From 43431bbf6bb917919115c40ed54fc298aceb898a Mon Sep 17 00:00:00 2001 From: Camryn Lee <31013536+camrynl@users.noreply.github.com> Date: Tue, 2 May 2023 09:41:26 -0700 Subject: [PATCH] Update to cilium v1.12.8 (#1934) * update to cilium 1.12.8 * initcontainer for cni binaries * update cni-install container --- cilium/cilium_helm_values.yaml | 4 +- .../cilium/cilium-agent/daemonset.yaml | 41 +++++++++++-------- .../cilium/cilium-operator/deployment.yaml | 2 +- 3 files changed, 26 insertions(+), 21 deletions(-) diff --git a/cilium/cilium_helm_values.yaml b/cilium/cilium_helm_values.yaml index 983a8627699..c191eb4dd4a 100644 --- a/cilium/cilium_helm_values.yaml +++ b/cilium/cilium_helm_values.yaml @@ -1,13 +1,13 @@ image: repository: mcr.microsoft.com/oss/cilium/cilium - tag: 1.12.5 + tag: 1.12.8 digest: "" useDigest: false operator: image: repository: mcr.microsoft.com/oss/cilium/operator - tag: 1.12.5 + tag: 1.12.8 suffix: "" digest: "" useDigest: false diff --git a/test/integration/manifests/cilium/cilium-agent/daemonset.yaml b/test/integration/manifests/cilium/cilium-agent/daemonset.yaml index b4fd32ab452..279107b3f4e 100644 --- a/test/integration/manifests/cilium/cilium-agent/daemonset.yaml +++ b/test/integration/manifests/cilium/cilium-agent/daemonset.yaml @@ -66,19 +66,8 @@ spec: fieldPath: metadata.namespace - name: CILIUM_CLUSTERMESH_CONFIG value: /var/lib/cilium/clustermesh/ - - name: CILIUM_CUSTOM_CNI_CONF - value: "true" - image: mcr.microsoft.com/oss/cilium/cilium:1.12.5.1 + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 imagePullPolicy: IfNotPresent - lifecycle: - postStart: - exec: - command: - - /cni-install.sh - preStop: - exec: - command: - - /cni-uninstall.sh livenessProbe: failureThreshold: 10 httpGet: @@ -157,8 +146,6 @@ spec: name: bpf-maps - mountPath: /var/run/cilium name: cilium-run - - mountPath: /host/opt/cni/bin - name: cni-path - mountPath: /host/etc/cni/net.d name: etc-cni-netd - mountPath: /var/lib/cilium/clustermesh @@ -175,6 +162,24 @@ spec: dnsPolicy: ClusterFirst hostNetwork: true initContainers: + - name: install-cni-binaries + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 + imagePullPolicy: IfNotPresent + command: + - "/install-plugin.sh" + securityContext: + seLinuxOptions: + level: 's0' + # Running with spc_t since we have removed the privileged mode. + # Users can change it to a different type as long as they have the + # type available on the system. + type: 'spc_t' + capabilities: + drop: + - ALL + volumeMounts: + - name: cni-path + mountPath: /host/opt/cni/bin - command: - sh - -ec @@ -187,7 +192,7 @@ spec: value: /run/cilium/cgroupv2 - name: BIN_PATH value: /opt/cni/bin - image: mcr.microsoft.com/oss/cilium/cilium:1.12.5.1 + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 imagePullPolicy: IfNotPresent name: mount-cgroup resources: {} @@ -219,7 +224,7 @@ spec: env: - name: BIN_PATH value: /opt/cni/bin - image: mcr.microsoft.com/oss/cilium/cilium:1.12.5.1 + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 imagePullPolicy: IfNotPresent name: apply-sysctl-overwrites resources: {} @@ -247,7 +252,7 @@ spec: - /bin/bash - -c - -- - image: mcr.microsoft.com/oss/cilium/cilium:1.12.5.1 + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 imagePullPolicy: IfNotPresent name: mount-bpf-fs resources: {} @@ -274,7 +279,7 @@ spec: key: clean-cilium-bpf-state name: cilium-config optional: true - image: mcr.microsoft.com/oss/cilium/cilium:1.12.5.1 + image: mcr.microsoft.com/oss/cilium/cilium:1.12.8 imagePullPolicy: IfNotPresent name: clean-cilium-state resources: diff --git a/test/integration/manifests/cilium/cilium-operator/deployment.yaml b/test/integration/manifests/cilium/cilium-operator/deployment.yaml index 314e5235236..7ba069909fb 100644 --- a/test/integration/manifests/cilium/cilium-operator/deployment.yaml +++ b/test/integration/manifests/cilium/cilium-operator/deployment.yaml @@ -29,7 +29,7 @@ spec: spec: containers: - name: cilium-operator - image: "mcr.microsoft.com/oss/cilium/operator-generic:1.12.5" + image: "mcr.microsoft.com/oss/cilium/operator-generic:1.12.8" imagePullPolicy: IfNotPresent command: - cilium-operator-generic