From 97dfdcd8fed33115959c518142d9345e41a9f308 Mon Sep 17 00:00:00 2001
From: Will Hegedus <will@wbhegedus.me>
Date: Tue, 21 Mar 2023 15:56:12 -0400
Subject: [PATCH] feat: support cilium 1.13.1 (#9914)

Cilium 1.13.1 changed how the cilium-cni binary gets placed in /opt/cni/bin,
so that it takes place in an init container rather than in the main agent.
---
 .../cilium/templates/cilium/ds.yml.j2         | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
index 08385b457..13c5d8465 100644
--- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2
@@ -149,8 +149,10 @@ spec:
           mountPropagation: Bidirectional
         - name: cilium-run
           mountPath: /var/run/cilium
+{% if cilium_version | regex_replace('v') is version('1.13.1', '<') %}
         - name: cni-path
           mountPath: /host/opt/cni/bin
+{% endif %}
         - name: etc-cni-netd
           mountPath: /host/etc/cni/net.d
 {% if cilium_identity_allocation_mode == "kvstore" %}
@@ -304,6 +306,24 @@ spec:
           requests:
             cpu: 100m
             memory: 100Mi
+{% if cilium_version | regex_replace('v') is version('1.13.1', '>=') %}
+      # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent
+      - name: install-cni-binaries
+        image: "{{cilium_image_repo}}:{{cilium_image_tag}}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
+        command:
+          - "/install-plugin.sh"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 10Mi
+        securityContext:
+          privileged: true
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+          - name: cni-path
+            mountPath: /host/opt/cni/bin
+{% endif %}
       restartPolicy: Always
       priorityClassName: system-node-critical
       serviceAccount: cilium