2-charts + version: 1.36.102 + rke2-ingress-nginx: + repo: rancher-rke2-charts + version: 4.10.503 + rke2-flannel: + repo: rancher-rke2-charts + version: v0.26.101 + harvester-csi-driver: + repo: rancher-rke2-charts + version: 0.1.2100 + featureVersions: *featureVersions-v1 diff --git a/channels.yaml b/channels.yaml index 5f6de7e7f..a215bbf24 100644 --- a/channels.yaml +++ b/channels.yaml @@ -703,6 +703,17 @@ releases: serverArgs: *serverArgs-v9 agentArgs: *agentArgs-v6 featureVersions: *featureVersions-v1 + - version: v1.29.12+k3s1 + minChannelServerVersion: v2.9.0-alpha1 + maxChannelServerVersion: v2.9.99 + serverArgs: *serverArgs-v9 + agentArgs: &agentArgs-v7 + <<: *agentArgs-v6 + node-internal-dns: + type: array + node-external-dns: + type: array + featureVersions: *featureVersions-v1 - version: v1.30.1+k3s1 minChannelServerVersion: v2.9.0-alpha1 maxChannelServerVersion: v2.9.99 @@ -745,3 +756,9 @@ releases: serverArgs: *serverArgs-v9 agentArgs: *agentArgs-v6 featureVersions: *featureVersions-v1 + - version: v1.30.8+k3s1 + minChannelServerVersion: v2.9.0-alpha1 + maxChannelServerVersion: v2.9.99 + serverArgs: *serverArgs-v9 + agentArgs: *agentArgs-v7 + featureVersions: *featureVersions-v1 diff --git a/data/data.json b/data/data.json index 0061c9bb5..a6435fcd9 100644 --- a/data/data.json +++ b/data/data.json @@ -13944,6 +13944,47 @@ "aciOvsContainer": "noiro/openvswitch:6.0.4.4.81c2369", "aciControllerContainer": "noiro/aci-containers-controller:6.0.4.4.81c2369" }, + "v1.29.12-rancher1-1": { + "etcd": "rancher/mirrored-coreos-etcd:v3.5.12", + "alpine": "rancher/rke-tools:v0.1.108", + "nginxProxy": "rancher/rke-tools:v0.1.108", + "certDownloader": "rancher/rke-tools:v0.1.108", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.108", + "kubedns": "rancher/mirrored-k8s-dns-kube-dns:1.22.28", + "dnsmasq": "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.22.28", + "kubednsSidecar": "rancher/mirrored-k8s-dns-sidecar:1.22.28", + "kubednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + "coredns": "rancher/mirrored-coredns-coredns:1.11.1", + "corednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + "nodelocal": "rancher/mirrored-k8s-dns-node-cache:1.22.28", + "kubernetes": "rancher/hyperkube:v1.29.12-rancher1", + "flannel": "rancher/mirrored-flannel-flannel:v0.25.1", + "flannelCni": "rancher/flannel-cni:v1.4.1-rancher1", + "calicoNode": "rancher/mirrored-calico-node:v3.27.4", + "calicoCni": "rancher/calico-cni:v3.27.4-rancher1", + "calicoControllers": "rancher/mirrored-calico-kube-controllers:v3.27.4", + "calicoCtl": "rancher/mirrored-calico-ctl:v3.27.4", + "calicoFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.27.4", + "canalNode": "rancher/mirrored-calico-node:v3.27.4", + "canalCni": "rancher/calico-cni:v3.27.4-rancher1", + "canalControllers": "rancher/mirrored-calico-kube-controllers:v3.27.4", + "canalFlannel": "rancher/mirrored-flannel-flannel:v0.25.1", + "canalFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.27.4", + "weaveNode": "weaveworks/weave-kube:2.8.1", + "weaveCni": "weaveworks/weave-npc:2.8.1", + "podInfraContainer": "rancher/mirrored-pause:3.7", + "ingress": "rancher/nginx-ingress-controller:nginx-1.11.3-rancher1", + "ingressBackend": "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher2", + "ingressWebhook": "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v20231226-1a7112e06", + "metricsServer": "rancher/mirrored-metrics-server:v0.7.0", + "windowsPodInfraContainer": "rancher/mirrored-pause:3.7", + "aciCniDeployContainer": "noiro/cnideploy:6.1.1.2.81c2369", + "aciHostContainer": "noiro/aci-containers-host:6.1.1.2.81c2369", + "aciOpflexContainer": "noiro/opflex:6.1.1.2.81c2369", + "aciMcastContainer": "noiro/opflex:6.1.1.2.81c2369", + "aciOvsContainer": "noiro/openvswitch:6.1.1.2.81c2369", + "aciControllerContainer": "noiro/aci-containers-controller:6.1.1.2.81c2369" + }, "v1.29.6-rancher1-1": { "etcd": "rancher/mirrored-coreos-etcd:v3.5.12", "alpine": "rancher/rke-tools:v0.1.100", @@ -14342,6 +14383,45 @@ "aciOvsContainer": "noiro/openvswitch:6.0.4.4.81c2369", "aciControllerContainer": "noiro/aci-containers-controller:6.0.4.4.81c2369" }, + "v1.30.8-rancher1-1": { + "etcd": "rancher/mirrored-coreos-etcd:v3.5.12", + "alpine": "rancher/rke-tools:v0.1.108", + "nginxProxy": "rancher/rke-tools:v0.1.108", + "certDownloader": "rancher/rke-tools:v0.1.108", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.108", + "kubedns": "rancher/mirrored-k8s-dns-kube-dns:1.23.0", + "dnsmasq": "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.23.0", + "kubednsSidecar": "rancher/mirrored-k8s-dns-sidecar:1.23.0", + "kubednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + "coredns": "rancher/mirrored-coredns-coredns:1.11.1", + "corednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + "nodelocal": "rancher/mirrored-k8s-dns-node-cache:1.23.0", + "kubernetes": "rancher/hyperkube:v1.30.8-rancher1", + "flannel": "rancher/mirrored-flannel-flannel:v0.25.1", + "flannelCni": "rancher/flannel-cni:v1.4.1-rancher1", + "calicoNode": "rancher/mirrored-calico-node:v3.28.1", + "calicoCni": "rancher/calico-cni:v3.28.1-rancher1", + "calicoControllers": "rancher/mirrored-calico-kube-controllers:v3.28.1", + "calicoCtl": "rancher/mirrored-calico-ctl:v3.28.1", + "calicoFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.28.1", + "canalNode": "rancher/mirrored-calico-node:v3.28.1", + "canalCni": "rancher/calico-cni:v3.28.1-rancher1", + "canalControllers": "rancher/mirrored-calico-kube-controllers:v3.28.1", + "canalFlannel": "rancher/mirrored-flannel-flannel:v0.25.1", + "canalFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.28.1", + "podInfraContainer": "rancher/mirrored-pause:3.7", + "ingress": "rancher/nginx-ingress-controller:nginx-1.11.3-rancher1", + "ingressBackend": "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher2", + "ingressWebhook": "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.1", + "metricsServer": "rancher/mirrored-metrics-server:v0.7.1", + "windowsPodInfraContainer": "rancher/mirrored-pause:3.7", + "aciCniDeployContainer": "noiro/cnideploy:6.1.1.2.81c2369", + "aciHostContainer": "noiro/aci-containers-host:6.1.1.2.81c2369", + "aciOpflexContainer": "noiro/opflex:6.1.1.2.81c2369", + "aciMcastContainer": "noiro/opflex:6.1.1.2.81c2369", + "aciOvsContainer": "noiro/openvswitch:6.1.1.2.81c2369", + "aciControllerContainer": "noiro/aci-containers-controller:6.1.1.2.81c2369" + }, "v1.8.11-rancher2-1": { "etcd": "rancher/coreos-etcd:v3.0.17", "alpine": "rancher/rke-tools:v0.1.8", @@ -14488,13 +14568,15 @@ "\u003e=1.28.13-rancher1-1 \u003c 1.28.14-rancher1-1": "aci-v6.0.4.3", "\u003e=1.28.14-rancher1-1 \u003c 1.29.0-rancher0": "aci-v6.1.1.1", "\u003e=1.29.0-rancher0 \u003c 1.29.8-rancher1-1": "aci-v6.0.4.2", - "\u003e=1.29.11-rancher1-1 \u003c 1.30.0-rancher0": "aci-v6.0.4.4", + "\u003e=1.29.11-rancher1-1 \u003c 1.29.12-rancher1-1": "aci-v6.0.4.4", + "\u003e=1.29.12-rancher1-1 \u003c 1.30.0-rancher0": "aci-v6.1.1.2", "\u003e=1.29.8-rancher1-1 \u003c 1.29.9-rancher1-1": "aci-v6.0.4.3", "\u003e=1.29.9-rancher1-1 \u003c 1.29.11-rancher1-1": "aci-v6.1.1.1", "\u003e=1.30.0-rancher0 \u003c 1.30.4-rancher1-1": "aci-v6.0.4.2", "\u003e=1.30.4-rancher1-1 \u003c 1.30.5-rancher1-1": "aci-v6.0.4.3", "\u003e=1.30.5-rancher1-1 \u003c 1.30.7-rancher1-1": "aci-v6.1.1.1", - "\u003e=1.30.7-rancher1-1": "aci-v6.0.4.4" + "\u003e=1.30.7-rancher1-1 \u003c 1.30.8-rancher1-1": "aci-v6.0.4.4", + "\u003e=1.30.8-rancher1-1": "aci-v6.1.1.2" }, "calico": { "\u003e=1.13.0-rancher0 \u003c1.15.0-rancher0": "calico-v1.13", @@ -14683,6 +14765,7 @@ "aci-v6.0.4.3": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if .UnknownMacUnicastAction }}\n \"unknown-mac-unicast-action\": \"{{.UnknownMacUnicastAction}}\",\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if .OpflexDeviceReconnectWaitTimeout }}\n \"opflex-device-reconnect-wait-timeout\": {{.OpflexDeviceReconnectWaitTimeout}},\n{{- end}}\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .CApic \"false\"}}\n \"lb-type\": \"None\",\n{{- end}}\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .NoWaitForServiceEpReadiness \"false\"}}\n \"no-wait-for-service-ep-readiness\": {{.NoWaitForServiceEpReadiness}},\n{{- end}}\n{{- if ne .ServiceGraphEndpointAddDelay \"0\"}}\n \"service-graph-endpoint-add-delay\" : {\n \"delay\": {{.ServiceGraphEndpointAddDelay}},\n \"services\": [{{- range $index, $item :=.ServiceGraphEndpointAddServices }}{{- if $index}},{{end}}{ {{- range $k, $v := $item }}\"{{ $k }}\": \"{{ $v }}\"{{if eq $k \"name\"}},{{end}}{{- end}}}{{end}}]\n },\n{{- end}}\n{{- if ne .AddExternalSubnetsToRdconfig \"false\"}}\n \"add-external-subnets-to-rdconfig\": {{.AddExternalSubnetsToRdconfig}},\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n{{- if .NodeSnatRedirectExclude }}\n \"node-snat-redirect-exclude\": [{{ range $index,$item := .NodeSnatRedirectExclude}}{{- if $index}}, {{end }}{\"group\": \"{{ index $item \"group\" }}\", \"labels\": {{ index $item \"labels\" }}}{{ end }}],\n{{- end }}\n{{- if .ApicConnectionRetryLimit}}\n \"apic-connection-retry-limit\": {{.ApicConnectionRetryLimit}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"sleep-time-snat-global-info-sync\": {{.SleepTimeSnatGlobalInfoSync}},\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package \n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n*/}}\n{{- if ne .CApic \"true\"}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n{{- end}}\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .AddExternalContractToDefaultEpg \"false\"}}\n \"add-external-contract-to-default-epg\": {{.AddExternalContractToDefaultEpg}},\n{{- end}} \n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}\"\n{{- end}}\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"service-ip-pool\": [{{- range $index, $item := .ServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"extern-static\": [{{- range $index, $item := .StaticExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"extern-dynamic\": [{{- range $index, $item := .DynamicExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [{{- range $index, $item := .StaticServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End }}\" }{{end}}],\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}}\n \"pod-ip-pool\": [{{- range $index, $item := .PodIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if ne .DhcpRenewMaxRetryCount \"0\" }}\n \"dhcp-renew-max-retry-count\": {{.DhcpRenewMaxRetryCount}},\n{{- end}}\n{{- if ne .DhcpDelay \"0\" }}\n \"dhcp-delay\": {{.DhcpDelay}},\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"node-subnet\": [{{- range $index, $item := .NodeSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [{{- range $index, $item := .PodNetwork }}{{- if $index}},{{end}}{ \"gateway\": \"{{ $item.Gateway }}\", \"subnet\": \"{{ $item.Subnet }}\", \"routes\": [{ \"dst\": \"0.0.0.0/0\", \"gw\": \"{{ $item.Gateway }}\" }]}{{end}}],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-default\"\n{{- end}}\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n{{- if and (ne .DropLogDisableEvents \"false\") (ne .DropLogDisableEvents \"False\")}}\n \"packet-event-notification-socket\": \"\",\n{{- end}}\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}} \n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"},\n{{- end}}\n{{- if eq .OpflexAgentStatistics \"false\"}}\n \"statistics\" : { \"mode\" : \"off\" },\n{{- end}}\n \"timers\" : {\n{{- if .OpflexAgentPolicyRetryDelayTimer}}\n \"policy-retry-delay\": {{.OpflexAgentPolicyRetryDelayTimer}},\n{{- end}}\n \"switch-sync-delay\": {{.OpflexSwitchSyncDelay}},\n \"switch-sync-dynamic\": {{.OpflexSwitchSyncDynamic}}\n },\n \"startup\": {\n \"enabled\": \"{{.OpflexStartupEnabled}}\",\n \"policy-file\": \"/usr/local/var/lib/opflex-agent-ovs/startup/pol.json\",\n \"policy-duration\": {{.OpflexStartupPolicyDuration}},\n \"resolve-aft-conn\": \"{{.OpflexStartupResolveAftConn}}\"\n },\n \"notif\" : { \"enabled\" : \"false\" },\n \"asyncjson\": { \"enabled\" : {{.OpflexAgentOpflexAsyncjsonEnabled}} }\n },\n \"ovs\": {\n \"asyncjson\": { \"enabled\" : {{.OpflexAgentOvsAsyncjsonEnabled}} }\n }\n }\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\n{{- if eq .CApic \"true\"}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: kafka-client-certificates\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n ca.crt: {{.KafkaClientCrt}}\n kafka-client.crt: {{.KafkaClientCrt}}\n kafka-client.key: {{.KafkaClientKey}}\n---\n{{- end}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n*/}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersHostPriorityClass}} \n priorityClassName: aci-containers-host\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersHostMemoryLimit ) ( .AciContainersHostMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersHostMemoryLimit }}\n memory: \"{{ .AciContainersHostMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersHostMemoryRequest }}\n memory: \"{{ .AciContainersHostMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: 'True'\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: 'True'\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n{{- if eq .AciMultipod \"true\" }}\n - name: dhclient\n mountPath: /var/lib/dhclient\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if ne .OpflexOpensslCompat \"false\"}}\n - name: OPENSSL_CONF\n value: \"/etc/pki/tls/openssl11.cnf\" \n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .OpflexAgentMemoryLimit ) ( .OpflexAgentMemoryRequest )}}\n resources:\n limits:\n{{- if .OpflexAgentMemoryLimit }}\n memory: \"{{ .OpflexAgentMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .OpflexAgentMemoryRequest }}\n memory: \"{{ .OpflexAgentMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}} \n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n{{- if ne .OpflexMode \"overlay\"}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .McastDaemonMemoryLimit ) ( .McastDaemonMemoryRequest )}}\n resources:\n limits:\n{{- if .McastDaemonMemoryLimit }}\n memory: \"{{ .McastDaemonMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .McastDaemonMemoryRequest }}\n memory: \"{{ .McastDaemonMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n{{- end}}\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .AciMultipod \"true\" }}\n{{- if eq .AciMultipodUbuntu \"true\" }}\n - name: dhclient\n hostPath:\n path: /var/lib/dhcp\n{{- else}}\n - name: dhclient\n hostPath:\n path: /var/lib/dhclient\n{{- end}}\n{{- end}}\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists \n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersOpenvswitchPriorityClass}} \n priorityClassName: aci-containers-openvswitch\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n requests:\n memory: \"{{.OVSMemoryRequest}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n key: node.kubernetes.io/unreachable\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoExecute\n key: node.kubernetes.io/not-ready\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/controlplane\n value: \"true\"\n operator: Equal\n - effect: NoExecute\n key: node-role.kubernetes.io/etcd\n value: \"true\"\n operator: Equal\n{{- end }}\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersControllerPriorityClass}} \n priorityClassName: aci-containers-controller\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersControllerMemoryLimit ) ( .AciContainersControllerMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersControllerMemoryLimit }}\n memory: \"{{ .AciContainersControllerMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersControllerMemoryRequest }}\n memory: \"{{ .AciContainersControllerMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n secret:\n secretName: kafka-client-certificates\n{{- end}}\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .CApic \"true\"}}\n---\napiVersion: aci.aw/v1\nkind: PodIF\nmetadata:\n name: inet-route\n namespace: kube-system\nstatus:\n epg: aci-containers-inet-out\n ipaddr: 0.0.0.0/0\n{{- end}}\n---\napiVersion: v1\nkind: LimitRange\nmetadata:\n name: memory-limit-range\n namespace: aci-containers-system\nspec:\n limits:\n - default:\n memory: {{ .AciContainersMemoryLimit }}\n defaultRequest:\n memory: {{ .AciContainersMemoryRequest }}\n type: Container\n", "aci-v6.0.4.4": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if .UnknownMacUnicastAction }}\n \"unknown-mac-unicast-action\": \"{{.UnknownMacUnicastAction}}\",\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if .OpflexDeviceReconnectWaitTimeout }}\n \"opflex-device-reconnect-wait-timeout\": {{.OpflexDeviceReconnectWaitTimeout}},\n{{- end}}\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .CApic \"false\"}}\n \"lb-type\": \"None\",\n{{- end}}\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .NoWaitForServiceEpReadiness \"false\"}}\n \"no-wait-for-service-ep-readiness\": {{.NoWaitForServiceEpReadiness}},\n{{- end}}\n{{- if ne .ServiceGraphEndpointAddDelay \"0\"}}\n \"service-graph-endpoint-add-delay\" : {\n \"delay\": {{.ServiceGraphEndpointAddDelay}},\n \"services\": [{{- range $index, $item :=.ServiceGraphEndpointAddServices }}{{- if $index}},{{end}}{ {{- range $k, $v := $item }}\"{{ $k }}\": \"{{ $v }}\"{{if eq $k \"name\"}},{{end}}{{- end}}}{{end}}]\n },\n{{- end}}\n{{- if ne .AddExternalSubnetsToRdconfig \"false\"}}\n \"add-external-subnets-to-rdconfig\": {{.AddExternalSubnetsToRdconfig}},\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n{{- if .NodeSnatRedirectExclude }}\n \"node-snat-redirect-exclude\": [{{ range $index,$item := .NodeSnatRedirectExclude}}{{- if $index}}, {{end }}{\"group\": \"{{ index $item \"group\" }}\", \"labels\": {{ index $item \"labels\" }}}{{ end }}],\n{{- end }}\n{{- if .ApicConnectionRetryLimit}}\n \"apic-connection-retry-limit\": {{.ApicConnectionRetryLimit}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"sleep-time-snat-global-info-sync\": {{.SleepTimeSnatGlobalInfoSync}},\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package \n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n*/}}\n{{- if ne .CApic \"true\"}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n{{- end}}\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .AddExternalContractToDefaultEpg \"false\"}}\n \"add-external-contract-to-default-epg\": {{.AddExternalContractToDefaultEpg}},\n{{- end}} \n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}\"\n{{- end}}\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"service-ip-pool\": [{{- range $index, $item := .ServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"extern-static\": [{{- range $index, $item := .StaticExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"extern-dynamic\": [{{- range $index, $item := .DynamicExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [{{- range $index, $item := .StaticServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End }}\" }{{end}}],\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}}\n \"pod-ip-pool\": [{{- range $index, $item := .PodIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if ne .DhcpRenewMaxRetryCount \"0\" }}\n \"dhcp-renew-max-retry-count\": {{.DhcpRenewMaxRetryCount}},\n{{- end}}\n{{- if ne .DhcpDelay \"0\" }}\n \"dhcp-delay\": {{.DhcpDelay}},\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"node-subnet\": [{{- range $index, $item := .NodeSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [{{- range $index, $item := .PodNetwork }}{{- if $index}},{{end}}{ \"gateway\": \"{{ $item.Gateway }}\", \"subnet\": \"{{ $item.Subnet }}\", \"routes\": [{ \"dst\": \"0.0.0.0/0\", \"gw\": \"{{ $item.Gateway }}\" }]}{{end}}],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-default\"\n{{- end}}\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n{{- if and (ne .DropLogDisableEvents \"false\") (ne .DropLogDisableEvents \"False\")}}\n \"packet-event-notification-socket\": \"\",\n{{- end}}\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}} \n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"},\n{{- end}}\n{{- if eq .OpflexAgentStatistics \"false\"}}\n \"statistics\" : { \"mode\" : \"off\" },\n{{- end}}\n \"timers\" : {\n{{- if .OpflexAgentPolicyRetryDelayTimer}}\n \"policy-retry-delay\": {{.OpflexAgentPolicyRetryDelayTimer}},\n{{- end}}\n \"switch-sync-delay\": {{.OpflexSwitchSyncDelay}},\n \"switch-sync-dynamic\": {{.OpflexSwitchSyncDynamic}}\n },\n \"startup\": {\n \"enabled\": \"{{.OpflexStartupEnabled}}\",\n \"policy-file\": \"/usr/local/var/lib/opflex-agent-ovs/startup/pol.json\",\n \"policy-duration\": {{.OpflexStartupPolicyDuration}},\n \"resolve-aft-conn\": \"{{.OpflexStartupResolveAftConn}}\"\n },\n \"notif\" : { \"enabled\" : \"false\" },\n \"asyncjson\": { \"enabled\" : {{.OpflexAgentOpflexAsyncjsonEnabled}} }\n },\n \"ovs\": {\n \"asyncjson\": { \"enabled\" : {{.OpflexAgentOvsAsyncjsonEnabled}} }\n }\n }\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\n{{- if eq .CApic \"true\"}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: kafka-client-certificates\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n ca.crt: {{.KafkaClientCrt}}\n kafka-client.crt: {{.KafkaClientCrt}}\n kafka-client.key: {{.KafkaClientKey}}\n---\n{{- end}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n*/}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersHostPriorityClass}} \n priorityClassName: aci-containers-host\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersHostMemoryLimit ) ( .AciContainersHostMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersHostMemoryLimit }}\n memory: \"{{ .AciContainersHostMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersHostMemoryRequest }}\n memory: \"{{ .AciContainersHostMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: 'True'\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: 'True'\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n{{- if eq .AciMultipod \"true\" }}\n - name: dhclient\n mountPath: /var/lib/dhclient\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if ne .OpflexOpensslCompat \"false\"}}\n - name: OPENSSL_CONF\n value: \"/etc/pki/tls/openssl11.cnf\" \n{{- end}}\n{{- if eq .DropLogOpflexRedirectDropLogs \"syslog\"}}\n - name: OPFLEXAGENT_DROPLOG_SYSLOG\n value: \"true\"\n{{- else if .DropLogOpflexRedirectDropLogs }}\n - name: OPFLEXAGENT_DROPLOG_FILE\n value: \"{{ .DropLogOpflexRedirectDropLogs }}\"\n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .OpflexAgentMemoryLimit ) ( .OpflexAgentMemoryRequest )}}\n resources:\n limits:\n{{- if .OpflexAgentMemoryLimit }}\n memory: \"{{ .OpflexAgentMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .OpflexAgentMemoryRequest }}\n memory: \"{{ .OpflexAgentMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}} \n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n{{- if ne .OpflexMode \"overlay\"}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .McastDaemonMemoryLimit ) ( .McastDaemonMemoryRequest )}}\n resources:\n limits:\n{{- if .McastDaemonMemoryLimit }}\n memory: \"{{ .McastDaemonMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .McastDaemonMemoryRequest }}\n memory: \"{{ .McastDaemonMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n{{- end}}\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .AciMultipod \"true\" }}\n{{- if eq .AciMultipodUbuntu \"true\" }}\n - name: dhclient\n hostPath:\n path: /var/lib/dhcp\n{{- else}}\n - name: dhclient\n hostPath:\n path: /var/lib/dhclient\n{{- end}}\n{{- end}}\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists \n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersOpenvswitchPriorityClass}} \n priorityClassName: aci-containers-openvswitch\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n requests:\n memory: \"{{.OVSMemoryRequest}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n key: node.kubernetes.io/unreachable\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoExecute\n key: node.kubernetes.io/not-ready\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/controlplane\n value: \"true\"\n operator: Equal\n - effect: NoExecute\n key: node-role.kubernetes.io/etcd\n value: \"true\"\n operator: Equal\n{{- end }}\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersControllerPriorityClass}} \n priorityClassName: aci-containers-controller\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersControllerMemoryLimit ) ( .AciContainersControllerMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersControllerMemoryLimit }}\n memory: \"{{ .AciContainersControllerMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersControllerMemoryRequest }}\n memory: \"{{ .AciContainersControllerMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n secret:\n secretName: kafka-client-certificates\n{{- end}}\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .CApic \"true\"}}\n---\napiVersion: aci.aw/v1\nkind: PodIF\nmetadata:\n name: inet-route\n namespace: kube-system\nstatus:\n epg: aci-containers-inet-out\n ipaddr: 0.0.0.0/0\n{{- end}}\n---\napiVersion: v1\nkind: LimitRange\nmetadata:\n name: memory-limit-range\n namespace: aci-containers-system\nspec:\n limits:\n - default:\n memory: {{ .AciContainersMemoryLimit }}\n defaultRequest:\n memory: {{ .AciContainersMemoryRequest }}\n type: Container\n", "aci-v6.1.1.1": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\n{{- if ne .EnableHppDirect \"false\" }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: hostprotpols.aci.hpp\nspec:\n group: aci.hpp\n names:\n kind: HostprotPol\n listKind: HostprotPolList\n plural: hostprotpols\n singular: hostprotpol\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n description: 'APIVersion defines the versioned schema of this\n representation of an object.Servers should convert recognized\n schemas to the latest internal value, and may reject\n unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n kind:\n type: string\n description: 'Kind is a string value representing the REST resource\n this object represents. Servers may infer this from the endpoint\n the client submits requests to. Cannot be updated. In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n metadata:\n type: object\n spec:\n type: object\n properties:\n name:\n type: string\n networkPolicies:\n type: array\n items:\n type: string\n hostprotSubj:\n type: array\n items:\n type: object\n properties:\n name:\n type: string\n hostprotRule:\n type: array\n items:\n type: object\n properties:\n name:\n type: string\n protocol:\n type: string\n description: Protocol\n rsRemoteIpContainer:\n type: array\n items:\n type: string\n toPort:\n type: string\n description: ToPort\n connTrack:\n type: string\n description: ConnTrack\n direction:\n type: string\n description: Direction\n ethertype:\n type: string\n description: Ethertype\n fromPort:\n type: string\n description: FromPort\n hostprotServiceRemoteIps:\n type: array\n items:\n type: string\n hostprotFilterContainer:\n type: object\n properties:\n hostprotFilter:\n type: array\n items:\n type: object\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n type: array\n items:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: hostprotremoteipcontainers.aci.hpp\nspec:\n group: aci.hpp\n names:\n kind: HostprotRemoteIpContainer\n listKind: HostprotRemoteIpContainerList\n plural: hostprotremoteipcontainers\n singular: hostprotremoteipcontainer\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n description: 'APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n kind:\n type: string\n description: 'Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n metadata:\n type: object\n spec:\n type: object\n properties:\n name:\n type: string\n hostprotRemoteIp:\n type: array\n items:\n type: object\n properties:\n addr:\n type: string\n hppEpLabel:\n type: array\n items:\n type: object\n properties:\n key:\n type: string\n value:\n type: string\n---\n{{- end}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if .UnknownMacUnicastAction }}\n \"unknown-mac-unicast-action\": \"{{.UnknownMacUnicastAction}}\",\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if .OpflexDeviceReconnectWaitTimeout }}\n \"opflex-device-reconnect-wait-timeout\": {{.OpflexDeviceReconnectWaitTimeout}},\n{{- end}}\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .EnableHppDirect \"false\"}}\n \"enable-hpp-direct\": {{.EnableHppDirect}},\n{{- end}}\n{{- if ne .NoWaitForServiceEpReadiness \"false\"}}\n \"no-wait-for-service-ep-readiness\": {{.NoWaitForServiceEpReadiness}},\n{{- end}}\n{{- if ne .ServiceGraphEndpointAddDelay \"0\"}}\n \"service-graph-endpoint-add-delay\" : {\n \"delay\": {{.ServiceGraphEndpointAddDelay}},\n \"services\": [{{- range $index, $item :=.ServiceGraphEndpointAddServices }}{{- if $index}},{{end}}{ {{- range $k, $v := $item }}\"{{ $k }}\": \"{{ $v }}\"{{if eq $k \"name\"}},{{end}}{{- end}}}{{end}}]\n },\n{{- end}}\n{{- if ne .AddExternalSubnetsToRdconfig \"false\"}}\n \"add-external-subnets-to-rdconfig\": {{.AddExternalSubnetsToRdconfig}},\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n{{- if .NodeSnatRedirectExclude }}\n \"node-snat-redirect-exclude\": [{{ range $index,$item := .NodeSnatRedirectExclude}}{{- if $index}}, {{end }}{\"group\": \"{{ index $item \"group\" }}\", \"labels\": {{ index $item \"labels\" }}}{{ end }}],\n{{- end }}\n{{- if .ApicConnectionRetryLimit}}\n \"apic-connection-retry-limit\": {{.ApicConnectionRetryLimit}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"sleep-time-snat-global-info-sync\": {{.SleepTimeSnatGlobalInfoSync}},\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package \n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n*/}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n \"aci-vrf\": \"{{.VRFName}}\",\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .AddExternalContractToDefaultEpg \"false\"}}\n \"add-external-contract-to-default-epg\": {{.AddExternalContractToDefaultEpg}},\n{{- end}} \n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n } },\n \"service-ip-pool\": [{{- range $index, $item := .ServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"extern-static\": [{{- range $index, $item := .StaticExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"extern-dynamic\": [{{- range $index, $item := .DynamicExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [{{- range $index, $item := .StaticServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End }}\" }{{end}}],\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}}\n \"pod-ip-pool\": [{{- range $index, $item := .PodIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if ne .DhcpRenewMaxRetryCount \"0\" }}\n \"dhcp-renew-max-retry-count\": {{.DhcpRenewMaxRetryCount}},\n{{- end}}\n{{- if ne .DhcpDelay \"0\" }}\n \"dhcp-delay\": {{.DhcpDelay}},\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vrf\": \"{{.VRFName}}\",\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .EnableHppDirect \"false\"}}\n \"enable-hpp-direct\": {{.EnableHppDirect}},\n{{- end}}\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"node-subnet\": [{{- range $index, $item := .NodeSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [{{- range $index, $item := .PodNetwork }}{{- if $index}},{{end}}{ \"gateway\": \"{{ $item.Gateway }}\", \"subnet\": \"{{ $item.Subnet }}\", \"routes\": [{ \"dst\": \"0.0.0.0/0\", \"gw\": \"{{ $item.Gateway }}\" }]}{{end}}],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n{{- if and (ne .DropLogDisableEvents \"false\") (ne .DropLogDisableEvents \"False\")}}\n \"packet-event-notification-socket\": \"\",\n{{- end}}\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}} \n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"},\n{{- end}}\n{{- if eq .OpflexAgentStatistics \"false\"}}\n \"statistics\" : { \"mode\" : \"off\" },\n{{- end}}\n \"timers\" : {\n{{- if .OpflexAgentPolicyRetryDelayTimer}}\n \"policy-retry-delay\": {{.OpflexAgentPolicyRetryDelayTimer}},\n{{- end}}\n{{- if .OpflexAgentResetWaitDelay}}\n \"reset-wait-delay\": {{.OpflexAgentResetWaitDelay}},\n{{- end}}\n \"switch-sync-delay\": {{.OpflexSwitchSyncDelay}},\n \"switch-sync-dynamic\": {{.OpflexSwitchSyncDynamic}}\n },\n \"startup\": {\n \"enabled\": {{.OpflexStartupEnabled}},\n \"policy-file\": \"/usr/local/var/lib/opflex-agent-ovs/startup/pol.json\",\n \"policy-duration\": {{.OpflexStartupPolicyDuration}},\n \"resolve-aft-conn\": {{.OpflexStartupResolveAftConn}}\n },\n \"notif\" : { \"enabled\" : \"false\" },\n \"asyncjson\": { \"enabled\" : \"{{.OpflexAgentOpflexAsyncjsonEnabled}}\" }\n{{- if ne .EnableHppDirect \"false\"}}\n ,\"enable-local-netpol\": {{.EnableHppDirect}}\n{{- end}}\n },\n \"ovs\": {\n \"asyncjson\": { \"enabled\" : \"{{.OpflexAgentOvsAsyncjsonEnabled}}\" }\n }\n }\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n*/}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n{{- if ne .EnableHppDirect \"false\"}}\n- apiGroups:\n - \"aci.hpp\"\n resources:\n - hostprotpols\n - hostprotremoteipcontainers\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n{{- end}}\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n{{- if ne .EnableHppDirect \"false\"}}\n- apiGroups:\n - \"aci.hpp\"\n resources:\n - hostprotpols\n - hostprotremoteipcontainers\n verbs:\n - list\n - watch\n - get\n{{- end}}\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersHostPriorityClass}} \n priorityClassName: aci-containers-host\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersHostMemoryLimit ) ( .AciContainersHostMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersHostMemoryLimit }}\n memory: \"{{ .AciContainersHostMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersHostMemoryRequest }}\n memory: \"{{ .AciContainersHostMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: 'True'\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: 'True'\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n{{- if eq .AciMultipod \"true\" }}\n - name: dhclient\n mountPath: /var/lib/dhclient\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if ne .OpflexOpensslCompat \"false\"}}\n - name: OPENSSL_CONF\n value: \"/etc/pki/tls/openssl11.cnf\" \n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .OpflexAgentMemoryLimit ) ( .OpflexAgentMemoryRequest )}}\n resources:\n limits:\n{{- if .OpflexAgentMemoryLimit }}\n memory: \"{{ .OpflexAgentMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .OpflexAgentMemoryRequest }}\n memory: \"{{ .OpflexAgentMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}} \n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n{{- if ne .OpflexMode \"overlay\"}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .McastDaemonMemoryLimit ) ( .McastDaemonMemoryRequest )}}\n resources:\n limits:\n{{- if .McastDaemonMemoryLimit }}\n memory: \"{{ .McastDaemonMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .McastDaemonMemoryRequest }}\n memory: \"{{ .McastDaemonMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n{{- end}}\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .AciMultipod \"true\" }}\n{{- if eq .AciMultipodUbuntu \"true\" }}\n - name: dhclient\n hostPath:\n path: /var/lib/dhcp\n{{- else}}\n - name: dhclient\n hostPath:\n path: /var/lib/dhclient\n{{- end}}\n{{- end}}\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists \n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersOpenvswitchPriorityClass}} \n priorityClassName: aci-containers-openvswitch\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n requests:\n memory: \"{{.OVSMemoryRequest}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n key: node.kubernetes.io/unreachable\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoExecute\n key: node.kubernetes.io/not-ready\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/controlplane\n value: \"true\"\n operator: Equal\n - effect: NoExecute\n key: node-role.kubernetes.io/etcd\n value: \"true\"\n operator: Equal\n{{- end }}\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersControllerPriorityClass}} \n priorityClassName: aci-containers-controller\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersControllerMemoryLimit ) ( .AciContainersControllerMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersControllerMemoryLimit }}\n memory: \"{{ .AciContainersControllerMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersControllerMemoryRequest }}\n memory: \"{{ .AciContainersControllerMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: v1\nkind: LimitRange\nmetadata:\n name: memory-limit-range\n namespace: aci-containers-system\nspec:\n limits:\n - default:\n memory: {{ .AciContainersMemoryLimit }}\n defaultRequest:\n memory: {{ .AciContainersMemoryRequest }}\n type: Container\n", + "aci-v6.1.1.2": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: hostprotpols.aci.hpp\nspec:\n group: aci.hpp\n names:\n kind: HostprotPol\n listKind: HostprotPolList\n plural: hostprotpols\n singular: hostprotpol\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n description: 'APIVersion defines the versioned schema of this\n representation of an object.Servers should convert recognized\n schemas to the latest internal value, and may reject\n unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n kind:\n type: string\n description: 'Kind is a string value representing the REST resource\n this object represents. Servers may infer this from the endpoint\n the client submits requests to. Cannot be updated. In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n metadata:\n type: object\n spec:\n type: object\n properties:\n name:\n type: string\n networkPolicies:\n type: array\n items:\n type: string\n hostprotSubj:\n type: array\n items:\n type: object\n properties:\n name:\n type: string\n hostprotRule:\n type: array\n items:\n type: object\n properties:\n name:\n type: string\n protocol:\n type: string\n description: Protocol\n rsRemoteIpContainer:\n type: array\n items:\n type: string\n toPort:\n type: string\n description: ToPort\n connTrack:\n type: string\n description: ConnTrack\n direction:\n type: string\n description: Direction\n ethertype:\n type: string\n description: Ethertype\n fromPort:\n type: string\n description: FromPort\n hostprotServiceRemoteIps:\n type: array\n items:\n type: string\n hostprotFilterContainer:\n type: object\n properties:\n hostprotFilter:\n type: array\n items:\n type: object\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n type: array\n items:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: hostprotremoteipcontainers.aci.hpp\nspec:\n group: aci.hpp\n names:\n kind: HostprotRemoteIpContainer\n listKind: HostprotRemoteIpContainerList\n plural: hostprotremoteipcontainers\n singular: hostprotremoteipcontainer\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n description: 'APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n kind:\n type: string\n description: 'Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n metadata:\n type: object\n spec:\n type: object\n properties:\n name:\n type: string\n hostprotRemoteIp:\n type: array\n items:\n type: object\n properties:\n addr:\n type: string\n hppEpLabel:\n type: array\n items:\n type: object\n properties:\n key:\n type: string\n value:\n type: string\n---\n{{- if ne .ProactiveConf \"false\" }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: proactiveconfs.aci.pc\nspec:\n group: aci.pc\n names:\n kind: ProactiveConf\n listKind: ProactiveConfList\n plural: proactiveconfs\n singular: proactiveconf\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n description: 'APIVersion defines the versioned schema of this representation of an object.\n Servers should convert recognized schemas to the latest internal value, and\n may reject unrecognized values.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n kind:\n type: string\n description: 'Kind is a string value representing the REST resource this object represents.\n Servers may infer this from the endpoint the client submits requests to.\n Cannot be updated.\n In CamelCase.\n More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n metadata:\n type: object\n spec:\n type: object\n properties:\n TunnelEpAdvertisementInterval:\n type: integer\n VmmEpgDeploymentImmediacy:\n enum:\n - Immediate\n - OnDemand\n type: string\n required:\n - spec\n x-kubernetes-validations:\n - rule: \"self.metadata.name == 'proactiveconf'\"\n message: \"Only one instance allowed with name proactiveconf\"\n---\n{{- end}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if .UnknownMacUnicastAction }}\n \"unknown-mac-unicast-action\": \"{{.UnknownMacUnicastAction}}\",\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if .OpflexDeviceReconnectWaitTimeout }}\n \"opflex-device-reconnect-wait-timeout\": {{.OpflexDeviceReconnectWaitTimeout}},\n{{- end}}\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .EnableHppDirect \"false\"}}\n \"enable-hpp-direct\": {{.EnableHppDirect}},\n{{- end}}\n{{- if ne .NoWaitForServiceEpReadiness \"false\"}}\n \"no-wait-for-service-ep-readiness\": {{.NoWaitForServiceEpReadiness}},\n{{- end}}\n{{- if ne .ServiceGraphEndpointAddDelay \"0\"}}\n \"service-graph-endpoint-add-delay\" : {\n \"delay\": {{.ServiceGraphEndpointAddDelay}},\n \"services\": [{{- range $index, $item :=.ServiceGraphEndpointAddServices }}{{- if $index}},{{end}}{ {{- range $k, $v := $item }}\"{{ $k }}\": \"{{ $v }}\"{{if eq $k \"name\"}},{{end}}{{- end}}}{{end}}]\n },\n{{- end}}\n{{- if ne .AddExternalSubnetsToRdconfig \"false\"}}\n \"add-external-subnets-to-rdconfig\": {{.AddExternalSubnetsToRdconfig}},\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n{{- if .NodeSnatRedirectExclude }}\n \"node-snat-redirect-exclude\": [{{ range $index,$item := .NodeSnatRedirectExclude}}{{- if $index}}, {{end }}{\"group\": \"{{ index $item \"group\" }}\", \"labels\": {{ index $item \"labels\" }}}{{ end }}],\n{{- end }}\n{{- if .ApicConnectionRetryLimit}}\n \"apic-connection-retry-limit\": {{.ApicConnectionRetryLimit}},\n{{- end}}\n{{- if ne .ProactiveConf \"false\" }}\n \"proactive-conf\": {{.ProactiveConf}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"sleep-time-snat-global-info-sync\": {{.SleepTimeSnatGlobalInfoSync}},\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package \n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n*/}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n \"aci-vrf\": \"{{.VRFName}}\",\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .AddExternalContractToDefaultEpg \"false\"}}\n \"add-external-contract-to-default-epg\": {{.AddExternalContractToDefaultEpg}},\n{{- end}} \n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n } },\n \"service-ip-pool\": [{{- range $index, $item := .ServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"extern-static\": [{{- range $index, $item := .StaticExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"extern-dynamic\": [{{- range $index, $item := .DynamicExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [{{- range $index, $item := .StaticServiceIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End }}\" }{{end}}],\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}}\n \"pod-ip-pool\": [{{- range $index, $item := .PodIPPool }}{{- if $index}},{{end}}{ \"start\": \"{{ $item.Start }}\", \"end\": \"{{ $item.End}}\" }{{end}}],\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .AciMultipod \"false\" }}\n \"aci-multipod\": {{.AciMultipod}},\n{{- end}}\n{{- if ne .DhcpRenewMaxRetryCount \"0\" }}\n \"dhcp-renew-max-retry-count\": {{.DhcpRenewMaxRetryCount}},\n{{- end}}\n{{- if ne .DhcpDelay \"0\" }}\n \"dhcp-delay\": {{.DhcpDelay}},\n{{- end}}\n{{- if ne .EnableOpflexAgentReconnect \"false\"}}\n \"enable-opflex-agent-reconnect\": {{.EnableOpflexAgentReconnect}},\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vrf\": \"{{.VRFName}}\",\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n{{- if ne .HppOptimization \"false\"}}\n \"hpp-optimization\": {{.HppOptimization}},\n{{- end}}\n{{- if ne .DisableHppRendering \"false\"}}\n \"disable-hpp-rendering\": {{.DisableHppRendering}},\n{{- end}}\n{{- if ne .EnableHppDirect \"false\"}}\n \"enable-hpp-direct\": {{.EnableHppDirect}},\n{{- end}}\n{{- if ne .ProactiveConf \"false\" }}\n \"proactive-conf\": {{.ProactiveConf}},\n{{- end}}\n \"pod-subnet\": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"node-subnet\": [{{- range $index, $item := .NodeSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}],\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [{{- range $index, $item := .PodNetwork }}{{- if $index}},{{end}}{ \"gateway\": \"{{ $item.Gateway }}\", \"subnet\": \"{{ $item.Subnet }}\", \"routes\": [{ \"dst\": \"0.0.0.0/0\", \"gw\": \"{{ $item.Gateway }}\" }]}{{end}}],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n{{- if and (ne .DropLogDisableEvents \"false\") (ne .DropLogDisableEvents \"False\")}}\n \"packet-event-notification-socket\": \"\",\n{{- end}}\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n{{- if and (ne .TaintNotReadyNode \"false\") (ne .TaintNotReadyNode \"False\") }}\n \"taint-not-ready\": true,\n{{- end}} \n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"},\n{{- end}}\n{{- if eq .OpflexAgentStatistics \"false\"}}\n \"statistics\" : { \"mode\" : \"off\" },\n{{- end}}\n \"timers\" : {\n{{- if .OpflexAgentPolicyRetryDelayTimer}}\n \"policy-retry-delay\": {{.OpflexAgentPolicyRetryDelayTimer}},\n{{- end}}\n{{- if .OpflexAgentResetWaitDelay}}\n \"reset-wait-delay\": {{.OpflexAgentResetWaitDelay}},\n{{- end}}\n \"switch-sync-delay\": {{.OpflexSwitchSyncDelay}},\n \"switch-sync-dynamic\": {{.OpflexSwitchSyncDynamic}}\n },\n \"startup\": {\n \"enabled\": {{.OpflexStartupEnabled}},\n \"policy-file\": \"/usr/local/var/lib/opflex-agent-ovs/startup/pol.json\",\n \"policy-duration\": {{.OpflexStartupPolicyDuration}},\n \"resolve-aft-conn\": {{.OpflexStartupResolveAftConn}}\n },\n \"notif\" : { \"enabled\" : \"false\" },\n \"asyncjson\": { \"enabled\" : \"{{.OpflexAgentOpflexAsyncjsonEnabled}}\" }\n{{- if ne .EnableHppDirect \"false\"}}\n ,\"enable-local-netpol\": {{.EnableHppDirect}}\n{{- end}}\n },\n \"ovs\": {\n \"asyncjson\": { \"enabled\" : \"{{.OpflexAgentOvsAsyncjsonEnabled}}\" }\n }\n }\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- /* Commenting code to disable the install_istio flag as the functionality\n is disabled to remove dependency from istio.io/istio package.\n Vulnerabilties were detected by quay.io security scan of aci-containers-controller\n and aci-containers-operator images for istio.io/istio package\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n*/}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.hpp\"\n resources:\n - hostprotpols\n - hostprotremoteipcontainers\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n{{- if ne .ProactiveConf \"false\" }}\n- apiGroups:\n - \"aci.pc\"\n resources:\n - proactiveconfs\n verbs:\n - get\n - list\n - watch\n{{- end}}\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n- apiGroups:\n - \"aci.hpp\"\n resources:\n - hostprotpols\n - hostprotremoteipcontainers\n verbs:\n - list\n - watch\n - get\n{{- if ne .ProactiveConf \"false\" }}\n- apiGroups:\n - \"aci.pc\"\n resources:\n - proactiveconfs\n verbs:\n - get\n - list\n - watch\n{{- end}}\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers-host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers-host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersHostPriorityClass}} \n priorityClassName: aci-containers-host\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersHostMemoryLimit ) ( .AciContainersHostMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersHostMemoryLimit }}\n memory: \"{{ .AciContainersHostMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersHostMemoryRequest }}\n memory: \"{{ .AciContainersHostMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: 'True'\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: 'True'\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n{{- if eq .AciMultipod \"true\" }}\n - name: dhclient\n mountPath: /var/lib/dhclient\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if ne .OpflexOpensslCompat \"false\"}}\n - name: OPENSSL_CONF\n value: \"/etc/pki/tls/openssl11.cnf\" \n{{- end}}\n{{- if eq .DropLogOpflexRedirectDropLogs \"syslog\"}}\n - name: OPFLEXAGENT_DROPLOG_SYSLOG\n value: \"true\"\n{{- else if .DropLogOpflexRedirectDropLogs }}\n - name: OPFLEXAGENT_DROPLOG_FILE\n value: \"{{ .DropLogOpflexRedirectDropLogs }}\"\n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .OpflexAgentMemoryLimit ) ( .OpflexAgentMemoryRequest )}}\n resources:\n limits:\n{{- if .OpflexAgentMemoryLimit }}\n memory: \"{{ .OpflexAgentMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .OpflexAgentMemoryRequest }}\n memory: \"{{ .OpflexAgentMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}} \n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n{{- if ne .OpflexMode \"overlay\"}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .McastDaemonMemoryLimit ) ( .McastDaemonMemoryRequest )}}\n resources:\n limits:\n{{- if .McastDaemonMemoryLimit }}\n memory: \"{{ .McastDaemonMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .McastDaemonMemoryRequest }}\n memory: \"{{ .McastDaemonMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n{{- end}}\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n{{- if eq .AciMultipod \"true\" }}\n{{- if eq .AciMultipodUbuntu \"true\" }}\n - name: dhclient\n hostPath:\n path: /var/lib/dhcp\n{{- else}}\n - name: dhclient\n hostPath:\n path: /var/lib/dhclient\n{{- end}}\n{{- end}}\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists \n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersOpenvswitchPriorityClass}} \n priorityClassName: aci-containers-openvswitch\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n requests:\n memory: \"{{.OVSMemoryRequest}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n key: node.kubernetes.io/unreachable\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoExecute\n key: node.kubernetes.io/not-ready\n operator: Exists\n tolerationSeconds: {{ .TolerationSeconds }}\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/controlplane\n value: \"true\"\n operator: Equal\n - effect: NoExecute\n key: node-role.kubernetes.io/etcd\n value: \"true\"\n operator: Equal\n{{- end }}\n{{- if ne .UseSystemNodePriorityClass \"false\"}}\n priorityClassName: system-node-critical\n{{- else if .UseAciContainersControllerPriorityClass}} \n priorityClassName: aci-containers-controller\n{{- else}} \n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n{{- end}}\n containers:\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if or ( .AciContainersControllerMemoryLimit ) ( .AciContainersControllerMemoryRequest )}}\n resources:\n limits:\n{{- if .AciContainersControllerMemoryLimit }}\n memory: \"{{ .AciContainersControllerMemoryLimit }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryLimit }}\"\n{{- end}}\n requests:\n{{- if .AciContainersControllerMemoryRequest }}\n memory: \"{{ .AciContainersControllerMemoryRequest }}\"\n{{- else}}\n memory: \"{{ .AciContainersMemoryRequest }}\"\n{{- end}}\n{{- end}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: varlogpods\n mountPath: /var/log/pods\n readOnly: true\n - name: varlogcontainers\n mountPath: /var/log/containers\n readOnly: true\n - name: varlibdocker\n mountPath: /var/lib/docker\n readOnly: true\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n - name: varlogpods\n hostPath:\n path: /var/log/pods\n - name: varlogcontainers\n hostPath:\n path: /var/log/containers\n - name: varlibdocker\n hostPath:\n path: /var/lib/docker\n---\napiVersion: v1\nkind: LimitRange\nmetadata:\n name: memory-limit-range\n namespace: aci-containers-system\nspec:\n limits:\n - default:\n memory: {{ .AciContainersMemoryLimit }}\n defaultRequest:\n memory: {{ .AciContainersMemoryRequest }}\n type: Container\n", "calico-v1.13": "\n{{if eq .RBACConfig \"rbac\"}}\n## start rbac here\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n## end rbac here\n\n---\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # To enable Typha, set this to \"calico-typha\" *and* set a non-zero value for Typha replicas\n # below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is\n # essential.\n typha_service_name: \"none\"\n # Configure the Calico backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n serviceAccountName: calico-node\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Typha support: controlled by the ConfigMap.\n - name: FELIX_TYPHAK8SSERVICENAME\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: typha_service_name\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n\n\n{{if ne .CloudProvider \"none\"}}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: {{.CloudProvider}}-ippool\n namespace: kube-system\ndata:\n {{.CloudProvider}}-ippool: |-\n apiVersion: projectcalico.org/v3\n kind: IPPool\n metadata:\n name: ippool-ipip-1\n spec:\n cidr: {{.ClusterCIDR}}\n ipipMode: Always\n natOutgoing: true\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: calicoctl\n namespace: kube-system\nspec:\n hostNetwork: true\n restartPolicy: OnFailure\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: calicoctl\n image: {{.Calicoctl}}\n command: [\"/bin/sh\", \"-c\", \"calicoctl apply -f {{.CloudProvider}}-ippool.yaml\"]\n env:\n - name: DATASTORE_TYPE\n value: kubernetes\n volumeMounts:\n - name: ippool-config\n mountPath: /root/\n volumes:\n - name: ippool-config\n configMap:\n name: {{.CloudProvider}}-ippool\n items:\n - key: {{.CloudProvider}}-ippool\n path: {{.CloudProvider}}-ippool.yaml\n # Mount in the etcd TLS secrets.\n{{end}}\n", "calico-v1.15": "\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\nspec:\n # The controller can only have a single active instance.\n replicas: 1\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n", "calico-v1.15-privileged": "\n# CalicoTemplateV115Privileged\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n # Pod CIDR auto-detection on kubeadm needs access to config maps.\n - apiGroups: [\"\"]\n resources:\n - configmaps\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"bandwidth\",\n \"capabilities\": {\"bandwidth\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n # Rancher specific change\n priorityClassName: {{ .CalicoNodePriorityClassName | default \"system-node-critical\" }}\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n securityContext:\n privileged: true\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n securityContext:\n privileged: true\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n exec:\n command:\n - /bin/calico-node\n - -felix-live\n - -bird-live\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -felix-ready\n - -bird-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", @@ -15395,7 +15478,7 @@ }, "RKEDefaultK8sVersions": { "0.3": "v1.16.3-rancher1-1", - "default": "v1.30.7-rancher1-1" + "default": "v1.30.8-rancher1-1" }, "K8sVersionDockerInfo": { "1.10": [ @@ -15598,7 +15681,9 @@ "26.1.x", "27.0.x", "27.1.x", - "27.2.x" + "27.2.x", + "27.3.x", + "27.4.x" ], "1.28": [ "1.13.x", @@ -15616,7 +15701,9 @@ "26.1.x", "27.0.x", "27.1.x", - "27.2.x" + "27.2.x", + "27.3.x", + "27.4.x" ], "1.29": [ "1.13.x", @@ -15634,7 +15721,9 @@ "26.1.x", "27.0.x", "27.1.x", - "27.2.x" + "27.2.x", + "27.3.x", + "27.4.x" ], "1.30": [ "1.13.x", @@ -15652,7 +15741,9 @@ "26.1.x", "27.0.x", "27.1.x", - "27.2.x" + "27.2.x", + "27.3.x", + "27.4.x" ], "1.8": [ "1.11.x", @@ -31322,192 +31413,6 @@ }, "version": "v1.29.11+k3s1" }, - { - "agentArgs": { - "debug": { - "type": "bool" - }, - "default-runtime": { - "type": "string" - }, - "disable-apiserver-lb": { - "type": "boolean" - }, - "disable-default-registry-endpoint": { - "type": "boolean" - }, - "docker": { - "default": false, - "type": "boolean" - }, - "flannel-conf": { - "type": "string" - }, - "flannel-iface": { - "type": "string" - }, - "kube-proxy-arg": { - "type": "array" - }, - "kubelet-arg": { - "type": "array" - }, - "pause-image": { - "type": "string" - }, - "protect-kernel-defaults": { - "default": false, - "type": "boolean" - }, - "resolv-conf": { - "type": "string" - }, - "selinux": { - "default": false, - "type": "boolean" - }, - "snapshotter": { - "type": "string" - }, - "system-default-registry": { - "type": "string" - }, - "vpn-auth": { - "type": "string" - }, - "vpn-auth-file": { - "type": "string" - } - }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, - "maxChannelServerVersion": "v2.9.99", - "minChannelServerVersion": "v2.9.0-alpha1", - "serverArgs": { - "cluster-cidr": { - "type": "string" - }, - "cluster-dns": { - "type": "string" - }, - "cluster-domain": { - "type": "string" - }, - "datastore-cafile": { - "type": "string" - }, - "datastore-certfile": { - "type": "string" - }, - "datastore-endpoint": { - "type": "string" - }, - "datastore-keyfile": { - "type": "string" - }, - "default-local-storage-path": { - "type": "string" - }, - "disable": { - "options": [ - "coredns", - "servicelb", - "traefik", - "local-storage", - "metrics-server" - ], - "type": "array" - }, - "disable-apiserver": { - "default": false, - "type": "boolean" - }, - "disable-cloud-controller": { - "default": false, - "type": "boolean" - }, - "disable-controller-manager": { - "default": false, - "type": "boolean" - }, - "disable-etcd": { - "default": false, - "type": "boolean" - }, - "disable-kube-proxy": { - "default": false, - "type": "boolean" - }, - "disable-network-policy": { - "default": false, - "type": "boolean" - }, - "disable-scheduler": { - "default": false, - "type": "boolean" - }, - "egress-selector-mode": { - "type": "string" - }, - "embedded-registry": { - "type": "boolean" - }, - "etcd-arg": { - "type": "array" - }, - "etcd-expose-metrics": { - "default": false, - "type": "boolean" - }, - "flannel-backend": { - "options": [ - "none", - "vxlan", - "ipsec", - "host-gw", - "wireguard", - "wireguard-native" - ], - "type": "enum" - }, - "helm-job-image": { - "type": "string" - }, - "kine-tls": { - "type": "boolean" - }, - "kube-apiserver-arg": { - "type": "array" - }, - "kube-cloud-controller-manager-arg": { - "type": "array" - }, - "kube-controller-manager-arg": { - "type": "array" - }, - "kube-scheduler-arg": { - "type": "array" - }, - "secrets-encryption": { - "default": false, - "type": "boolean" - }, - "service-cidr": { - "type": "string" - }, - "service-node-port-range": { - "type": "string" - }, - "tls-san": { - "type": "array" - }, - "tls-san-security": { - "type": "boolean" - } - }, - "version": "v1.30.1+k3s1" - }, { "agentArgs": { "bind-address": { @@ -31544,6 +31449,12 @@ "kubelet-arg": { "type": "array" }, + "node-external-dns": { + "type": "array" + }, + "node-internal-dns": { + "type": "array" + }, "pause-image": { "type": "string" }, @@ -31704,13 +31615,10 @@ "type": "string" } }, - "version": "v1.30.2+k3s2" + "version": "v1.29.12+k3s1" }, { "agentArgs": { - "bind-address": { - "type": "string" - }, "debug": { "type": "bool" }, @@ -31727,9 +31635,6 @@ "default": false, "type": "boolean" }, - "enable-pprof": { - "type": "boolean" - }, "flannel-conf": { "type": "string" }, @@ -31889,20 +31794,410 @@ "service-node-port-range": { "type": "string" }, - "supervisor-metrics": { - "type": "boolean" - }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" - }, - "write-kubeconfig-group": { - "type": "string" } }, - "version": "v1.30.3+k3s1" + "version": "v1.30.1+k3s1" + }, + { + "agentArgs": { + "bind-address": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "default-runtime": { + "type": "string" + }, + "disable-apiserver-lb": { + "type": "boolean" + }, + "disable-default-registry-endpoint": { + "type": "boolean" + }, + "docker": { + "default": false, + "type": "boolean" + }, + "enable-pprof": { + "type": "boolean" + }, + "flannel-conf": { + "type": "string" + }, + "flannel-iface": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "pause-image": { + "type": "string" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" + }, + "system-default-registry": { + "type": "string" + }, + "vpn-auth": { + "type": "string" + }, + "vpn-auth-file": { + "type": "string" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.9.99", + "minChannelServerVersion": "v2.9.0-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "embedded-registry": { + "type": "boolean" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard", + "wireguard-native" + ], + "type": "enum" + }, + "helm-job-image": { + "type": "string" + }, + "kine-tls": { + "type": "boolean" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "supervisor-metrics": { + "type": "boolean" + }, + "tls-san": { + "type": "array" + }, + "tls-san-security": { + "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" + } + }, + "version": "v1.30.2+k3s2" + }, + { + "agentArgs": { + "bind-address": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "default-runtime": { + "type": "string" + }, + "disable-apiserver-lb": { + "type": "boolean" + }, + "disable-default-registry-endpoint": { + "type": "boolean" + }, + "docker": { + "default": false, + "type": "boolean" + }, + "enable-pprof": { + "type": "boolean" + }, + "flannel-conf": { + "type": "string" + }, + "flannel-iface": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "pause-image": { + "type": "string" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" + }, + "system-default-registry": { + "type": "string" + }, + "vpn-auth": { + "type": "string" + }, + "vpn-auth-file": { + "type": "string" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.9.99", + "minChannelServerVersion": "v2.9.0-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "embedded-registry": { + "type": "boolean" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard", + "wireguard-native" + ], + "type": "enum" + }, + "helm-job-image": { + "type": "string" + }, + "kine-tls": { + "type": "boolean" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "supervisor-metrics": { + "type": "boolean" + }, + "tls-san": { + "type": "array" + }, + "tls-san-security": { + "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" + } + }, + "version": "v1.30.3+k3s1" }, { "agentArgs": { @@ -32695,6 +32990,210 @@ } }, "version": "v1.30.7+k3s1" + }, + { + "agentArgs": { + "bind-address": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "default-runtime": { + "type": "string" + }, + "disable-apiserver-lb": { + "type": "boolean" + }, + "disable-default-registry-endpoint": { + "type": "boolean" + }, + "docker": { + "default": false, + "type": "boolean" + }, + "enable-pprof": { + "type": "boolean" + }, + "flannel-conf": { + "type": "string" + }, + "flannel-iface": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "node-external-dns": { + "type": "array" + }, + "node-internal-dns": { + "type": "array" + }, + "pause-image": { + "type": "string" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" + }, + "system-default-registry": { + "type": "string" + }, + "vpn-auth": { + "type": "string" + }, + "vpn-auth-file": { + "type": "string" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.9.99", + "minChannelServerVersion": "v2.9.0-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "embedded-registry": { + "type": "boolean" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard", + "wireguard-native" + ], + "type": "enum" + }, + "helm-job-image": { + "type": "string" + }, + "kine-tls": { + "type": "boolean" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "supervisor-metrics": { + "type": "boolean" + }, + "tls-san": { + "type": "array" + }, + "tls-san-security": { + "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" + } + }, + "version": "v1.30.8+k3s1" } ] }, @@ -32859,7 +33358,251 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-203" + "version": "v3.19.2-203" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.13.300-build2021022306" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.9.809" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.16.201-build2021072308" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "3.34.003" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021022302" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021041604" + } + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.0-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.4+rke2r2" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.200" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.300" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-204" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -32871,7 +33614,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.9.809" + "version": "1.10.402" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -32891,7 +33634,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.0-alpha1", + "minChannelServerVersion": "v2.6.1-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -32988,7 +33731,7 @@ "type": "array" } }, - "version": "v1.21.4+rke2r2" + "version": "v1.21.5+rke2r1" }, { "agentArgs": { @@ -33103,7 +33846,7 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-204" + "version": "v3.19.2-205" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -33115,7 +33858,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.402" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -33232,7 +33975,7 @@ "type": "array" } }, - "version": "v1.21.5+rke2r1" + "version": "v1.21.5+rke2r2" }, { "agentArgs": { @@ -33355,7 +34098,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.13.300-build2021022306" + "version": "v3.20.1-build2021100603" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -33363,11 +34106,11 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.201-build2021072308" + "version": "1.16.301-build2021100602" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "3.34.003" + "version": "4.0.305" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -33426,250 +34169,253 @@ "disable-scheduler": { "type": "bool" }, - "etcd-expose-metrics": { - "default": false, - "type": "boolean" - }, - "etcd-image": { - "type": "string" - }, - "kube-apiserver-arg": { - "type": "array" - }, - "kube-apiserver-image": { - "type": "string" - }, - "kube-controller-manager-arg": { - "type": "array" - }, - "kube-controller-manager-image": { - "type": "string" - }, - "kube-proxy-arg": { - "type": "array" - }, - "kube-scheduler-arg": { - "type": "array" - }, - "kube-scheduler-image": { - "type": "string" - }, - "kubelet-path": { - "type": "string" - }, - "pause-image": { - "type": "string" - }, - "runtime-image": { - "type": "string" - }, - "service-cidr": { - "type": "string" - }, - "service-node-port-range": { - "type": "string" - }, - "snapshotter": { - "type": "string" - }, - "tls-san": { - "type": "array" - } - }, - "version": "v1.21.5+rke2r2" - }, - { - "agentArgs": { - "audit-policy-file": { - "type": "string" - }, - "cloud-controller-manager-extra-env": { - "type": "array" - }, - "cloud-controller-manager-extra-mount": { - "type": "array" - }, - "cloud-provider-config": { - "type": "string" - }, - "cloud-provider-name": { - "default": null, - "nullable": true, - "options": [ - "aws", - "azure", - "gcp", - "rancher-vsphere", - "harvester", - "external" - ], - "type": "enum" - }, - "control-plane-resource-limits": { - "type": "string" - }, - "control-plane-resource-requests": { - "type": "string" - }, - "debug": { - "type": "bool" - }, - "etcd-extra-env": { - "type": "array" - }, - "etcd-extra-mount": { - "type": "array" - }, - "kube-apiserver-extra-env": { - "type": "array" - }, - "kube-apiserver-extra-mount": { - "type": "array" - }, - "kube-controller-manager-extra-env": { - "type": "array" - }, - "kube-controller-manager-extra-mount": { - "type": "array" - }, - "kube-proxy-arg": { - "type": "array" - }, - "kube-proxy-extra-env": { - "type": "array" - }, - "kube-proxy-extra-mount": { - "type": "array" - }, - "kube-scheduler-extra-env": { - "type": "array" - }, - "kube-scheduler-extra-mount": { - "type": "array" - }, - "kubelet-arg": { - "type": "array" - }, - "profile": { - "nullable": true, - "options": [ - "cis-1.5", - "cis-1.6" - ], - "type": "enum" - }, - "protect-kernel-defaults": { - "default": false, - "type": "boolean" - }, - "resolv-conf": { - "type": "string" - }, - "selinux": { - "type": "bool" - }, - "system-default-registry": { - "type": "string" - } - }, - "charts": { - "harvester-cloud-provider": { - "repo": "rancher-rke2-charts", - "version": "0.1.200" - }, - "harvester-csi-driver": { - "repo": "rancher-rke2-charts", - "version": "0.1.300" - }, - "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.0.0" - }, - "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.0.0" - }, - "rke2-calico": { - "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" - }, - "rke2-calico-crd": { - "repo": "rancher-rke2-charts", - "version": "v1.0.101" - }, - "rke2-canal": { - "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021100603" - }, - "rke2-cilium": { - "repo": "rancher-rke2-charts", - "version": "1.10.404" - }, - "rke2-coredns": { - "repo": "rancher-rke2-charts", - "version": "1.16.301-build2021100602" - }, - "rke2-ingress-nginx": { - "repo": "rancher-rke2-charts", - "version": "4.0.305" - }, - "rke2-metrics-server": { - "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021022302" - }, - "rke2-multus": { - "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021041604" - } - }, - "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.1-alpha1", - "serverArgs": { - "audit-policy-file": { - "type": "string" - }, - "cluster-cidr": { - "type": "string" - }, - "cluster-dns": { - "type": "string" - }, - "cluster-domain": { - "type": "string" - }, - "cni": { - "default": "calico", - "options": [ - "canal", - "cilium", - "calico", - "multus,canal", - "multus,cilium", - "multus,calico" - ], - "type": "array" - }, - "container-runtime-endpoint": { - "type": "string" - }, - "disable": { - "options": [ - "rke2-coredns", - "rke2-ingress-nginx", - "rke2-metrics-server" - ], + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.6+rke2r1" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.300" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.400" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-205" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.20.1-build2021111904" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.10.404" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.16.401-build2021111901" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "4.0.306" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021111904" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021111906" + } + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.1-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-arg": { "type": "array" }, - "disable-cloud-controller": { - "type": "bool" - }, - "disable-kube-proxy": { - "default": false, - "type": "boolean" - }, - "disable-scheduler": { - "type": "bool" - }, "etcd-expose-metrics": { "default": false, "type": "boolean" @@ -33720,7 +34466,7 @@ "type": "array" } }, - "version": "v1.21.6+rke2r1" + "version": "v1.21.7+rke2r2" }, { "agentArgs": { @@ -33819,11 +34565,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.400" + "version": "0.1.900" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", @@ -33967,7 +34713,7 @@ "type": "array" } }, - "version": "v1.21.7+rke2r2" + "version": "v1.21.8+rke2r2" }, { "agentArgs": { @@ -34090,7 +34836,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.20.3-build2022011406" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -34214,7 +34960,7 @@ "type": "array" } }, - "version": "v1.21.8+rke2r2" + "version": "v1.21.9+rke2r1" }, { "agentArgs": { @@ -34313,11 +35059,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", @@ -34337,7 +35083,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.3-build2022011406" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -34361,7 +35107,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.1-alpha1", + "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -34461,7 +35207,7 @@ "type": "array" } }, - "version": "v1.21.9+rke2r1" + "version": "v1.21.10+rke2r2" }, { "agentArgs": { @@ -34560,19 +35306,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -34584,19 +35330,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -34708,7 +35454,7 @@ "type": "array" } }, - "version": "v1.21.10+rke2r2" + "version": "v1.21.12+rke2r1" }, { "agentArgs": { @@ -34843,7 +35589,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -34955,7 +35701,7 @@ "type": "array" } }, - "version": "v1.21.12+rke2r1" + "version": "v1.21.12+rke2r2" }, { "agentArgs": { @@ -35062,7 +35808,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -35082,7 +35828,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -35090,7 +35836,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -35202,7 +35948,257 @@ "type": "array" } }, - "version": "v1.21.12+rke2r2" + "version": "v1.21.13+rke2r2" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "debug": { + "type": "bool" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.1100" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.1100" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-rke2-charts", + "version": "1.2.201" + }, + "rancher-vsphere-csi": { + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-205" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.21.4-build2022031701" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.11.501" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.19.400" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "4.1.003" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021111904" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021111906" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.3-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.14+rke2r1" }, { "agentArgs": { @@ -35301,43 +36297,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.400" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { - "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" + "version": "v3.20.201" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.101" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -35348,7 +36344,7 @@ "version": "v3.7.1-build2021111906" } }, - "maxChannelServerVersion": "v2.6.4", + "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { @@ -35449,7 +36445,7 @@ "type": "array" } }, - "version": "v1.21.13+rke2r2" + "version": "v1.22.4+rke2r2" }, { "agentArgs": { @@ -35548,43 +36544,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.900" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { - "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" + "version": "v3.20.201" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.101" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -35595,10 +36591,7 @@ "version": "v3.7.1-build2021111906" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, - "maxChannelServerVersion": "v2.6.4", + "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { @@ -35699,7 +36692,7 @@ "type": "array" } }, - "version": "v1.21.14+rke2r1" + "version": "v1.22.5+rke2r2" }, { "agentArgs": { @@ -35798,11 +36791,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.400" + "version": "0.1.900" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", @@ -35822,7 +36815,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.20.3-build2022011406" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -35946,7 +36939,7 @@ "type": "array" } }, - "version": "v1.22.4+rke2r2" + "version": "v1.22.6+rke2r1" }, { "agentArgs": { @@ -36045,31 +37038,31 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.1.000" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.4.1-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.20.201" + "version": "v3.21.402" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.21.402" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -36193,7 +37186,7 @@ "type": "array" } }, - "version": "v1.22.5+rke2r2" + "version": "v1.22.7+rke2r2" }, { "agentArgs": { @@ -36292,43 +37285,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.20.201" + "version": "v3.21.402" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.21.402" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.3-build2022011406" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -36440,7 +37433,7 @@ "type": "array" } }, - "version": "v1.22.6+rke2r1" + "version": "v1.22.9+rke2r1" }, { "agentArgs": { @@ -36539,19 +37532,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.1.000" + "version": "1.2.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.4.1-rancher100" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -36563,19 +37556,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -36687,7 +37680,7 @@ "type": "array" } }, - "version": "v1.22.7+rke2r2" + "version": "v1.22.9+rke2r2" }, { "agentArgs": { @@ -36794,7 +37787,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -36802,19 +37795,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -36822,7 +37815,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -36830,7 +37823,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110402" } }, "maxChannelServerVersion": "v2.6.99", @@ -36881,6 +37874,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -36934,7 +37930,7 @@ "type": "array" } }, - "version": "v1.22.9+rke2r1" + "version": "v1.22.10+rke2r2" }, { "agentArgs": { @@ -37041,7 +38037,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -37049,27 +38045,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -37077,9 +38073,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -37128,6 +38127,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -37181,7 +38183,7 @@ "type": "array" } }, - "version": "v1.22.9+rke2r2" + "version": "v1.22.11+rke2r1" }, { "agentArgs": { @@ -37280,7 +38282,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -37308,15 +38310,15 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -37324,9 +38326,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110402" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -37431,7 +38436,7 @@ "type": "array" } }, - "version": "v1.22.10+rke2r2" + "version": "v1.22.13+rke2r1" }, { "agentArgs": { @@ -37530,7 +38535,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -37554,11 +38559,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101102" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -37566,7 +38571,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -37684,7 +38689,7 @@ "type": "array" } }, - "version": "v1.22.11+rke2r1" + "version": "v1.22.15+rke2r2" }, { "agentArgs": { @@ -37807,11 +38812,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101102" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.12.301" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -37937,7 +38942,7 @@ "type": "array" } }, - "version": "v1.22.13+rke2r1" + "version": "v1.22.17+rke2r1" }, { "agentArgs": { @@ -38036,43 +39041,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.1.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.4.1-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v3.22.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101102" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.11.101" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -38080,14 +39085,11 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.7.1-build2021111906" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.3-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -38134,9 +39136,6 @@ "disable-scheduler": { "type": "bool" }, - "egress-selector-mode": { - "type": "string" - }, "etcd-arg": { "type": "array" }, @@ -38190,7 +39189,7 @@ "type": "array" } }, - "version": "v1.22.15+rke2r2" + "version": "v1.23.4+rke2r2" }, { "agentArgs": { @@ -38317,7 +39316,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.301" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -38336,9 +39335,6 @@ "version": "v3.8-build2021110403" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -38443,7 +39439,7 @@ "type": "array" } }, - "version": "v1.22.17+rke2r1" + "version": "v1.22.16+rke2r1" }, { "agentArgs": { @@ -38542,19 +39538,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.1.000" + "version": "1.2.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.4.1-rancher100" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -38566,19 +39562,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.101" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -38690,7 +39686,7 @@ "type": "array" } }, - "version": "v1.23.4+rke2r2" + "version": "v1.23.6+rke2r1" }, { "agentArgs": { @@ -38789,7 +39785,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -38797,7 +39793,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.2.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -38805,27 +39801,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v3.22.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101102" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -38833,11 +39829,11 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.7.1-build2021111906" } }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.3-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -38884,9 +39880,6 @@ "disable-scheduler": { "type": "bool" }, - "egress-selector-mode": { - "type": "string" - }, "etcd-arg": { "type": "array" }, @@ -38940,7 +39933,7 @@ "type": "array" } }, - "version": "v1.22.16+rke2r1" + "version": "v1.23.6+rke2r2" }, { "agentArgs": { @@ -39047,7 +40040,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -39055,19 +40048,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.22.101" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -39075,7 +40068,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -39083,7 +40076,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110402" } }, "maxChannelServerVersion": "v2.6.99", @@ -39134,6 +40127,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -39187,7 +40183,7 @@ "type": "array" } }, - "version": "v1.23.6+rke2r1" + "version": "v1.23.7+rke2r2" }, { "agentArgs": { @@ -39294,7 +40290,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -39302,27 +40298,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.22.101" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -39330,9 +40326,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { @@ -39381,6 +40380,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -39434,7 +40436,7 @@ "type": "array" } }, - "version": "v1.23.6+rke2r2" + "version": "v1.23.8+rke2r1" }, { "agentArgs": { @@ -39533,7 +40535,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -39561,15 +40563,15 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -39577,10 +40579,13 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110402" + "version": "v3.8-build2021110403" } }, - "maxChannelServerVersion": "v2.6.99", + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.7.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { @@ -39684,7 +40689,7 @@ "type": "array" } }, - "version": "v1.23.7+rke2r2" + "version": "v1.23.10+rke2r1" }, { "agentArgs": { @@ -39783,7 +40788,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -39791,49 +40796,46 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, - "maxChannelServerVersion": "v2.6.99", + "maxChannelServerVersion": "v2.7.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { @@ -39937,7 +40939,7 @@ "type": "array" } }, - "version": "v1.23.8+rke2r1" + "version": "v1.23.13+rke2r1" }, { "agentArgs": { @@ -40044,43 +41046,43 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.12.302" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { @@ -40190,7 +41192,7 @@ "type": "array" } }, - "version": "v1.23.10+rke2r1" + "version": "v1.23.14+rke2r1" }, { "agentArgs": { @@ -40305,19 +41307,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.501" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.501" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101103" + "version": "v3.24.5-build2022120101" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.12.402" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -40325,17 +41327,20 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.005" + "version": "4.1.008" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101106" + "version": "2.11.100-build2022101107" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2022101103" + "version": "v3.9-build2022102805" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.7.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { @@ -40440,7 +41445,7 @@ "type": "array" } }, - "version": "v1.23.13+rke2r1" + "version": "v1.23.15+rke2r1" }, { "agentArgs": { @@ -40539,15 +41544,15 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1500" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.001" + "version": "1.4.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -40555,19 +41560,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.103" + "version": "v3.24.501" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.103" + "version": "v3.24.501" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101103" + "version": "v3.24.5-build2022120101" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.302" + "version": "1.12.402" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -40575,15 +41580,15 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.005" + "version": "4.1.008" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101106" + "version": "2.11.100-build2022101107" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2022101103" + "version": "v3.9-build2022102805" } }, "featureVersions": { @@ -40693,7 +41698,7 @@ "type": "array" } }, - "version": "v1.23.14+rke2r1" + "version": "v1.23.16+rke2r1" }, { "agentArgs": { @@ -40792,15 +41797,15 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1500" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.001" + "version": "1.4.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -40808,19 +41813,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.001" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.001" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.5-build2022120101" + "version": "v3.25.0-build2023020901" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.402" + "version": "1.12.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -40946,7 +41951,7 @@ "type": "array" } }, - "version": "v1.23.15+rke2r1" + "version": "v1.23.17+rke2r1" }, { "agentArgs": { @@ -41045,58 +42050,58 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1500" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.1-rancher101" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.5-build2022120101" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.402" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.008" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101107" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9-build2022102805" + "version": "v3.8-build2021110403" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.7.99", - "minChannelServerVersion": "v2.6.4-alpha1", + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.7-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -41199,7 +42204,7 @@ "type": "array" } }, - "version": "v1.23.16+rke2r1" + "version": "v1.24.2+rke2r1" }, { "agentArgs": { @@ -41298,58 +42303,58 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1500" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.1-rancher101" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.0-build2023020901" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.500" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.008" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101107" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9-build2022102805" + "version": "v3.8-build2021110403" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.7.99", - "minChannelServerVersion": "v2.6.4-alpha1", + "minChannelServerVersion": "v2.6.7-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -41452,7 +42457,7 @@ "type": "array" } }, - "version": "v1.23.17+rke2r1" + "version": "v1.24.4+rke2r1" }, { "agentArgs": { @@ -41551,7 +42556,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -41559,49 +42564,49 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.6.99", + "maxChannelServerVersion": "v2.7.99", "minChannelServerVersion": "v2.6.7-alpha1", "serverArgs": { "audit-policy-file": { @@ -41705,7 +42710,7 @@ "type": "array" } }, - "version": "v1.24.2+rke2r1" + "version": "v1.24.7+rke2r1" }, { "agentArgs": { @@ -41812,43 +42817,43 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.4.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.2-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.12.302" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { @@ -41958,7 +42963,7 @@ "type": "array" } }, - "version": "v1.24.4+rke2r1" + "version": "v1.24.8+rke2r1" }, { "agentArgs": { @@ -42065,27 +43070,27 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.001" + "version": "1.4.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.1-rancher101" + "version": "2.6.2-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.501" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.501" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101103" + "version": "v3.24.5-build2022120101" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.12.402" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -42093,15 +43098,15 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.005" + "version": "4.1.008" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101106" + "version": "2.11.100-build2022101107" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2022101103" + "version": "v3.9-build2022102805" } }, "featureVersions": { @@ -42211,7 +43216,7 @@ "type": "array" } }, - "version": "v1.24.7+rke2r1" + "version": "v1.24.9+rke2r2" }, { "agentArgs": { @@ -42310,15 +43315,15 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1500" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.100" + "version": "1.4.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -42326,19 +43331,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.103" + "version": "v3.24.501" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.103" + "version": "v3.24.501" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101103" + "version": "v3.24.5-build2022120101" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.302" + "version": "1.12.402" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -42346,15 +43351,15 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.005" + "version": "4.1.008" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101106" + "version": "2.11.100-build2022101107" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2022101103" + "version": "v3.9.3-build2023010901" } }, "featureVersions": { @@ -42464,7 +43469,7 @@ "type": "array" } }, - "version": "v1.24.8+rke2r1" + "version": "v1.24.10+rke2r1" }, { "agentArgs": { @@ -42563,15 +43568,15 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1500" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.100" + "version": "1.4.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -42579,19 +43584,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.001" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.001" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.5-build2022120101" + "version": "v3.25.0-build2023020901" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.402" + "version": "1.12.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -42607,7 +43612,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9-build2022102805" + "version": "v3.9.3-build2023010901" } }, "featureVersions": { @@ -42717,7 +43722,7 @@ "type": "array" } }, - "version": "v1.24.9+rke2r2" + "version": "v1.24.11+rke2r1" }, { "agentArgs": { @@ -42820,39 +43825,39 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1500" + "version": "0.1.1600" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.101" + "version": "1.4.200" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.2-rancher100" + "version": "2.6.2-rancher200" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.501" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.5-build2022120101" + "version": "v3.25.0-build2023020902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.402" + "version": "1.13.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.402" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.008" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -42860,7 +43865,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010901" + "version": "v3.9.3-build2023010902" } }, "featureVersions": { @@ -42970,7 +43975,7 @@ "type": "array" } }, - "version": "v1.24.10+rke2r1" + "version": "v1.24.13+rke2r1" }, { "agentArgs": { @@ -43073,47 +44078,47 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1500" + "version": "0.1.1600" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.101" + "version": "1.5.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.2-rancher100" + "version": "3.0.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.0-build2023020901" + "version": "v3.25.1-build2023051200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.500" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.402" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.008" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101107" + "version": "2.11.100-build2023051508" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010901" + "version": "v3.9.3-build2023010902" } }, "featureVersions": { @@ -43223,7 +44228,7 @@ "type": "array" } }, - "version": "v1.24.11+rke2r1" + "version": "v1.24.14+rke2r1" }, { "agentArgs": { @@ -43322,7 +44327,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -43330,11 +44335,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.200" + "version": "1.5.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.2-rancher200" + "version": "3.0.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -43346,15 +44351,15 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.0-build2023020902" + "version": "v3.25.1-build2023051201" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.000" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.402" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -43362,7 +44367,7 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101107" + "version": "2.11.100-build2023051508" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -43476,7 +44481,7 @@ "type": "array" } }, - "version": "v1.24.13+rke2r1" + "version": "v1.24.15+rke2r1" }, { "agentArgs": { @@ -43575,7 +44580,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -43591,15 +44596,15 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051200" + "version": "v3.25.1-build2023051203" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -43607,11 +44612,11 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.402" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -43619,7 +44624,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v4.0.2-build2023070701" } }, "featureVersions": { @@ -43729,7 +44734,7 @@ "type": "array" } }, - "version": "v1.24.14+rke2r1" + "version": "v1.24.16+rke2r1" }, { "agentArgs": { @@ -43806,8 +44811,7 @@ "profile": { "nullable": true, "options": [ - "cis-1.5", - "cis-1.6" + "cis-1.23" ], "type": "enum" }, @@ -43828,58 +44832,70 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1600" + "version": "0.1.1500" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.5.100" + "version": "1.4.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.0.1-rancher101" + "version": "2.6.2-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.25.001" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.25.001" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051201" + "version": "v3.25.0-build2023020901" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.12.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.1.008" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051508" + "version": "2.11.100-build2022101107" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v3.9.3-build2023010901" + }, + "rke2-snapshot-controller": { + "repo": "rancher-rke2-charts", + "version": "1.7.201" + }, + "rke2-snapshot-controller-crd": { + "repo": "rancher-rke2-charts", + "version": "1.7.201" + }, + "rke2-snapshot-validation-webhook": { + "repo": "rancher-rke2-charts", + "version": "1.7.100" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.7.99", - "minChannelServerVersion": "v2.6.7-alpha1", + "minChannelServerVersion": "v2.7.2-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -43982,7 +44998,7 @@ "type": "array" } }, - "version": "v1.24.15+rke2r1" + "version": "v1.25.7+rke2r1" }, { "agentArgs": { @@ -44105,11 +45121,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051203" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.14.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -44125,7 +45141,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023070701" + "version": "v4.0.2-build2023081100" } }, "featureVersions": { @@ -44233,9 +45249,12 @@ }, "tls-san": { "type": "array" + }, + "tls-san-security": { + "type": "boolean" } }, - "version": "v1.24.16+rke2r1" + "version": "v1.24.17+rke2r1" }, { "agentArgs": { @@ -44337,39 +45356,39 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1500" + "version": "0.1.1600" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.100" + "version": "1.4.200" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.2-rancher100" + "version": "2.6.2-rancher200" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.001" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.0-build2023020901" + "version": "v3.25.0-build2023020902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.500" + "version": "1.13.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.402" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.008" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -44377,7 +45396,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010901" + "version": "v3.9.3-build2023010902" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -44499,7 +45518,7 @@ "type": "array" } }, - "version": "v1.25.7+rke2r1" + "version": "v1.25.9+rke2r1" }, { "agentArgs": { @@ -44576,8 +45595,7 @@ "profile": { "nullable": true, "options": [ - "cis-1.5", - "cis-1.6" + "cis-1.23" ], "type": "enum" }, @@ -44598,7 +45616,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -44614,27 +45632,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.25.1-build2023051200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.000" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.19.402" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -44642,14 +45660,26 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v3.9.3-build2023010902" + }, + "rke2-snapshot-controller": { + "repo": "rancher-rke2-charts", + "version": "1.7.202" + }, + "rke2-snapshot-controller-crd": { + "repo": "rancher-rke2-charts", + "version": "1.7.202" + }, + "rke2-snapshot-validation-webhook": { + "repo": "rancher-rke2-charts", + "version": "1.7.101" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.7.99", - "minChannelServerVersion": "v2.6.7-alpha1", + "minChannelServerVersion": "v2.7.2-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -44750,12 +45780,9 @@ }, "tls-san": { "type": "array" - }, - "tls-san-security": { - "type": "boolean" } }, - "version": "v1.24.17+rke2r1" + "version": "v1.25.10+rke2r1" }, { "agentArgs": { @@ -44853,7 +45880,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -44861,11 +45888,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.4.200" + "version": "1.5.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.2-rancher200" + "version": "3.0.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -44877,15 +45904,15 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.0-build2023020902" + "version": "v3.25.1-build2023051201" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.000" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.402" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -44893,7 +45920,7 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101107" + "version": "2.11.100-build2023051508" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -44901,15 +45928,15 @@ }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "1.7.201" + "version": "1.7.202" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "1.7.201" + "version": "1.7.202" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.100" + "version": "1.7.101" } }, "featureVersions": { @@ -45019,7 +46046,7 @@ "type": "array" } }, - "version": "v1.25.9+rke2r1" + "version": "v1.25.11+rke2r1" }, { "agentArgs": { @@ -45117,7 +46144,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -45133,15 +46160,15 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051200" + "version": "v3.25.1-build2023051203" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -45149,11 +46176,11 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.402" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -45161,7 +46188,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v4.0.2-build2023070701" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -45283,7 +46310,7 @@ "type": "array" } }, - "version": "v1.25.10+rke2r1" + "version": "v1.25.12+rke2r1" }, { "agentArgs": { @@ -45397,19 +46424,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051201" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.14.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -45417,7 +46444,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -45425,7 +46452,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -45437,13 +46464,13 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.101" + "version": "1.7.300" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.7.99", + "maxChannelServerVersion": "v2.8.99", "minChannelServerVersion": "v2.7.2-alpha1", "serverArgs": { "audit-policy-file": { @@ -45545,9 +46572,12 @@ }, "tls-san": { "type": "array" + }, + "tls-san-security": { + "type": "boolean" } }, - "version": "v1.25.11+rke2r1" + "version": "v1.25.13+rke2r1" }, { "agentArgs": { @@ -45624,6 +46654,7 @@ "profile": { "nullable": true, "options": [ + "cis", "cis-1.23" ], "type": "enum" @@ -45661,35 +46692,35 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.101" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051203" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.14.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051508" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023070701" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -45701,13 +46732,13 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.101" + "version": "1.7.302" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.7.99", + "maxChannelServerVersion": "v2.8.99", "minChannelServerVersion": "v2.7.2-alpha1", "serverArgs": { "audit-policy-file": { @@ -45774,6 +46805,9 @@ "kube-apiserver-image": { "type": "string" }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, "kube-controller-manager-arg": { "type": "array" }, @@ -45809,9 +46843,12 @@ }, "tls-san": { "type": "array" + }, + "tls-san-security": { + "type": "boolean" } }, - "version": "v1.25.12+rke2r1" + "version": "v1.25.15+rke2r2" }, { "agentArgs": { @@ -45888,6 +46925,7 @@ "profile": { "nullable": true, "options": [ + "cis", "cis-1.23" ], "type": "enum" @@ -45925,31 +46963,31 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.26.3-build2023110900" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.000" + "version": "1.14.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051508" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -45965,7 +47003,7 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.300" + "version": "1.7.302" } }, "featureVersions": { @@ -46038,6 +47076,9 @@ "kube-apiserver-image": { "type": "string" }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, "kube-controller-manager-arg": { "type": "array" }, @@ -46078,7 +47119,7 @@ "type": "boolean" } }, - "version": "v1.25.13+rke2r1" + "version": "v1.25.16+rke2r1" }, { "agentArgs": { @@ -46155,7 +47196,6 @@ "profile": { "nullable": true, "options": [ - "cis", "cis-1.23" ], "type": "enum" @@ -46177,7 +47217,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.1.1400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -46193,35 +47233,35 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.25.1-build2023051200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.200" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.19.402" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051508" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v3.9.3-build2023010902" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -46233,14 +47273,14 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.7.101" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.8.99", - "minChannelServerVersion": "v2.7.2-alpha1", + "maxChannelServerVersion": "v2.7.99", + "minChannelServerVersion": "v2.7.5-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -46306,9 +47346,6 @@ "kube-apiserver-image": { "type": "string" }, - "kube-cloud-controller-manager-arg": { - "type": "array" - }, "kube-controller-manager-arg": { "type": "array" }, @@ -46344,12 +47381,9 @@ }, "tls-san": { "type": "array" - }, - "tls-san-security": { - "type": "boolean" } }, - "version": "v1.25.15+rke2r2" + "version": "v1.26.5+rke2r1" }, { "agentArgs": { @@ -46426,7 +47460,6 @@ "profile": { "nullable": true, "options": [ - "cis", "cis-1.23" ], "type": "enum" @@ -46464,35 +47497,35 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.25.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.25.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.3-build2023110900" + "version": "v3.25.1-build2023051201" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.400" + "version": "1.13.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.5.201" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051508" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v3.9.3-build2023010902" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -46504,14 +47537,14 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.7.101" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.8.99", - "minChannelServerVersion": "v2.7.2-alpha1", + "maxChannelServerVersion": "v2.7.99", + "minChannelServerVersion": "v2.7.5-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -46577,9 +47610,6 @@ "kube-apiserver-image": { "type": "string" }, - "kube-cloud-controller-manager-arg": { - "type": "array" - }, "kube-controller-manager-arg": { "type": "array" }, @@ -46615,12 +47645,9 @@ }, "tls-san": { "type": "array" - }, - "tls-san-security": { - "type": "boolean" } }, - "version": "v1.25.16+rke2r1" + "version": "v1.26.6+rke2r1" }, { "agentArgs": { @@ -46718,7 +47745,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -46734,15 +47761,15 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051200" + "version": "v3.25.1-build2023051203" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -46750,11 +47777,11 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.402" + "version": "1.24.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -46762,7 +47789,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v4.0.2-build2023070701" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -46884,7 +47911,7 @@ "type": "array" } }, - "version": "v1.26.5+rke2r1" + "version": "v1.26.7+rke2r1" }, { "agentArgs": { @@ -46998,19 +48025,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.25.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051201" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.14.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -47018,7 +48045,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.5.201" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -47026,7 +48053,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.9.3-build2023010902" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -47038,13 +48065,13 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.101" + "version": "1.7.300" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.7.99", + "maxChannelServerVersion": "v2.8.99", "minChannelServerVersion": "v2.7.5-alpha1", "serverArgs": { "audit-policy-file": { @@ -47146,9 +48173,12 @@ }, "tls-san": { "type": "array" + }, + "tls-san-security": { + "type": "boolean" } }, - "version": "v1.26.6+rke2r1" + "version": "v1.26.8+rke2r1" }, { "agentArgs": { @@ -47225,6 +48255,7 @@ "profile": { "nullable": true, "options": [ + "cis", "cis-1.23" ], "type": "enum" @@ -47262,35 +48293,35 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.101" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.25.1-build2023051203" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.13.200" + "version": "1.14.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051508" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023070701" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -47302,13 +48333,13 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.101" + "version": "1.7.302" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.7.99", + "maxChannelServerVersion": "v2.8.99", "minChannelServerVersion": "v2.7.5-alpha1", "serverArgs": { "audit-policy-file": { @@ -47375,6 +48406,9 @@ "kube-apiserver-image": { "type": "string" }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, "kube-controller-manager-arg": { "type": "array" }, @@ -47410,9 +48444,12 @@ }, "tls-san": { "type": "array" + }, + "tls-san-security": { + "type": "boolean" } }, - "version": "v1.26.7+rke2r1" + "version": "v1.26.10+rke2r2" }, { "agentArgs": { @@ -47489,6 +48526,7 @@ "profile": { "nullable": true, "options": [ + "cis", "cis-1.23" ], "type": "enum" @@ -47526,31 +48564,31 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.26.3-build2023110900" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.000" + "version": "1.14.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.002" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051508" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -47566,7 +48604,7 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.300" + "version": "1.7.302" } }, "featureVersions": { @@ -47639,6 +48677,9 @@ "kube-apiserver-image": { "type": "string" }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, "kube-controller-manager-arg": { "type": "array" }, @@ -47679,7 +48720,7 @@ "type": "boolean" } }, - "version": "v1.26.8+rke2r1" + "version": "v1.26.11+rke2r1" }, { "agentArgs": { @@ -47794,23 +48835,23 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.26.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.26.300" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.26.3-build2023110900" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.200" + "version": "1.14.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.24.008" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -47818,11 +48859,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051511" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v4.0.2-build2023081107" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -47950,7 +48991,7 @@ "type": "boolean" } }, - "version": "v1.26.10+rke2r2" + "version": "v1.26.13+rke2r1" }, { "agentArgs": { @@ -48053,7 +49094,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1600" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -48065,23 +49106,23 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.3-build2023110900" + "version": "v3.27.0-build2024020601" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.400" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.29.001" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -48089,11 +49130,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v4.0.2-build2024020800" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -48132,6 +49173,7 @@ "canal", "cilium", "calico", + "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -48221,7 +49263,7 @@ "type": "boolean" } }, - "version": "v1.26.11+rke2r1" + "version": "v1.26.14+rke2r1" }, { "agentArgs": { @@ -48324,35 +49366,35 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1600" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.5.100" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.0.1-rancher101" + "version": "3.1.2-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.3-build2023110900" + "version": "v3.27.2-build2024030800" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.400" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.008" + "version": "1.29.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -48360,11 +49402,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051511" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081107" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -48403,6 +49445,7 @@ "canal", "cilium", "calico", + "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -48492,7 +49535,7 @@ "type": "boolean" } }, - "version": "v1.26.13+rke2r1" + "version": "v1.26.15+rke2r1" }, { "agentArgs": { @@ -48569,7 +49612,6 @@ "profile": { "nullable": true, "options": [ - "cis", "cis-1.23" ], "type": "enum" @@ -48595,7 +49637,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1600" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -48607,35 +49649,35 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.26.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.26.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.0-build2024020601" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.14.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.001" + "version": "1.24.004" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.6.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "2.11.100-build2023051509" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020800" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -48647,14 +49689,14 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.7.300" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.8.99", - "minChannelServerVersion": "v2.7.5-alpha1", + "maxChannelServerVersion": "v2.9.99", + "minChannelServerVersion": "v2.8.0-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -48674,7 +49716,6 @@ "canal", "cilium", "calico", - "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -48721,9 +49762,6 @@ "kube-apiserver-image": { "type": "string" }, - "kube-cloud-controller-manager-arg": { - "type": "array" - }, "kube-controller-manager-arg": { "type": "array" }, @@ -48764,7 +49802,7 @@ "type": "boolean" } }, - "version": "v1.26.14+rke2r1" + "version": "v1.27.5+rke2r1" }, { "agentArgs": { @@ -48867,35 +49905,35 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1600" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.5.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher101" + "version": "3.0.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.200" + "version": "v3.26.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.26.101" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.2-build2024030800" + "version": "v3.26.1-build2023080200" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.14.200" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -48903,11 +49941,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.2-build2023081100" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -48925,8 +49963,8 @@ "featureVersions": { "encryption-key-rotation": "2.0.0" }, - "maxChannelServerVersion": "v2.8.99", - "minChannelServerVersion": "v2.7.5-alpha1", + "maxChannelServerVersion": "v2.9.99", + "minChannelServerVersion": "v2.8.0-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -48946,7 +49984,6 @@ "canal", "cilium", "calico", - "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -49036,7 +50073,7 @@ "type": "boolean" } }, - "version": "v1.26.15+rke2r1" + "version": "v1.27.7+rke2r2" }, { "agentArgs": { @@ -49113,6 +50150,7 @@ "profile": { "nullable": true, "options": [ + "cis", "cis-1.23" ], "type": "enum" @@ -49150,31 +50188,31 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.100" + "version": "v3.26.300" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.26.3-build2023110900" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.000" + "version": "1.14.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.004" + "version": "1.24.006" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.6.100" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051509" + "version": "2.11.100-build2023051510" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -49190,7 +50228,7 @@ }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.300" + "version": "1.7.302" } }, "featureVersions": { @@ -49263,6 +50301,9 @@ "kube-apiserver-image": { "type": "string" }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, "kube-controller-manager-arg": { "type": "array" }, @@ -49303,7 +50344,7 @@ "type": "boolean" } }, - "version": "v1.27.5+rke2r1" + "version": "v1.27.8+rke2r1" }, { "agentArgs": { @@ -49418,23 +50459,23 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.26.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.101" + "version": "v3.26.300" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.1-build2023080200" + "version": "v3.26.3-build2023110900" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.200" + "version": "1.14.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.24.008" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -49442,11 +50483,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051511" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v4.0.2-build2023081107" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -49574,7 +50615,7 @@ "type": "boolean" } }, - "version": "v1.27.7+rke2r2" + "version": "v1.27.10+rke2r1" }, { "agentArgs": { @@ -49677,7 +50718,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1600" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -49689,23 +50730,23 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.3-build2023110900" + "version": "v3.27.0-build2024020601" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.400" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.006" + "version": "1.29.001" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -49713,11 +50754,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051510" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081100" + "version": "v4.0.2-build2024020800" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -49756,6 +50797,7 @@ "canal", "cilium", "calico", + "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -49845,7 +50887,7 @@ "type": "boolean" } }, - "version": "v1.27.8+rke2r1" + "version": "v1.27.11+rke2r1" }, { "agentArgs": { @@ -49948,35 +50990,35 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1600" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.5.100" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.0.1-rancher101" + "version": "3.1.2-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.26.300" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.26.3-build2023110900" + "version": "v3.27.2-build2024030800" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.14.400" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.24.008" + "version": "1.29.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", @@ -49984,11 +51026,11 @@ }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051511" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2023081107" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -50027,6 +51069,7 @@ "canal", "cilium", "calico", + "flannel", "multus,canal", "multus,cilium", "multus,calico" @@ -50116,7 +51159,7 @@ "type": "boolean" } }, - "version": "v1.27.10+rke2r1" + "version": "v1.27.12+rke2r1" }, { "agentArgs": { @@ -50215,7 +51258,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -50223,15 +51266,15 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.5.100" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.0.1-rancher101" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -50239,27 +51282,31 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.0-build2024020601" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.15.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.001" + "version": "1.29.002" + }, + "rke2-flannel": { + "repo": "rancher-rke2-charts", + "version": "v0.25.102" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020800" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -50308,6 +51355,18 @@ "container-runtime-endpoint": { "type": "string" }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, "disable": { "options": [ "rke2-coredns", @@ -50388,7 +51447,7 @@ "type": "boolean" } }, - "version": "v1.27.11+rke2r1" + "version": "v1.27.13+rke2r1" }, { "agentArgs": { @@ -50487,7 +51546,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -50499,11 +51558,11 @@ }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher101" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.200" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -50511,23 +51570,27 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.2-build2024030800" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", "version": "1.29.002" }, + "rke2-flannel": { + "repo": "rancher-rke2-charts", + "version": "v0.25.102" + }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -50580,6 +51643,18 @@ "container-runtime-endpoint": { "type": "string" }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, "disable": { "options": [ "rke2-coredns", @@ -50660,13 +51735,16 @@ "type": "boolean" } }, - "version": "v1.27.12+rke2r1" + "version": "v1.27.14+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, + "bind-address": { + "type": "string" + }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -50698,6 +51776,9 @@ "debug": { "type": "bool" }, + "enable-pprof": { + "type": "boolean" + }, "etcd-extra-env": { "type": "array" }, @@ -50759,7 +51840,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -50783,11 +51864,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.400" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -50795,11 +51876,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.101" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -50807,7 +51888,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -50941,20 +52022,29 @@ "snapshotter": { "type": "string" }, + "supervisor-metrics": { + "type": "boolean" + }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" } }, - "version": "v1.27.13+rke2r1" + "version": "v1.27.15+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, + "bind-address": { + "type": "string" + }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -50986,6 +52076,9 @@ "debug": { "type": "bool" }, + "enable-pprof": { + "type": "boolean" + }, "etcd-extra-env": { "type": "array" }, @@ -51047,7 +52140,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -51055,11 +52148,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -51071,7 +52164,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -51083,11 +52176,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.102" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -51095,7 +52188,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -51229,14 +52322,20 @@ "snapshotter": { "type": "string" }, + "supervisor-metrics": { + "type": "boolean" + }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" } }, - "version": "v1.27.14+rke2r1" + "version": "v1.27.16+rke2r1" }, { "agentArgs": { @@ -51345,15 +52444,15 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -51365,11 +52464,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024080600" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -51377,11 +52476,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.501" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.101" + "version": "4.10.401" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -51389,7 +52488,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.205" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -51536,16 +52635,13 @@ "type": "string" } }, - "version": "v1.27.15+rke2r1" + "version": "v1.27.16+rke2r2" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, - "bind-address": { - "type": "string" - }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -51577,7 +52673,10 @@ "debug": { "type": "bool" }, - "enable-pprof": { + "default-runtime": { + "type": "string" + }, + "disable-default-registry-endpoint": { "type": "boolean" }, "etcd-extra-env": { @@ -51641,7 +52740,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -51649,15 +52748,15 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.1.2-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.27.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -51665,31 +52764,27 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.27.2-build2024030800" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", "version": "1.29.002" }, - "rke2-flannel": { - "repo": "rancher-rke2-charts", - "version": "v0.25.400" - }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.102" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -51708,7 +52803,7 @@ "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.9.99", - "minChannelServerVersion": "v2.8.0-alpha1", + "minChannelServerVersion": "v2.8.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -51738,18 +52833,6 @@ "container-runtime-endpoint": { "type": "string" }, - "datastore-cafile": { - "type": "string" - }, - "datastore-certfile": { - "type": "string" - }, - "datastore-endpoint": { - "type": "string" - }, - "datastore-keyfile": { - "type": "string" - }, "disable": { "options": [ "rke2-coredns", @@ -51771,6 +52854,9 @@ "egress-selector-mode": { "type": "string" }, + "embedded-registry": { + "type": "boolean" + }, "etcd-arg": { "type": "array" }, @@ -51823,29 +52909,20 @@ "snapshotter": { "type": "string" }, - "supervisor-metrics": { - "type": "boolean" - }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" - }, - "write-kubeconfig-group": { - "type": "string" } }, - "version": "v1.27.16+rke2r1" + "version": "v1.28.8+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, - "bind-address": { - "type": "string" - }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -51877,7 +52954,10 @@ "debug": { "type": "bool" }, - "enable-pprof": { + "default-runtime": { + "type": "string" + }, + "disable-default-registry-endpoint": { "type": "boolean" }, "etcd-extra-env": { @@ -51941,19 +53021,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -51965,11 +53045,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024080600" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.000" + "version": "1.15.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -51977,11 +53057,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.501" + "version": "v0.25.102" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.401" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -51989,7 +53069,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -52008,7 +53088,7 @@ "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.9.99", - "minChannelServerVersion": "v2.8.0-alpha1", + "minChannelServerVersion": "v2.8.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -52071,6 +53151,9 @@ "egress-selector-mode": { "type": "string" }, + "embedded-registry": { + "type": "boolean" + }, "etcd-arg": { "type": "array" }, @@ -52123,20 +53206,14 @@ "snapshotter": { "type": "string" }, - "supervisor-metrics": { - "type": "boolean" - }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" - }, - "write-kubeconfig-group": { - "type": "string" } }, - "version": "v1.27.16+rke2r2" + "version": "v1.28.9+rke2r1" }, { "agentArgs": { @@ -52241,7 +53318,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -52253,11 +53330,11 @@ }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher101" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.200" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -52265,23 +53342,27 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.2-build2024030800" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", "version": "1.29.002" }, + "rke2-flannel": { + "repo": "rancher-rke2-charts", + "version": "v0.25.102" + }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -52334,6 +53415,18 @@ "container-runtime-endpoint": { "type": "string" }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, "disable": { "options": [ "rke2-coredns", @@ -52417,13 +53510,16 @@ "type": "boolean" } }, - "version": "v1.28.8+rke2r1" + "version": "v1.28.10+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, + "bind-address": { + "type": "string" + }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -52461,6 +53557,9 @@ "disable-default-registry-endpoint": { "type": "boolean" }, + "enable-pprof": { + "type": "boolean" + }, "etcd-extra-env": { "type": "array" }, @@ -52522,7 +53621,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -52546,11 +53645,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.400" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -52558,11 +53657,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.101" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -52570,7 +53669,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -52707,20 +53806,29 @@ "snapshotter": { "type": "string" }, + "supervisor-metrics": { + "type": "boolean" + }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" } }, - "version": "v1.28.9+rke2r1" + "version": "v1.28.11+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, + "bind-address": { + "type": "string" + }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -52758,6 +53866,9 @@ "disable-default-registry-endpoint": { "type": "boolean" }, + "enable-pprof": { + "type": "boolean" + }, "etcd-extra-env": { "type": "array" }, @@ -52819,7 +53930,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -52827,11 +53938,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -52843,7 +53954,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -52855,11 +53966,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.102" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -52867,7 +53978,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -53004,14 +54115,20 @@ "snapshotter": { "type": "string" }, + "supervisor-metrics": { + "type": "boolean" + }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" } }, - "version": "v1.28.10+rke2r1" + "version": "v1.28.12+rke2r1" }, { "agentArgs": { @@ -53126,43 +54243,43 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.28.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.28.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024080600" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.29.004" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.501" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.101" + "version": "4.10.401" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -53170,7 +54287,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.205" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -53320,7 +54437,7 @@ "type": "string" } }, - "version": "v1.28.11+rke2r1" + "version": "v1.28.13+rke2r1" }, { "agentArgs": { @@ -53431,11 +54548,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.600" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -53447,39 +54564,39 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.28.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.28.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024091100" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.104" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.29.006" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.601" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.102" + "version": "4.10.402" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "3.12.003" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.1.001" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -53629,7 +54746,7 @@ "type": "string" } }, - "version": "v1.28.12+rke2r1" + "version": "v1.28.14+rke2r1" }, { "agentArgs": { @@ -53740,11 +54857,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.600" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.2000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -53756,51 +54873,51 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024080600" + "version": "v3.28.2-build2024101601" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.000" + "version": "1.16.201" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.004" + "version": "1.33.002" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.501" + "version": "v0.25.704" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.401" + "version": "4.10.501" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "3.12.004" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.1.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.9.001" } }, "featureVersions": { @@ -53938,16 +55055,13 @@ "type": "string" } }, - "version": "v1.28.13+rke2r1" + "version": "v1.28.15+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, - "bind-address": { - "type": "string" - }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -53985,9 +55099,6 @@ "disable-default-registry-endpoint": { "type": "boolean" }, - "enable-pprof": { - "type": "boolean" - }, "etcd-extra-env": { "type": "array" }, @@ -54049,55 +55160,51 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.600" + "version": "0.2.200" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.1.2-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.27.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024091100" + "version": "v3.27.2-build2024030800" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.104" + "version": "1.15.100" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.006" - }, - "rke2-flannel": { - "repo": "rancher-rke2-charts", - "version": "v0.25.601" + "version": "1.29.002" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.402" + "version": "4.8.200" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.003" + "version": "2.11.100-build2023051513" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.001" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -54116,7 +55223,7 @@ "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.9.99", - "minChannelServerVersion": "v2.8.3-alpha1", + "minChannelServerVersion": "v2.9.0-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -54146,18 +55253,6 @@ "container-runtime-endpoint": { "type": "string" }, - "datastore-cafile": { - "type": "string" - }, - "datastore-certfile": { - "type": "string" - }, - "datastore-endpoint": { - "type": "string" - }, - "datastore-keyfile": { - "type": "string" - }, "disable": { "options": [ "rke2-coredns", @@ -54234,29 +55329,20 @@ "snapshotter": { "type": "string" }, - "supervisor-metrics": { - "type": "boolean" - }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" - }, - "write-kubeconfig-group": { - "type": "string" } }, - "version": "v1.28.14+rke2r1" + "version": "v1.29.3+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, - "bind-address": { - "type": "string" - }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -54294,9 +55380,6 @@ "disable-default-registry-endpoint": { "type": "boolean" }, - "enable-pprof": { - "type": "boolean" - }, "etcd-extra-env": { "type": "array" }, @@ -54358,74 +55441,74 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.600" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.2000" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.2-build2024101601" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.201" + "version": "1.15.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.33.002" + "version": "1.29.002" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.704" + "version": "v0.25.102" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.501" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.004" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.205" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "3.0.601" + "version": "1.7.202" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "3.0.601" + "version": "1.7.202" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.9.001" + "version": "1.7.302" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.9.99", - "minChannelServerVersion": "v2.8.3-alpha1", + "minChannelServerVersion": "v2.9.0-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -54543,20 +55626,14 @@ "snapshotter": { "type": "string" }, - "supervisor-metrics": { - "type": "boolean" - }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" - }, - "write-kubeconfig-group": { - "type": "string" } }, - "version": "v1.28.15+rke2r1" + "version": "v1.29.4+rke2r1" }, { "agentArgs": { @@ -54661,7 +55738,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.200" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -54673,11 +55750,11 @@ }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher101" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.200" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -54685,23 +55762,27 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.2-build2024030800" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.100" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", "version": "1.29.002" }, + "rke2-flannel": { + "repo": "rancher-rke2-charts", + "version": "v0.25.102" + }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.8.200" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2023051513" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", @@ -54754,6 +55835,18 @@ "container-runtime-endpoint": { "type": "string" }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, "disable": { "options": [ "rke2-coredns", @@ -54837,7 +55930,7 @@ "type": "boolean" } }, - "version": "v1.29.3+rke2r1" + "version": "v1.29.5+rke2r1" }, { "agentArgs": { @@ -54942,7 +56035,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -54966,11 +56059,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.400" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -54978,11 +56071,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.101" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -54990,7 +56083,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -55134,7 +56227,7 @@ "type": "boolean" } }, - "version": "v1.29.4+rke2r1" + "version": "v1.29.6+rke2r1" }, { "agentArgs": { @@ -55239,7 +56332,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -55247,11 +56340,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -55263,7 +56356,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -55275,11 +56368,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.102" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -55287,7 +56380,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -55431,7 +56524,7 @@ "type": "boolean" } }, - "version": "v1.29.5+rke2r1" + "version": "v1.29.7+rke2r1" }, { "agentArgs": { @@ -55540,43 +56633,43 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.28.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.28.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024080600" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.29.004" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.501" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.101" + "version": "4.10.401" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -55584,7 +56677,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.205" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -55728,7 +56821,7 @@ "type": "boolean" } }, - "version": "v1.29.6+rke2r1" + "version": "v1.29.8+rke2r1" }, { "agentArgs": { @@ -55833,11 +56926,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.600" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -55849,39 +56942,39 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.28.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.28.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024091100" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.104" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.29.006" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.601" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.102" + "version": "4.10.402" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "3.12.003" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.1.001" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -56025,7 +57118,7 @@ "type": "boolean" } }, - "version": "v1.29.7+rke2r1" + "version": "v1.29.9+rke2r1" }, { "agentArgs": { @@ -56130,11 +57223,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.600" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.2000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -56146,51 +57239,51 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024080600" + "version": "v3.28.2-build2024101601" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.000" + "version": "1.16.201" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.004" + "version": "1.33.002" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.501" + "version": "v0.25.704" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.401" + "version": "4.10.501" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "3.12.004" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.1.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.9.001" } }, "featureVersions": { @@ -56322,7 +57415,7 @@ "type": "boolean" } }, - "version": "v1.29.8+rke2r1" + "version": "v1.29.10+rke2r1" }, { "agentArgs": { @@ -56431,63 +57524,63 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.2000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.9.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.3.1-rancher700" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.29.000" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.29.000" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024091100" + "version": "v3.29.0-build2024110400" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.104" + "version": "1.16.303" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.006" + "version": "1.33.005" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.601" + "version": "v0.26.100" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.402" + "version": "4.10.502" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.003" + "version": "3.12.004" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.001" + "version": "v4.1.301" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.9.001" } }, "featureVersions": { @@ -56619,7 +57712,7 @@ "type": "boolean" } }, - "version": "v1.29.9+rke2r1" + "version": "v1.29.11+rke2r1" }, { "agentArgs": { @@ -56728,43 +57821,43 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.2000" + "version": "0.1.2100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.9.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.3.1-rancher700" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.29.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.29.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.2-build2024101601" + "version": "v3.29.1-build2024121100" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.201" + "version": "1.16.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.33.002" + "version": "1.36.102" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.704" + "version": "v0.26.101" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.501" + "version": "4.10.503" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -56772,7 +57865,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.205" + "version": "v4.1.301" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -56916,7 +58009,7 @@ "type": "boolean" } }, - "version": "v1.29.10+rke2r1" + "version": "v1.29.12+rke2r1" }, { "agentArgs": { @@ -57021,67 +58114,67 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.600" + "version": "0.2.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.2000" + "version": "0.1.1700" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.9.100" + "version": "1.7.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.1-rancher700" + "version": "3.1.2-rancher400" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.29.000" + "version": "v3.27.300" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.29.000" + "version": "v3.27.002" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.29.0-build2024110400" + "version": "v3.27.3-build2024042301" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.303" + "version": "1.15.500" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.33.005" + "version": "1.29.002" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.26.100" + "version": "v0.25.102" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.502" + "version": "4.9.100" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.004" + "version": "3.12.002" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.301" + "version": "v4.0.2-build2024020802" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "3.0.601" + "version": "1.7.202" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "3.0.601" + "version": "1.7.202" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.9.001" + "version": "1.7.302" } }, "featureVersions": { @@ -57213,13 +58306,16 @@ "type": "boolean" } }, - "version": "v1.29.11+rke2r1" + "version": "v1.30.1+rke2r1" }, { "agentArgs": { "audit-policy-file": { "type": "string" }, + "bind-address": { + "type": "string" + }, "cloud-controller-manager-extra-env": { "type": "array" }, @@ -57257,6 +58353,9 @@ "disable-default-registry-endpoint": { "type": "boolean" }, + "enable-pprof": { + "type": "boolean" + }, "etcd-extra-env": { "type": "array" }, @@ -57318,7 +58417,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.300" + "version": "0.2.400" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -57342,7 +58441,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.27.3-build2024042301" + "version": "v3.28.0-build2024062503" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -57354,11 +58453,11 @@ }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.102" + "version": "v0.25.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.9.100" + "version": "4.10.101" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -57366,7 +58465,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.2-build2024020802" + "version": "v4.0.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -57503,14 +58602,20 @@ "snapshotter": { "type": "string" }, + "supervisor-metrics": { + "type": "boolean" + }, "tls-san": { "type": "array" }, "tls-san-security": { "type": "boolean" + }, + "write-kubeconfig-group": { + "type": "string" } }, - "version": "v1.30.1+rke2r1" + "version": "v1.30.2+rke2r1" }, { "agentArgs": { @@ -57629,11 +58734,11 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.7.001" + "version": "1.8.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.1.2-rancher400" + "version": "3.3.0-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -57661,7 +58766,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.101" + "version": "4.10.102" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -57669,7 +58774,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.205" + "version": "v4.0.206" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -57682,6 +58787,14 @@ "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", "version": "1.7.302" + }, + "rke2-traefik": { + "repo": "rancher-rke2-charts", + "version": "25.0.000" + }, + "rke2-traefik-crd": { + "repo": "rancher-rke2-charts", + "version": "25.0.000" } }, "featureVersions": { @@ -57819,7 +58932,7 @@ "type": "string" } }, - "version": "v1.30.2+rke2r1" + "version": "v1.30.3+rke2r1" }, { "agentArgs": { @@ -57934,7 +59047,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1700" + "version": "0.1.1800" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -57946,31 +59059,31 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.27.300" + "version": "v3.28.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.27.002" + "version": "v3.28.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.0-build2024062503" + "version": "v3.28.1-build2024080600" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.15.500" + "version": "1.16.000" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.002" + "version": "1.29.004" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.400" + "version": "v0.25.501" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.102" + "version": "4.10.401" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -58136,7 +59249,7 @@ "type": "string" } }, - "version": "v1.30.3+rke2r1" + "version": "v1.30.4+rke2r1" }, { "agentArgs": { @@ -58247,7 +59360,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.2.400" + "version": "0.2.600" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -58271,31 +59384,31 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024080600" + "version": "v3.28.1-build2024091100" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.000" + "version": "1.16.104" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.004" + "version": "1.29.006" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.501" + "version": "v0.25.601" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.401" + "version": "4.10.402" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.002" + "version": "3.12.003" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.0.206" + "version": "v4.1.001" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -58453,7 +59566,7 @@ "type": "string" } }, - "version": "v1.30.4+rke2r1" + "version": "v1.30.5+rke2r1" }, { "agentArgs": { @@ -58568,7 +59681,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1800" + "version": "0.1.2000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -58580,59 +59693,59 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.100" + "version": "v3.28.200" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.1-build2024091100" + "version": "v3.28.2-build2024101601" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.104" + "version": "1.16.201" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.29.006" + "version": "1.33.002" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.601" + "version": "v0.25.704" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.402" + "version": "4.10.501" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "3.12.003" + "version": "3.12.004" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.001" + "version": "v4.1.205" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-controller-crd": { "repo": "rancher-rke2-charts", - "version": "1.7.202" + "version": "3.0.601" }, "rke2-snapshot-validation-webhook": { "repo": "rancher-rke2-charts", - "version": "1.7.302" + "version": "1.9.001" }, "rke2-traefik": { "repo": "rancher-rke2-charts", - "version": "25.0.000" + "version": "27.0.200" }, "rke2-traefik-crd": { "repo": "rancher-rke2-charts", - "version": "25.0.000" + "version": "27.0.200" } }, "featureVersions": { @@ -58770,7 +59883,7 @@ "type": "string" } }, - "version": "v1.30.5+rke2r1" + "version": "v1.30.6+rke2r1" }, { "agentArgs": { @@ -58889,39 +60002,39 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.8.000" + "version": "1.9.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "3.3.0-rancher100" + "version": "3.3.1-rancher700" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.29.000" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.28.200" + "version": "v3.29.000" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.28.2-build2024101601" + "version": "v3.29.0-build2024110400" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.201" + "version": "1.16.303" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.33.002" + "version": "1.33.005" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.25.704" + "version": "v0.26.100" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.501" + "version": "4.10.502" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -58929,7 +60042,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v4.1.205" + "version": "v4.1.301" }, "rke2-snapshot-controller": { "repo": "rancher-rke2-charts", @@ -59087,7 +60200,7 @@ "type": "string" } }, - "version": "v1.30.6+rke2r1" + "version": "v1.30.7+rke2r1" }, { "agentArgs": { @@ -59202,7 +60315,7 @@ }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.2000" + "version": "0.1.2100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", @@ -59214,31 +60327,31 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.29.000" + "version": "v3.29.100" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.29.000" + "version": "v3.29.100" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.29.0-build2024110400" + "version": "v3.29.1-build2024121100" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.16.303" + "version": "1.16.400" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.33.005" + "version": "1.36.102" }, "rke2-flannel": { "repo": "rancher-rke2-charts", - "version": "v0.26.100" + "version": "v0.26.101" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.10.502" + "version": "4.10.503" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -59404,7 +60517,7 @@ "type": "string" } }, - "version": "v1.30.7+rke2r1" + "version": "v1.30.8+rke2r1" } ] } diff --git a/pkg/rke/k8s_docker_info.go b/pkg/rke/k8s_docker_info.go index e3955e941..ba2a9d3aa 100644 --- a/pkg/rke/k8s_docker_info.go +++ b/pkg/rke/k8s_docker_info.go @@ -21,9 +21,9 @@ func loadK8sVersionDockerInfo() map[string][]string { "1.24": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x"}, "1.25": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x"}, "1.26": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x"}, - "1.27": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x"}, - "1.28": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x"}, - "1.29": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x"}, - "1.30": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x"}, + "1.27": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x", "27.3.x", "27.4.x"}, + "1.28": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x", "27.3.x", "27.4.x"}, + "1.29": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x", "27.3.x", "27.4.x"}, + "1.30": {"1.13.x", "17.03.x", "17.06.x", "17.09.x", "18.06.x", "18.09.x", "19.03.x", "20.10.x", "23.0.x", "24.0.x", "25.0.x", "26.0.x", "26.1.x", "27.0.x", "27.1.x", "27.2.x", "27.3.x", "27.4.x"}, } } diff --git a/pkg/rke/k8s_rke_system_images.go b/pkg/rke/k8s_rke_system_images.go index c004cd6e3..44e417d63 100644 --- a/pkg/rke/k8s_rke_system_images.go +++ b/pkg/rke/k8s_rke_system_images.go @@ -11024,6 +11024,48 @@ func loadK8sRKESystemImages() map[string]v3.RKESystemImages { WindowsPodInfraContainer: "rancher/mirrored-pause:3.7", Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.22.28", }, + // Enabled in Rancher v2.9.6 + "v1.29.12-rancher1-1": { + Etcd: "rancher/mirrored-coreos-etcd:v3.5.12", + Kubernetes: "rancher/hyperkube:v1.29.12-rancher1", + Alpine: "rancher/rke-tools:v0.1.108", + NginxProxy: "rancher/rke-tools:v0.1.108", + CertDownloader: "rancher/rke-tools:v0.1.108", + KubernetesServicesSidecar: "rancher/rke-tools:v0.1.108", + KubeDNS: "rancher/mirrored-k8s-dns-kube-dns:1.22.28", + DNSmasq: "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.22.28", + KubeDNSSidecar: "rancher/mirrored-k8s-dns-sidecar:1.22.28", + KubeDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + Flannel: "rancher/mirrored-flannel-flannel:v0.25.1", + FlannelCNI: "rancher/flannel-cni:v1.4.1-rancher1", + CalicoNode: "rancher/mirrored-calico-node:v3.27.4", + CalicoCNI: "rancher/calico-cni:v3.27.4-rancher1", + CalicoControllers: "rancher/mirrored-calico-kube-controllers:v3.27.4", + CalicoCtl: "rancher/mirrored-calico-ctl:v3.27.4", + CalicoFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.27.4", + CanalNode: "rancher/mirrored-calico-node:v3.27.4", + CanalCNI: "rancher/calico-cni:v3.27.4-rancher1", + CanalControllers: "rancher/mirrored-calico-kube-controllers:v3.27.4", + CanalFlannel: "rancher/mirrored-flannel-flannel:v0.25.1", + CanalFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.27.4", + WeaveNode: "weaveworks/weave-kube:2.8.1", + WeaveCNI: "weaveworks/weave-npc:2.8.1", + AciCniDeployContainer: "noiro/cnideploy:6.1.1.2.81c2369", + AciHostContainer: "noiro/aci-containers-host:6.1.1.2.81c2369", + AciOpflexContainer: "noiro/opflex:6.1.1.2.81c2369", + AciMcastContainer: "noiro/opflex:6.1.1.2.81c2369", + AciOpenvSwitchContainer: "noiro/openvswitch:6.1.1.2.81c2369", + AciControllerContainer: "noiro/aci-containers-controller:6.1.1.2.81c2369", + PodInfraContainer: "rancher/mirrored-pause:3.7", + Ingress: "rancher/nginx-ingress-controller:nginx-1.11.3-rancher1", + IngressBackend: "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher2", + IngressWebhook: "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v20231226-1a7112e06", + MetricsServer: "rancher/mirrored-metrics-server:v0.7.0", + CoreDNS: "rancher/mirrored-coredns-coredns:1.11.1", + CoreDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + WindowsPodInfraContainer: "rancher/mirrored-pause:3.7", + Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.22.28", + }, // Enabled in v2.9.0 "v1.30.2-rancher1-1": { Etcd: "rancher/mirrored-coreos-etcd:v3.5.12", @@ -11264,6 +11306,46 @@ func loadK8sRKESystemImages() map[string]v3.RKESystemImages { WindowsPodInfraContainer: "rancher/mirrored-pause:3.7", Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.23.0", }, + // Enabled in Rancher v2.9.6 + "v1.30.8-rancher1-1": { + Etcd: "rancher/mirrored-coreos-etcd:v3.5.12", + Kubernetes: "rancher/hyperkube:v1.30.8-rancher1", + Alpine: "rancher/rke-tools:v0.1.108", + NginxProxy: "rancher/rke-tools:v0.1.108", + CertDownloader: "rancher/rke-tools:v0.1.108", + KubernetesServicesSidecar: "rancher/rke-tools:v0.1.108", + KubeDNS: "rancher/mirrored-k8s-dns-kube-dns:1.23.0", + DNSmasq: "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.23.0", + KubeDNSSidecar: "rancher/mirrored-k8s-dns-sidecar:1.23.0", + KubeDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + Flannel: "rancher/mirrored-flannel-flannel:v0.25.1", + FlannelCNI: "rancher/flannel-cni:v1.4.1-rancher1", + CalicoNode: "rancher/mirrored-calico-node:v3.28.1", + CalicoCNI: "rancher/calico-cni:v3.28.1-rancher1", + CalicoControllers: "rancher/mirrored-calico-kube-controllers:v3.28.1", + CalicoCtl: "rancher/mirrored-calico-ctl:v3.28.1", + CalicoFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.28.1", + CanalNode: "rancher/mirrored-calico-node:v3.28.1", + CanalCNI: "rancher/calico-cni:v3.28.1-rancher1", + CanalControllers: "rancher/mirrored-calico-kube-controllers:v3.28.1", + CanalFlannel: "rancher/mirrored-flannel-flannel:v0.25.1", + CanalFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.28.1", + AciCniDeployContainer: "noiro/cnideploy:6.1.1.2.81c2369", + AciHostContainer: "noiro/aci-containers-host:6.1.1.2.81c2369", + AciOpflexContainer: "noiro/opflex:6.1.1.2.81c2369", + AciMcastContainer: "noiro/opflex:6.1.1.2.81c2369", + AciOpenvSwitchContainer: "noiro/openvswitch:6.1.1.2.81c2369", + AciControllerContainer: "noiro/aci-containers-controller:6.1.1.2.81c2369", + PodInfraContainer: "rancher/mirrored-pause:3.7", + Ingress: "rancher/nginx-ingress-controller:nginx-1.11.3-rancher1", + IngressBackend: "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher2", + IngressWebhook: "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.4.1", + MetricsServer: "rancher/mirrored-metrics-server:v0.7.1", + CoreDNS: "rancher/mirrored-coredns-coredns:1.11.1", + CoreDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:v1.8.9", + WindowsPodInfraContainer: "rancher/mirrored-pause:3.7", + Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.23.0", + }, // k8s version from 2.1.x release with old rke-tools to allow upgrade from 2.1.x clusters // without all clusters being restarted "v1.11.9-rancher1-3": { diff --git a/pkg/rke/k8s_version_info.go b/pkg/rke/k8s_version_info.go index 6457532c6..a62d6b2f1 100644 --- a/pkg/rke/k8s_version_info.go +++ b/pkg/rke/k8s_version_info.go @@ -65,7 +65,7 @@ func loadRKEDefaultK8sVersions() map[string]string { return map[string]string{ "0.3": "v1.16.3-rancher1-1", // rke will use default if its version is absent - "default": "v1.30.7-rancher1-1", + "default": "v1.30.8-rancher1-1", } } diff --git a/pkg/rke/templates/aci-v6.1.1.2.go b/pkg/rke/templates/aci-v6.1.1.2.go new file mode 100644 index 000000000..b7c398bca --- /dev/null +++ b/pkg/rke/templates/aci-v6.1.1.2.go @@ -0,0 +1,2843 @@ +package templates + +const AciTemplateV6112 = ` +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: acicontainersoperators.aci.ctrl +spec: + group: aci.ctrl + names: + kind: AciContainersOperator + listKind: AciContainersOperatorList + plural: acicontainersoperators + singular: acicontainersoperator + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: acicontainersoperator owns the lifecycle of ACI objects in the cluster + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: AciContainersOperatorSpec defines the desired spec for ACI Objects + properties: + flavor: + type: string + config: + type: string + type: object + status: + description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator + properties: + status: + type: boolean + type: object + required: + - spec + type: object +--- +apiVersion: v1 +kind: Namespace +metadata: + name: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: nodepodifs.aci.aw +spec: + group: aci.aw + names: + kind: NodePodIF + listKind: NodePodIFList + plural: nodepodifs + singular: nodepodif + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + properties: + podifs: + type: array + items: + type: object + properties: + containerID: + type: string + epg: + type: string + ifname: + type: string + ipaddr: + type: string + macaddr: + type: string + podname: + type: string + podns: + type: string + vtep: + type: string + required: + - spec + type: object +--- +{{- if eq .UseAciCniPriorityClass "true"}} +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: acicni-priority +value: 1000000000 +globalDefault: false +description: "This priority class is used for ACI-CNI resources" +--- +{{- end }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatglobalinfos.aci.snat +spec: + group: aci.snat + names: + kind: SnatGlobalInfo + listKind: SnatGlobalInfoList + plural: snatglobalinfos + singular: snatglobalinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: SnatGlobalInfo is the Schema for the snatglobalinfos API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + globalInfos: + additionalProperties: + items: + properties: + macAddress: + type: string + portRanges: + items: + properties: + end: + maximum: 65535 + minimum: 1 + type: integer + start: + maximum: 65535 + minimum: 1 + type: integer + type: object + type: array + snatIp: + type: string + snatIpUid: + type: string + snatPolicyName: + type: string + required: + - macAddress + - portRanges + - snatIp + - snatIpUid + - snatPolicyName + type: object + type: array + type: object + required: + - globalInfos + type: object + status: + description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatlocalinfos.aci.snat +spec: + group: aci.snat + names: + kind: SnatLocalInfo + listKind: SnatLocalInfoList + plural: snatlocalinfos + singular: snatlocalinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo + properties: + localInfos: + items: + properties: + podName: + type: string + podNamespace: + type: string + podUid: + type: string + snatPolicies: + items: + properties: + destIp: + items: + type: string + type: array + name: + type: string + snatIp: + type: string + required: + - destIp + - name + - snatIp + type: object + type: array + required: + - podName + - podNamespace + - podUid + - snatPolicies + type: object + type: array + required: + - localInfos + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatpolicies.aci.snat +spec: + group: aci.snat + names: + kind: SnatPolicy + listKind: SnatPolicyList + plural: snatpolicies + singular: snatpolicy + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + properties: + selector: + type: object + properties: + labels: + type: object + description: 'Selection of Pods' + properties: + additionalProperties: + type: string + namespace: + type: string + type: object + snatIp: + type: array + items: + type: string + destIp: + type: array + items: + type: string + type: object + status: + type: object + properties: + additionalProperties: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: nodeinfos.aci.snat +spec: + group: aci.snat + names: + kind: NodeInfo + listKind: NodeInfoList + plural: nodeinfos + singular: nodeinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + macaddress: + type: string + snatpolicynames: + additionalProperties: + type: boolean + type: object + type: object + status: + description: NodeinfoStatus defines the observed state of Nodeinfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: rdconfigs.aci.snat +spec: + group: aci.snat + names: + kind: RdConfig + listKind: RdConfigList + plural: rdconfigs + singular: rdconfig + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + discoveredsubnets: + items: + type: string + type: array + usersubnets: + items: + type: string + type: array + type: object + status: + description: NodeinfoStatus defines the observed state of Nodeinfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.aci.netpol +spec: + group: aci.netpol + names: + kind: NetworkPolicy + listKind: NetworkPolicyList + plural: networkpolicies + singular: networkpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Network Policy describes traffic flow at IP address or port level + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: allow ingress from the same namespace + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + egress: + description: Set of egress rules evaluated based on the order in which they are set. + items: + properties: + action: + description: Action specifies the action to be applied on the rule. + type: string + enableLogging: + description: EnableLogging is used to indicate if agent should generate logs default to false. + type: boolean + ports: + description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports. + items: + description: NetworkPolicyPort describes the port and protocol to match in a rule. + properties: + endPort: + description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified. + format: int32 + type: integer + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. + type: string + type: object + type: array + to: + description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations. + items: + properties: + ipBlock: + description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector. + properties: + cidr: + description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + toFqDn: + properties: + matchNames: + items: + type: string + type: array + required: + - matchNames + type: object + required: + - enableLogging + - toFqDn + type: object + type: array + ingress: + description: Set of ingress rules evaluated based on the order in which they are set. + items: + properties: + action: + description: Action specifies the action to be applied on the rule. + type: string + enableLogging: + description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false. + type: boolean + from: + description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources. + items: + properties: + ipBlock: + description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector. + properties: + cidr: + description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + ports: + description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports. + items: + description: NetworkPolicyPort describes the port and protocol to match in a rule. + properties: + endPort: + description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified. + format: int32 + type: integer + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. + type: string + type: object + type: array + type: object + type: array + policyTypes: + items: + description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8 + type: string + type: array + priority: + description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies. + type: integer + type: + description: type of the policy. + type: string + required: + - type + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dnsnetworkpolicies.aci.dnsnetpol +spec: + group: aci.dnsnetpol + names: + kind: DnsNetworkPolicy + listKind: DnsNetworkPolicyList + plural: dnsnetworkpolicies + singular: dnsnetworkpolicy + scope: Namespaced + versions: + - name: v1beta + schema: + openAPIV3Schema: + description: dns network Policy + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: allow ingress from the same namespace + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + egress: + description: Set of egress rules evaluated based on the order in which they are set. + properties: + toFqdn: + properties: + matchNames: + items: + type: string + type: array + required: + - matchNames + type: object + required: + - toFqdn + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: qospolicies.aci.qos +spec: + group: aci.qos + names: + kind: QosPolicy + listKind: QosPolicyList + plural: qospolicies + singular: qospolicy + scope: Namespaced + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + podSelector: + description: 'Selection of Pods' + type: object + properties: + matchLabels: + type: object + description: + ingress: + type: object + properties: + policing_rate: + type: integer + minimum: 0 + policing_burst: + type: integer + minimum: 0 + egress: + type: object + properties: + policing_rate: + type: integer + minimum: 0 + policing_burst: + type: integer + minimum: 0 + dscpmark: + type: integer + default: 0 + minimum: 0 + maximum: 63 +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: netflowpolicies.aci.netflow +spec: + group: aci.netflow + names: + kind: NetflowPolicy + listKind: NetflowPolicyList + plural: netflowpolicies + singular: netflowpolicy + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1alpha + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + flowSamplingPolicy: + type: object + properties: + destIp: + type: string + destPort: + type: integer + minimum: 0 + maximum: 65535 + default: 2055 + flowType: + type: string + enum: + - netflow + - ipfix + default: netflow + activeFlowTimeOut: + type: integer + minimum: 0 + maximum: 3600 + default: 60 + idleFlowTimeOut: + type: integer + minimum: 0 + maximum: 600 + default: 15 + samplingRate: + type: integer + minimum: 0 + maximum: 1000 + default: 0 + required: + - destIp + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: erspanpolicies.aci.erspan +spec: + group: aci.erspan + names: + kind: ErspanPolicy + listKind: ErspanPolicyList + plural: erspanpolicies + singular: erspanpolicy + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + selector: + type: object + description: 'Selection of Pods' + properties: + labels: + type: object + properties: + additionalProperties: + type: string + namespace: + type: string + source: + type: object + properties: + adminState: + description: Administrative state. + default: start + type: string + enum: + - start + - stop + direction: + description: Direction of the packets to monitor. + default: both + type: string + enum: + - in + - out + - both + destination: + type: object + properties: + destIP: + description: Destination IP of the ERSPAN packet. + type: string + flowID: + description: Unique flow ID of the ERSPAN packet. + default: 1 + type: integer + minimum: 1 + maximum: 1023 + required: + - destIP + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: enabledroplogs.aci.droplog +spec: + group: aci.droplog + names: + kind: EnableDropLog + listKind: EnableDropLogList + plural: enabledroplogs + singular: enabledroplog + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + description: Defines the desired state of EnableDropLog + type: object + properties: + disableDefaultDropLog: + description: Disables the default droplog enabled by acc-provision. + default: false + type: boolean + nodeSelector: + type: object + description: Drop logging is enabled on nodes selected based on labels + properties: + labels: + type: object + properties: + additionalProperties: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: prunedroplogs.aci.droplog +spec: + group: aci.droplog + names: + kind: PruneDropLog + listKind: PruneDropLogList + plural: prunedroplogs + singular: prunedroplog + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + description: Defines the desired state of PruneDropLog + type: object + properties: + nodeSelector: + type: object + description: Drop logging filters are applied to nodes selected based on labels + properties: + labels: + type: object + properties: + additionalProperties: + type: string + dropLogFilters: + type: object + properties: + srcIP: + type: string + destIP: + type: string + srcMAC: + type: string + destMAC: + type: string + srcPort: + type: integer + destPort: + type: integer + ipProto: + type: integer +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: accprovisioninputs.aci.ctrl +spec: + group: aci.ctrl + names: + kind: AccProvisionInput + listKind: AccProvisionInputList + plural: accprovisioninputs + singular: accprovisioninput + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: accprovisioninput defines the input configuration for ACI CNI + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: AccProvisionInputSpec defines the desired spec for accprovisioninput object + properties: + acc_provision_input: + type: object + properties: + operator_managed_config: + type: object + properties: + enable_updates: + type: boolean + aci_config: + type: object + properties: + sync_login: + type: object + properties: + certfile: + type: string + keyfile: + type: string + client_ssl: + type: boolean + net_config: + type: object + properties: + interface_mtu: + type: integer + service_monitor_interval: + type: integer + pbr_tracking_non_snat: + type: boolean + pod_subnet_chunk_size: + type: integer + disable_wait_for_network: + type: boolean + duration_wait_for_network: + type: integer + registry: + type: object + properties: + image_prefix: + type: string + image_pull_secret: + type: string + aci_containers_operator_version: + type: string + aci_containers_controller_version: + type: string + aci_containers_host_version: + type: string + acc_provision_operator_version: + type: string + aci_cni_operator_version: + type: string + cnideploy_version: + type: string + opflex_agent_version: + type: string + openvswitch_version: + type: string + gbp_version: + type: string + logging: + type: object + properties: + controller_log_level: + type: string + hostagent_log_level: + type: string + opflexagent_log_level: + type: string + istio_config: + type: object + properties: + install_profile: + type: string + multus: + type: object + properties: + disable: + type: boolean + drop_log_config: + type: object + properties: + enable: + type: boolean + nodepodif_config: + type: object + properties: + enable: + type: boolean + sriov_config: + type: object + properties: + enable: + type: boolean + kube_config: + type: object + properties: + ovs_memory_limit: + type: string + use_privileged_containers: + type: boolean + image_pull_policy: + type: string + reboot_opflex_with_ovs: + type: string + snat_operator: + type: object + properties: + port_range: + type: object + properties: + start: + type: integer + end: + type: integer + ports_per_node: + type: integer + contract_scope: + type: string + disable_periodic_snat_global_info_sync: + type: boolean + type: object + status: + description: AccProvisionInputStatus defines the successful completion of AccProvisionInput + properties: + status: + type: boolean + type: object + required: + - spec + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: hostprotpols.aci.hpp +spec: + group: aci.hpp + names: + kind: HostprotPol + listKind: HostprotPolList + plural: hostprotpols + singular: hostprotpol + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: 'APIVersion defines the versioned schema of this + representation of an object.Servers should convert recognized + schemas to the latest internal value, and may reject + unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + kind: + type: string + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + metadata: + type: object + spec: + type: object + properties: + name: + type: string + networkPolicies: + type: array + items: + type: string + hostprotSubj: + type: array + items: + type: object + properties: + name: + type: string + hostprotRule: + type: array + items: + type: object + properties: + name: + type: string + protocol: + type: string + description: Protocol + rsRemoteIpContainer: + type: array + items: + type: string + toPort: + type: string + description: ToPort + connTrack: + type: string + description: ConnTrack + direction: + type: string + description: Direction + ethertype: + type: string + description: Ethertype + fromPort: + type: string + description: FromPort + hostprotServiceRemoteIps: + type: array + items: + type: string + hostprotFilterContainer: + type: object + properties: + hostprotFilter: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: hostprotremoteipcontainers.aci.hpp +spec: + group: aci.hpp + names: + kind: HostprotRemoteIpContainer + listKind: HostprotRemoteIpContainerList + plural: hostprotremoteipcontainers + singular: hostprotremoteipcontainer + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: 'APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + kind: + type: string + description: 'Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + metadata: + type: object + spec: + type: object + properties: + name: + type: string + hostprotRemoteIp: + type: array + items: + type: object + properties: + addr: + type: string + hppEpLabel: + type: array + items: + type: object + properties: + key: + type: string + value: + type: string +--- +{{- if ne .ProactiveConf "false" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: proactiveconfs.aci.pc +spec: + group: aci.pc + names: + kind: ProactiveConf + listKind: ProactiveConfList + plural: proactiveconfs + singular: proactiveconf + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + description: 'APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + kind: + type: string + description: 'Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + metadata: + type: object + spec: + type: object + properties: + TunnelEpAdvertisementInterval: + type: integer + VmmEpgDeploymentImmediacy: + enum: + - Immediate + - OnDemand + type: string + required: + - spec + x-kubernetes-validations: + - rule: "self.metadata.name == 'proactiveconf'" + message: "Only one instance allowed with name proactiveconf" +--- +{{- end}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: aci-containers-config + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +data: + controller-config: |- + { + "log-level": "{{.ControllerLogLevel}}", + "apic-hosts": {{.ApicHosts}}, +{{- if ne .AciMultipod "false" }} + "aci-multipod": {{.AciMultipod}}, +{{- end}} +{{- if .UnknownMacUnicastAction }} + "unknown-mac-unicast-action": "{{.UnknownMacUnicastAction}}", +{{- end}} +{{- if ne .EnableOpflexAgentReconnect "false"}} + "enable-opflex-agent-reconnect": {{.EnableOpflexAgentReconnect}}, +{{- end}} +{{- if .OpflexDeviceReconnectWaitTimeout }} + "opflex-device-reconnect-wait-timeout": {{.OpflexDeviceReconnectWaitTimeout}}, +{{- end}} + "apic-refreshtime": "{{.ApicRefreshTime}}", + "apic-subscription-delay": {{.ApicSubscriptionDelay}}, + "apic_refreshticker_adjust": "{{.ApicRefreshTickerAdjust}}", + "apic-username": "{{.ApicUserName}}", + "apic-private-key-path": "/usr/local/etc/aci-cert/user.key", + "aci-prefix": "{{.SystemIdentifier}}", + "aci-vmm-type": "Kubernetes", +{{- if ne .VmmDomain ""}} + "aci-vmm-domain": "{{.VmmDomain}}", +{{- else}} + "aci-vmm-domain": "{{.SystemIdentifier}}", +{{- end}} +{{- if ne .VmmController ""}} + "aci-vmm-controller": "{{.VmmController}}", +{{- else}} + "aci-vmm-controller": "{{.SystemIdentifier}}", +{{- end}} + "aci-policy-tenant": "{{.Tenant}}", +{{- if ne .HppOptimization "false"}} + "hpp-optimization": {{.HppOptimization}}, +{{- end}} +{{- if ne .DisableHppRendering "false"}} + "disable-hpp-rendering": {{.DisableHppRendering}}, +{{- end}} +{{- if ne .EnableHppDirect "false"}} + "enable-hpp-direct": {{.EnableHppDirect}}, +{{- end}} +{{- if ne .NoWaitForServiceEpReadiness "false"}} + "no-wait-for-service-ep-readiness": {{.NoWaitForServiceEpReadiness}}, +{{- end}} +{{- if ne .ServiceGraphEndpointAddDelay "0"}} + "service-graph-endpoint-add-delay" : { + "delay": {{.ServiceGraphEndpointAddDelay}}, + "services": [{{- range $index, $item :=.ServiceGraphEndpointAddServices }}{{- if $index}},{{end}}{ {{- range $k, $v := $item }}"{{ $k }}": "{{ $v }}"{{if eq $k "name"}},{{end}}{{- end}}}{{end}}] + }, +{{- end}} +{{- if ne .AddExternalSubnetsToRdconfig "false"}} + "add-external-subnets-to-rdconfig": {{.AddExternalSubnetsToRdconfig}}, +{{- end}} +{{- if ne .DisablePeriodicSnatGlobalInfoSync "false"}} + "disable-periodic-snat-global-info-sync": {{.DisablePeriodicSnatGlobalInfoSync}}, +{{- end}} +{{- if .NodeSnatRedirectExclude }} + "node-snat-redirect-exclude": [{{ range $index,$item := .NodeSnatRedirectExclude}}{{- if $index}}, {{end }}{"group": "{{ index $item "group" }}", "labels": {{ index $item "labels" }}}{{ end }}], +{{- end }} +{{- if .ApicConnectionRetryLimit}} + "apic-connection-retry-limit": {{.ApicConnectionRetryLimit}}, +{{- end}} +{{- if ne .ProactiveConf "false" }} + "proactive-conf": {{.ProactiveConf}}, +{{- end}} + "opflex-device-delete-timeout": {{.OpflexDeviceDeleteTimeout}}, + "sleep-time-snat-global-info-sync": {{.SleepTimeSnatGlobalInfoSync}}, +{{- /* Commenting code to disable the install_istio flag as the functionality + is disabled to remove dependency from istio.io/istio package. + Vulnerabilties were detected by quay.io security scan of aci-containers-controller + and aci-containers-operator images for istio.io/istio package + "install-istio": {{.InstallIstio}}, + "istio-profile": "{{.IstioProfile}}", +*/}} + "aci-podbd-dn": "uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd", + "aci-nodebd-dn": "uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd", + "aci-service-phys-dom": "{{.SystemIdentifier}}-pdom", + "aci-service-encap": "vlan-{{.ServiceVlan}}", + "aci-service-monitor-interval": {{.ServiceMonitorInterval}}, + "aci-pbr-tracking-non-snat": {{.PBRTrackingNonSnat}}, + "aci-vrf-tenant": "{{.VRFTenant}}", + "aci-l3out": "{{.L3Out}}", + "aci-ext-networks": {{.L3OutExternalNetworks}}, + "aci-vrf": "{{.VRFName}}", + "app-profile": "aci-containers-{{.SystemIdentifier}}", +{{- if ne .AddExternalContractToDefaultEpg "false"}} + "add-external-contract-to-default-epg": {{.AddExternalContractToDefaultEpg}}, +{{- end}} + "default-endpoint-group": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-default" + }, + "max-nodes-svc-graph": {{.MaxNodesSvcGraph}}, + "namespace-default-endpoint-group": { + "aci-containers-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "istio-operator": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" + }, + "istio-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" + }, + "kube-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-prometheus": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-logging": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + } }, + "service-ip-pool": [{{- range $index, $item := .ServiceIPPool }}{{- if $index}},{{end}}{ "start": "{{ $item.Start }}", "end": "{{ $item.End}}" }{{end}}], + "extern-static": [{{- range $index, $item := .StaticExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}], + "extern-dynamic": [{{- range $index, $item := .DynamicExternalSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}], + "snat-contract-scope": "{{.SnatContractScope}}", + "static-service-ip-pool": [{{- range $index, $item := .StaticServiceIPPool }}{{- if $index}},{{end}}{ "start": "{{ $item.Start }}", "end": "{{ $item.End }}" }{{end}}], +{{- if and (ne .TaintNotReadyNode "false") (ne .TaintNotReadyNode "False") }} + "taint-not-ready": true, +{{- end}} + "pod-ip-pool": [{{- range $index, $item := .PodIPPool }}{{- if $index}},{{end}}{ "start": "{{ $item.Start }}", "end": "{{ $item.End}}" }{{end}}], + "pod-subnet": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}], + "pod-subnet-chunk-size": {{.PodSubnetChunkSize}}, + "node-service-ip-pool": [ + { + "end": "{{.NodeServiceIPEnd}}", + "start": "{{.NodeServiceIPStart}}" + } + ], + "node-service-subnets": [ + "{{.ServiceGraphSubnet}}" + ], + "enable_endpointslice": {{.EnableEndpointSlice}} + } + host-agent-config: |- + { + "app-profile": "aci-containers-{{.SystemIdentifier}}", +{{- if ne .EpRegistry ""}} + "ep-registry": "{{.EpRegistry}}", +{{- else}} + "ep-registry": null, +{{- end}} +{{- if ne .AciMultipod "false" }} + "aci-multipod": {{.AciMultipod}}, +{{- end}} +{{- if ne .DhcpRenewMaxRetryCount "0" }} + "dhcp-renew-max-retry-count": {{.DhcpRenewMaxRetryCount}}, +{{- end}} +{{- if ne .DhcpDelay "0" }} + "dhcp-delay": {{.DhcpDelay}}, +{{- end}} +{{- if ne .EnableOpflexAgentReconnect "false"}} + "enable-opflex-agent-reconnect": {{.EnableOpflexAgentReconnect}}, +{{- end}} +{{- if ne .OpflexMode ""}} + "opflex-mode": "{{.OpflexMode}}", +{{- else}} + "opflex-mode": null, +{{- end}} + "log-level": "{{.HostAgentLogLevel}}", + "aci-snat-namespace": "{{.SnatNamespace}}", + "aci-vmm-type": "Kubernetes", +{{- if ne .VmmDomain ""}} + "aci-vmm-domain": "{{.VmmDomain}}", +{{- else}} + "aci-vmm-domain": "{{.SystemIdentifier}}", +{{- end}} +{{- if ne .VmmController ""}} + "aci-vmm-controller": "{{.VmmController}}", +{{- else}} + "aci-vmm-controller": "{{.SystemIdentifier}}", +{{- end}} + "aci-prefix": "{{.SystemIdentifier}}", + "aci-vrf": "{{.VRFName}}", + "aci-vrf-tenant": "{{.VRFTenant}}", + "service-vlan": {{.ServiceVlan}}, + "kubeapi-vlan": {{.KubeAPIVlan}}, +{{- if ne .HppOptimization "false"}} + "hpp-optimization": {{.HppOptimization}}, +{{- end}} +{{- if ne .DisableHppRendering "false"}} + "disable-hpp-rendering": {{.DisableHppRendering}}, +{{- end}} +{{- if ne .EnableHppDirect "false"}} + "enable-hpp-direct": {{.EnableHppDirect}}, +{{- end}} +{{- if ne .ProactiveConf "false" }} + "proactive-conf": {{.ProactiveConf}}, +{{- end}} + "pod-subnet": [{{- range $index, $item := .PodSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}], + "node-subnet": [{{- range $index, $item := .NodeSubnet }}{{- if $index}},{{end}}{{$item}}{{end}}], + "encap-type": "{{.EncapType}}", + "aci-infra-vlan": {{.InfraVlan}}, +{{- if .MTU}} +{{- if ne .MTU 0}} + "interface-mtu": {{.MTU}}, +{{- end}} +{{- end}} +{{- if .MTUHeadRoom}} +{{- if ne .MTUHeadRoom "0"}} + "interface-mtu-headroom": {{.MTUHeadRoom}}, +{{- end}} +{{- end}} + "cni-netconfig": [{{- range $index, $item := .PodNetwork }}{{- if $index}},{{end}}{ "gateway": "{{ $item.Gateway }}", "subnet": "{{ $item.Subnet }}", "routes": [{ "dst": "0.0.0.0/0", "gw": "{{ $item.Gateway }}" }]}{{end}}], + "default-endpoint-group": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-default" + }, + "namespace-default-endpoint-group": { + "aci-containers-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "istio-operator": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" + }, + "istio-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" + }, + "kube-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-system": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-prometheus": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + }, + "cattle-logging": { + "policy-space": "{{.Tenant}}", + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" + } }, + "enable-drop-log": {{.DropLogEnable}}, +{{- if and (ne .DropLogDisableEvents "false") (ne .DropLogDisableEvents "False")}} + "packet-event-notification-socket": "", +{{- end}} + "enable_endpointslice": {{.EnableEndpointSlice}}, + "enable-nodepodif": {{.NodePodIfEnable}}, +{{- if and (ne .TaintNotReadyNode "false") (ne .TaintNotReadyNode "False") }} + "taint-not-ready": true, +{{- end}} + "enable-ovs-hw-offload": {{.SriovEnable}} + } + opflex-agent-config: |- + { + "log": { + "level": "{{.OpflexAgentLogLevel}}" + }, + "opflex": { +{{- if eq .OpflexClientSSL "false"}} + "ssl": { "mode": "disabled"}, +{{- end}} +{{- if eq .OpflexAgentStatistics "false"}} + "statistics" : { "mode" : "off" }, +{{- end}} + "timers" : { +{{- if .OpflexAgentPolicyRetryDelayTimer}} + "policy-retry-delay": {{.OpflexAgentPolicyRetryDelayTimer}}, +{{- end}} +{{- if .OpflexAgentResetWaitDelay}} + "reset-wait-delay": {{.OpflexAgentResetWaitDelay}}, +{{- end}} + "switch-sync-delay": {{.OpflexSwitchSyncDelay}}, + "switch-sync-dynamic": {{.OpflexSwitchSyncDynamic}} + }, + "startup": { + "enabled": {{.OpflexStartupEnabled}}, + "policy-file": "/usr/local/var/lib/opflex-agent-ovs/startup/pol.json", + "policy-duration": {{.OpflexStartupPolicyDuration}}, + "resolve-aft-conn": {{.OpflexStartupResolveAftConn}} + }, + "notif" : { "enabled" : "false" }, + "asyncjson": { "enabled" : "{{.OpflexAgentOpflexAsyncjsonEnabled}}" } +{{- if ne .EnableHppDirect "false"}} + ,"enable-local-netpol": {{.EnableHppDirect}} +{{- end}} + }, + "ovs": { + "asyncjson": { "enabled" : "{{.OpflexAgentOvsAsyncjsonEnabled}}" } + } + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: snat-operator-config + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +data: + "start": "{{.SnatPortRangeStart}}" + "end": "{{.SnatPortRangeEnd}}" + "ports-per-node": "{{.SnatPortsPerNode}}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: aci-user-cert + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +data: + user.key: {{.ApicUserKey}} + user.crt: {{.ApicUserCrt}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aci-containers-host-agent + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +--- +{{- if eq .UseClusterRole "true"}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers-controller +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - endpoints + - services + - events + - replicationcontrollers + - serviceaccounts + verbs: + - list + - watch + - get + - patch + - create + - update + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - get + - create + - update + - delete +- apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' +{{- /* Commenting code to disable the install_istio flag as the functionality + is disabled to remove dependency from istio.io/istio package. + Vulnerabilties were detected by quay.io security scan of aci-containers-controller + and aci-containers-operator images for istio.io/istio package +{{- if ne .InstallIstio "false"}} +- apiGroups: + - "install.istio.io" + resources: + - istiocontrolplanes + - istiooperators + verbs: + - '*' +- apiGroups: + - "aci.istio" + resources: + - aciistiooperators + - aciistiooperator + verbs: + - '*' +{{- end}} +*/}} +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - watch + - get +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes + - services/status + verbs: + - update +- apiGroups: + - "monitoring.coreos.com" + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - "aci.snat" + resources: + - snatpolicies/finalizers + - snatpolicies/status + - nodeinfos + verbs: + - update + - create + - list + - watch + - get + - delete +- apiGroups: + - "aci.snat" + resources: + - snatglobalinfos + - snatpolicies + - nodeinfos + - rdconfigs + verbs: + - list + - watch + - get + - create + - update + - delete +- apiGroups: + - "aci.qos" + resources: + - qospolicies + verbs: + - list + - watch + - get + - create + - update + - delete + - patch +- apiGroups: + - "aci.netflow" + resources: + - netflowpolicies + verbs: + - list + - watch + - get + - update +- apiGroups: + - "aci.erspan" + resources: + - erspanpolicies + verbs: + - list + - watch + - get + - update +- apiGroups: + - "aci.aw" + resources: + - nodepodifs + verbs: + - '*' +- apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - list + - watch + - get +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - "aci.netpol" + resources: + - networkpolicies + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "aci.dnsnetpol" + resources: + - dnsnetworkpolicies + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "aci.hpp" + resources: + - hostprotpols + - hostprotremoteipcontainers + verbs: + - list + - watch + - get + - create + - update + - delete +{{- if ne .ProactiveConf "false" }} +- apiGroups: + - "aci.pc" + resources: + - proactiveconfs + verbs: + - get + - list + - watch +{{- end}} +--- +{{- end}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers-host-agent +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - endpoints + - services + - replicationcontrollers + verbs: + - list + - watch + - get +{{- if ne .DropLogEnable "false"}} + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end}} +- apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - list + - watch + - get +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - watch + - get +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + verbs: + - list + - watch + - get +- apiGroups: + - "aci.snat" + resources: + - snatpolicies + - snatglobalinfos + - rdconfigs + verbs: + - list + - watch + - get +- apiGroups: + - "aci.qos" + resources: + - qospolicies + verbs: + - list + - watch + - get + - create + - update + - delete + - patch +- apiGroups: + - "aci.droplog" + resources: + - enabledroplogs + - prunedroplogs + verbs: + - list + - watch + - get +- apiGroups: + - "aci.snat" + resources: + - nodeinfos + - snatlocalinfos + verbs: + - create + - update + - list + - watch + - get + - delete +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - "aci.netpol" + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - "aci.aw" + resources: + - nodepodifs + verbs: + - "*" +- apiGroups: + - "aci.hpp" + resources: + - hostprotpols + - hostprotremoteipcontainers + verbs: + - list + - watch + - get +{{- if ne .ProactiveConf "false" }} +- apiGroups: + - "aci.pc" + resources: + - proactiveconfs + verbs: + - get + - list + - watch +{{- end}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aci-containers-controller + labels: + aci-containers-config-version: "{{.Token}}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aci-containers-controller +subjects: +- kind: ServiceAccount + name: aci-containers-controller + namespace: aci-containers-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aci-containers-host-agent + labels: + aci-containers-config-version: "{{.Token}}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aci-containers-host-agent +subjects: +- kind: ServiceAccount + name: aci-containers-host-agent + namespace: aci-containers-system +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aci-containers-host + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + name: aci-containers-host + network-plugin: aci-containers + template: + metadata: + labels: + name: aci-containers-host + network-plugin: aci-containers + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9612" + spec: + hostNetwork: true + hostPID: true + hostIPC: true + serviceAccountName: aci-containers-host-agent +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{- end}} + tolerations: + - operator: Exists + initContainers: + - name: cnideploy + image: {{.AciCniDeployContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - SYS_ADMIN + volumeMounts: + - name: cni-bin + mountPath: /mnt/cni-bin +{{- if ne .UseSystemNodePriorityClass "false"}} + priorityClassName: system-node-critical +{{- else if .UseAciContainersHostPriorityClass}} + priorityClassName: aci-containers-host +{{- else}} +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-cluster-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} +{{- end}} + containers: + - name: aci-containers-host + image: {{.AciHostContainer}} + imagePullPolicy: {{.ImagePullPolicy}} +{{- if or ( .AciContainersHostMemoryLimit ) ( .AciContainersHostMemoryRequest )}} + resources: + limits: +{{- if .AciContainersHostMemoryLimit }} + memory: "{{ .AciContainersHostMemoryLimit }}" +{{- else}} + memory: "{{ .AciContainersMemoryLimit }}" +{{- end}} + requests: +{{- if .AciContainersHostMemoryRequest }} + memory: "{{ .AciContainersHostMemoryRequest }}" +{{- else}} + memory: "{{ .AciContainersMemoryRequest }}" +{{- end}} +{{- end}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - SYS_ADMIN + - NET_ADMIN + - SYS_PTRACE + - NET_RAW + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: TENANT + value: "{{.Tenant}}" +{{- if ne .MultusDisable "true"}} + - name: MULTUS + value: 'True' +{{- end}} +{{- if eq .DisableWaitForNetwork "true"}} + - name: DISABLE_WAIT_FOR_NETWORK + value: 'True' +{{- else}} + - name: DURATION_WAIT_FOR_NETWORK + value: "{{.DurationWaitForNetwork}}" +{{- end}} + volumeMounts: + - name: cni-bin + mountPath: /mnt/cni-bin + - name: cni-conf + mountPath: /mnt/cni-conf + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: opflex-hostconfig-volume + mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d + - name: host-config-volume + mountPath: /usr/local/etc/aci-containers/ + - name: varlogpods + mountPath: /var/log/pods + readOnly: true + - name: varlogcontainers + mountPath: /var/log/containers + readOnly: true + - name: varlibdocker + mountPath: /var/lib/docker + readOnly: true +{{- if eq .AciMultipod "true" }} + - name: dhclient + mountPath: /var/lib/dhclient +{{- end}} +{{- if eq .UseHostNetnsVolume "true"}} + - mountPath: /run/netns + name: host-run-netns + readOnly: true + mountPropagation: HostToContainer +{{- end}} +{{- if ne .MultusDisable "true"}} + - name: multus-cni-conf + mountPath: /mnt/multus-cni-conf +{{- end}} + livenessProbe: + failureThreshold: 10 + httpGet: + path: /status + port: 8090 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + - name: opflex-agent + env: + - name: REBOOT_WITH_OVS + value: "true" +{{- if ne .OpflexOpensslCompat "false"}} + - name: OPENSSL_CONF + value: "/etc/pki/tls/openssl11.cnf" +{{- end}} +{{- if eq .DropLogOpflexRedirectDropLogs "syslog"}} + - name: OPFLEXAGENT_DROPLOG_SYSLOG + value: "true" +{{- else if .DropLogOpflexRedirectDropLogs }} + - name: OPFLEXAGENT_DROPLOG_FILE + value: "{{ .DropLogOpflexRedirectDropLogs }}" +{{- end}} + image: {{.AciOpflexContainer}} + imagePullPolicy: {{.ImagePullPolicy}} +{{- if or ( .OpflexAgentMemoryLimit ) ( .OpflexAgentMemoryRequest )}} + resources: + limits: +{{- if .OpflexAgentMemoryLimit }} + memory: "{{ .OpflexAgentMemoryLimit }}" +{{- else}} + memory: "{{ .AciContainersMemoryLimit }}" +{{- end}} + requests: +{{- if .OpflexAgentMemoryRequest }} + memory: "{{ .OpflexAgentMemoryRequest }}" +{{- else}} + memory: "{{ .AciContainersMemoryRequest }}" +{{- end}} +{{- end}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - NET_ADMIN + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: opflex-hostconfig-volume + mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d + - name: opflex-config-volume + mountPath: /usr/local/etc/opflex-agent-ovs/conf.d +{{- if eq .RunOpflexServerContainer "true"}} + - name: opflex-server + image: {{.AciOpflexContainer}} + command: ["/bin/sh"] + args: ["/usr/local/bin/launch-opflexserver.sh"] + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: + capabilities: + add: + - NET_ADMIN + ports: + - containerPort: {{.OpflexServerPort}} + - name: metrics + containerPort: 9632 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: opflex-server-config-volume + mountPath: /usr/local/etc/opflex-server + - name: hostvar + mountPath: /usr/local/var +{{- end}} +{{- if ne .OpflexMode "overlay"}} + - name: mcast-daemon + image: {{.AciMcastContainer}} + command: ["/bin/sh"] + args: ["/usr/local/bin/launch-mcastdaemon.sh"] + imagePullPolicy: {{.ImagePullPolicy}} +{{- if or ( .McastDaemonMemoryLimit ) ( .McastDaemonMemoryRequest )}} + resources: + limits: +{{- if .McastDaemonMemoryLimit }} + memory: "{{ .McastDaemonMemoryLimit }}" +{{- else}} + memory: "{{ .AciContainersMemoryLimit }}" +{{- end}} + requests: +{{- if .McastDaemonMemoryRequest }} + memory: "{{ .McastDaemonMemoryRequest }}" +{{- else}} + memory: "{{ .AciContainersMemoryRequest }}" +{{- end}} +{{- end}} +{{- if eq .UsePrivilegedContainer "true"}} + securityContext: + privileged: true +{{- end}} + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run +{{- end}} + restartPolicy: Always + volumes: + - name: cni-bin + hostPath: + path: /opt + - name: cni-conf + hostPath: + path: /etc + - name: hostvar + hostPath: + path: /var + - name: hostrun + hostPath: + path: /run + - name: host-config-volume + configMap: + name: aci-containers-config + items: + - key: host-agent-config + path: host-agent.conf + - name: opflex-hostconfig-volume + emptyDir: + medium: Memory + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlibdocker + hostPath: + path: /var/lib/docker +{{- if eq .AciMultipod "true" }} +{{- if eq .AciMultipodUbuntu "true" }} + - name: dhclient + hostPath: + path: /var/lib/dhcp +{{- else}} + - name: dhclient + hostPath: + path: /var/lib/dhclient +{{- end}} +{{- end}} + - name: opflex-config-volume + configMap: + name: aci-containers-config + items: + - key: opflex-agent-config + path: local.conf +{{- if eq .UseOpflexServerVolume "true"}} + - name: opflex-server-config-volume +{{- end}} +{{- if eq .UseHostNetnsVolume "true"}} + - name: host-run-netns + hostPath: + path: /run/netns +{{- end}} +{{- if ne .MultusDisable "true" }} + - name: multus-cni-conf + hostPath: + path: /var/run/multus/ +{{- end}} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aci-containers-openvswitch + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + name: aci-containers-openvswitch + network-plugin: aci-containers + template: + metadata: + labels: + name: aci-containers-openvswitch + network-plugin: aci-containers + spec: + hostNetwork: true + hostPID: true + hostIPC: true + serviceAccountName: aci-containers-host-agent +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{end}} + tolerations: + - operator: Exists +{{- if ne .UseSystemNodePriorityClass "false"}} + priorityClassName: system-node-critical +{{- else if .UseAciContainersOpenvswitchPriorityClass}} + priorityClassName: aci-containers-openvswitch +{{- else}} +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-cluster-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} +{{- end}} + containers: + - name: aci-containers-openvswitch + image: {{.AciOpenvSwitchContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + resources: + limits: + memory: "{{.OVSMemoryLimit}}" + requests: + memory: "{{.OVSMemoryRequest}}" + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + - SYS_NICE + - IPC_LOCK + env: + - name: OVS_RUNDIR + value: /usr/local/var/run/openvswitch + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: hostetc + mountPath: /usr/local/etc + - name: hostmodules + mountPath: /lib/modules + - name: varlogpods + mountPath: /var/log/pods + readOnly: true + - name: varlogcontainers + mountPath: /var/log/containers + readOnly: true + - name: varlibdocker + mountPath: /var/lib/docker + readOnly: true + livenessProbe: + exec: + command: + - /usr/local/bin/liveness-ovs.sh + restartPolicy: Always + volumes: + - name: hostetc + hostPath: + path: /etc + - name: hostvar + hostPath: + path: /var + - name: hostrun + hostPath: + path: /run + - name: hostmodules + hostPath: + path: /lib/modules + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlibdocker + hostPath: + path: /var/lib/docker +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers-controller +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + name: aci-containers-controller + network-plugin: aci-containers + template: + metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + name: aci-containers-controller + network-plugin: aci-containers + spec: + hostNetwork: true + serviceAccountName: aci-containers-controller +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{- end}} +{{- if .Tolerations }} + tolerations: +{{ toYaml .Tolerations | indent 6}} +{{- else }} + tolerations: + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: {{ .TolerationSeconds }} + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: {{ .TolerationSeconds }} + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/controlplane + value: "true" + operator: Equal + - effect: NoExecute + key: node-role.kubernetes.io/etcd + value: "true" + operator: Equal +{{- end }} +{{- if ne .UseSystemNodePriorityClass "false"}} + priorityClassName: system-node-critical +{{- else if .UseAciContainersControllerPriorityClass}} + priorityClassName: aci-containers-controller +{{- else}} +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-node-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} +{{- end}} + containers: + - name: aci-containers-controller + image: {{.AciControllerContainer}} + imagePullPolicy: {{.ImagePullPolicy}} +{{- if or ( .AciContainersControllerMemoryLimit ) ( .AciContainersControllerMemoryRequest )}} + resources: + limits: +{{- if .AciContainersControllerMemoryLimit }} + memory: "{{ .AciContainersControllerMemoryLimit }}" +{{- else}} + memory: "{{ .AciContainersMemoryLimit }}" +{{- end}} + requests: +{{- if .AciContainersControllerMemoryRequest }} + memory: "{{ .AciContainersControllerMemoryRequest }}" +{{- else}} + memory: "{{ .AciContainersMemoryRequest }}" +{{- end}} +{{- end}} + env: + - name: WATCH_NAMESPACE + value: "" + - name: ACI_SNAT_NAMESPACE + value: "aci-containers-system" + - name: ACI_SNAGLOBALINFO_NAME + value: "snatglobalinfo" + - name: ACI_RDCONFIG_NAME + value: "routingdomain-config" + - name: SYSTEM_NAMESPACE + value: "aci-containers-system" + volumeMounts: + - name: controller-config-volume + mountPath: /usr/local/etc/aci-containers/ + - name: varlogpods + mountPath: /var/log/pods + readOnly: true + - name: varlogcontainers + mountPath: /var/log/containers + readOnly: true + - name: varlibdocker + mountPath: /var/lib/docker + readOnly: true + - name: aci-user-cert-volume + mountPath: /usr/local/etc/aci-cert/ + livenessProbe: + failureThreshold: 10 + httpGet: + path: /status + port: 8091 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + volumes: + - name: aci-user-cert-volume + secret: + secretName: aci-user-cert + - name: controller-config-volume + configMap: + name: aci-containers-config + items: + - key: controller-config + path: controller.conf + - name: varlogpods + hostPath: + path: /var/log/pods + - name: varlogcontainers + hostPath: + path: /var/log/containers + - name: varlibdocker + hostPath: + path: /var/lib/docker +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: memory-limit-range + namespace: aci-containers-system +spec: + limits: + - default: + memory: {{ .AciContainersMemoryLimit }} + defaultRequest: + memory: {{ .AciContainersMemoryRequest }} + type: Container +` diff --git a/pkg/rke/templates/templates.go b/pkg/rke/templates/templates.go index 9280ef6ae..0ed3a15ab 100644 --- a/pkg/rke/templates/templates.go +++ b/pkg/rke/templates/templates.go @@ -112,6 +112,7 @@ const ( aciv6043 = "aci-v6.0.4.3" aciv6111 = "aci-v6.1.1.1" aciv6044 = "aci-v6.0.4.4" + aciv6112 = "aci-v6.1.1.2" nginxIngressv18 = "nginxingress-v1.8" nginxIngressV115 = "nginxingress-v1.15" @@ -315,11 +316,13 @@ func LoadK8sVersionedTemplates() map[string]map[string]string { ">=1.29.0-rancher0 < 1.29.8-rancher1-1": aciv6042, ">=1.29.8-rancher1-1 < 1.29.9-rancher1-1": aciv6043, ">=1.29.9-rancher1-1 < 1.29.11-rancher1-1": aciv6111, - ">=1.29.11-rancher1-1 < 1.30.0-rancher0": aciv6044, + ">=1.29.11-rancher1-1 < 1.29.12-rancher1-1": aciv6044, + ">=1.29.12-rancher1-1 < 1.30.0-rancher0": aciv6112, ">=1.30.0-rancher0 < 1.30.4-rancher1-1": aciv6042, ">=1.30.4-rancher1-1 < 1.30.5-rancher1-1": aciv6043, ">=1.30.5-rancher1-1 < 1.30.7-rancher1-1": aciv6111, - ">=1.30.7-rancher1-1": aciv6044, + ">=1.30.7-rancher1-1 < 1.30.8-rancher1-1": aciv6044, + ">=1.30.8-rancher1-1": aciv6112, }, kdm.NginxIngress: { ">=1.8.0-rancher0 <1.13.10-rancher1-3": nginxIngressv18, @@ -485,6 +488,7 @@ func getTemplates() map[string]string { aciv6043: AciTemplateV6043, aciv6111: AciTemplateV6111, aciv6044: AciTemplateV6044, + aciv6112: AciTemplateV6112, nginxIngressv18: NginxIngressTemplate, nginxIngressV115: NginxIngressTemplateV0251Rancher1, diff --git a/regsync.yaml b/regsync.yaml index 93decd740..f8ec9c6f2 100644 --- a/regsync.yaml +++ b/regsync.yaml @@ -65,6 +65,7 @@ sync: - v3.28.1-build20240911 - v3.28.2-build20241016 - v3.29.0-build20241104 + - v3.29.1-build20241211 - source: docker.io/rancher/hardened-cluster-autoscaler target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hardened-cluster-autoscaler' type: repository @@ -78,6 +79,7 @@ sync: - v1.8.6-build20230406 - v1.8.6-build20230609 - v1.8.6-build20231009 + - v1.9.0-build20241126 - source: docker.io/rancher/hardened-cni-plugins target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hardened-cni-plugins' type: repository @@ -106,6 +108,7 @@ sync: - v1.11.1-build20240305 - v1.11.1-build20240910 - v1.11.3-build20241018 + - v1.12.0-build20241126 - v1.9.3-build20220613 - v1.9.3-build20221011 - source: docker.io/rancher/hardened-dns-node-cache @@ -121,6 +124,7 @@ sync: - 1.22.28-build20240125 - 1.23.1-build20240910 - 1.23.1-build20241008 + - 1.24.0-build20241211 - source: docker.io/rancher/hardened-etcd target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hardened-etcd' type: repository @@ -157,6 +161,7 @@ sync: - v0.25.7-build20241008 - v0.26.0-build20241024 - v0.26.1-build20241107 + - v0.26.1-build20241211 - source: docker.io/rancher/hardened-ib-sriov-cni target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hardened-ib-sriov-cni' type: repository @@ -241,6 +246,7 @@ sync: - v1.28.9-rke2r1-build20240416 - v1.29.10-rke2r1-build20241023 - v1.29.11-rke2r1-build20241202 + - v1.29.12-rke2r1-build20241212 - v1.29.3-rke2r1-build20240315 - v1.29.4-rke2r1-build20240416 - v1.29.5-rke2r1-build20240515 @@ -255,6 +261,7 @@ sync: - v1.30.5-rke2r1-build20240912 - v1.30.6-rke2r1-build20241023 - v1.30.7-rke2r1-build20241126 + - v1.30.8-rke2r1-build20241212 - source: docker.io/rancher/hardened-multus-cni target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hardened-multus-cni' type: repository @@ -375,6 +382,7 @@ sync: - v0.1.6 - v0.1.7 - v0.2.1 + - v0.2.2 - source: docker.io/rancher/hyperkube target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/hyperkube' type: repository @@ -437,6 +445,7 @@ sync: - v1.28.9-rancher1 - v1.29.10-rancher1 - v1.29.11-rancher1 + - v1.29.12-rancher1 - v1.29.6-rancher1 - v1.29.7-rancher1 - v1.29.8-rancher1 @@ -447,6 +456,7 @@ sync: - v1.30.5-rancher1 - v1.30.6-rancher1 - v1.30.7-rancher1 + - v1.30.8-rancher1 - source: docker.io/rancher/k3s-upgrade target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/k3s-upgrade' type: repository @@ -506,6 +516,7 @@ sync: - v1.28.9-k3s1 - v1.29.10-k3s1 - v1.29.11-k3s1 + - v1.29.12-k3s1 - v1.29.3-k3s1 - v1.29.4-k3s1 - v1.29.5-k3s1 @@ -520,6 +531,7 @@ sync: - v1.30.5-k3s1 - v1.30.6-k3s1 - v1.30.7-k3s1 + - v1.30.8-k3s1 - source: docker.io/rancher/klipper-helm target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/klipper-helm' type: repository @@ -600,6 +612,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-cni target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-cni' type: repository @@ -618,6 +631,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-csi target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-csi' type: repository @@ -628,6 +642,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-ctl target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-ctl' type: repository @@ -649,6 +664,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-kube-controllers target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-kube-controllers' type: repository @@ -670,6 +686,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-node target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-node' type: repository @@ -691,6 +708,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-node-driver-registrar target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-node-driver-registrar' type: repository @@ -701,6 +719,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-operator target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-operator' type: repository @@ -718,6 +737,7 @@ sync: - v1.34.3 - v1.34.5 - v1.36.0 + - v1.36.2 - source: docker.io/rancher/mirrored-calico-pod2daemon-flexvol target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-pod2daemon-flexvol' type: repository @@ -739,6 +759,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-calico-typha target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-calico-typha' type: repository @@ -756,6 +777,7 @@ sync: - v3.28.1 - v3.28.2 - v3.29.0 + - v3.29.1 - source: docker.io/rancher/mirrored-cilium-certgen target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-certgen' type: repository @@ -788,6 +810,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-cilium-envoy target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-cilium-envoy' type: repository @@ -802,6 +825,7 @@ sync: - v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51 - v1.29.9-1726784081-a90146d13b4cd7d168d573396ccf2b3db5a3b047 - v1.29.9-1728346947-0d05e48bfbb8c4737ec40d5781d970a550ed2bbd + - v1.30.7-1731393961-97edc2815e2c6a174d3d12e71731d54f5d32ea16 - source: docker.io/rancher/mirrored-cilium-cilium-etcd-operator target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-cilium-etcd-operator' type: repository @@ -827,6 +851,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-hubble-relay target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-hubble-relay' type: repository @@ -846,6 +871,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-hubble-ui target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-hubble-ui' type: repository @@ -900,6 +926,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-operator-azure target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-operator-azure' type: repository @@ -922,6 +949,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-operator-generic target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-operator-generic' type: repository @@ -944,6 +972,7 @@ sync: - v1.16.1 - v1.16.2 - v1.16.3 + - v1.16.4 - source: docker.io/rancher/mirrored-cilium-startup-script target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-cilium-startup-script' type: repository @@ -1014,6 +1043,7 @@ sync: - 1.10.1 - 1.11.1 - 1.11.3 + - 1.12.0 - 1.9.0 - 1.9.1 - 1.9.3 @@ -1171,6 +1201,7 @@ sync: tags: allow: - 1.5-rancher1 + - 1.5-rancher2 - source: docker.io/rancher/mirrored-pause target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-pause' type: repository @@ -1281,6 +1312,7 @@ sync: - v1.10.4-hardened3 - v1.10.5-hardened3 - v1.10.5-hardened4 + - v1.10.5-hardened6 - source: docker.io/rancher/pause target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/pause' type: repository @@ -1298,6 +1330,7 @@ sync: - v0.1.102 - v0.1.103 - v0.1.105 + - v0.1.108 - v0.1.80 - v0.1.87 - v0.1.88 @@ -1438,6 +1471,8 @@ sync: - v1.29.10-rke2r1-windows-amd64 - v1.29.11-rke2r1 - v1.29.11-rke2r1-windows-amd64 + - v1.29.12-rke2r1 + - v1.29.12-rke2r1-windows-amd64 - v1.29.3-rke2r1 - v1.29.3-rke2r1-windows-amd64 - v1.29.4-rke2r1 @@ -1466,6 +1501,8 @@ sync: - v1.30.6-rke2r1-windows-amd64 - v1.30.7-rke2r1 - v1.30.7-rke2r1-windows-amd64 + - v1.30.8-rke2r1 + - v1.30.8-rke2r1-windows-amd64 - source: docker.io/rancher/rke2-upgrade target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/rke2-upgrade' type: repository @@ -1526,6 +1563,7 @@ sync: - v1.28.9-rke2r1 - v1.29.10-rke2r1 - v1.29.11-rke2r1 + - v1.29.12-rke2r1 - v1.29.3-rke2r1 - v1.29.4-rke2r1 - v1.29.5-rke2r1 @@ -1540,6 +1578,7 @@ sync: - v1.30.5-rke2r1 - v1.30.6-rke2r1 - v1.30.7-rke2r1 + - v1.30.8-rke2r1 - source: docker.io/rancher/system-agent-installer-k3s target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/system-agent-installer-k3s' type: repository @@ -1599,6 +1638,7 @@ sync: - v1.28.9-k3s1 - v1.29.10-k3s1 - v1.29.11-k3s1 + - v1.29.12-k3s1 - v1.29.3-k3s1 - v1.29.4-k3s1 - v1.29.5-k3s1 @@ -1613,6 +1653,7 @@ sync: - v1.30.5-k3s1 - v1.30.6-k3s1 - v1.30.7-k3s1 + - v1.30.8-k3s1 - source: docker.io/rancher/system-agent-installer-rke2 target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/system-agent-installer-rke2' type: repository @@ -1673,6 +1714,7 @@ sync: - v1.28.9-rke2r1 - v1.29.10-rke2r1 - v1.29.11-rke2r1 + - v1.29.12-rke2r1 - v1.29.3-rke2r1 - v1.29.4-rke2r1 - v1.29.5-rke2r1 @@ -1687,3 +1729,4 @@ sync: - v1.30.5-rke2r1 - v1.30.6-rke2r1 - v1.30.7-rke2r1 + - v1.30.8-rke2r1