diff --git a/channels-rke2.yaml b/channels-rke2.yaml index a4d59bc2b..f199fe344 100644 --- a/channels-rke2.yaml +++ b/channels-rke2.yaml @@ -1,6 +1,6 @@ channels: - name: default - latest: v1.22.15+rke2r2 + latest: v1.22.16+rke2r1 appDefaults: - appName: rancher defaults: @@ -631,6 +631,14 @@ releases: repo: rancher-rke2-charts version: 1.12.102 featureVersions: *featureVersions-v1 + - version: v1.22.16+rke2r1 + minChannelServerVersion: v2.6.3-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v1-22-11-rke2r1 + agentArgs: *agentArgs-v1-22-11-rke2r1 + charts: &charts-v1-22-16-rke2r1 + <<: *charts-v1-22-15-rke2r2 + featureVersions: *featureVersions-v1 - version: v1.23.4+rke2r2 minChannelServerVersion: v2.6.4-alpha1 maxChannelServerVersion: v2.6.99 @@ -809,6 +817,23 @@ releases: repo: rancher-rke2-charts version: v3.24.102 featureVersions: *featureVersions-v1 + - version: v1.23.14+rke2r1 + minChannelServerVersion: v2.6.4-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v1-23-8-rke2r1 + agentArgs: *agentArgs-v1-23-8-rke2r1 + charts: &charts-v1-23-14-rke2r1 + <<: *charts-v1-23-13-rke2r1 + rke2-cilium: + repo: rancher-rke2-charts + version: 1.12.302 + rke2-calico: + repo: rancher-rke2-charts + version: v3.24.103 + rke2-calico-crd: + repo: rancher-rke2-charts + version: v3.24.103 + featureVersions: *featureVersions-v1 - version: v1.24.2+rke2r1 minChannelServerVersion: v2.6.7-alpha1 maxChannelServerVersion: v2.6.99 @@ -880,3 +905,26 @@ releases: repo: rancher-rke2-charts version: v3.24.102 featureVersions: *featureVersions-v1 + - version: v1.24.8+rke2r1 + minChannelServerVersion: v2.6.7-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v1-24-2-rke2r1 + agentArgs: *agentArgs-v1-24-2-rke2r1 + charts: &charts-v1-24-8-rke2r1 + <<: *charts-v1-24-7-rke2r1 + rke2-cilium: + repo: rancher-rke2-charts + version: 1.12.302 + rancher-vsphere-cpi: + repo: rancher-charts + version: 1.4.100 + rancher-vsphere-csi: + repo: rancher-rke2-charts + version: 2.6.2-rancher100 + rke2-calico: + repo: rancher-rke2-charts + version: v3.24.103 + rke2-calico-crd: + repo: rancher-rke2-charts + version: v3.24.103 + featureVersions: *featureVersions-v1 diff --git a/channels.yaml b/channels.yaml index 82d9d69ac..346c77873 100644 --- a/channels.yaml +++ b/channels.yaml @@ -1,6 +1,6 @@ channels: - name: default - latest: v1.22.15+k3s1 + latest: v1.22.16+k3s1 appDefaults: - appName: rancher defaults: @@ -234,6 +234,12 @@ releases: serverArgs: *serverArgs-v3 agentArgs: *agentArgs-v2 featureVersions: *featureVersions-v1 + - version: v1.22.16+k3s1 + minChannelServerVersion: v2.6.3-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v3 + agentArgs: *agentArgs-v2 + featureVersions: *featureVersions-v1 - version: v1.23.4+k3s1 minChannelServerVersion: v2.6.4-alpha1 maxChannelServerVersion: v2.6.99 @@ -271,6 +277,12 @@ releases: serverArgs: *serverArgs-v3 agentArgs: *agentArgs-v2 featureVersions: *featureVersions-v1 + - version: v1.23.14+k3s1 + minChannelServerVersion: v2.6.4-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v3 + agentArgs: *agentArgs-v2 + featureVersions: *featureVersions-v1 - version: v1.24.2+k3s2 minChannelServerVersion: v2.6.7-alpha1 maxChannelServerVersion: v2.6.99 @@ -286,6 +298,12 @@ releases: # v1.24.5+k3s1 was never released # v1.24.6+k3s1 was never released through KDM - version: v1.24.7+k3s1 + minChannelServerVersion: v2.6.7-alpha1 + maxChannelServerVersion: v2.6.99 + serverArgs: *serverArgs-v3 + agentArgs: *agentArgs-v2 + featureVersions: *featureVersions-v1 + - version: v1.24.8+k3s1 minChannelServerVersion: v2.6.7-alpha1 maxChannelServerVersion: v2.6.99 serverArgs: *serverArgs-v3 diff --git a/data/data.json b/data/data.json index b1917cb28..d9c6f2e44 100644 --- a/data/data.json +++ b/data/data.json @@ -10292,6 +10292,49 @@ "aciGbpServerContainer": "noiro/gbp-server:5.2.3.2.1d150da", "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.2.1d150da" }, + "v1.22.16-rancher1-1": { + "etcd": "rancher/mirrored-coreos-etcd:v3.5.3", + "alpine": "rancher/rke-tools:v0.1.88", + "nginxProxy": "rancher/rke-tools:v0.1.88", + "certDownloader": "rancher/rke-tools:v0.1.88", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.88", + "kubedns": "rancher/mirrored-k8s-dns-kube-dns:1.17.4", + "dnsmasq": "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.17.4", + "kubednsSidecar": "rancher/mirrored-k8s-dns-sidecar:1.17.4", + "kubednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.3", + "coredns": "rancher/mirrored-coredns-coredns:1.8.6", + "corednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + "nodelocal": "rancher/mirrored-k8s-dns-node-cache:1.21.1", + "kubernetes": "rancher/hyperkube:v1.22.16-rancher1", + "flannel": "rancher/mirrored-coreos-flannel:v0.15.1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher6", + "calicoNode": "rancher/mirrored-calico-node:v3.21.1", + "calicoCni": "rancher/calico-cni:v3.21.3-rancher1", + "calicoControllers": "rancher/mirrored-calico-kube-controllers:v3.21.1", + "calicoCtl": "rancher/mirrored-calico-ctl:v3.21.1", + "calicoFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.21.1", + "canalNode": "rancher/mirrored-calico-node:v3.21.1", + "canalCni": "rancher/calico-cni:v3.21.3-rancher1", + "canalControllers": "rancher/mirrored-calico-kube-controllers:v3.21.1", + "canalFlannel": "rancher/mirrored-flannelcni-flannel:v0.17.0", + "canalFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.21.1", + "weaveNode": "weaveworks/weave-kube:2.8.1", + "weaveCni": "weaveworks/weave-npc:2.8.1", + "podInfraContainer": "rancher/mirrored-pause:3.6", + "ingress": "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + "ingressBackend": "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + "ingressWebhook": "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + "metricsServer": "rancher/mirrored-metrics-server:v0.5.2", + "windowsPodInfraContainer": "rancher/mirrored-pause:3.6", + "aciCniDeployContainer": "noiro/cnideploy:5.2.3.4.1d150da", + "aciHostContainer": "noiro/aci-containers-host:5.2.3.4.1d150da", + "aciOpflexContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciMcastContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciOvsContainer": "noiro/openvswitch:5.2.3.4.1d150da", + "aciControllerContainer": "noiro/aci-containers-controller:5.2.3.4.1d150da", + "aciGbpServerContainer": "noiro/gbp-server:5.2.3.4.1d150da", + "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.4.1d150da" + }, "v1.22.4-rancher1-1": { "etcd": "rancher/mirrored-coreos-etcd:v3.5.0", "alpine": "rancher/rke-tools:v0.1.78", @@ -10679,6 +10722,49 @@ "aciGbpServerContainer": "noiro/gbp-server:5.2.3.2.1d150da", "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.2.1d150da" }, + "v1.23.14-rancher1-1": { + "etcd": "rancher/mirrored-coreos-etcd:v3.5.3", + "alpine": "rancher/rke-tools:v0.1.88", + "nginxProxy": "rancher/rke-tools:v0.1.88", + "certDownloader": "rancher/rke-tools:v0.1.88", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.88", + "kubedns": "rancher/mirrored-k8s-dns-kube-dns:1.21.1", + "dnsmasq": "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1", + "kubednsSidecar": "rancher/mirrored-k8s-dns-sidecar:1.21.1", + "kubednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + "coredns": "rancher/mirrored-coredns-coredns:1.9.0", + "corednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + "nodelocal": "rancher/mirrored-k8s-dns-node-cache:1.21.1", + "kubernetes": "rancher/hyperkube:v1.23.14-rancher1", + "flannel": "rancher/mirrored-coreos-flannel:v0.15.1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher6", + "calicoNode": "rancher/mirrored-calico-node:v3.22.0", + "calicoCni": "rancher/calico-cni:v3.22.0-rancher1", + "calicoControllers": "rancher/mirrored-calico-kube-controllers:v3.22.0", + "calicoCtl": "rancher/mirrored-calico-ctl:v3.22.0", + "calicoFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + "canalNode": "rancher/mirrored-calico-node:v3.22.0", + "canalCni": "rancher/calico-cni:v3.22.0-rancher1", + "canalControllers": "rancher/mirrored-calico-kube-controllers:v3.22.0", + "canalFlannel": "rancher/mirrored-flannelcni-flannel:v0.17.0", + "canalFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + "weaveNode": "weaveworks/weave-kube:2.8.1", + "weaveCni": "weaveworks/weave-npc:2.8.1", + "podInfraContainer": "rancher/mirrored-pause:3.6", + "ingress": "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + "ingressBackend": "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + "ingressWebhook": "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + "metricsServer": "rancher/mirrored-metrics-server:v0.6.1", + "windowsPodInfraContainer": "rancher/mirrored-pause:3.6", + "aciCniDeployContainer": "noiro/cnideploy:5.2.3.4.1d150da", + "aciHostContainer": "noiro/aci-containers-host:5.2.3.4.1d150da", + "aciOpflexContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciMcastContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciOvsContainer": "noiro/openvswitch:5.2.3.4.1d150da", + "aciControllerContainer": "noiro/aci-containers-controller:5.2.3.4.1d150da", + "aciGbpServerContainer": "noiro/gbp-server:5.2.3.4.1d150da", + "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.4.1d150da" + }, "v1.23.4-rancher1-1": { "etcd": "rancher/mirrored-coreos-etcd:v3.5.2", "alpine": "rancher/rke-tools:v0.1.80", @@ -11023,6 +11109,49 @@ "aciGbpServerContainer": "noiro/gbp-server:5.2.3.2.1d150da", "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.2.1d150da" }, + "v1.24.8-rancher1-1": { + "etcd": "rancher/mirrored-coreos-etcd:v3.5.4", + "alpine": "rancher/rke-tools:v0.1.88", + "nginxProxy": "rancher/rke-tools:v0.1.88", + "certDownloader": "rancher/rke-tools:v0.1.88", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.88", + "kubedns": "rancher/mirrored-k8s-dns-kube-dns:1.21.1", + "dnsmasq": "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1", + "kubednsSidecar": "rancher/mirrored-k8s-dns-sidecar:1.21.1", + "kubednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + "coredns": "rancher/mirrored-coredns-coredns:1.9.3", + "corednsAutoscaler": "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + "nodelocal": "rancher/mirrored-k8s-dns-node-cache:1.21.1", + "kubernetes": "rancher/hyperkube:v1.24.8-rancher1", + "flannel": "rancher/mirrored-coreos-flannel:v0.15.1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher6", + "calicoNode": "rancher/mirrored-calico-node:v3.22.0", + "calicoCni": "rancher/calico-cni:v3.22.0-rancher1", + "calicoControllers": "rancher/mirrored-calico-kube-controllers:v3.22.0", + "calicoCtl": "rancher/mirrored-calico-ctl:v3.22.0", + "calicoFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + "canalNode": "rancher/mirrored-calico-node:v3.22.0", + "canalCni": "rancher/calico-cni:v3.22.0-rancher1", + "canalControllers": "rancher/mirrored-calico-kube-controllers:v3.22.0", + "canalFlannel": "rancher/mirrored-flannelcni-flannel:v0.17.0", + "canalFlexVol": "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + "weaveNode": "weaveworks/weave-kube:2.8.1", + "weaveCni": "weaveworks/weave-npc:2.8.1", + "podInfraContainer": "rancher/mirrored-pause:3.6", + "ingress": "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + "ingressBackend": "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + "ingressWebhook": "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + "metricsServer": "rancher/mirrored-metrics-server:v0.6.1", + "windowsPodInfraContainer": "rancher/mirrored-pause:3.6", + "aciCniDeployContainer": "noiro/cnideploy:5.2.3.4.1d150da", + "aciHostContainer": "noiro/aci-containers-host:5.2.3.4.1d150da", + "aciOpflexContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciMcastContainer": "noiro/opflex:5.2.3.4.1d150da", + "aciOvsContainer": "noiro/openvswitch:5.2.3.4.1d150da", + "aciControllerContainer": "noiro/aci-containers-controller:5.2.3.4.1d150da", + "aciGbpServerContainer": "noiro/gbp-server:5.2.3.4.1d150da", + "aciOpflexServerContainer": "noiro/opflex-server:5.2.3.4.1d150da" + }, "v1.8.11-rancher2-1": { "etcd": "rancher/coreos-etcd:v3.0.17", "alpine": "rancher/rke-tools:v0.1.8", @@ -11132,9 +11261,13 @@ "\u003e=1.21.0-rancher0 \u003c1.21.14-rancher1-1": "aci-v5.0.0", "\u003e=1.21.14-rancher1-1 \u003c1.22.0-rancher0": "aci-v5.2.3", "\u003e=1.22.0-rancher0 \u003c1.22.11-rancher1-1": "aci-v5.0.0", - "\u003e=1.22.11-rancher1-1 \u003c1.23.0-rancher0": "aci-v5.2.3", + "\u003e=1.22.11-rancher1-1 \u003c1.22.16-rancher1-1": "aci-v5.2.3", + "\u003e=1.22.16-rancher1-1 \u003c1.23.0-rancher0": "aci-v5.2.3.4", "\u003e=1.23.0-rancher0 \u003c1.23.8-rancher1-1": "aci-v5.0.0", - "\u003e=1.23.8-rancher1-1": "aci-v5.2.3" + "\u003e=1.23.14-rancher1-1 \u003c1.24.0-rancher0": "aci-v5.2.3.4", + "\u003e=1.23.8-rancher1-1 \u003c1.23.14-rancher1-1": "aci-v5.2.3", + "\u003e=1.24.0-rancher0 \u003c1.24.8-rancher1-1": "aci-v5.2.3", + "\u003e=1.24.8-rancher1-1": "aci-v5.2.3.4" }, "calico": { "\u003e=1.13.0-rancher0 \u003c1.15.0-rancher0": "calico-v1.13", @@ -11240,6 +11373,7 @@ "templateKeys": { "aci-v5.0.0": "\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1beta1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\n{{- if ne .UseAciAnywhereCRD \"false\"}}\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: epgs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Epg\n listKind: EpgList\n plural: epgs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: contracts.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Contract\n listKind: ContractList\n plural: contracts\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: podifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: PodIF\n listKind: PodIFList\n plural: podifs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: gbpsstates.aci.aw\nspec:\n group: aci.aw\n names:\n kind: GBPSState\n listKind: GBPSStateList\n plural: gbpsstates\n scope: Namespaced\n version: v1\n subresources:\n status: {}\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n subresources:\n status: {}\n validation:\n openAPIV3Schema:\n properties:\n apiVersion:\n description: 'APIVersion defines the versioned schema of this representation\n of an object. Servers should convert recognized schemas to the latest\n internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'\n type: string\n kind:\n description: 'Kind is a string value representing the REST resource this\n object represents. Servers may infer this from the endpoint the client\n submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'\n type: string\n metadata:\n type: object\n spec:\n properties:\n selector:\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n destIp:\n type: array\n type: object\n version: v1\n versions:\n - name: v1\n served: true\n storage: true\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n version: v1\n versions:\n - name: v1\n served: true\n storage: true\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n version: v1\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n validation:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n properties:\n podSelector:\n description: 'Selection of Pods'\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n properties:\n dscp_marking:\n type: integer\n minimum: 0\n maximum: 56\n---\n{{- if ne .InstallIstio \"false\"}}\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: aciistiooperators.aci.istio\nspec:\n group: aci.istio\n names:\n kind: AciIstioOperator\n listKind: AciIstioOperatorList\n plural: aciistiooperators\n singular: aciistiooperator\n scope: Namespaced\n version: v1\n---\n{{- end}}\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"apic-use-inst-tag\": true,\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n \"require-netpol-annot\": false,\n{{- if ne .CApic \"false\"}}\n \"lb-type\": \"None\",\n{{- end}}\n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n{{- end}}\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}\"\n{{- end}}\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"service-ip-pool\": [\n {\n \"end\": \"{{.ServiceIPEnd}}\",\n \"start\": \"{{.ServiceIPStart}}\"\n }\n ],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [\n {\n \"end\": \"{{.StaticServiceIPEnd}}\",\n \"start\": \"{{.StaticServiceIPStart}}\"\n }\n ],\n \"pod-ip-pool\": [\n {\n \"end\": \"{{.PodIPEnd}}\",\n \"start\": \"{{.PodIPStart}}\"\n }\n ],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n \"pod-subnet\": \"{{.ClusterCIDR}}\",\n \"node-subnet\": \"{{.NodeSubnet}}\",\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [\n {\n \"gateway\": \"{{.PodGateway}}\",\n \"routes\": [\n {\n \"dst\": \"0.0.0.0/0\",\n \"gw\": \"{{.PodGateway}}\"\n }\n ],\n \"subnet\": \"{{.ClusterCIDR}}\"\n }\n ],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-default\"\n{{- end}}\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"}\n{{- end}}\n }\n }\n{{- if eq .RunGbpContainer \"true\"}}\n gbp-server-config: |-\n {\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .CApic \"true\"}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\"\n{{- else}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\",\n \"apic\": {\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-username\": {{.ApicUserName}},\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"kafka\": {\n \"brokers\": {{.KafkaBrokers}},\n \"client-key-path\": \"/certs/kafka-client.key\",\n \"client-cert-path\": \"/certs/kafka-client.crt\",\n \"ca-cert-path\": \"/certs/ca.crt\",\n \"topic\": {{.SystemIdentifier}}\n },\n \"cloud-info\": {\n \"cluster-name\": {{.SystemIdentifier}},\n \"subnet\": {{.SubnetDomainName}},\n \"vrf\": {{.VRFDomainName}}\n }\n }\n{{- end}}\n }\n{{- end}}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\n{{- if eq .CApic \"true\"}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: kafka-client-certificates\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n ca.crt: {{.KafkaClientCrt}}\n kafka-client.crt: {{.KafkaClientCrt}}\n kafka-client.key: {{.KafkaClientKey}}\n---\n{{- end}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n{{- if ne .InstallIstio \"false\"}}\n - serviceaccounts\n{{- end}}\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - epgs\n - contracts\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - gbpsstates\n - gbpsstates/status\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - podifs/status\n verbs:\n - \"*\"\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if eq .RunGbpContainer \"true\"}}\n - name: NODE_EPG\n value: aci-containers-nodes\"\n - name: OPFLEX_MODE\n value: overlay\n{{- else}}\n - name: NODE_EPG\n value: \"aci-containers-{{.SystemIdentifier}}|aci-containers-nodes\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n livenessProbe:\n httpGet:\n path: /status\n port: 8090\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if eq .RunGbpContainer \"true\"}}\n - name: SSL_MODE\n value: disabled\n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexServerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - operator: Exists\n effect: NoSchedule\n{{- end }}\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n{{- if eq .RunGbpContainer \"true\"}}\n - name: aci-gbpserver\n image: {{.AciGbpServerContainer}}\n imagePullPolicy: {{ .ImagePullPolicy }}\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n mountPath: /certs\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n{{- end}}\n env:\n - name: GBP_SERVER_CONF\n value: /usr/local/etc/aci-containers/gbp-server.conf\n{{- end}}\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n httpGet:\n path: /status\n port: 8091\n volumes:\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n secret:\n secretName: kafka-client-certificates\n{{- end}}\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n{{- if eq .RunGbpContainer \"true\"}}\n - key: gbp-server-config\n path: gbp-server.conf\n{{- end}}\n{{- if eq .CApic \"true\"}}\n---\napiVersion: aci.aw/v1\nkind: PodIF\nmetadata:\n name: inet-route\n namespace: kube-system\nstatus:\n epg: aci-containers-inet-out\n ipaddr: 0.0.0.0/0\n{{- end}}\n", "aci-v5.2.3": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1beta1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\n{{- if ne .UseAciAnywhereCRD \"false\"}}\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: epgs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Epg\n listKind: EpgList\n plural: epgs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: contracts.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Contract\n listKind: ContractList\n plural: contracts\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: podifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: PodIF\n listKind: PodIFList\n plural: podifs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: gbpsstates.aci.aw\nspec:\n group: aci.aw\n names:\n kind: GBPSState\n listKind: GBPSStateList\n plural: gbpsstates\n scope: Namespaced\n version: v1\n subresources:\n status: {}\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_istio:\n type: boolean\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .CApic \"false\"}}\n \"lb-type\": \"None\",\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n{{- end}}\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}\"\n{{- end}}\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"service-ip-pool\": [\n {\n \"end\": \"{{.ServiceIPEnd}}\",\n \"start\": \"{{.ServiceIPStart}}\"\n }\n ],\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [\n {\n \"end\": \"{{.StaticServiceIPEnd}}\",\n \"start\": \"{{.StaticServiceIPStart}}\"\n }\n ],\n \"pod-ip-pool\": [\n {\n \"end\": \"{{.PodIPEnd}}\",\n \"start\": \"{{.PodIPStart}}\"\n }\n ],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n \"pod-subnet\": \"{{.ClusterCIDR}}\",\n \"node-subnet\": \"{{.NodeSubnet}}\",\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [\n {\n \"gateway\": \"{{.PodGateway}}\",\n \"routes\": [\n {\n \"dst\": \"0.0.0.0/0\",\n \"gw\": \"{{.PodGateway}}\"\n }\n ],\n \"subnet\": \"{{.ClusterCIDR}}\"\n }\n ],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-default\"\n{{- end}}\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n \"notif\" : { \"enabled\" : \"false\" }\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"}\n{{- end}}\n{{- if eq .RunGbpContainer \"true\"}}\n \"statistics\" : { \"mode\" : \"off\" }\n{{- end}}\n }\n }\n{{- if eq .RunGbpContainer \"true\"}}\n gbp-server-config: |-\n {\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .CApic \"true\"}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\"\n{{- else}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\",\n \"apic\": {\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-username\": {{.ApicUserName}},\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"kafka\": {\n \"brokers\": {{.KafkaBrokers}},\n \"client-key-path\": \"/certs/kafka-client.key\",\n \"client-cert-path\": \"/certs/kafka-client.crt\",\n \"ca-cert-path\": \"/certs/ca.crt\",\n \"topic\": {{.SystemIdentifier}}\n },\n \"cloud-info\": {\n \"cluster-name\": {{.SystemIdentifier}},\n \"subnet\": {{.SubnetDomainName}},\n \"vrf\": {{.VRFDomainName}}\n }\n }\n{{- end}}\n }\n{{- end}}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\n{{- if eq .CApic \"true\"}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: kafka-client-certificates\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n ca.crt: {{.KafkaClientCrt}}\n kafka-client.crt: {{.KafkaClientCrt}}\n kafka-client.key: {{.KafkaClientKey}}\n---\n{{- end}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - epgs\n - contracts\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - gbpsstates\n - gbpsstates/status\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - podifs/status\n verbs:\n - \"*\"\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if eq .RunGbpContainer \"true\"}}\n{{- if eq .CApic \"true\"}}\n - name: NODE_EPG\n value: \"aci-containers-nodes\"\n{{- else}}\n - name: NODE_EPG\n value: \"aci-containers-{{.SystemIdentifier}}|aci-containers-nodes\"\n{{- end}}\n - name: OPFLEX_MODE\n value: overlay\n{{- else}}\n - name: NODE_EPG\n value: \"aci-containers-{{.SystemIdentifier}}|aci-containers-nodes\"\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: true\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: true\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if eq .RunGbpContainer \"true\"}}\n - name: SSL_MODE\n value: disabled\n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexServerContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n tolerationSeconds: 60\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n{{- end }}\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n{{- if eq .RunGbpContainer \"true\"}}\n - name: aci-gbpserver\n image: {{.AciGbpServerContainer}}\n imagePullPolicy: {{ .ImagePullPolicy }}\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n mountPath: /certs\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n{{- end}}\n env:\n - name: GBP_SERVER_CONF\n value: /usr/local/etc/aci-containers/gbp-server.conf\n{{- end}}\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n secret:\n secretName: kafka-client-certificates\n{{- end}}\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n{{- if eq .RunGbpContainer \"true\"}}\n - key: gbp-server-config\n path: gbp-server.conf\n{{- end}}\n{{- if eq .CApic \"true\"}}\n---\napiVersion: aci.aw/v1\nkind: PodIF\nmetadata:\n name: inet-route\n namespace: kube-system\nstatus:\n epg: aci-containers-inet-out\n ipaddr: 0.0.0.0/0\n{{- end}}\n", + "aci-v5.2.3.4": "\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: acicontainersoperators.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AciContainersOperator\n listKind: AciContainersOperatorList\n plural: acicontainersoperators\n singular: acicontainersoperator\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: acicontainersoperator owns the lifecycle of ACI objects in the cluster\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AciContainersOperatorSpec defines the desired spec for ACI Objects\n properties:\n flavor:\n type: string\n config:\n type: string\n type: object\n status:\n description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodepodifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: NodePodIF\n listKind: NodePodIFList\n plural: nodepodifs\n singular: nodepodif\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n podifs:\n type: array\n items:\n type: object\n properties:\n containerID:\n type: string\n epg:\n type: string\n ifname:\n type: string\n ipaddr:\n type: string\n macaddr:\n type: string\n podname:\n type: string\n podns:\n type: string\n vtep:\n type: string\n required:\n - spec\n type: object\n---\n{{- if eq .UseAciCniPriorityClass \"true\"}}\napiVersion: scheduling.k8s.io/v1beta1\nkind: PriorityClass\nmetadata:\n name: acicni-priority\nvalue: 1000000000\nglobalDefault: false\ndescription: \"This priority class is used for ACI-CNI resources\"\n---\n{{- end }}\n{{- if ne .UseAciAnywhereCRD \"false\"}}\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: epgs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Epg\n listKind: EpgList\n plural: epgs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: contracts.aci.aw\nspec:\n group: aci.aw\n names:\n kind: Contract\n listKind: ContractList\n plural: contracts\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: podifs.aci.aw\nspec:\n group: aci.aw\n names:\n kind: PodIF\n listKind: PodIFList\n plural: podifs\n scope: Namespaced\n version: v1\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: gbpsstates.aci.aw\nspec:\n group: aci.aw\n names:\n kind: GBPSState\n listKind: GBPSStateList\n plural: gbpsstates\n scope: Namespaced\n version: v1\n subresources:\n status: {}\n---\n{{- end }}\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatglobalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatGlobalInfo\n listKind: SnatGlobalInfoList\n plural: snatglobalinfos\n singular: snatglobalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n description: SnatGlobalInfo is the Schema for the snatglobalinfos API\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n globalInfos:\n additionalProperties:\n items:\n properties:\n macAddress:\n type: string\n portRanges:\n items:\n properties:\n end:\n maximum: 65535\n minimum: 1\n type: integer\n start:\n maximum: 65535\n minimum: 1\n type: integer\n type: object\n type: array\n snatIp:\n type: string\n snatIpUid:\n type: string\n snatPolicyName:\n type: string\n required:\n - macAddress\n - portRanges\n - snatIp\n - snatIpUid\n - snatPolicyName\n type: object\n type: array\n type: object\n required:\n - globalInfos\n type: object\n status:\n description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatlocalinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatLocalInfo\n listKind: SnatLocalInfoList\n plural: snatlocalinfos\n singular: snatlocalinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo\n properties:\n localInfos:\n items:\n properties:\n podName:\n type: string\n podNamespace:\n type: string\n podUid:\n type: string\n snatPolicies:\n items:\n properties:\n destIp:\n items:\n type: string\n type: array\n name:\n type: string\n snatIp:\n type: string\n required:\n - destIp\n - name\n - snatIp\n type: object\n type: array\n required:\n - podName\n - podNamespace\n - podUid\n - snatPolicies\n type: object\n type: array\n required:\n - localInfos\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: snatpolicies.aci.snat\nspec:\n group: aci.snat\n names:\n kind: SnatPolicy\n listKind: SnatPolicyList\n plural: snatpolicies\n singular: snatpolicy\n scope: Cluster\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n type: object\n properties:\n selector:\n type: object\n properties:\n labels:\n type: object\n description: 'Selection of Pods'\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n type: object\n snatIp:\n type: array\n items:\n type: string\n destIp:\n type: array\n items:\n type: string\n type: object\n status:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: nodeinfos.aci.snat\nspec:\n group: aci.snat\n names:\n kind: NodeInfo\n listKind: NodeInfoList\n plural: nodeinfos\n singular: nodeinfo\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n macaddress:\n type: string\n snatpolicynames:\n additionalProperties:\n type: boolean\n type: object\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: rdconfigs.aci.snat\nspec:\n group: aci.snat\n names:\n kind: RdConfig\n listKind: RdConfigList\n plural: rdconfigs\n singular: rdconfig\n scope: Namespaced\n versions:\n - name: v1\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n discoveredsubnets:\n items:\n type: string\n type: array\n usersubnets:\n items:\n type: string\n type: array\n type: object\n status:\n description: NodeinfoStatus defines the observed state of Nodeinfo\n type: object\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.aci.netpol\nspec:\n group: aci.netpol\n names:\n kind: NetworkPolicy\n listKind: NetworkPolicyList\n plural: networkpolicies\n singular: networkpolicy\n scope: Namespaced\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n description: Network Policy describes traffic flow at IP address or port level\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs default to false.\n type: boolean\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n to:\n description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n toFqDn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - enableLogging\n - toFqDn\n type: object\n type: array\n ingress:\n description: Set of ingress rules evaluated based on the order in which they are set.\n items:\n properties:\n action:\n description: Action specifies the action to be applied on the rule.\n type: string\n enableLogging:\n description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false.\n type: boolean\n from:\n description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources.\n items:\n properties:\n ipBlock:\n description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector.\n properties:\n cidr:\n description: CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\"\n type: string\n except:\n description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" or \"2001:db9::/64\" Except values will be rejected if they are outside the CIDR range\n items:\n type: string\n type: array\n required:\n - cidr\n type: object\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector.\n properties:\n matchExpressions:\n description: matchExpressions is a list of label selector requirements. The requirements are ANDed.\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n type: array\n ports:\n description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports.\n items:\n description: NetworkPolicyPort describes the port and protocol to match in a rule.\n properties:\n endPort:\n description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified.\n format: int32\n type: integer\n port:\n anyOf:\n - type: integer\n - type: string\n description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers.\n x-kubernetes-int-or-string: true\n protocol:\n default: TCP\n description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.\n type: string\n type: object\n type: array\n type: object\n type: array\n policyTypes:\n items:\n description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8\n type: string\n type: array\n priority:\n description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies.\n type: integer\n type:\n description: type of the policy.\n type: string\n required:\n - type\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: dnsnetworkpolicies.aci.dnsnetpol\nspec:\n group: aci.dnsnetpol\n names:\n kind: DnsNetworkPolicy\n listKind: DnsNetworkPolicyList\n plural: dnsnetworkpolicies\n singular: dnsnetworkpolicy\n scope: Namespaced\n versions:\n - name: v1beta\n schema:\n openAPIV3Schema:\n description: dns network Policy\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n properties:\n appliedTo:\n properties:\n namespaceSelector:\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n type: string\n values:\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n podSelector:\n description: allow ingress from the same namespace\n properties:\n matchExpressions:\n items:\n properties:\n key:\n type: string\n operator:\n description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.\n type: string\n values:\n description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.\n items:\n type: string\n type: array\n required:\n - key\n - operator\n type: object\n type: array\n matchLabels:\n additionalProperties:\n type: string\n type: object\n type: object\n type: object\n egress:\n description: Set of egress rules evaluated based on the order in which they are set.\n properties:\n toFqdn:\n properties:\n matchNames:\n items:\n type: string\n type: array\n required:\n - matchNames\n type: object\n required:\n - toFqdn\n type: object\n type: object\n required:\n - spec\n type: object\n served: true\n storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n conditions: []\n storedVersions: []\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: qospolicies.aci.qos\nspec:\n group: aci.qos\n names:\n kind: QosPolicy\n listKind: QosPolicyList\n plural: qospolicies\n singular: qospolicy\n scope: Namespaced\n preserveUnknownFields: false\n versions:\n - name: v1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n podSelector:\n description: 'Selection of Pods'\n type: object\n properties:\n matchLabels:\n type: object\n description:\n ingress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n egress:\n type: object\n properties:\n policing_rate:\n type: integer\n minimum: 0\n policing_burst:\n type: integer\n minimum: 0\n dscpmark:\n type: integer\n default: 0\n minimum: 0\n maximum: 63\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: netflowpolicies.aci.netflow\nspec:\n group: aci.netflow\n names:\n kind: NetflowPolicy\n listKind: NetflowPolicyList\n plural: netflowpolicies\n singular: netflowpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n flowSamplingPolicy:\n type: object\n properties:\n destIp:\n type: string\n destPort:\n type: integer\n minimum: 0\n maximum: 65535\n default: 2055\n flowType:\n type: string\n enum:\n - netflow\n - ipfix\n default: netflow\n activeFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 3600\n default: 60\n idleFlowTimeOut:\n type: integer\n minimum: 0\n maximum: 600\n default: 15\n samplingRate:\n type: integer\n minimum: 0\n maximum: 1000\n default: 0\n required:\n - destIp\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: erspanpolicies.aci.erspan\nspec:\n group: aci.erspan\n names:\n kind: ErspanPolicy\n listKind: ErspanPolicyList\n plural: erspanpolicies\n singular: erspanpolicy\n scope: Cluster\n preserveUnknownFields: false\n versions:\n - name: v1alpha\n served: true\n storage: true\n schema:\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n type: object\n properties:\n selector:\n type: object\n description: 'Selection of Pods'\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n namespace:\n type: string\n source:\n type: object\n properties:\n adminState:\n description: Administrative state.\n default: start\n type: string\n enum:\n - start\n - stop\n direction:\n description: Direction of the packets to monitor.\n default: both\n type: string\n enum:\n - in\n - out\n - both\n destination:\n type: object\n properties:\n destIP:\n description: Destination IP of the ERSPAN packet.\n type: string\n flowID:\n description: Unique flow ID of the ERSPAN packet.\n default: 1\n type: integer\n minimum: 1\n maximum: 1023\n required:\n - destIP\n type: object\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: enabledroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: EnableDropLog\n listKind: EnableDropLogList\n plural: enabledroplogs\n singular: enabledroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of EnableDropLog\n type: object\n properties:\n disableDefaultDropLog:\n description: Disables the default droplog enabled by acc-provision.\n default: false\n type: boolean\n nodeSelector:\n type: object\n description: Drop logging is enabled on nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: prunedroplogs.aci.droplog\nspec:\n group: aci.droplog\n names:\n kind: PruneDropLog\n listKind: PruneDropLogList\n plural: prunedroplogs\n singular: prunedroplog\n scope: Cluster\n versions:\n - name: v1alpha1\n served: true\n storage: true\n schema:\n # openAPIV3Schema is the schema for validating custom objects.\n openAPIV3Schema:\n type: object\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n spec:\n description: Defines the desired state of PruneDropLog\n type: object\n properties:\n nodeSelector:\n type: object\n description: Drop logging filters are applied to nodes selected based on labels\n properties:\n labels:\n type: object\n properties:\n additionalProperties:\n type: string\n dropLogFilters:\n type: object\n properties:\n srcIP:\n type: string\n destIP:\n type: string\n srcMAC:\n type: string\n destMAC:\n type: string\n srcPort:\n type: integer\n destPort:\n type: integer\n ipProto:\n type: integer\n---\napiVersion: apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: accprovisioninputs.aci.ctrl\nspec:\n group: aci.ctrl\n names:\n kind: AccProvisionInput\n listKind: AccProvisionInputList\n plural: accprovisioninputs\n singular: accprovisioninput\n scope: Namespaced\n versions:\n - name: v1alpha1\n served: true\n storage: true\n subresources:\n status: {}\n schema:\n openAPIV3Schema:\n description: accprovisioninput defines the input configuration for ACI CNI\n properties:\n apiVersion:\n type: string\n kind:\n type: string\n metadata:\n type: object\n spec:\n description: AccProvisionInputSpec defines the desired spec for accprovisioninput object\n properties:\n acc_provision_input:\n type: object\n properties:\n operator_managed_config:\n type: object\n properties:\n enable_updates:\n type: boolean\n aci_config:\n type: object\n properties:\n sync_login:\n type: object\n properties:\n certfile:\n type: string\n keyfile:\n type: string\n client_ssl:\n type: boolean\n net_config:\n type: object\n properties:\n interface_mtu:\n type: integer\n service_monitor_interval:\n type: integer\n pbr_tracking_non_snat:\n type: boolean\n pod_subnet_chunk_size:\n type: integer\n disable_wait_for_network:\n type: boolean\n duration_wait_for_network:\n type: integer\n registry:\n type: object\n properties:\n image_prefix:\n type: string\n image_pull_secret:\n type: string\n aci_containers_operator_version:\n type: string\n aci_containers_controller_version:\n type: string\n aci_containers_host_version:\n type: string\n acc_provision_operator_version:\n type: string\n aci_cni_operator_version:\n type: string\n cnideploy_version:\n type: string\n opflex_agent_version:\n type: string\n openvswitch_version:\n type: string\n gbp_version:\n type: string\n logging:\n type: object\n properties:\n controller_log_level:\n type: string\n hostagent_log_level:\n type: string\n opflexagent_log_level:\n type: string\n istio_config:\n type: object\n properties:\n install_istio:\n type: boolean\n install_profile:\n type: string\n multus:\n type: object\n properties:\n disable:\n type: boolean\n drop_log_config:\n type: object\n properties:\n enable:\n type: boolean\n nodepodif_config:\n type: object\n properties:\n enable:\n type: boolean\n sriov_config:\n type: object\n properties:\n enable:\n type: boolean\n kube_config:\n type: object\n properties:\n ovs_memory_limit:\n type: string\n use_privileged_containers:\n type: boolean\n image_pull_policy:\n type: string\n reboot_opflex_with_ovs:\n type: string\n snat_operator:\n type: object\n properties:\n port_range:\n type: object\n properties:\n start:\n type: integer\n end:\n type: integer\n ports_per_node:\n type: integer\n contract_scope:\n type: string\n disable_periodic_snat_global_info_sync:\n type: boolean\n type: object\n status:\n description: AccProvisionInputStatus defines the successful completion of AccProvisionInput\n properties:\n status:\n type: boolean\n type: object\n required:\n - spec\n type: object\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: aci-containers-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n controller-config: |-\n {\n \"log-level\": \"{{.ControllerLogLevel}}\",\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-refreshtime\": \"{{.ApicRefreshTime}}\",\n \"apic-subscription-delay\": {{.ApicSubscriptionDelay}},\n \"apic_refreshticker_adjust\": \"{{.ApicRefreshTickerAdjust}}\",\n \"apic-username\": \"{{.ApicUserName}}\",\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n{{- if ne .CApic \"false\"}}\n \"lb-type\": \"None\",\n{{- end}}\n{{- if ne .NoWaitForServiceEpReadiness \"false\"}}\n \"no-wait-for-service-ep-readiness\": {{.NoWaitForServiceEpReadiness}},\n{{- end}}\n{{- if ne .AddExternalSubnetsToRdconfig \"false\"}}\n \"add-external-subnets-to-rdconfig\": {{.AddExternalSubnetsToRdconfig}},\n{{- end}}\n{{- if ne .DisablePeriodicSnatGlobalInfoSync \"false\"}}\n \"disable-periodic-snat-global-info-sync\": {{.DisablePeriodicSnatGlobalInfoSync}},\n{{- end}}\n \"opflex-device-delete-timeout\": {{.OpflexDeviceDeleteTimeout}},\n \"install-istio\": {{.InstallIstio}},\n \"istio-profile\": \"{{.IstioProfile}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-podbd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd\",\n \"aci-nodebd-dn\": \"uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd\",\n{{- end}}\n \"aci-service-phys-dom\": \"{{.SystemIdentifier}}-pdom\",\n \"aci-service-encap\": \"vlan-{{.ServiceVlan}}\",\n \"aci-service-monitor-interval\": {{.ServiceMonitorInterval}},\n \"aci-pbr-tracking-non-snat\": {{.PBRTrackingNonSnat}},\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"aci-l3out\": \"{{.L3Out}}\",\n \"aci-ext-networks\": {{.L3OutExternalNetworks}},\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}\"\n{{- end}}\n },\n \"max-nodes-svc-graph\": {{.MaxNodesSvcGraph}},\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"service-ip-pool\": [\n {\n \"end\": \"{{.ServiceIPEnd}}\",\n \"start\": \"{{.ServiceIPStart}}\"\n }\n ],\n{{- if ne .StaticExternalSubnet \"\"}}\n \"extern-static\": \"{{.StaticExternalSubnet}}\",\n{{- end}}\n{{- if ne .DynamicExternalSubnet \"\"}}\n \"extern-dynamic\": \"{{.DynamicExternalSubnet}}\",\n{{- end}}\n \"snat-contract-scope\": \"{{.SnatContractScope}}\",\n \"static-service-ip-pool\": [\n {\n \"end\": \"{{.StaticServiceIPEnd}}\",\n \"start\": \"{{.StaticServiceIPStart}}\"\n }\n ],\n \"pod-ip-pool\": [\n {\n \"end\": \"{{.PodIPEnd}}\",\n \"start\": \"{{.PodIPStart}}\"\n }\n ],\n \"pod-subnet-chunk-size\": {{.PodSubnetChunkSize}},\n \"node-service-ip-pool\": [\n {\n \"end\": \"{{.NodeServiceIPEnd}}\",\n \"start\": \"{{.NodeServiceIPStart}}\"\n }\n ],\n \"node-service-subnets\": [\n \"{{.ServiceGraphSubnet}}\"\n ],\n \"enable_endpointslice\": {{.EnableEndpointSlice}}\n }\n host-agent-config: |-\n {\n \"app-profile\": \"aci-containers-{{.SystemIdentifier}}\",\n{{- if ne .EpRegistry \"\"}}\n \"ep-registry\": \"{{.EpRegistry}}\",\n{{- else}}\n \"ep-registry\": null,\n{{- end}}\n{{- if ne .OpflexMode \"\"}}\n \"opflex-mode\": \"{{.OpflexMode}}\",\n{{- else}}\n \"opflex-mode\": null,\n{{- end}}\n \"log-level\": \"{{.HostAgentLogLevel}}\",\n \"aci-snat-namespace\": \"{{.SnatNamespace}}\",\n \"aci-vmm-type\": \"Kubernetes\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .VmmController \"\"}}\n \"aci-vmm-controller\": \"{{.VmmController}}\",\n{{- else}}\n \"aci-vmm-controller\": \"{{.SystemIdentifier}}\",\n{{- end}}\n \"aci-prefix\": \"{{.SystemIdentifier}}\",\n{{- if ne .CApic \"true\"}}\n \"aci-vrf\": \"{{.VRFName}}\",\n{{- else}}\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- end}}\n \"aci-vrf-tenant\": \"{{.VRFTenant}}\",\n \"service-vlan\": {{.ServiceVlan}},\n \"kubeapi-vlan\": {{.KubeAPIVlan}},\n \"pod-subnet\": \"{{.ClusterCIDR}}\",\n \"node-subnet\": \"{{.NodeSubnet}}\",\n \"encap-type\": \"{{.EncapType}}\",\n \"aci-infra-vlan\": {{.InfraVlan}},\n{{- if .MTU}}\n{{- if ne .MTU 0}}\n \"interface-mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n{{- if .MTUHeadRoom}}\n{{- if ne .MTUHeadRoom \"0\"}}\n \"interface-mtu-headroom\": {{.MTUHeadRoom}},\n{{- end}}\n{{- end}}\n \"cni-netconfig\": [\n {\n \"gateway\": \"{{.PodGateway}}\",\n \"routes\": [\n {\n \"dst\": \"0.0.0.0/0\",\n \"gw\": \"{{.PodGateway}}\"\n }\n ],\n \"subnet\": \"{{.ClusterCIDR}}\"\n }\n ],\n \"default-endpoint-group\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-default\"\n{{- else}}\n \"name\": \"aci-containers-default\"\n{{- end}}\n },\n \"namespace-default-endpoint-group\": {\n \"aci-containers-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"istio-operator\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"istio-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-istio\"\n{{- else}}\n \"name\": \"aci-containers-istio\"\n{{- end}}\n },\n \"kube-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-system\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-prometheus\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n },\n \"cattle-logging\": {\n \"policy-space\": \"{{.Tenant}}\",\n{{- if ne .CApic \"true\"}}\n \"name\": \"aci-containers-{{.SystemIdentifier}}|aci-containers-system\"\n{{- else}}\n \"name\": \"aci-containers-system\"\n{{- end}}\n } },\n \"enable-drop-log\": {{.DropLogEnable}},\n \"enable_endpointslice\": {{.EnableEndpointSlice}},\n \"enable-nodepodif\": {{.NodePodIfEnable}},\n \"enable-ovs-hw-offload\": {{.SriovEnable}}\n }\n opflex-agent-config: |-\n {\n \"log\": {\n \"level\": \"{{.OpflexAgentLogLevel}}\"\n },\n \"opflex\": {\n \"notif\" : { \"enabled\" : \"false\" }\n{{- if eq .OpflexClientSSL \"false\"}}\n \"ssl\": { \"mode\": \"disabled\"}\n{{- end}}\n{{- if eq .RunGbpContainer \"true\"}}\n \"statistics\" : { \"mode\" : \"off\" }\n{{- end}}\n }\n }\n{{- if eq .RunGbpContainer \"true\"}}\n gbp-server-config: |-\n {\n \"aci-policy-tenant\": \"{{.Tenant}}\",\n \"aci-vrf\": \"{{.OverlayVRFName}}\",\n{{- if ne .VmmDomain \"\"}}\n \"aci-vmm-domain\": \"{{.VmmDomain}}\",\n{{- else}}\n \"aci-vmm-domain\": \"{{.SystemIdentifier}}\",\n{{- end}}\n{{- if ne .CApic \"true\"}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\"\n{{- else}}\n \"pod-subnet\": \"{{.GbpPodSubnet}}\",\n \"apic\": {\n \"apic-hosts\": {{.ApicHosts}},\n \"apic-username\": {{.ApicUserName}},\n \"apic-private-key-path\": \"/usr/local/etc/aci-cert/user.key\",\n \"kafka\": {\n \"brokers\": {{.KafkaBrokers}},\n \"client-key-path\": \"/certs/kafka-client.key\",\n \"client-cert-path\": \"/certs/kafka-client.crt\",\n \"ca-cert-path\": \"/certs/ca.crt\",\n \"topic\": {{.SystemIdentifier}}\n },\n \"cloud-info\": {\n \"cluster-name\": {{.SystemIdentifier}},\n \"subnet\": {{.SubnetDomainName}},\n \"vrf\": {{.VRFDomainName}}\n }\n }\n{{- end}}\n }\n{{- end}}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: snat-operator-config\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\ndata:\n \"start\": \"{{.SnatPortRangeStart}}\"\n \"end\": \"{{.SnatPortRangeEnd}}\"\n \"ports-per-node\": \"{{.SnatPortsPerNode}}\"\n---\napiVersion: v1\nkind: Secret\nmetadata:\n name: aci-user-cert\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n user.key: {{.ApicUserKey}}\n user.crt: {{.ApicUserCrt}}\n---\n{{- if eq .CApic \"true\"}}\napiVersion: v1\nkind: Secret\nmetadata:\n name: kafka-client-certificates\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\ndata:\n ca.crt: {{.KafkaClientCrt}}\n kafka-client.crt: {{.KafkaClientCrt}}\n kafka-client.key: {{.KafkaClientKey}}\n---\n{{- end}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: aci-containers-host-agent\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n---\n{{- if eq .UseClusterRole \"true\"}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:controller\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - events\n - replicationcontrollers\n - serviceaccounts\n verbs:\n - list\n - watch\n - get\n - patch\n - create\n - update\n - delete\n- apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - '*'\n- apiGroups:\n - \"rbac.authorization.k8s.io\"\n resources:\n - clusterroles\n - clusterrolebindings\n verbs:\n - '*'\n{{- if ne .InstallIstio \"false\"}}\n- apiGroups:\n - \"install.istio.io\"\n resources:\n - istiocontrolplanes\n - istiooperators\n verbs:\n - '*'\n- apiGroups:\n - \"aci.istio\"\n resources:\n - aciistiooperators\n - aciistiooperator\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - epgs\n - contracts\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - gbpsstates\n - gbpsstates/status\n verbs:\n - '*'\n{{- end}}\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n - daemonsets\n - statefulsets\n verbs:\n - '*'\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - services/status\n verbs:\n - update\n- apiGroups:\n - \"monitoring.coreos.com\"\n resources:\n - servicemonitors\n verbs:\n - get\n - create\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies/finalizers\n - snatpolicies/status\n - nodeinfos\n verbs:\n - update\n - create\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatglobalinfos\n - snatpolicies\n - nodeinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.netflow\"\n resources:\n - netflowpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.erspan\"\n resources:\n - erspanpolicies\n verbs:\n - list\n - watch\n - get\n - update\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - '*'\n- apiGroups:\n - apps.openshift.io\n resources:\n - deploymentconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n- apiGroups:\n - \"aci.dnsnetpol\"\n resources:\n - dnsnetworkpolicies\n verbs:\n - get\n - list\n - watch\n - create\n - update\n - delete\n---\n{{- end}}\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers:host-agent\nrules:\n- apiGroups:\n - \"\"\n resources:\n - nodes\n - namespaces\n - pods\n - endpoints\n - services\n - replicationcontrollers\n verbs:\n - list\n - watch\n - get\n{{- if ne .DropLogEnable \"false\"}}\n - update\n- apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n{{- end}}\n- apiGroups:\n - \"apiextensions.k8s.io\"\n resources:\n - customresourcedefinitions\n verbs:\n - list\n - watch\n - get\n{{- if ne .UseAciAnywhereCRD \"false\"}}\n- apiGroups:\n - \"aci.aw\"\n resources:\n - podifs\n - podifs/status\n verbs:\n - \"*\"\n{{- end}}\n- apiGroups:\n - \"networking.k8s.io\"\n resources:\n - networkpolicies\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"apps\"\n resources:\n - deployments\n - replicasets\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - snatpolicies\n - snatglobalinfos\n - rdconfigs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.qos\"\n resources:\n - qospolicies\n verbs:\n - list\n - watch\n - get\n - create\n - update\n - delete\n - patch\n- apiGroups:\n - \"aci.droplog\"\n resources:\n - enabledroplogs\n - prunedroplogs\n verbs:\n - list\n - watch\n - get\n- apiGroups:\n - \"aci.snat\"\n resources:\n - nodeinfos\n - snatlocalinfos\n verbs:\n - create\n - update\n - list\n - watch\n - get\n - delete\n- apiGroups:\n - discovery.k8s.io\n resources:\n - endpointslices\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.netpol\"\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"aci.aw\"\n resources:\n - nodepodifs\n verbs:\n - \"*\"\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:controller\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:controller\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-controller\n namespace: aci-containers-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: aci-containers:host-agent\n labels:\n aci-containers-config-version: \"{{.Token}}\"\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: aci-containers:host-agent\nsubjects:\n- kind: ServiceAccount\n name: aci-containers-host-agent\n namespace: aci-containers-system\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-host\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-host\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-host\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n prometheus.io/scrape: \"true\"\n prometheus.io/port: \"9612\"\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{- end}}\n tolerations:\n - operator: Exists\n initContainers:\n - name: cnideploy\n image: {{.AciCniDeployContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-host\n image: {{.AciHostContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - SYS_ADMIN\n - NET_ADMIN\n - SYS_PTRACE\n - NET_RAW\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: TENANT\n value: \"{{.Tenant}}\"\n{{- if eq .RunGbpContainer \"true\"}}\n{{- if eq .CApic \"true\"}}\n - name: NODE_EPG\n value: \"aci-containers-nodes\"\n{{- else}}\n - name: NODE_EPG\n value: \"aci-containers-{{.SystemIdentifier}}|aci-containers-nodes\"\n{{- end}}\n - name: OPFLEX_MODE\n value: overlay\n{{- else}}\n - name: NODE_EPG\n value: \"aci-containers-{{.SystemIdentifier}}|aci-containers-nodes\"\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: MULTUS\n value: true\n{{- end}}\n{{- if eq .DisableWaitForNetwork \"true\"}}\n - name: DISABLE_WAIT_FOR_NETWORK\n value: true\n{{- else}}\n - name: DURATION_WAIT_FOR_NETWORK\n value: \"{{.DurationWaitForNetwork}}\"\n{{- end}}\n volumeMounts:\n - name: cni-bin\n mountPath: /mnt/cni-bin\n - name: cni-conf\n mountPath: /mnt/cni-conf\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: host-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - mountPath: /run/netns\n name: host-run-netns\n readOnly: true\n mountPropagation: HostToContainer\n{{- end}}\n{{- if ne .MultusDisable \"true\"}}\n - name: multus-cni-conf\n mountPath: /mnt/multus-cni-conf\n{{- end}}\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8090\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n - name: opflex-agent\n env:\n - name: REBOOT_WITH_OVS\n value: \"true\"\n{{- if eq .RunGbpContainer \"true\"}}\n - name: SSL_MODE\n value: disabled\n{{- end}}\n image: {{.AciOpflexContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: opflex-hostconfig-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d\n - name: opflex-config-volume\n mountPath: /usr/local/etc/opflex-agent-ovs/conf.d\n{{- if eq .RunOpflexServerContainer \"true\"}}\n - name: opflex-server\n image: {{.AciOpflexServerContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-opflexserver.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n securityContext:\n capabilities:\n add:\n - NET_ADMIN\n ports:\n - containerPort: {{.OpflexServerPort}}\n - name: metrics\n containerPort: 9632\n terminationMessagePath: /dev/termination-log\n terminationMessagePolicy: File\n volumeMounts:\n - name: opflex-server-config-volume\n mountPath: /usr/local/etc/opflex-server\n - name: hostvar\n mountPath: /usr/local/var\n{{- end}}\n - name: mcast-daemon\n image: {{.AciMcastContainer}}\n command: [\"/bin/sh\"]\n args: [\"/usr/local/bin/launch-mcastdaemon.sh\"]\n imagePullPolicy: {{.ImagePullPolicy}}\n{{- if eq .UsePrivilegedContainer \"true\"}}\n securityContext:\n privileged: true\n{{- end}}\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n restartPolicy: Always\n volumes:\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-conf\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: host-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: host-agent-config\n path: host-agent.conf\n - name: opflex-hostconfig-volume\n emptyDir:\n medium: Memory\n - name: opflex-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: opflex-agent-config\n path: local.conf\n{{- if eq .UseOpflexServerVolume \"true\"}}\n - name: opflex-server-config-volume\n{{- end}}\n{{- if eq .UseHostNetnsVolume \"true\"}}\n - name: host-run-netns\n hostPath:\n path: /run/netns\n{{- end}}\n{{- if ne .MultusDisable \"true\" }}\n - name: multus-cni-conf\n hostPath:\n path: /var/run/multus/\n{{- end}}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: aci-containers-openvswitch\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\nspec:\n updateStrategy:\n type: RollingUpdate\n selector:\n matchLabels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n template:\n metadata:\n labels:\n name: aci-containers-openvswitch\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n hostPID: true\n hostIPC: true\n serviceAccountName: aci-containers-host-agent\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n tolerations:\n - operator: Exists\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-cluster-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n - name: aci-containers-openvswitch\n image: {{.AciOpenvSwitchContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n resources:\n limits:\n memory: \"{{.OVSMemoryLimit}}\"\n securityContext:\n{{- if eq .UsePrivilegedContainer \"true\"}}\n privileged: true\n{{- end}}\n capabilities:\n add:\n - NET_ADMIN\n - SYS_MODULE\n - SYS_NICE\n - IPC_LOCK\n env:\n - name: OVS_RUNDIR\n value: /usr/local/var/run/openvswitch\n volumeMounts:\n - name: hostvar\n mountPath: /usr/local/var\n - name: hostrun\n mountPath: /run\n - name: hostrun\n mountPath: /usr/local/run\n - name: hostetc\n mountPath: /usr/local/etc\n - name: hostmodules\n mountPath: /lib/modules\n livenessProbe:\n exec:\n command:\n - /usr/local/bin/liveness-ovs.sh\n restartPolicy: Always\n volumes:\n - name: hostetc\n hostPath:\n path: /etc\n - name: hostvar\n hostPath:\n path: /var\n - name: hostrun\n hostPath:\n path: /run\n - name: hostmodules\n hostPath:\n path: /lib/modules\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n aci-containers-config-version: \"{{.Token}}\"\n network-plugin: aci-containers\n name: aci-containers-controller\nspec:\n replicas: 1\n strategy:\n type: Recreate\n selector:\n matchLabels:\n name: aci-containers-controller\n network-plugin: aci-containers\n template:\n metadata:\n name: aci-containers-controller\n namespace: aci-containers-system\n labels:\n name: aci-containers-controller\n network-plugin: aci-containers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n hostNetwork: true\n serviceAccountName: aci-containers-controller\n{{- if ne .ImagePullSecret \"\"}}\n imagePullSecrets:\n - name: {{.ImagePullSecret}}\n{{end}}\n{{- if .Tolerations }}\n tolerations:\n{{ toYaml .Tolerations | indent 6}}\n{{- else }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n tolerationSeconds: 60\n - effect: NoSchedule\n key: node.kubernetes.io/not-ready\n operator: Exists\n - effect: NoSchedule\n key: node-role.kubernetes.io/master\n operator: Exists\n{{- end }}\n{{- if ne .NoPriorityClass \"true\"}}\n priorityClassName: system-node-critical\n{{- end}}\n{{- if eq .UseAciCniPriorityClass \"true\"}}\n priorityClassName: acicni-priority\n{{- end}}\n containers:\n{{- if eq .RunGbpContainer \"true\"}}\n - name: aci-gbpserver\n image: {{.AciGbpServerContainer}}\n imagePullPolicy: {{ .ImagePullPolicy }}\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n mountPath: /certs\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n{{- end}}\n env:\n - name: GBP_SERVER_CONF\n value: /usr/local/etc/aci-containers/gbp-server.conf\n{{- end}}\n - name: aci-containers-controller\n image: {{.AciControllerContainer}}\n imagePullPolicy: {{.ImagePullPolicy}}\n env:\n - name: WATCH_NAMESPACE\n value: \"\"\n - name: ACI_SNAT_NAMESPACE\n value: \"aci-containers-system\"\n - name: ACI_SNAGLOBALINFO_NAME\n value: \"snatglobalinfo\"\n - name: ACI_RDCONFIG_NAME\n value: \"routingdomain-config\"\n - name: SYSTEM_NAMESPACE\n value: \"aci-containers-system\"\n volumeMounts:\n - name: controller-config-volume\n mountPath: /usr/local/etc/aci-containers/\n - name: aci-user-cert-volume\n mountPath: /usr/local/etc/aci-cert/\n livenessProbe:\n failureThreshold: 10\n httpGet:\n path: /status\n port: 8091\n scheme: HTTP\n initialDelaySeconds: 120\n periodSeconds: 60\n successThreshold: 1\n timeoutSeconds: 30\n volumes:\n{{- if eq .CApic \"true\"}}\n - name: kafka-certs\n secret:\n secretName: kafka-client-certificates\n{{- end}}\n - name: aci-user-cert-volume\n secret:\n secretName: aci-user-cert\n - name: controller-config-volume\n configMap:\n name: aci-containers-config\n items:\n - key: controller-config\n path: controller.conf\n{{- if eq .RunGbpContainer \"true\"}}\n - key: gbp-server-config\n path: gbp-server.conf\n{{- end}}\n{{- if eq .CApic \"true\"}}\n---\napiVersion: aci.aw/v1\nkind: PodIF\nmetadata:\n name: inet-route\n namespace: kube-system\nstatus:\n epg: aci-containers-inet-out\n ipaddr: 0.0.0.0/0\n{{- end}}\n", "calico-v1.13": "\n{{if eq .RBACConfig \"rbac\"}}\n## start rbac here\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n## end rbac here\n\n---\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # To enable Typha, set this to \"calico-typha\" *and* set a non-zero value for Typha replicas\n # below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is\n # essential.\n typha_service_name: \"none\"\n # Configure the Calico backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n serviceAccountName: calico-node\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Typha support: controlled by the ConfigMap.\n - name: FELIX_TYPHAK8SSERVICENAME\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: typha_service_name\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n\n\n{{if ne .CloudProvider \"none\"}}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: {{.CloudProvider}}-ippool\n namespace: kube-system\ndata:\n {{.CloudProvider}}-ippool: |-\n apiVersion: projectcalico.org/v3\n kind: IPPool\n metadata:\n name: ippool-ipip-1\n spec:\n cidr: {{.ClusterCIDR}}\n ipipMode: Always\n natOutgoing: true\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: calicoctl\n namespace: kube-system\nspec:\n hostNetwork: true\n restartPolicy: OnFailure\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: calicoctl\n image: {{.Calicoctl}}\n command: [\"/bin/sh\", \"-c\", \"calicoctl apply -f {{.CloudProvider}}-ippool.yaml\"]\n env:\n - name: DATASTORE_TYPE\n value: kubernetes\n volumeMounts:\n - name: ippool-config\n mountPath: /root/\n volumes:\n - name: ippool-config\n configMap:\n name: {{.CloudProvider}}-ippool\n items:\n - key: {{.CloudProvider}}-ippool\n path: {{.CloudProvider}}-ippool.yaml\n # Mount in the etcd TLS secrets.\n{{end}}\n", "calico-v1.15": "\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\nspec:\n # The controller can only have a single active instance.\n replicas: 1\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n", "calico-v1.15-privileged": "\n# CalicoTemplateV115Privileged\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n # Pod CIDR auto-detection on kubeadm needs access to config maps.\n - apiGroups: [\"\"]\n resources:\n - configmaps\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n },\n {\n \"type\": \"bandwidth\",\n \"capabilities\": {\"bandwidth\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n # Rancher specific change\n priorityClassName: {{ .CalicoNodePriorityClassName | default \"system-node-critical\" }}\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n securityContext:\n privileged: true\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n securityContext:\n privileged: true\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n exec:\n command:\n - /bin/calico-node\n - -felix-live\n - -bird-live\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -felix-ready\n - -bird-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", @@ -11754,6 +11888,10 @@ "minRKEVersion": "1.3.3-rc0", "minRancherVersion": "2.6.3-patch0" }, + "v1.22.16-rancher1-1": { + "minRKEVersion": "1.3.3-rc0", + "minRancherVersion": "2.6.3-patch0" + }, "v1.22.4-rancher1-1": { "minRKEVersion": "1.3.3-rc0", "minRancherVersion": "2.6.3-patch0" @@ -11848,7 +11986,7 @@ }, "RKEDefaultK8sVersions": { "0.3": "v1.16.3-rancher1-1", - "default": "v1.24.6-rancher1-1" + "default": "v1.24.8-rancher1-1" }, "K8sVersionDockerInfo": { "1.10": [ @@ -12599,7 +12737,7 @@ ], "channels": [ { - "latest": "v1.22.15+k3s1", + "latest": "v1.22.16+k3s1", "name": "default" } ], @@ -15626,8 +15764,11 @@ "type": "string" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.4-alpha1", + "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "cluster-cidr": { "type": "string" @@ -15691,6 +15832,9 @@ "default": false, "type": "boolean" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -15734,7 +15878,7 @@ "type": "array" } }, - "version": "v1.23.4+k3s1" + "version": "v1.22.16+k3s1" }, { "agentArgs": { @@ -15883,7 +16027,7 @@ "type": "array" } }, - "version": "v1.23.6+k3s1" + "version": "v1.23.4+k3s1" }, { "agentArgs": { @@ -15989,9 +16133,6 @@ "default": false, "type": "boolean" }, - "egress-selector-mode": { - "type": "string" - }, "etcd-arg": { "type": "array" }, @@ -16035,7 +16176,7 @@ "type": "array" } }, - "version": "v1.23.7+k3s1" + "version": "v1.23.6+k3s1" }, { "agentArgs": { @@ -16076,9 +16217,6 @@ "type": "string" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { @@ -16190,7 +16328,7 @@ "type": "array" } }, - "version": "v1.23.8+k3s2" + "version": "v1.23.7+k3s1" }, { "agentArgs": { @@ -16345,7 +16483,7 @@ "type": "array" } }, - "version": "v1.23.10+k3s1" + "version": "v1.23.8+k3s2" }, { "agentArgs": { @@ -16500,7 +16638,7 @@ "type": "array" } }, - "version": "v1.23.13+k3s1" + "version": "v1.23.10+k3s1" }, { "agentArgs": { @@ -16545,7 +16683,7 @@ "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.7-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "cluster-cidr": { "type": "string" @@ -16655,7 +16793,7 @@ "type": "array" } }, - "version": "v1.24.2+k3s2" + "version": "v1.23.13+k3s1" }, { "agentArgs": { @@ -16700,7 +16838,7 @@ "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.7-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "cluster-cidr": { "type": "string" @@ -16810,7 +16948,7 @@ "type": "array" } }, - "version": "v1.24.4+k3s1" + "version": "v1.23.14+k3s1" }, { "agentArgs": { @@ -16965,122 +17103,28 @@ "type": "array" } }, - "version": "v1.24.7+k3s1" - } - ] - }, - "rke2": { - "appDefaults": [ - { - "appName": "rancher", - "defaults": [ - { - "appVersion": "\u003e= 2.6.0-0 \u003c 2.6.5-0", - "defaultVersion": "1.22.x" - }, - { - "appVersion": "\u003e= 2.6.5-0 \u003c 2.6.7-0", - "defaultVersion": "1.23.x" - }, - { - "appVersion": "\u003e= 2.6.7-0 \u003c 2.6.100-0", - "defaultVersion": "1.24.x" - } - ] - } - ], - "channels": [ - { - "latest": "v1.22.15+rke2r2", - "name": "default" - } - ], - "releases": [ - { - "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.0-alpha1", - "version": "v1.19.16+rke2r1" - }, - { - "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.0-alpha1", - "version": "v1.20.15+rke2r2" + "version": "v1.24.2+k3s2" }, { "agentArgs": { - "audit-policy-file": { - "type": "string" - }, - "cloud-controller-manager-extra-env": { - "type": "array" - }, - "cloud-controller-manager-extra-mount": { - "type": "array" - }, - "cloud-provider-config": { - "type": "string" - }, - "cloud-provider-name": { - "default": null, - "nullable": true, - "options": [ - "aws", - "azure", - "gcp", - "rancher-vsphere", - "external" - ], - "type": "enum" + "docker": { + "default": false, + "type": "boolean" }, - "control-plane-resource-limits": { + "flannel-conf": { "type": "string" }, - "control-plane-resource-requests": { + "flannel-iface": { "type": "string" }, - "etcd-extra-env": { - "type": "array" - }, - "etcd-extra-mount": { - "type": "array" - }, - "kube-apiserver-extra-env": { - "type": "array" - }, - "kube-apiserver-extra-mount": { - "type": "array" - }, - "kube-controller-manager-extra-env": { - "type": "array" - }, - "kube-controller-manager-extra-mount": { - "type": "array" - }, "kube-proxy-arg": { "type": "array" }, - "kube-proxy-extra-env": { - "type": "array" - }, - "kube-proxy-extra-mount": { - "type": "array" - }, - "kube-scheduler-extra-env": { - "type": "array" - }, - "kube-scheduler-extra-mount": { - "type": "array" - }, "kubelet-arg": { "type": "array" }, - "profile": { - "nullable": true, - "options": [ - "cis-1.5", - "cis-1.6" - ], - "type": "enum" + "pause-image": { + "type": "string" }, "protect-kernel-defaults": { "default": false, @@ -17090,23 +17134,582 @@ "type": "string" }, "selinux": { - "type": "bool" + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" }, "system-default-registry": { "type": "string" } }, - "charts": { - "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.0.0" + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.7-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" }, - "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.0.0" + "cluster-dns": { + "type": "string" }, - "rke2-calico": { - "repo": "rancher-rke2-charts", + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard" + ], + "type": "enum" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.24.4+k3s1" + }, + { + "agentArgs": { + "docker": { + "default": false, + "type": "boolean" + }, + "flannel-conf": { + "type": "string" + }, + "flannel-iface": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "pause-image": { + "type": "string" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" + }, + "system-default-registry": { + "type": "string" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.7-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard" + ], + "type": "enum" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.24.7+k3s1" + }, + { + "agentArgs": { + "docker": { + "default": false, + "type": "boolean" + }, + "flannel-conf": { + "type": "string" + }, + "flannel-iface": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "pause-image": { + "type": "string" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "default": false, + "type": "boolean" + }, + "snapshotter": { + "type": "string" + }, + "system-default-registry": { + "type": "string" + } + }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.7-alpha1", + "serverArgs": { + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "datastore-cafile": { + "type": "string" + }, + "datastore-certfile": { + "type": "string" + }, + "datastore-endpoint": { + "type": "string" + }, + "datastore-keyfile": { + "type": "string" + }, + "default-local-storage-path": { + "type": "string" + }, + "disable": { + "options": [ + "coredns", + "servicelb", + "traefik", + "local-storage", + "metrics-server" + ], + "type": "array" + }, + "disable-apiserver": { + "default": false, + "type": "boolean" + }, + "disable-cloud-controller": { + "default": false, + "type": "boolean" + }, + "disable-controller-manager": { + "default": false, + "type": "boolean" + }, + "disable-etcd": { + "default": false, + "type": "boolean" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-network-policy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "default": false, + "type": "boolean" + }, + "egress-selector-mode": { + "type": "string" + }, + "etcd-arg": { + "type": "array" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "flannel-backend": { + "options": [ + "none", + "vxlan", + "ipsec", + "host-gw", + "wireguard" + ], + "type": "enum" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-cloud-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "secrets-encryption": { + "default": false, + "type": "boolean" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.24.8+k3s1" + } + ] + }, + "rke2": { + "appDefaults": [ + { + "appName": "rancher", + "defaults": [ + { + "appVersion": "\u003e= 2.6.0-0 \u003c 2.6.5-0", + "defaultVersion": "1.22.x" + }, + { + "appVersion": "\u003e= 2.6.5-0 \u003c 2.6.7-0", + "defaultVersion": "1.23.x" + }, + { + "appVersion": "\u003e= 2.6.7-0 \u003c 2.6.100-0", + "defaultVersion": "1.24.x" + } + ] + } + ], + "channels": [ + { + "latest": "v1.22.16+rke2r1", + "name": "default" + } + ], + "releases": [ + { + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.0-alpha1", + "version": "v1.19.16+rke2r1" + }, + { + "maxChannelServerVersion": "v2.6.99", + "minChannelServerVersion": "v2.6.0-alpha1", + "version": "v1.20.15+rke2r2" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", "version": "v3.19.2-203" }, "rke2-calico-crd": { @@ -17115,19 +17718,742 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.13.300-build2021022306" + "version": "v3.13.300-build2021022306" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.9.809" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.16.201-build2021072308" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "3.34.003" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021022302" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021041604" + } + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.0-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.4+rke2r2" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.200" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.300" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-204" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.13.300-build2021022306" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.10.402" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.16.201-build2021072308" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "3.34.003" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021022302" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021041604" + } + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.1-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.5+rke2r1" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.200" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.300" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-205" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.13.300-build2021022306" + }, + "rke2-cilium": { + "repo": "rancher-rke2-charts", + "version": "1.10.404" + }, + "rke2-coredns": { + "repo": "rancher-rke2-charts", + "version": "1.16.201-build2021072308" + }, + "rke2-ingress-nginx": { + "repo": "rancher-rke2-charts", + "version": "3.34.003" + }, + "rke2-metrics-server": { + "repo": "rancher-rke2-charts", + "version": "2.11.100-build2021022302" + }, + "rke2-multus": { + "repo": "rancher-rke2-charts", + "version": "v3.7.1-build2021041604" + } + }, + "maxChannelServerVersion": "v2.6.4", + "minChannelServerVersion": "v2.6.1-alpha1", + "serverArgs": { + "audit-policy-file": { + "type": "string" + }, + "cluster-cidr": { + "type": "string" + }, + "cluster-dns": { + "type": "string" + }, + "cluster-domain": { + "type": "string" + }, + "cni": { + "default": "calico", + "options": [ + "canal", + "cilium", + "calico", + "multus,canal", + "multus,cilium", + "multus,calico" + ], + "type": "array" + }, + "container-runtime-endpoint": { + "type": "string" + }, + "disable": { + "options": [ + "rke2-coredns", + "rke2-ingress-nginx", + "rke2-metrics-server" + ], + "type": "array" + }, + "disable-cloud-controller": { + "type": "bool" + }, + "disable-kube-proxy": { + "default": false, + "type": "boolean" + }, + "disable-scheduler": { + "type": "bool" + }, + "etcd-expose-metrics": { + "default": false, + "type": "boolean" + }, + "etcd-image": { + "type": "string" + }, + "kube-apiserver-arg": { + "type": "array" + }, + "kube-apiserver-image": { + "type": "string" + }, + "kube-controller-manager-arg": { + "type": "array" + }, + "kube-controller-manager-image": { + "type": "string" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-scheduler-arg": { + "type": "array" + }, + "kube-scheduler-image": { + "type": "string" + }, + "kubelet-path": { + "type": "string" + }, + "pause-image": { + "type": "string" + }, + "runtime-image": { + "type": "string" + }, + "service-cidr": { + "type": "string" + }, + "service-node-port-range": { + "type": "string" + }, + "snapshotter": { + "type": "string" + }, + "tls-san": { + "type": "array" + } + }, + "version": "v1.21.5+rke2r2" + }, + { + "agentArgs": { + "audit-policy-file": { + "type": "string" + }, + "cloud-controller-manager-extra-env": { + "type": "array" + }, + "cloud-controller-manager-extra-mount": { + "type": "array" + }, + "cloud-provider-config": { + "type": "string" + }, + "cloud-provider-name": { + "default": null, + "nullable": true, + "options": [ + "aws", + "azure", + "gcp", + "rancher-vsphere", + "harvester", + "external" + ], + "type": "enum" + }, + "control-plane-resource-limits": { + "type": "string" + }, + "control-plane-resource-requests": { + "type": "string" + }, + "etcd-extra-env": { + "type": "array" + }, + "etcd-extra-mount": { + "type": "array" + }, + "kube-apiserver-extra-env": { + "type": "array" + }, + "kube-apiserver-extra-mount": { + "type": "array" + }, + "kube-controller-manager-extra-env": { + "type": "array" + }, + "kube-controller-manager-extra-mount": { + "type": "array" + }, + "kube-proxy-arg": { + "type": "array" + }, + "kube-proxy-extra-env": { + "type": "array" + }, + "kube-proxy-extra-mount": { + "type": "array" + }, + "kube-scheduler-extra-env": { + "type": "array" + }, + "kube-scheduler-extra-mount": { + "type": "array" + }, + "kubelet-arg": { + "type": "array" + }, + "profile": { + "nullable": true, + "options": [ + "cis-1.5", + "cis-1.6" + ], + "type": "enum" + }, + "protect-kernel-defaults": { + "default": false, + "type": "boolean" + }, + "resolv-conf": { + "type": "string" + }, + "selinux": { + "type": "bool" + }, + "system-default-registry": { + "type": "string" + } + }, + "charts": { + "harvester-cloud-provider": { + "repo": "rancher-rke2-charts", + "version": "0.1.200" + }, + "harvester-csi-driver": { + "repo": "rancher-rke2-charts", + "version": "0.1.300" + }, + "rancher-vsphere-cpi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rancher-vsphere-csi": { + "repo": "rancher-charts", + "version": "100.0.0" + }, + "rke2-calico": { + "repo": "rancher-rke2-charts", + "version": "v3.19.2-205" + }, + "rke2-calico-crd": { + "repo": "rancher-rke2-charts", + "version": "v1.0.101" + }, + "rke2-canal": { + "repo": "rancher-rke2-charts", + "version": "v3.20.1-build2021100603" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.9.809" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.201-build2021072308" + "version": "1.16.301-build2021100602" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "3.34.003" + "version": "4.0.305" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -17139,7 +18465,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.0-alpha1", + "minChannelServerVersion": "v2.6.1-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -17236,7 +18562,7 @@ "type": "array" } }, - "version": "v1.21.4+rke2r2" + "version": "v1.21.6+rke2r1" }, { "agentArgs": { @@ -17332,23 +18658,23 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.200" + "version": "0.1.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.400" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-204" + "version": "v3.19.2-205" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", @@ -17356,27 +18682,27 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.13.300-build2021022306" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.402" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.201-build2021072308" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "3.34.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021022302" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021041604" + "version": "v3.7.1-build2021111906" } }, "maxChannelServerVersion": "v2.6.4", @@ -17427,6 +18753,9 @@ "disable-scheduler": { "type": "bool" }, + "etcd-arg": { + "type": "array" + }, "etcd-expose-metrics": { "default": false, "type": "boolean" @@ -17477,7 +18806,7 @@ "type": "array" } }, - "version": "v1.21.5+rke2r1" + "version": "v1.21.7+rke2r2" }, { "agentArgs": { @@ -17573,19 +18902,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.200" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.900" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -17597,7 +18926,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.13.300-build2021022306" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -17605,19 +18934,19 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.201-build2021072308" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "3.34.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021022302" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021041604" + "version": "v3.7.1-build2021111906" } }, "maxChannelServerVersion": "v2.6.4", @@ -17668,6 +18997,9 @@ "disable-scheduler": { "type": "bool" }, + "etcd-arg": { + "type": "array" + }, "etcd-expose-metrics": { "default": false, "type": "boolean" @@ -17718,7 +19050,7 @@ "type": "array" } }, - "version": "v1.21.5+rke2r2" + "version": "v1.21.8+rke2r2" }, { "agentArgs": { @@ -17814,19 +19146,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.200" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.900" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { "repo": "rancher-charts", - "version": "100.0.0" + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -17838,7 +19170,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021100603" + "version": "v3.20.3-build2022011406" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -17846,19 +19178,19 @@ }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.301-build2021100602" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.305" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021022302" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021041604" + "version": "v3.7.1-build2021111906" } }, "maxChannelServerVersion": "v2.6.4", @@ -17909,6 +19241,9 @@ "disable-scheduler": { "type": "bool" }, + "etcd-arg": { + "type": "array" + }, "etcd-expose-metrics": { "default": false, "type": "boolean" @@ -17959,7 +19294,7 @@ "type": "array" } }, - "version": "v1.21.6+rke2r1" + "version": "v1.21.9+rke2r1" }, { "agentArgs": { @@ -18055,11 +19390,11 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.400" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { "repo": "rancher-charts", @@ -18079,7 +19414,7 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -18103,7 +19438,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.1-alpha1", + "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -18203,7 +19538,7 @@ "type": "array" } }, - "version": "v1.21.7+rke2r2" + "version": "v1.21.10+rke2r2" }, { "agentArgs": { @@ -18299,19 +19634,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -18323,19 +19658,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -18347,7 +19682,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.1-alpha1", + "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -18447,7 +19782,7 @@ "type": "array" } }, - "version": "v1.21.8+rke2r2" + "version": "v1.21.12+rke2r1" }, { "agentArgs": { @@ -18543,19 +19878,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -18567,19 +19902,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.3-build2022011406" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -18591,7 +19926,7 @@ } }, "maxChannelServerVersion": "v2.6.4", - "minChannelServerVersion": "v2.6.1-alpha1", + "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -18691,7 +20026,7 @@ "type": "array" } }, - "version": "v1.21.9+rke2r1" + "version": "v1.21.12+rke2r2" }, { "agentArgs": { @@ -18787,19 +20122,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.201" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -18811,19 +20146,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -18935,7 +20270,7 @@ "type": "array" } }, - "version": "v1.21.10+rke2r2" + "version": "v1.21.13+rke2r2" }, { "agentArgs": { @@ -19039,7 +20374,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -19059,15 +20394,15 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -19078,6 +20413,9 @@ "version": "v3.7.1-build2021111906" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.4", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -19179,7 +20517,7 @@ "type": "array" } }, - "version": "v1.21.12+rke2r1" + "version": "v1.21.14+rke2r1" }, { "agentArgs": { @@ -19275,43 +20613,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.400" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.101" + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { - "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" + "version": "v3.20.201" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.101" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -19322,7 +20660,7 @@ "version": "v3.7.1-build2021111906" } }, - "maxChannelServerVersion": "v2.6.4", + "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { @@ -19423,7 +20761,7 @@ "type": "array" } }, - "version": "v1.21.12+rke2r2" + "version": "v1.22.4+rke2r2" }, { "agentArgs": { @@ -19519,43 +20857,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.900" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { - "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" + "version": "v3.20.201" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.101" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.20.1-build2021111904" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -19566,7 +20904,7 @@ "version": "v3.7.1-build2021111906" } }, - "maxChannelServerVersion": "v2.6.4", + "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { @@ -19667,7 +21005,7 @@ "type": "array" } }, - "version": "v1.21.13+rke2r2" + "version": "v1.22.5+rke2r2" }, { "agentArgs": { @@ -19763,43 +21101,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.800" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.900" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "100.1.0+up1.0.100" }, "rancher-vsphere-csi": { - "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "repo": "rancher-charts", + "version": "100.1.0+up2.3.0" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.19.2-205" + "version": "v3.20.201" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.101" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.20.3-build2022011406" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.10.404" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -19810,10 +21148,7 @@ "version": "v3.7.1-build2021111906" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, - "maxChannelServerVersion": "v2.6.4", + "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { "audit-policy-file": { @@ -19914,7 +21249,7 @@ "type": "array" } }, - "version": "v1.21.14+rke2r1" + "version": "v1.22.6+rke2r1" }, { "agentArgs": { @@ -20010,31 +21345,31 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.300" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.400" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.1.000" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.4.1-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.20.201" + "version": "v3.21.402" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.21.402" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", @@ -20158,7 +21493,7 @@ "type": "array" } }, - "version": "v1.22.4+rke2r2" + "version": "v1.22.7+rke2r2" }, { "agentArgs": { @@ -20254,43 +21589,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.20.201" + "version": "v3.21.402" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.21.402" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.1-build2021111904" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -20402,7 +21737,7 @@ "type": "array" } }, - "version": "v1.22.5+rke2r2" + "version": "v1.22.9+rke2r1" }, { "agentArgs": { @@ -20498,43 +21833,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.800" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.900" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "100.1.0+up1.0.100" + "repo": "rancher-rke2-charts", + "version": "1.2.101" }, "rancher-vsphere-csi": { - "repo": "rancher-charts", - "version": "100.1.0+up2.3.0" + "repo": "rancher-rke2-charts", + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.20.201" + "version": "v3.21.402" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.21.402" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.20.3-build2022011406" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -20646,7 +21981,7 @@ "type": "array" } }, - "version": "v1.22.6+rke2r1" + "version": "v1.22.9+rke2r2" }, { "agentArgs": { @@ -20742,43 +22077,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.1.000" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.4.1-rancher100" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.10.404" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -20786,7 +22121,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110402" } }, "maxChannelServerVersion": "v2.6.99", @@ -20837,6 +22172,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -20890,7 +22228,7 @@ "type": "array" } }, - "version": "v1.22.7+rke2r2" + "version": "v1.22.10+rke2r2" }, { "agentArgs": { @@ -20994,7 +22332,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -21002,27 +22340,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -21030,9 +22368,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -21081,6 +22422,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -21134,7 +22478,7 @@ "type": "array" } }, - "version": "v1.22.9+rke2r1" + "version": "v1.22.11+rke2r1" }, { "agentArgs": { @@ -21230,7 +22574,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -21238,7 +22582,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -21246,27 +22590,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.402" + "version": "v3.21.504" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -21274,9 +22618,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -21325,6 +22672,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -21378,7 +22728,7 @@ "type": "array" } }, - "version": "v1.22.9+rke2r2" + "version": "v1.22.13+rke2r1" }, { "agentArgs": { @@ -21474,7 +22824,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -21498,19 +22848,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101102" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -21518,9 +22868,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110402" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.3-alpha1", "serverArgs": { @@ -21625,7 +22978,7 @@ "type": "array" } }, - "version": "v1.22.10+rke2r2" + "version": "v1.22.15+rke2r2" }, { "agentArgs": { @@ -21721,7 +23074,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -21745,11 +23098,11 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101102" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -21757,7 +23110,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -21875,7 +23228,7 @@ "type": "array" } }, - "version": "v1.22.11+rke2r1" + "version": "v1.22.16+rke2r1" }, { "agentArgs": { @@ -21971,43 +23324,43 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1000" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1000" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.1.000" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.4.1-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v3.22.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.21.4-build2022022801" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.11.101" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.16.401-build2021111901" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.0.306" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -22015,14 +23368,11 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.7.1-build2021111906" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.3-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -22069,9 +23419,6 @@ "disable-scheduler": { "type": "bool" }, - "egress-selector-mode": { - "type": "string" - }, "etcd-arg": { "type": "array" }, @@ -22125,7 +23472,7 @@ "type": "array" } }, - "version": "v1.22.13+rke2r1" + "version": "v1.23.4+rke2r2" }, { "agentArgs": { @@ -22221,7 +23568,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -22229,7 +23576,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.201" + "version": "1.2.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -22237,27 +23584,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v3.22.101" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.21.504" + "version": "v1.0.202" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101102" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.001" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -22265,14 +23612,11 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.7.1-build2021111906" } }, - "featureVersions": { - "encryption-key-rotation": "2.0.0" - }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.3-alpha1", + "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -22319,9 +23663,6 @@ "disable-scheduler": { "type": "bool" }, - "egress-selector-mode": { - "type": "string" - }, "etcd-arg": { "type": "array" }, @@ -22375,7 +23716,7 @@ "type": "array" } }, - "version": "v1.22.15+rke2r2" + "version": "v1.23.6+rke2r1" }, { "agentArgs": { @@ -22471,19 +23812,19 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", - "version": "0.1.1000" + "version": "0.1.1100" }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.1.000" + "version": "1.2.101" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.4.1-rancher100" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", @@ -22495,19 +23836,19 @@ }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022022801" + "version": "v3.21.4-build2022031701" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.101" + "version": "1.11.203" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.16.401-build2021111901" + "version": "1.17.000" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.0.306" + "version": "4.1.002" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -22619,7 +23960,7 @@ "type": "array" } }, - "version": "v1.23.4+rke2r2" + "version": "v1.23.6+rke2r2" }, { "agentArgs": { @@ -22723,7 +24064,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -22731,19 +24072,19 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.22.101" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.501" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -22751,7 +24092,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.001" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -22759,7 +24100,7 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110402" } }, "maxChannelServerVersion": "v2.6.99", @@ -22810,6 +24151,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -22863,7 +24207,7 @@ "type": "array" } }, - "version": "v1.23.6+rke2r1" + "version": "v1.23.7+rke2r2" }, { "agentArgs": { @@ -22967,7 +24311,7 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-rke2-charts", - "version": "1.2.101" + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", @@ -22975,27 +24319,27 @@ }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.22.101" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v1.0.202" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.21.4-build2022031701" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.203" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.002" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -23003,9 +24347,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.7.1-build2021111906" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { @@ -23054,6 +24401,9 @@ "disable-scheduler": { "type": "bool" }, + "egress-selector-mode": { + "type": "string" + }, "etcd-arg": { "type": "array" }, @@ -23107,7 +24457,7 @@ "type": "array" } }, - "version": "v1.23.6+rke2r2" + "version": "v1.23.8+rke2r1" }, { "agentArgs": { @@ -23203,7 +24553,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -23231,15 +24581,15 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.501" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.17.000" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -23247,9 +24597,12 @@ }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110402" + "version": "v3.8-build2021110403" } }, + "featureVersions": { + "encryption-key-rotation": "2.0.0" + }, "maxChannelServerVersion": "v2.6.99", "minChannelServerVersion": "v2.6.4-alpha1", "serverArgs": { @@ -23354,7 +24707,7 @@ "type": "array" } }, - "version": "v1.23.7+rke2r2" + "version": "v1.23.10+rke2r1" }, { "agentArgs": { @@ -23450,51 +24803,51 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { @@ -23604,7 +24957,7 @@ "type": "array" } }, - "version": "v1.23.8+rke2r1" + "version": "v1.23.13+rke2r1" }, { "agentArgs": { @@ -23707,44 +25060,44 @@ "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.12.302" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { @@ -23854,7 +25207,7 @@ "type": "array" } }, - "version": "v1.23.10+rke2r1" + "version": "v1.23.14+rke2r1" }, { "agentArgs": { @@ -23950,58 +25303,58 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1300" + "version": "0.1.1100" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-charts", - "version": "1.4.001" + "repo": "rancher-rke2-charts", + "version": "1.2.201" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.1-rancher101" + "version": "2.5.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.23.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.23.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.24.1-build2022101103" + "version": "v3.22.2-build2022050902" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.11.502" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.401" + "version": "1.19.400" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.005" + "version": "4.1.003" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2022101106" + "version": "2.11.100-build2021111904" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2022101103" + "version": "v3.8-build2021110403" } }, "featureVersions": { "encryption-key-rotation": "2.0.0" }, "maxChannelServerVersion": "v2.6.99", - "minChannelServerVersion": "v2.6.4-alpha1", + "minChannelServerVersion": "v2.6.7-alpha1", "serverArgs": { "audit-policy-file": { "type": "string" @@ -24104,7 +25457,7 @@ "type": "array" } }, - "version": "v1.23.13+rke2r1" + "version": "v1.24.2+rke2r1" }, { "agentArgs": { @@ -24200,7 +25553,7 @@ "charts": { "harvester-cloud-provider": { "repo": "rancher-rke2-charts", - "version": "0.1.1100" + "version": "0.1.1300" }, "harvester-csi-driver": { "repo": "rancher-rke2-charts", @@ -24228,7 +25581,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.11.502" + "version": "1.12.001" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -24236,7 +25589,7 @@ }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.003" + "version": "4.1.004" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", @@ -24354,7 +25707,7 @@ "type": "array" } }, - "version": "v1.24.2+rke2r1" + "version": "v1.24.4+rke2r1" }, { "agentArgs": { @@ -24457,44 +25810,44 @@ "version": "0.1.1100" }, "rancher-vsphere-cpi": { - "repo": "rancher-rke2-charts", - "version": "1.2.201" + "repo": "rancher-charts", + "version": "1.4.001" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.5.1-rancher101" + "version": "2.6.1-rancher101" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.23.103" + "version": "v3.24.102" }, "rke2-canal": { "repo": "rancher-rke2-charts", - "version": "v3.22.2-build2022050902" + "version": "v3.24.1-build2022101103" }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.001" + "version": "1.12.102" }, "rke2-coredns": { "repo": "rancher-rke2-charts", - "version": "1.19.400" + "version": "1.19.401" }, "rke2-ingress-nginx": { "repo": "rancher-rke2-charts", - "version": "4.1.004" + "version": "4.1.005" }, "rke2-metrics-server": { "repo": "rancher-rke2-charts", - "version": "2.11.100-build2021111904" + "version": "2.11.100-build2022101106" }, "rke2-multus": { "repo": "rancher-rke2-charts", - "version": "v3.8-build2021110403" + "version": "v3.8-build2022101103" } }, "featureVersions": { @@ -24604,7 +25957,7 @@ "type": "array" } }, - "version": "v1.24.4+rke2r1" + "version": "v1.24.7+rke2r1" }, { "agentArgs": { @@ -24708,19 +26061,19 @@ }, "rancher-vsphere-cpi": { "repo": "rancher-charts", - "version": "1.4.001" + "version": "1.4.100" }, "rancher-vsphere-csi": { "repo": "rancher-rke2-charts", - "version": "2.6.1-rancher101" + "version": "2.6.2-rancher100" }, "rke2-calico": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.103" }, "rke2-calico-crd": { "repo": "rancher-rke2-charts", - "version": "v3.24.102" + "version": "v3.24.103" }, "rke2-canal": { "repo": "rancher-rke2-charts", @@ -24728,7 +26081,7 @@ }, "rke2-cilium": { "repo": "rancher-rke2-charts", - "version": "1.12.102" + "version": "1.12.302" }, "rke2-coredns": { "repo": "rancher-rke2-charts", @@ -24854,7 +26207,7 @@ "type": "array" } }, - "version": "v1.24.7+rke2r1" + "version": "v1.24.8+rke2r1" } ] } diff --git a/rke/k8s_rke_system_images.go b/rke/k8s_rke_system_images.go index 7eb2c914e..89253c754 100644 --- a/rke/k8s_rke_system_images.go +++ b/rke/k8s_rke_system_images.go @@ -7802,6 +7802,50 @@ func loadK8sRKESystemImages() map[string]v3.RKESystemImages { WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", }, + // Enabled out of band post v2.6.9 + "v1.22.16-rancher1-1": { + Etcd: "rancher/mirrored-coreos-etcd:v3.5.3", + Kubernetes: "rancher/hyperkube:v1.22.16-rancher1", + Alpine: "rancher/rke-tools:v0.1.88", + NginxProxy: "rancher/rke-tools:v0.1.88", + CertDownloader: "rancher/rke-tools:v0.1.88", + KubernetesServicesSidecar: "rancher/rke-tools:v0.1.88", + KubeDNS: "rancher/mirrored-k8s-dns-kube-dns:1.17.4", + DNSmasq: "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.17.4", + KubeDNSSidecar: "rancher/mirrored-k8s-dns-sidecar:1.17.4", + KubeDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.3", + Flannel: "rancher/mirrored-coreos-flannel:v0.15.1", + FlannelCNI: "rancher/flannel-cni:v0.3.0-rancher6", + CalicoNode: "rancher/mirrored-calico-node:v3.21.1", + CalicoCNI: "rancher/calico-cni:v3.21.3-rancher1", + CalicoControllers: "rancher/mirrored-calico-kube-controllers:v3.21.1", + CalicoCtl: "rancher/mirrored-calico-ctl:v3.21.1", + CalicoFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.21.1", + CanalNode: "rancher/mirrored-calico-node:v3.21.1", + CanalCNI: "rancher/calico-cni:v3.21.3-rancher1", + CanalControllers: "rancher/mirrored-calico-kube-controllers:v3.21.1", + CanalFlannel: "rancher/mirrored-flannelcni-flannel:v0.17.0", + CanalFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.21.1", + WeaveNode: "weaveworks/weave-kube:2.8.1", + WeaveCNI: "weaveworks/weave-npc:2.8.1", + AciCniDeployContainer: "noiro/cnideploy:5.2.3.4.1d150da", + AciHostContainer: "noiro/aci-containers-host:5.2.3.4.1d150da", + AciOpflexContainer: "noiro/opflex:5.2.3.4.1d150da", + AciMcastContainer: "noiro/opflex:5.2.3.4.1d150da", + AciOpenvSwitchContainer: "noiro/openvswitch:5.2.3.4.1d150da", + AciControllerContainer: "noiro/aci-containers-controller:5.2.3.4.1d150da", + AciGbpServerContainer: "noiro/gbp-server:5.2.3.4.1d150da", + AciOpflexServerContainer: "noiro/opflex-server:5.2.3.4.1d150da", + PodInfraContainer: "rancher/mirrored-pause:3.6", + Ingress: "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + IngressBackend: "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + IngressWebhook: "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + MetricsServer: "rancher/mirrored-metrics-server:v0.5.2", + CoreDNS: "rancher/mirrored-coredns-coredns:1.8.6", + CoreDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", + Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", + }, // Enabled in v2.6.4 "v1.23.4-rancher1-1": { Etcd: "rancher/mirrored-coreos-etcd:v3.5.2", @@ -8110,6 +8154,50 @@ func loadK8sRKESystemImages() map[string]v3.RKESystemImages { WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", }, + // Enabled out of band post v2.6.9 + "v1.23.14-rancher1-1": { + Etcd: "rancher/mirrored-coreos-etcd:v3.5.3", + Kubernetes: "rancher/hyperkube:v1.23.14-rancher1", + Alpine: "rancher/rke-tools:v0.1.88", + NginxProxy: "rancher/rke-tools:v0.1.88", + CertDownloader: "rancher/rke-tools:v0.1.88", + KubernetesServicesSidecar: "rancher/rke-tools:v0.1.88", + KubeDNS: "rancher/mirrored-k8s-dns-kube-dns:1.21.1", + DNSmasq: "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1", + KubeDNSSidecar: "rancher/mirrored-k8s-dns-sidecar:1.21.1", + KubeDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + Flannel: "rancher/mirrored-coreos-flannel:v0.15.1", + FlannelCNI: "rancher/flannel-cni:v0.3.0-rancher6", + CalicoNode: "rancher/mirrored-calico-node:v3.22.0", + CalicoCNI: "rancher/calico-cni:v3.22.0-rancher1", + CalicoControllers: "rancher/mirrored-calico-kube-controllers:v3.22.0", + CalicoCtl: "rancher/mirrored-calico-ctl:v3.22.0", + CalicoFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + CanalNode: "rancher/mirrored-calico-node:v3.22.0", + CanalCNI: "rancher/calico-cni:v3.22.0-rancher1", + CanalControllers: "rancher/mirrored-calico-kube-controllers:v3.22.0", + CanalFlannel: "rancher/mirrored-flannelcni-flannel:v0.17.0", + CanalFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + WeaveNode: "weaveworks/weave-kube:2.8.1", + WeaveCNI: "weaveworks/weave-npc:2.8.1", + AciCniDeployContainer: "noiro/cnideploy:5.2.3.4.1d150da", + AciHostContainer: "noiro/aci-containers-host:5.2.3.4.1d150da", + AciOpflexContainer: "noiro/opflex:5.2.3.4.1d150da", + AciMcastContainer: "noiro/opflex:5.2.3.4.1d150da", + AciOpenvSwitchContainer: "noiro/openvswitch:5.2.3.4.1d150da", + AciControllerContainer: "noiro/aci-containers-controller:5.2.3.4.1d150da", + AciGbpServerContainer: "noiro/gbp-server:5.2.3.4.1d150da", + AciOpflexServerContainer: "noiro/opflex-server:5.2.3.4.1d150da", + PodInfraContainer: "rancher/mirrored-pause:3.6", + Ingress: "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + IngressBackend: "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + IngressWebhook: "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + MetricsServer: "rancher/mirrored-metrics-server:v0.6.1", + CoreDNS: "rancher/mirrored-coredns-coredns:1.9.0", + CoreDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", + Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", + }, // Enabled with 2.6.7 "v1.24.2-rancher1-1": { Etcd: "rancher/mirrored-coreos-etcd:v3.5.4", @@ -8242,6 +8330,50 @@ func loadK8sRKESystemImages() map[string]v3.RKESystemImages { WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", }, + // Enabled out of band post v2.6.9 + "v1.24.8-rancher1-1": { + Etcd: "rancher/mirrored-coreos-etcd:v3.5.4", + Kubernetes: "rancher/hyperkube:v1.24.8-rancher1", + Alpine: "rancher/rke-tools:v0.1.88", + NginxProxy: "rancher/rke-tools:v0.1.88", + CertDownloader: "rancher/rke-tools:v0.1.88", + KubernetesServicesSidecar: "rancher/rke-tools:v0.1.88", + KubeDNS: "rancher/mirrored-k8s-dns-kube-dns:1.21.1", + DNSmasq: "rancher/mirrored-k8s-dns-dnsmasq-nanny:1.21.1", + KubeDNSSidecar: "rancher/mirrored-k8s-dns-sidecar:1.21.1", + KubeDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + Flannel: "rancher/mirrored-coreos-flannel:v0.15.1", + FlannelCNI: "rancher/flannel-cni:v0.3.0-rancher6", + CalicoNode: "rancher/mirrored-calico-node:v3.22.0", + CalicoCNI: "rancher/calico-cni:v3.22.0-rancher1", + CalicoControllers: "rancher/mirrored-calico-kube-controllers:v3.22.0", + CalicoCtl: "rancher/mirrored-calico-ctl:v3.22.0", + CalicoFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + CanalNode: "rancher/mirrored-calico-node:v3.22.0", + CanalCNI: "rancher/calico-cni:v3.22.0-rancher1", + CanalControllers: "rancher/mirrored-calico-kube-controllers:v3.22.0", + CanalFlannel: "rancher/mirrored-flannelcni-flannel:v0.17.0", + CanalFlexVol: "rancher/mirrored-calico-pod2daemon-flexvol:v3.22.0", + WeaveNode: "weaveworks/weave-kube:2.8.1", + WeaveCNI: "weaveworks/weave-npc:2.8.1", + AciCniDeployContainer: "noiro/cnideploy:5.2.3.4.1d150da", + AciHostContainer: "noiro/aci-containers-host:5.2.3.4.1d150da", + AciOpflexContainer: "noiro/opflex:5.2.3.4.1d150da", + AciMcastContainer: "noiro/opflex:5.2.3.4.1d150da", + AciOpenvSwitchContainer: "noiro/openvswitch:5.2.3.4.1d150da", + AciControllerContainer: "noiro/aci-containers-controller:5.2.3.4.1d150da", + AciGbpServerContainer: "noiro/gbp-server:5.2.3.4.1d150da", + AciOpflexServerContainer: "noiro/opflex-server:5.2.3.4.1d150da", + PodInfraContainer: "rancher/mirrored-pause:3.6", + Ingress: "rancher/nginx-ingress-controller:nginx-1.2.1-rancher1", + IngressBackend: "rancher/mirrored-nginx-ingress-controller-defaultbackend:1.5-rancher1", + IngressWebhook: "rancher/mirrored-ingress-nginx-kube-webhook-certgen:v1.1.1", + MetricsServer: "rancher/mirrored-metrics-server:v0.6.1", + CoreDNS: "rancher/mirrored-coredns-coredns:1.9.3", + CoreDNSAutoscaler: "rancher/mirrored-cluster-proportional-autoscaler:1.8.5", + WindowsPodInfraContainer: "rancher/mirrored-pause:3.6", + Nodelocal: "rancher/mirrored-k8s-dns-node-cache:1.21.1", + }, // k8s version from 2.1.x release with old rke-tools to allow upgrade from 2.1.x clusters // without all clusters being restarted "v1.11.9-rancher1-3": { diff --git a/rke/k8s_version_info.go b/rke/k8s_version_info.go index 4e57e8378..9edc99122 100644 --- a/rke/k8s_version_info.go +++ b/rke/k8s_version_info.go @@ -49,7 +49,7 @@ func loadRKEDefaultK8sVersions() map[string]string { return map[string]string{ "0.3": "v1.16.3-rancher1-1", // rke will use default if its version is absent - "default": "v1.24.6-rancher1-1", + "default": "v1.24.8-rancher1-1", } } @@ -677,6 +677,10 @@ func loadK8sVersionInfo() map[string]v3.K8sVersionInfo { MinRancherVersion: "2.6.3-patch0", MinRKEVersion: "1.3.3-rc0", }, + "v1.22.16-rancher1-1": { + MinRancherVersion: "2.6.3-patch0", + MinRKEVersion: "1.3.3-rc0", + }, "v1.8.10-rancher1-1": { DeprecateRKEVersion: "0.2.2", DeprecateRancherVersion: "2.2", diff --git a/rke/templates/aci-v5.2.3.4.go b/rke/templates/aci-v5.2.3.4.go new file mode 100644 index 000000000..e21829f4a --- /dev/null +++ b/rke/templates/aci-v5.2.3.4.go @@ -0,0 +1,2590 @@ +package templates + +const AciTemplateV5234 = ` +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: acicontainersoperators.aci.ctrl +spec: + group: aci.ctrl + names: + kind: AciContainersOperator + listKind: AciContainersOperatorList + plural: acicontainersoperators + singular: acicontainersoperator + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: acicontainersoperator owns the lifecycle of ACI objects in the cluster + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: AciContainersOperatorSpec defines the desired spec for ACI Objects + properties: + flavor: + type: string + config: + type: string + type: object + status: + description: AciContainersOperatorStatus defines the successful completion of AciContainersOperator + properties: + status: + type: boolean + type: object + required: + - spec + type: object +--- +apiVersion: v1 +kind: Namespace +metadata: + name: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: nodepodifs.aci.aw +spec: + group: aci.aw + names: + kind: NodePodIF + listKind: NodePodIFList + plural: nodepodifs + singular: nodepodif + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + properties: + podifs: + type: array + items: + type: object + properties: + containerID: + type: string + epg: + type: string + ifname: + type: string + ipaddr: + type: string + macaddr: + type: string + podname: + type: string + podns: + type: string + vtep: + type: string + required: + - spec + type: object +--- +{{- if eq .UseAciCniPriorityClass "true"}} +apiVersion: scheduling.k8s.io/v1beta1 +kind: PriorityClass +metadata: + name: acicni-priority +value: 1000000000 +globalDefault: false +description: "This priority class is used for ACI-CNI resources" +--- +{{- end }} +{{- if ne .UseAciAnywhereCRD "false"}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: epgs.aci.aw +spec: + group: aci.aw + names: + kind: Epg + listKind: EpgList + plural: epgs + scope: Namespaced + version: v1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: contracts.aci.aw +spec: + group: aci.aw + names: + kind: Contract + listKind: ContractList + plural: contracts + scope: Namespaced + version: v1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: podifs.aci.aw +spec: + group: aci.aw + names: + kind: PodIF + listKind: PodIFList + plural: podifs + scope: Namespaced + version: v1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gbpsstates.aci.aw +spec: + group: aci.aw + names: + kind: GBPSState + listKind: GBPSStateList + plural: gbpsstates + scope: Namespaced + version: v1 + subresources: + status: {} +--- +{{- end }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatglobalinfos.aci.snat +spec: + group: aci.snat + names: + kind: SnatGlobalInfo + listKind: SnatGlobalInfoList + plural: snatglobalinfos + singular: snatglobalinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: SnatGlobalInfo is the Schema for the snatglobalinfos API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + globalInfos: + additionalProperties: + items: + properties: + macAddress: + type: string + portRanges: + items: + properties: + end: + maximum: 65535 + minimum: 1 + type: integer + start: + maximum: 65535 + minimum: 1 + type: integer + type: object + type: array + snatIp: + type: string + snatIpUid: + type: string + snatPolicyName: + type: string + required: + - macAddress + - portRanges + - snatIp + - snatIpUid + - snatPolicyName + type: object + type: array + type: object + required: + - globalInfos + type: object + status: + description: SnatGlobalInfoStatus defines the observed state of SnatGlobalInfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatlocalinfos.aci.snat +spec: + group: aci.snat + names: + kind: SnatLocalInfo + listKind: SnatLocalInfoList + plural: snatlocalinfos + singular: snatlocalinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: SnatLocalInfoSpec defines the desired state of SnatLocalInfo + properties: + localInfos: + items: + properties: + podName: + type: string + podNamespace: + type: string + podUid: + type: string + snatPolicies: + items: + properties: + destIp: + items: + type: string + type: array + name: + type: string + snatIp: + type: string + required: + - destIp + - name + - snatIp + type: object + type: array + required: + - podName + - podNamespace + - podUid + - snatPolicies + type: object + type: array + required: + - localInfos + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snatpolicies.aci.snat +spec: + group: aci.snat + names: + kind: SnatPolicy + listKind: SnatPolicyList + plural: snatpolicies + singular: snatpolicy + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + properties: + selector: + type: object + properties: + labels: + type: object + description: 'Selection of Pods' + properties: + additionalProperties: + type: string + namespace: + type: string + type: object + snatIp: + type: array + items: + type: string + destIp: + type: array + items: + type: string + type: object + status: + type: object + properties: + additionalProperties: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: nodeinfos.aci.snat +spec: + group: aci.snat + names: + kind: NodeInfo + listKind: NodeInfoList + plural: nodeinfos + singular: nodeinfo + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + macaddress: + type: string + snatpolicynames: + additionalProperties: + type: boolean + type: object + type: object + status: + description: NodeinfoStatus defines the observed state of Nodeinfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: rdconfigs.aci.snat +spec: + group: aci.snat + names: + kind: RdConfig + listKind: RdConfigList + plural: rdconfigs + singular: rdconfig + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + discoveredsubnets: + items: + type: string + type: array + usersubnets: + items: + type: string + type: array + type: object + status: + description: NodeinfoStatus defines the observed state of Nodeinfo + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.aci.netpol +spec: + group: aci.netpol + names: + kind: NetworkPolicy + listKind: NetworkPolicyList + plural: networkpolicies + singular: networkpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Network Policy describes traffic flow at IP address or port level + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: allow ingress from the same namespace + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + egress: + description: Set of egress rules evaluated based on the order in which they are set. + items: + properties: + action: + description: Action specifies the action to be applied on the rule. + type: string + enableLogging: + description: EnableLogging is used to indicate if agent should generate logs default to false. + type: boolean + ports: + description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports. + items: + description: NetworkPolicyPort describes the port and protocol to match in a rule. + properties: + endPort: + description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified. + format: int32 + type: integer + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. + type: string + type: object + type: array + to: + description: Rule is matched if traffic is intended for workloads selected by this field. If this field is empty or missing, this rule matches all destinations. + items: + properties: + ipBlock: + description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector. + properties: + cidr: + description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + description: Select all Pods from Namespaces matched by this selector, as workloads in To/From fields. If set with PodSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except PodSelector or ExternalEntitySelector. + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + toFqDn: + properties: + matchNames: + items: + type: string + type: array + required: + - matchNames + type: object + required: + - enableLogging + - toFqDn + type: object + type: array + ingress: + description: Set of ingress rules evaluated based on the order in which they are set. + items: + properties: + action: + description: Action specifies the action to be applied on the rule. + type: string + enableLogging: + description: EnableLogging is used to indicate if agent should generate logs when rules are matched. Should be default to false. + type: boolean + from: + description: Rule is matched if traffic originates from workloads selected by this field. If this field is empty, this rule matches all sources. + items: + properties: + ipBlock: + description: IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. IPBlock cannot be set as part of the AppliedTo field. Cannot be set with any other selector. + properties: + cidr: + description: CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" + type: string + except: + description: Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64" Except values will be rejected if they are outside the CIDR range + items: + type: string + type: array + required: + - cidr + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: Select Pods from NetworkPolicys Namespace as workloads in AppliedTo/To/From fields. If set with NamespaceSelector, Pods are matched from Namespaces matched by the NamespaceSelector. Cannot be set with any other selector except NamespaceSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + ports: + description: Set of port and protocol allowed/denied by the rule. If this field is unset or empty, this rule matches all ports. + items: + description: NetworkPolicyPort describes the port and protocol to match in a rule. + properties: + endPort: + description: EndPort defines the end of the port range, being the end included within the range. It can only be specified when a numerical port is specified. + format: int32 + type: integer + port: + anyOf: + - type: integer + - type: string + description: The port on the given protocol. This can be either a numerical or named port on a Pod. If this field is not provided, this matches all port names and numbers. + x-kubernetes-int-or-string: true + protocol: + default: TCP + description: The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. + type: string + type: object + type: array + type: object + type: array + policyTypes: + items: + description: Policy Type string describes the NetworkPolicy type This type is beta-level in 1.8 + type: string + type: array + priority: + description: Priority specfies the order of the NetworkPolicy relative to other NetworkPolicies. + type: integer + type: + description: type of the policy. + type: string + required: + - type + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dnsnetworkpolicies.aci.dnsnetpol +spec: + group: aci.dnsnetpol + names: + kind: DnsNetworkPolicy + listKind: DnsNetworkPolicyList + plural: dnsnetworkpolicies + singular: dnsnetworkpolicy + scope: Namespaced + versions: + - name: v1beta + schema: + openAPIV3Schema: + description: dns network Policy + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + podSelector: + description: allow ingress from the same namespace + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + description: operator represents a keys relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + egress: + description: Set of egress rules evaluated based on the order in which they are set. + properties: + toFqdn: + properties: + matchNames: + items: + type: string + type: array + required: + - matchNames + type: object + required: + - toFqdn + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: qospolicies.aci.qos +spec: + group: aci.qos + names: + kind: QosPolicy + listKind: QosPolicyList + plural: qospolicies + singular: qospolicy + scope: Namespaced + preserveUnknownFields: false + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + podSelector: + description: 'Selection of Pods' + type: object + properties: + matchLabels: + type: object + description: + ingress: + type: object + properties: + policing_rate: + type: integer + minimum: 0 + policing_burst: + type: integer + minimum: 0 + egress: + type: object + properties: + policing_rate: + type: integer + minimum: 0 + policing_burst: + type: integer + minimum: 0 + dscpmark: + type: integer + default: 0 + minimum: 0 + maximum: 63 +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: netflowpolicies.aci.netflow +spec: + group: aci.netflow + names: + kind: NetflowPolicy + listKind: NetflowPolicyList + plural: netflowpolicies + singular: netflowpolicy + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1alpha + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + flowSamplingPolicy: + type: object + properties: + destIp: + type: string + destPort: + type: integer + minimum: 0 + maximum: 65535 + default: 2055 + flowType: + type: string + enum: + - netflow + - ipfix + default: netflow + activeFlowTimeOut: + type: integer + minimum: 0 + maximum: 3600 + default: 60 + idleFlowTimeOut: + type: integer + minimum: 0 + maximum: 600 + default: 15 + samplingRate: + type: integer + minimum: 0 + maximum: 1000 + default: 0 + required: + - destIp + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: erspanpolicies.aci.erspan +spec: + group: aci.erspan + names: + kind: ErspanPolicy + listKind: ErspanPolicyList + plural: erspanpolicies + singular: erspanpolicy + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + type: object + properties: + selector: + type: object + description: 'Selection of Pods' + properties: + labels: + type: object + properties: + additionalProperties: + type: string + namespace: + type: string + source: + type: object + properties: + adminState: + description: Administrative state. + default: start + type: string + enum: + - start + - stop + direction: + description: Direction of the packets to monitor. + default: both + type: string + enum: + - in + - out + - both + destination: + type: object + properties: + destIP: + description: Destination IP of the ERSPAN packet. + type: string + flowID: + description: Unique flow ID of the ERSPAN packet. + default: 1 + type: integer + minimum: 1 + maximum: 1023 + required: + - destIP + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: enabledroplogs.aci.droplog +spec: + group: aci.droplog + names: + kind: EnableDropLog + listKind: EnableDropLogList + plural: enabledroplogs + singular: enabledroplog + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + description: Defines the desired state of EnableDropLog + type: object + properties: + disableDefaultDropLog: + description: Disables the default droplog enabled by acc-provision. + default: false + type: boolean + nodeSelector: + type: object + description: Drop logging is enabled on nodes selected based on labels + properties: + labels: + type: object + properties: + additionalProperties: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: prunedroplogs.aci.droplog +spec: + group: aci.droplog + names: + kind: PruneDropLog + listKind: PruneDropLogList + plural: prunedroplogs + singular: prunedroplog + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + type: object + properties: + apiVersion: + type: string + kind: + type: string + spec: + description: Defines the desired state of PruneDropLog + type: object + properties: + nodeSelector: + type: object + description: Drop logging filters are applied to nodes selected based on labels + properties: + labels: + type: object + properties: + additionalProperties: + type: string + dropLogFilters: + type: object + properties: + srcIP: + type: string + destIP: + type: string + srcMAC: + type: string + destMAC: + type: string + srcPort: + type: integer + destPort: + type: integer + ipProto: + type: integer +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: accprovisioninputs.aci.ctrl +spec: + group: aci.ctrl + names: + kind: AccProvisionInput + listKind: AccProvisionInputList + plural: accprovisioninputs + singular: accprovisioninput + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: accprovisioninput defines the input configuration for ACI CNI + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: AccProvisionInputSpec defines the desired spec for accprovisioninput object + properties: + acc_provision_input: + type: object + properties: + operator_managed_config: + type: object + properties: + enable_updates: + type: boolean + aci_config: + type: object + properties: + sync_login: + type: object + properties: + certfile: + type: string + keyfile: + type: string + client_ssl: + type: boolean + net_config: + type: object + properties: + interface_mtu: + type: integer + service_monitor_interval: + type: integer + pbr_tracking_non_snat: + type: boolean + pod_subnet_chunk_size: + type: integer + disable_wait_for_network: + type: boolean + duration_wait_for_network: + type: integer + registry: + type: object + properties: + image_prefix: + type: string + image_pull_secret: + type: string + aci_containers_operator_version: + type: string + aci_containers_controller_version: + type: string + aci_containers_host_version: + type: string + acc_provision_operator_version: + type: string + aci_cni_operator_version: + type: string + cnideploy_version: + type: string + opflex_agent_version: + type: string + openvswitch_version: + type: string + gbp_version: + type: string + logging: + type: object + properties: + controller_log_level: + type: string + hostagent_log_level: + type: string + opflexagent_log_level: + type: string + istio_config: + type: object + properties: + install_istio: + type: boolean + install_profile: + type: string + multus: + type: object + properties: + disable: + type: boolean + drop_log_config: + type: object + properties: + enable: + type: boolean + nodepodif_config: + type: object + properties: + enable: + type: boolean + sriov_config: + type: object + properties: + enable: + type: boolean + kube_config: + type: object + properties: + ovs_memory_limit: + type: string + use_privileged_containers: + type: boolean + image_pull_policy: + type: string + reboot_opflex_with_ovs: + type: string + snat_operator: + type: object + properties: + port_range: + type: object + properties: + start: + type: integer + end: + type: integer + ports_per_node: + type: integer + contract_scope: + type: string + disable_periodic_snat_global_info_sync: + type: boolean + type: object + status: + description: AccProvisionInputStatus defines the successful completion of AccProvisionInput + properties: + status: + type: boolean + type: object + required: + - spec + type: object +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: aci-containers-config + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +data: + controller-config: |- + { + "log-level": "{{.ControllerLogLevel}}", + "apic-hosts": {{.ApicHosts}}, + "apic-refreshtime": "{{.ApicRefreshTime}}", + "apic-subscription-delay": {{.ApicSubscriptionDelay}}, + "apic_refreshticker_adjust": "{{.ApicRefreshTickerAdjust}}", + "apic-username": "{{.ApicUserName}}", + "apic-private-key-path": "/usr/local/etc/aci-cert/user.key", + "aci-prefix": "{{.SystemIdentifier}}", + "aci-vmm-type": "Kubernetes", +{{- if ne .VmmDomain ""}} + "aci-vmm-domain": "{{.VmmDomain}}", +{{- else}} + "aci-vmm-domain": "{{.SystemIdentifier}}", +{{- end}} +{{- if ne .VmmController ""}} + "aci-vmm-controller": "{{.VmmController}}", +{{- else}} + "aci-vmm-controller": "{{.SystemIdentifier}}", +{{- end}} + "aci-policy-tenant": "{{.Tenant}}", +{{- if ne .CApic "false"}} + "lb-type": "None", +{{- end}} +{{- if ne .NoWaitForServiceEpReadiness "false"}} + "no-wait-for-service-ep-readiness": {{.NoWaitForServiceEpReadiness}}, +{{- end}} +{{- if ne .AddExternalSubnetsToRdconfig "false"}} + "add-external-subnets-to-rdconfig": {{.AddExternalSubnetsToRdconfig}}, +{{- end}} +{{- if ne .DisablePeriodicSnatGlobalInfoSync "false"}} + "disable-periodic-snat-global-info-sync": {{.DisablePeriodicSnatGlobalInfoSync}}, +{{- end}} + "opflex-device-delete-timeout": {{.OpflexDeviceDeleteTimeout}}, + "install-istio": {{.InstallIstio}}, + "istio-profile": "{{.IstioProfile}}", +{{- if ne .CApic "true"}} + "aci-podbd-dn": "uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-pod-bd", + "aci-nodebd-dn": "uni/tn-{{.Tenant}}/BD-aci-containers-{{.SystemIdentifier}}-node-bd", +{{- end}} + "aci-service-phys-dom": "{{.SystemIdentifier}}-pdom", + "aci-service-encap": "vlan-{{.ServiceVlan}}", + "aci-service-monitor-interval": {{.ServiceMonitorInterval}}, + "aci-pbr-tracking-non-snat": {{.PBRTrackingNonSnat}}, + "aci-vrf-tenant": "{{.VRFTenant}}", + "aci-l3out": "{{.L3Out}}", + "aci-ext-networks": {{.L3OutExternalNetworks}}, +{{- if ne .CApic "true"}} + "aci-vrf": "{{.VRFName}}", +{{- else}} + "aci-vrf": "{{.OverlayVRFName}}", +{{- end}} + "default-endpoint-group": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-default" +{{- else}} + "name": "aci-containers-{{.SystemIdentifier}}" +{{- end}} + }, + "max-nodes-svc-graph": {{.MaxNodesSvcGraph}}, + "namespace-default-endpoint-group": { + "aci-containers-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "istio-operator": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" +{{- else}} + "name": "aci-containers-istio" +{{- end}} + }, + "istio-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" +{{- else}} + "name": "aci-containers-istio" +{{- end}} + }, + "kube-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-prometheus": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-logging": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + } }, + "service-ip-pool": [ + { + "end": "{{.ServiceIPEnd}}", + "start": "{{.ServiceIPStart}}" + } + ], +{{- if ne .StaticExternalSubnet ""}} + "extern-static": "{{.StaticExternalSubnet}}", +{{- end}} +{{- if ne .DynamicExternalSubnet ""}} + "extern-dynamic": "{{.DynamicExternalSubnet}}", +{{- end}} + "snat-contract-scope": "{{.SnatContractScope}}", + "static-service-ip-pool": [ + { + "end": "{{.StaticServiceIPEnd}}", + "start": "{{.StaticServiceIPStart}}" + } + ], + "pod-ip-pool": [ + { + "end": "{{.PodIPEnd}}", + "start": "{{.PodIPStart}}" + } + ], + "pod-subnet-chunk-size": {{.PodSubnetChunkSize}}, + "node-service-ip-pool": [ + { + "end": "{{.NodeServiceIPEnd}}", + "start": "{{.NodeServiceIPStart}}" + } + ], + "node-service-subnets": [ + "{{.ServiceGraphSubnet}}" + ], + "enable_endpointslice": {{.EnableEndpointSlice}} + } + host-agent-config: |- + { + "app-profile": "aci-containers-{{.SystemIdentifier}}", +{{- if ne .EpRegistry ""}} + "ep-registry": "{{.EpRegistry}}", +{{- else}} + "ep-registry": null, +{{- end}} +{{- if ne .OpflexMode ""}} + "opflex-mode": "{{.OpflexMode}}", +{{- else}} + "opflex-mode": null, +{{- end}} + "log-level": "{{.HostAgentLogLevel}}", + "aci-snat-namespace": "{{.SnatNamespace}}", + "aci-vmm-type": "Kubernetes", +{{- if ne .VmmDomain ""}} + "aci-vmm-domain": "{{.VmmDomain}}", +{{- else}} + "aci-vmm-domain": "{{.SystemIdentifier}}", +{{- end}} +{{- if ne .VmmController ""}} + "aci-vmm-controller": "{{.VmmController}}", +{{- else}} + "aci-vmm-controller": "{{.SystemIdentifier}}", +{{- end}} + "aci-prefix": "{{.SystemIdentifier}}", +{{- if ne .CApic "true"}} + "aci-vrf": "{{.VRFName}}", +{{- else}} + "aci-vrf": "{{.OverlayVRFName}}", +{{- end}} + "aci-vrf-tenant": "{{.VRFTenant}}", + "service-vlan": {{.ServiceVlan}}, + "kubeapi-vlan": {{.KubeAPIVlan}}, + "pod-subnet": "{{.ClusterCIDR}}", + "node-subnet": "{{.NodeSubnet}}", + "encap-type": "{{.EncapType}}", + "aci-infra-vlan": {{.InfraVlan}}, +{{- if .MTU}} +{{- if ne .MTU 0}} + "interface-mtu": {{.MTU}}, +{{- end}} +{{- end}} +{{- if .MTUHeadRoom}} +{{- if ne .MTUHeadRoom "0"}} + "interface-mtu-headroom": {{.MTUHeadRoom}}, +{{- end}} +{{- end}} + "cni-netconfig": [ + { + "gateway": "{{.PodGateway}}", + "routes": [ + { + "dst": "0.0.0.0/0", + "gw": "{{.PodGateway}}" + } + ], + "subnet": "{{.ClusterCIDR}}" + } + ], + "default-endpoint-group": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-default" +{{- else}} + "name": "aci-containers-default" +{{- end}} + }, + "namespace-default-endpoint-group": { + "aci-containers-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "istio-operator": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" +{{- else}} + "name": "aci-containers-istio" +{{- end}} + }, + "istio-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-istio" +{{- else}} + "name": "aci-containers-istio" +{{- end}} + }, + "kube-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-system": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-prometheus": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + }, + "cattle-logging": { + "policy-space": "{{.Tenant}}", +{{- if ne .CApic "true"}} + "name": "aci-containers-{{.SystemIdentifier}}|aci-containers-system" +{{- else}} + "name": "aci-containers-system" +{{- end}} + } }, + "enable-drop-log": {{.DropLogEnable}}, + "enable_endpointslice": {{.EnableEndpointSlice}}, + "enable-nodepodif": {{.NodePodIfEnable}}, + "enable-ovs-hw-offload": {{.SriovEnable}} + } + opflex-agent-config: |- + { + "log": { + "level": "{{.OpflexAgentLogLevel}}" + }, + "opflex": { + "notif" : { "enabled" : "false" } +{{- if eq .OpflexClientSSL "false"}} + "ssl": { "mode": "disabled"} +{{- end}} +{{- if eq .RunGbpContainer "true"}} + "statistics" : { "mode" : "off" } +{{- end}} + } + } +{{- if eq .RunGbpContainer "true"}} + gbp-server-config: |- + { + "aci-policy-tenant": "{{.Tenant}}", + "aci-vrf": "{{.OverlayVRFName}}", +{{- if ne .VmmDomain ""}} + "aci-vmm-domain": "{{.VmmDomain}}", +{{- else}} + "aci-vmm-domain": "{{.SystemIdentifier}}", +{{- end}} +{{- if ne .CApic "true"}} + "pod-subnet": "{{.GbpPodSubnet}}" +{{- else}} + "pod-subnet": "{{.GbpPodSubnet}}", + "apic": { + "apic-hosts": {{.ApicHosts}}, + "apic-username": {{.ApicUserName}}, + "apic-private-key-path": "/usr/local/etc/aci-cert/user.key", + "kafka": { + "brokers": {{.KafkaBrokers}}, + "client-key-path": "/certs/kafka-client.key", + "client-cert-path": "/certs/kafka-client.crt", + "ca-cert-path": "/certs/ca.crt", + "topic": {{.SystemIdentifier}} + }, + "cloud-info": { + "cluster-name": {{.SystemIdentifier}}, + "subnet": {{.SubnetDomainName}}, + "vrf": {{.VRFDomainName}} + } + } +{{- end}} + } +{{- end}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: snat-operator-config + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +data: + "start": "{{.SnatPortRangeStart}}" + "end": "{{.SnatPortRangeEnd}}" + "ports-per-node": "{{.SnatPortsPerNode}}" +--- +apiVersion: v1 +kind: Secret +metadata: + name: aci-user-cert + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +data: + user.key: {{.ApicUserKey}} + user.crt: {{.ApicUserCrt}} +--- +{{- if eq .CApic "true"}} +apiVersion: v1 +kind: Secret +metadata: + name: kafka-client-certificates + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +data: + ca.crt: {{.KafkaClientCrt}} + kafka-client.crt: {{.KafkaClientCrt}} + kafka-client.key: {{.KafkaClientKey}} +--- +{{- end}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aci-containers-host-agent + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" +--- +{{- if eq .UseClusterRole "true"}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers:controller +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - endpoints + - services + - events + - replicationcontrollers + - serviceaccounts + verbs: + - list + - watch + - get + - patch + - create + - update + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch + - get + - create + - update + - delete +- apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' +{{- if ne .InstallIstio "false"}} +- apiGroups: + - "install.istio.io" + resources: + - istiocontrolplanes + - istiooperators + verbs: + - '*' +- apiGroups: + - "aci.istio" + resources: + - aciistiooperators + - aciistiooperator + verbs: + - '*' +{{- end}} +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - watch + - get +{{- if ne .UseAciAnywhereCRD "false"}} +- apiGroups: + - "aci.aw" + resources: + - epgs + - contracts + verbs: + - list + - watch + - get +- apiGroups: + - "aci.aw" + resources: + - podifs + - gbpsstates + - gbpsstates/status + verbs: + - '*' +{{- end}} +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes + - services/status + verbs: + - update +- apiGroups: + - "monitoring.coreos.com" + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - "aci.snat" + resources: + - snatpolicies/finalizers + - snatpolicies/status + - nodeinfos + verbs: + - update + - create + - list + - watch + - get + - delete +- apiGroups: + - "aci.snat" + resources: + - snatglobalinfos + - snatpolicies + - nodeinfos + - rdconfigs + verbs: + - list + - watch + - get + - create + - update + - delete +- apiGroups: + - "aci.qos" + resources: + - qospolicies + verbs: + - list + - watch + - get + - create + - update + - delete + - patch +- apiGroups: + - "aci.netflow" + resources: + - netflowpolicies + verbs: + - list + - watch + - get + - update +- apiGroups: + - "aci.erspan" + resources: + - erspanpolicies + verbs: + - list + - watch + - get + - update +- apiGroups: + - "aci.aw" + resources: + - nodepodifs + verbs: + - '*' +- apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - list + - watch + - get +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - "aci.netpol" + resources: + - networkpolicies + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - "aci.dnsnetpol" + resources: + - dnsnetworkpolicies + verbs: + - get + - list + - watch + - create + - update + - delete +--- +{{- end}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers:host-agent +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - endpoints + - services + - replicationcontrollers + verbs: + - list + - watch + - get +{{- if ne .DropLogEnable "false"}} + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end}} +- apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - list + - watch + - get +{{- if ne .UseAciAnywhereCRD "false"}} +- apiGroups: + - "aci.aw" + resources: + - podifs + - podifs/status + verbs: + - "*" +{{- end}} +- apiGroups: + - "networking.k8s.io" + resources: + - networkpolicies + verbs: + - list + - watch + - get +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + verbs: + - list + - watch + - get +- apiGroups: + - "aci.snat" + resources: + - snatpolicies + - snatglobalinfos + - rdconfigs + verbs: + - list + - watch + - get +- apiGroups: + - "aci.qos" + resources: + - qospolicies + verbs: + - list + - watch + - get + - create + - update + - delete + - patch +- apiGroups: + - "aci.droplog" + resources: + - enabledroplogs + - prunedroplogs + verbs: + - list + - watch + - get +- apiGroups: + - "aci.snat" + resources: + - nodeinfos + - snatlocalinfos + verbs: + - create + - update + - list + - watch + - get + - delete +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - "aci.netpol" + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - "aci.aw" + resources: + - nodepodifs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aci-containers:controller + labels: + aci-containers-config-version: "{{.Token}}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aci-containers:controller +subjects: +- kind: ServiceAccount + name: aci-containers-controller + namespace: aci-containers-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aci-containers:host-agent + labels: + aci-containers-config-version: "{{.Token}}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aci-containers:host-agent +subjects: +- kind: ServiceAccount + name: aci-containers-host-agent + namespace: aci-containers-system +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aci-containers-host + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + name: aci-containers-host + network-plugin: aci-containers + template: + metadata: + labels: + name: aci-containers-host + network-plugin: aci-containers + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + prometheus.io/scrape: "true" + prometheus.io/port: "9612" + spec: + hostNetwork: true + hostPID: true + hostIPC: true + serviceAccountName: aci-containers-host-agent +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{- end}} + tolerations: + - operator: Exists + initContainers: + - name: cnideploy + image: {{.AciCniDeployContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - SYS_ADMIN + volumeMounts: + - name: cni-bin + mountPath: /mnt/cni-bin +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-cluster-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} + containers: + - name: aci-containers-host + image: {{.AciHostContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - SYS_ADMIN + - NET_ADMIN + - SYS_PTRACE + - NET_RAW + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: TENANT + value: "{{.Tenant}}" +{{- if eq .RunGbpContainer "true"}} +{{- if eq .CApic "true"}} + - name: NODE_EPG + value: "aci-containers-nodes" +{{- else}} + - name: NODE_EPG + value: "aci-containers-{{.SystemIdentifier}}|aci-containers-nodes" +{{- end}} + - name: OPFLEX_MODE + value: overlay +{{- else}} + - name: NODE_EPG + value: "aci-containers-{{.SystemIdentifier}}|aci-containers-nodes" +{{- end}} +{{- if ne .MultusDisable "true"}} + - name: MULTUS + value: true +{{- end}} +{{- if eq .DisableWaitForNetwork "true"}} + - name: DISABLE_WAIT_FOR_NETWORK + value: true +{{- else}} + - name: DURATION_WAIT_FOR_NETWORK + value: "{{.DurationWaitForNetwork}}" +{{- end}} + volumeMounts: + - name: cni-bin + mountPath: /mnt/cni-bin + - name: cni-conf + mountPath: /mnt/cni-conf + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: opflex-hostconfig-volume + mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d + - name: host-config-volume + mountPath: /usr/local/etc/aci-containers/ +{{- if eq .UseHostNetnsVolume "true"}} + - mountPath: /run/netns + name: host-run-netns + readOnly: true + mountPropagation: HostToContainer +{{- end}} +{{- if ne .MultusDisable "true"}} + - name: multus-cni-conf + mountPath: /mnt/multus-cni-conf +{{- end}} + livenessProbe: + failureThreshold: 10 + httpGet: + path: /status + port: 8090 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + - name: opflex-agent + env: + - name: REBOOT_WITH_OVS + value: "true" +{{- if eq .RunGbpContainer "true"}} + - name: SSL_MODE + value: disabled +{{- end}} + image: {{.AciOpflexContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - NET_ADMIN + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: opflex-hostconfig-volume + mountPath: /usr/local/etc/opflex-agent-ovs/base-conf.d + - name: opflex-config-volume + mountPath: /usr/local/etc/opflex-agent-ovs/conf.d +{{- if eq .RunOpflexServerContainer "true"}} + - name: opflex-server + image: {{.AciOpflexServerContainer}} + command: ["/bin/sh"] + args: ["/usr/local/bin/launch-opflexserver.sh"] + imagePullPolicy: {{.ImagePullPolicy}} + securityContext: + capabilities: + add: + - NET_ADMIN + ports: + - containerPort: {{.OpflexServerPort}} + - name: metrics + containerPort: 9632 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - name: opflex-server-config-volume + mountPath: /usr/local/etc/opflex-server + - name: hostvar + mountPath: /usr/local/var +{{- end}} + - name: mcast-daemon + image: {{.AciMcastContainer}} + command: ["/bin/sh"] + args: ["/usr/local/bin/launch-mcastdaemon.sh"] + imagePullPolicy: {{.ImagePullPolicy}} +{{- if eq .UsePrivilegedContainer "true"}} + securityContext: + privileged: true +{{- end}} + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + restartPolicy: Always + volumes: + - name: cni-bin + hostPath: + path: /opt + - name: cni-conf + hostPath: + path: /etc + - name: hostvar + hostPath: + path: /var + - name: hostrun + hostPath: + path: /run + - name: host-config-volume + configMap: + name: aci-containers-config + items: + - key: host-agent-config + path: host-agent.conf + - name: opflex-hostconfig-volume + emptyDir: + medium: Memory + - name: opflex-config-volume + configMap: + name: aci-containers-config + items: + - key: opflex-agent-config + path: local.conf +{{- if eq .UseOpflexServerVolume "true"}} + - name: opflex-server-config-volume +{{- end}} +{{- if eq .UseHostNetnsVolume "true"}} + - name: host-run-netns + hostPath: + path: /run/netns +{{- end}} +{{- if ne .MultusDisable "true" }} + - name: multus-cni-conf + hostPath: + path: /var/run/multus/ +{{- end}} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: aci-containers-openvswitch + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + name: aci-containers-openvswitch + network-plugin: aci-containers + template: + metadata: + labels: + name: aci-containers-openvswitch + network-plugin: aci-containers + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + hostNetwork: true + hostPID: true + hostIPC: true + serviceAccountName: aci-containers-host-agent +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{end}} + tolerations: + - operator: Exists +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-cluster-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} + containers: + - name: aci-containers-openvswitch + image: {{.AciOpenvSwitchContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + resources: + limits: + memory: "{{.OVSMemoryLimit}}" + securityContext: +{{- if eq .UsePrivilegedContainer "true"}} + privileged: true +{{- end}} + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + - SYS_NICE + - IPC_LOCK + env: + - name: OVS_RUNDIR + value: /usr/local/var/run/openvswitch + volumeMounts: + - name: hostvar + mountPath: /usr/local/var + - name: hostrun + mountPath: /run + - name: hostrun + mountPath: /usr/local/run + - name: hostetc + mountPath: /usr/local/etc + - name: hostmodules + mountPath: /lib/modules + livenessProbe: + exec: + command: + - /usr/local/bin/liveness-ovs.sh + restartPolicy: Always + volumes: + - name: hostetc + hostPath: + path: /etc + - name: hostvar + hostPath: + path: /var + - name: hostrun + hostPath: + path: /run + - name: hostmodules + hostPath: + path: /lib/modules +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + aci-containers-config-version: "{{.Token}}" + network-plugin: aci-containers + name: aci-containers-controller +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + name: aci-containers-controller + network-plugin: aci-containers + template: + metadata: + name: aci-containers-controller + namespace: aci-containers-system + labels: + name: aci-containers-controller + network-plugin: aci-containers + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + hostNetwork: true + serviceAccountName: aci-containers-controller +{{- if ne .ImagePullSecret ""}} + imagePullSecrets: + - name: {{.ImagePullSecret}} +{{end}} +{{- if .Tolerations }} + tolerations: +{{ toYaml .Tolerations | indent 6}} +{{- else }} + tolerations: + - effect: NoExecute + operator: Exists + tolerationSeconds: 60 + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +{{- end }} +{{- if ne .NoPriorityClass "true"}} + priorityClassName: system-node-critical +{{- end}} +{{- if eq .UseAciCniPriorityClass "true"}} + priorityClassName: acicni-priority +{{- end}} + containers: +{{- if eq .RunGbpContainer "true"}} + - name: aci-gbpserver + image: {{.AciGbpServerContainer}} + imagePullPolicy: {{ .ImagePullPolicy }} + volumeMounts: + - name: controller-config-volume + mountPath: /usr/local/etc/aci-containers/ +{{- if eq .CApic "true"}} + - name: kafka-certs + mountPath: /certs + - name: aci-user-cert-volume + mountPath: /usr/local/etc/aci-cert/ +{{- end}} + env: + - name: GBP_SERVER_CONF + value: /usr/local/etc/aci-containers/gbp-server.conf +{{- end}} + - name: aci-containers-controller + image: {{.AciControllerContainer}} + imagePullPolicy: {{.ImagePullPolicy}} + env: + - name: WATCH_NAMESPACE + value: "" + - name: ACI_SNAT_NAMESPACE + value: "aci-containers-system" + - name: ACI_SNAGLOBALINFO_NAME + value: "snatglobalinfo" + - name: ACI_RDCONFIG_NAME + value: "routingdomain-config" + - name: SYSTEM_NAMESPACE + value: "aci-containers-system" + volumeMounts: + - name: controller-config-volume + mountPath: /usr/local/etc/aci-containers/ + - name: aci-user-cert-volume + mountPath: /usr/local/etc/aci-cert/ + livenessProbe: + failureThreshold: 10 + httpGet: + path: /status + port: 8091 + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + volumes: +{{- if eq .CApic "true"}} + - name: kafka-certs + secret: + secretName: kafka-client-certificates +{{- end}} + - name: aci-user-cert-volume + secret: + secretName: aci-user-cert + - name: controller-config-volume + configMap: + name: aci-containers-config + items: + - key: controller-config + path: controller.conf +{{- if eq .RunGbpContainer "true"}} + - key: gbp-server-config + path: gbp-server.conf +{{- end}} +{{- if eq .CApic "true"}} +--- +apiVersion: aci.aw/v1 +kind: PodIF +metadata: + name: inet-route + namespace: kube-system +status: + epg: aci-containers-inet-out + ipaddr: 0.0.0.0/0 +{{- end}} +` diff --git a/rke/templates/templates.go b/rke/templates/templates.go index 1d4f3a0f6..13aca4aa3 100644 --- a/rke/templates/templates.go +++ b/rke/templates/templates.go @@ -69,8 +69,9 @@ const ( /* Versioning: va.b.c--x.y.z where a.b.c is ACI version and x.y.z is the k8s version, if required */ - aciv500 = "aci-v5.0.0" - aciv523 = "aci-v5.2.3" + aciv500 = "aci-v5.0.0" + aciv523 = "aci-v5.2.3" + aciv5234 = "aci-v5.2.3.4" nginxIngressv18 = "nginxingress-v1.8" nginxIngressV115 = "nginxingress-v1.15" @@ -170,14 +171,18 @@ func LoadK8sVersionedTemplates() map[string]map[string]string { ">=1.8.0-rancher0 <1.16.0-alpha": weavev18, }, kdm.Aci: { - ">=1.17.0-alpha <1.20.15-rancher2-2": aciv500, - ">=1.20.15-rancher2-2 <1.21.0-rancher0": aciv523, - ">=1.21.0-rancher0 <1.21.14-rancher1-1": aciv500, - ">=1.21.14-rancher1-1 <1.22.0-rancher0": aciv523, - ">=1.22.0-rancher0 <1.22.11-rancher1-1": aciv500, - ">=1.22.11-rancher1-1 <1.23.0-rancher0": aciv523, - ">=1.23.0-rancher0 <1.23.8-rancher1-1": aciv500, - ">=1.23.8-rancher1-1": aciv523, + ">=1.17.0-alpha <1.20.15-rancher2-2": aciv500, + ">=1.20.15-rancher2-2 <1.21.0-rancher0": aciv523, + ">=1.21.0-rancher0 <1.21.14-rancher1-1": aciv500, + ">=1.21.14-rancher1-1 <1.22.0-rancher0": aciv523, + ">=1.22.0-rancher0 <1.22.11-rancher1-1": aciv500, + ">=1.22.11-rancher1-1 <1.22.16-rancher1-1": aciv523, + ">=1.22.16-rancher1-1 <1.23.0-rancher0": aciv5234, + ">=1.23.0-rancher0 <1.23.8-rancher1-1": aciv500, + ">=1.23.8-rancher1-1 <1.23.14-rancher1-1": aciv523, + ">=1.23.14-rancher1-1 <1.24.0-rancher0": aciv5234, + ">=1.24.0-rancher0 <1.24.8-rancher1-1": aciv523, + ">=1.24.8-rancher1-1": aciv5234, }, kdm.NginxIngress: { ">=1.8.0-rancher0 <1.13.10-rancher1-3": nginxIngressv18, @@ -280,8 +285,9 @@ func getTemplates() map[string]string { weavev120: WeaveTemplateV120, weavev122: WeaveTemplateV122, - aciv500: AciTemplateV500, - aciv523: AciTemplateV523, + aciv500: AciTemplateV500, + aciv523: AciTemplateV523, + aciv5234: AciTemplateV5234, nginxIngressv18: NginxIngressTemplate, nginxIngressV115: NginxIngressTemplateV0251Rancher1,