diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst index d03703f310818..2b74406211189 100644 --- a/Documentation/helm-values.rst +++ b/Documentation/helm-values.rst @@ -531,7 +531,7 @@ * - :spelling:ignore:`clustermesh.apiserver.image` - Clustermesh API server image. - object - - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.4","useDigest":false}`` + - ``{"digest":"sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.4","useDigest":true}`` * - :spelling:ignore:`clustermesh.apiserver.kvstoremesh.enabled` - Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. - bool @@ -1743,7 +1743,7 @@ * - :spelling:ignore:`hubble.relay.image` - Hubble-relay container image. - object - - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.4","useDigest":false}`` + - ``{"digest":"sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.4","useDigest":true}`` * - :spelling:ignore:`hubble.relay.listenHost` - Host to listen to. Specify an empty string to bind to all the interfaces. - string @@ -2167,7 +2167,7 @@ * - :spelling:ignore:`image` - Agent container image. - object - - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":false}`` + - ``{"digest":"sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":true}`` * - :spelling:ignore:`imagePullSecrets` - Configure image pull secrets for pulling container images - list @@ -2675,7 +2675,7 @@ * - :spelling:ignore:`operator.image` - cilium-operator image. - object - - ``{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.4","useDigest":false}`` + - ``{"alibabacloudDigest":"sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686","awsDigest":"sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be","azureDigest":"sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de","genericDigest":"sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.4","useDigest":true}`` * - :spelling:ignore:`operator.nodeGCInterval` - Interval for cilium node garbage collection. - string @@ -2875,7 +2875,7 @@ * - :spelling:ignore:`preflight.image` - Cilium pre-flight image. - object - - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":false}`` + - ``{"digest":"sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":true}`` * - :spelling:ignore:`preflight.nodeSelector` - Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - object diff --git a/install/kubernetes/Makefile.digests b/install/kubernetes/Makefile.digests index 7933852e3fb42..fa6e42c5ef72b 100644 --- a/install/kubernetes/Makefile.digests +++ b/install/kubernetes/Makefile.digests @@ -2,12 +2,12 @@ # Copyright 2024 Authors of Cilium # SPDX-License-Identifier: Apache-2.0 -export CILIUM_DIGEST := "" -export CLUSTERMESH_APISERVER_DIGEST := "" -export DOCKER_PLUGIN_DIGEST := "" -export HUBBLE_RELAY_DIGEST := "" -export OPERATOR_ALIBABACLOUD_DIGEST := "" -export OPERATOR_AWS_DIGEST := "" -export OPERATOR_AZURE_DIGEST := "" -export OPERATOR_GENERIC_DIGEST := "" -export OPERATOR_DIGEST := "" +export CILIUM_DIGEST := "sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf" +export CLUSTERMESH_APISERVER_DIGEST := "sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2" +export DOCKER_PLUGIN_DIGEST := "sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e" +export HUBBLE_RELAY_DIGEST := "sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2" +export OPERATOR_ALIBABACLOUD_DIGEST := "sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686" +export OPERATOR_AWS_DIGEST := "sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be" +export OPERATOR_AZURE_DIGEST := "sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de" +export OPERATOR_GENERIC_DIGEST := "sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5" +export OPERATOR_DIGEST := "sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff" diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md index c02a863f9e2e0..f165c47f23b7f 100644 --- a/install/kubernetes/cilium/README.md +++ b/install/kubernetes/cilium/README.md @@ -182,7 +182,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | | clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. | -| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.4","useDigest":false}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.16.4","useDigest":true}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -485,7 +485,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.4","useDigest":false}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.16.4","useDigest":true}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -591,7 +591,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":false}` | Agent container image. | +| image | object | `{"digest":"sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":true}` | Agent container image. | | imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -718,7 +718,7 @@ contributors across the globe, there is almost always someone available to help. | operator.hostNetwork | bool | `true` | HostNetwork setting | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.4","useDigest":false}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686","awsDigest":"sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be","azureDigest":"sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de","genericDigest":"sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.16.4","useDigest":true}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -768,7 +768,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":false}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.16.4","useDigest":true}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml index b1bbeded0a40c..9aa68036d8062 100644 --- a/install/kubernetes/cilium/values.yaml +++ b/install/kubernetes/cilium/values.yaml @@ -156,8 +156,8 @@ image: tag: "v1.16.4" pullPolicy: "IfNotPresent" # cilium-digest - digest: "" - useDigest: false + digest: "sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf" + useDigest: true # -- Affinity for cilium-agent. affinity: podAntiAffinity: @@ -1320,8 +1320,8 @@ hubble: repository: "quay.io/cilium/hubble-relay" tag: "v1.16.4" # hubble-relay-digest - digest: "" - useDigest: false + digest: "sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2" + useDigest: true pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods resources: {} @@ -2486,14 +2486,14 @@ operator: repository: "quay.io/cilium/operator" tag: "v1.16.4" # operator-generic-digest - genericDigest: "" + genericDigest: "sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5" # operator-azure-digest - azureDigest: "" + azureDigest: "sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de" # operator-aws-digest - awsDigest: "" + awsDigest: "sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be" # operator-alibabacloud-digest - alibabacloudDigest: "" - useDigest: false + alibabacloudDigest: "sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686" + useDigest: true pullPolicy: "IfNotPresent" suffix: "" # -- Number of replicas to run for the cilium-operator deployment @@ -2770,8 +2770,8 @@ preflight: repository: "quay.io/cilium/cilium" tag: "v1.16.4" # cilium-digest - digest: "" - useDigest: false + digest: "sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf" + useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. priorityClassName: "" @@ -2919,8 +2919,8 @@ clustermesh: repository: "quay.io/cilium/clustermesh-apiserver" tag: "v1.16.4" # clustermesh-apiserver-digest - digest: "" - useDigest: false + digest: "sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2" + useDigest: true pullPolicy: "IfNotPresent" # -- TCP port for the clustermesh-apiserver health API. healthPort: 9880