[bitnami/cilium] Release 1.15.5-debian-12-r2 (#67143)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/cilium/1/debian-12/Dockerfile

@@ -7,11 +7,11 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2024-05-15T13:15:26Z" \
+      org.opencontainers.image.created="2024-05-20T11:16:54Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/cilium/README.md" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="1.15.5-debian-12-r1" \
+      org.opencontainers.image.ref.name="1.15.5-debian-12-r2" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/cilium" \
       org.opencontainers.image.title="cilium" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -29,7 +29,7 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 RUN install_packages bash-completion ca-certificates curl iproute2 ipset iptables procps
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
     COMPONENTS=( \
-      "cilium-1.15.5-0-linux-${OS_ARCH}-debian-12" \
+      "cilium-1.15.5-1-linux-${OS_ARCH}-debian-12" \
     ) ; \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \

bitnami/cilium/1/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -3,6 +3,6 @@
         "arch": "amd64",
         "distro": "debian-12",
         "type": "NAMI",
-        "version": "1.15.5-0"
+        "version": "1.15.5-1"
     }
 }

bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium-env.sh

@@ -25,6 +25,7 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
 # variable will be overridden with the value specified in that file
 cilium_env_vars=(
     HOST_CNI_BIN_DIR
+    HOST_CNI_CONF_DIR
     HUBBLE_SERVER
 )
 for env_var in "${cilium_env_vars[@]}"; do
@@ -51,6 +52,7 @@ export CILIUM_DAEMON_GROUP="cilium"
 
 # Cilium settings
 export HOST_CNI_BIN_DIR="${HOST_CNI_BIN_DIR:-/opt/cni/bin}"
+export HOST_CNI_CONF_DIR="${HOST_CNI_CONF_DIR:-/etc/cni/net.d}"
 export HUBBLE_SERVER="${HUBBLE_SERVER:-unix:///var/run/cilium/hubble.sock}"
 
 # Custom environment variables may be defined below

bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/mount-cgroup2.sh

@@ -15,6 +15,8 @@ set -o pipefail
 # Load Cilium environment variables
 . /opt/bitnami/scripts/cilium-env.sh
 
-# The statically compiled Go binaries do not depend on system utilities
-# that can be missed on distros installed on the underlying host.
-cilium_install_linux_utils "$1" "$2"
+# Mount cgroup2 filesystem
+mount_cgroup2 "$1" "$2"
+
+# Apply sysctl overwrites
+sysctl_overwrites "$1"

bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/setup.sh

@@ -16,4 +16,6 @@ set -o pipefail
 . /opt/bitnami/scripts/cilium-env.sh
 
 # Ensure 'daemon' user exists when running as 'root'
-am_i_root && ensure_user_exists "$CILIUM_DAEMON_USER" --group "$CILIUM_DAEMON_GROUP"
+if am_i_root; then
+    ensure_user_exists "$CILIUM_DAEMON_USER" --group "$CILIUM_DAEMON_GROUP"
+fi

bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/cilium/uninstall-cni-plugin.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+# shellcheck disable=SC1091
+
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
+# Load libraries
+. /opt/bitnami/scripts/libcilium.sh
+
+# Load Cilium environment variables
+. /opt/bitnami/scripts/cilium-env.sh
+
+cilium_uninstall_cni_plugin "$1"

bitnami/cilium/1/debian-12/rootfs/opt/bitnami/scripts/libcilium.sh

@@ -31,7 +31,7 @@ atomic_copy() {
 # Globals:
 #   CILIUM_BIN_DIR, CILIUM_CNI_BIN_DIR, HOST_CNI_BIN_DIR
 # Arguments:
-#   $1 - Target directory
+#   $1 - Target root directory
 # Returns:
 #   None
 #########################
@@ -48,35 +48,75 @@ cilium_install_cni_plugin() {
 }
 
 ########################
-# Install linux utilities such as "mount" and "sysctlfix" in the provided target root
+# Uninstall Cilium CNI plugin from the provided target root
 # Globals:
-#   CILIUM_BIN_DIR, HOST_CNI_BIN_DIR
+#   HOST_CNI_BIN_DIR, HOST_CNI_CONF_DIR
 # Arguments:
-#   $1 - Target directory
+#   $1 - Target root directory
 # Returns:
 #   None
 #########################
-cilium_install_linux_utils() {
+cilium_uninstall_cni_plugin() {
+    local -r target_root="${1:?target root is missing}"
+
+    local -r target_bin_dir="${target_root}${HOST_CNI_BIN_DIR}"
+    local -r target_conf_dir="${target_root}${HOST_CNI_CONF_DIR}"
+
+    # Remove Cilium CNI plugin binary and configuration files
+    rm -f "${target_bin_dir}/cilium-cni"
+    find "$target_conf_dir" -maxdepth 1 -type f \
+        -name '*cilium*' -and \( \
+        -name '*.conf' -or \
+        -name '*.conflist' \
+    \) -delete
+}
+
+########################
+# Mount cgroup2 filesystem in the provided target root
+# Globals:
+#   CILIUM_BIN_DIR, HOST_CNI_BIN_DIR
+# Arguments:
+#   $1 - Target root directory
+#   $2 - Target root cgroup
+# Returns:
+#   None
+#########################
+mount_cgroup2() {
     local -r target_root="${1:?target root is missing}"
     local -r target_root_cgroup="${2:?target root cgroup is missing}"
 
     local -r target_dir="${target_root}${HOST_CNI_BIN_DIR}"
     ensure_dir_exists "$target_dir"
 
-    local -a nsenterFlags=("--mount=${target_root}/proc/1/ns/mnt")
-
-    # Install cilium-sysctlfix
-    atomic_copy "${CILIUM_BIN_DIR}/cilium-sysctlfix" "${target_dir}/cilium-sysctlfix"
-    nsenter "${nsenterFlags[@]}" "${HOST_CNI_BIN_DIR}/cilium-sysctlfix"
-    rm "${target_dir}/cilium-sysctlfix"
-
-    # Install cilium-mount
+    # The statically compiled Go binaries do not depend on system utilities
+    # that can be missed on distros installed on the underlying host.
     atomic_copy "${CILIUM_BIN_DIR}/cilium-mount" "${target_dir}/cilium-mount"
-    nsenterFlags+=("--cgroup=${target_root}/proc/1/ns/cgroup")
-    nsenter "${nsenterFlags[@]}" "${HOST_CNI_BIN_DIR}/cilium-mount" "$target_root_cgroup"
+    nsenter "--mount=${target_root}/proc/1/ns/mnt" "--cgroup=${target_root}/proc/1/ns/cgroup" "${HOST_CNI_BIN_DIR}/cilium-mount" "$target_root_cgroup"
     rm "${target_dir}/cilium-mount"
 }
 
+########################
+# Apply sysctl overwrites in the provided target root
+# Globals:
+#   CILIUM_BIN_DIR, HOST_CNI_BIN_DIR
+# Arguments:
+#   $1 - Target root directory
+# Returns:
+#   None
+#########################
+sysctl_overwrites() {
+    local -r target_root="${1:?target root is missing}"
+
+    local -r target_dir="${target_root}${HOST_CNI_BIN_DIR}"
+    ensure_dir_exists "$target_dir"
+
+    # The statically compiled Go binaries do not depend on system utilities
+    # that can be missed on distros installed on the underlying host.
+    atomic_copy "${CILIUM_BIN_DIR}/cilium-sysctlfix" "${target_dir}/cilium-sysctlfix"
+    nsenter "--mount=${target_root}/proc/1/ns/mnt" "${HOST_CNI_BIN_DIR}/cilium-sysctlfix"
+    rm "${target_dir}/cilium-sysctlfix"
+}
+
 ########################
 # Generate bash completion for Cilium & Hubble
 # Globals: