From 8306adb10279f6d86a02ae3f13670a078b48ab7d Mon Sep 17 00:00:00 2001
From: Denis Khachyan <dkhachyan@yandex.ru>
Date: Tue, 26 Jul 2022 20:33:11 +0300
Subject: [PATCH] update cilium to v1.11.7 (#9119)

---
 README.md                                        |  2 +-
 .../group_vars/k8s_cluster/k8s-net-cilium.yml    |  2 +-
 roles/download/defaults/main.yml                 |  2 +-
 .../cilium/templates/cilium-operator/cr.yml.j2   | 16 ++++++++++++++++
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 55f9fef0c..67b98d622 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [cni-plugins](https://github.com/containernetworking/plugins) v1.1.1
   - [calico](https://github.com/projectcalico/calico) v3.23.3
   - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
-  - [cilium](https://github.com/cilium/cilium) v1.11.6
+  - [cilium](https://github.com/cilium/cilium) v1.11.7
   - [flannel](https://github.com/flannel-io/flannel) v0.18.1
   - [kube-ovn](https://github.com/alauda/kube-ovn) v1.9.7
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.0
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
index 235f4647f..e82b76138 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
@@ -1,5 +1,5 @@
 ---
-# cilium_version: "v1.11.6"
+# cilium_version: "v1.11.7"
 
 # Log-level
 # cilium_debug: false
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 6ae6dc785..e234709a0 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -110,7 +110,7 @@ flannel_cni_version: "v1.1.0"
 cni_version: "v1.1.1"
 weave_version: 2.8.1
 pod_infra_version: "3.6"
-cilium_version: "v1.11.6"
+cilium_version: "v1.11.7"
 kube_ovn_version: "v1.9.7"
 kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
 kube_router_version: "v1.5.0"
diff --git a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
index d23346caa..e49f670d4 100644
--- a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
@@ -15,6 +15,22 @@ rules:
   - list
   - watch
   - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  # To remove node taints
+  - nodes
+  # To set NetworkUnavailable false on startup
+  - nodes/status
+  verbs:
+  - patch
 - apiGroups:
   - discovery.k8s.io
   resources:
-- 
GitLab