diff --git a/_service b/_service
index 5a6fe5b..9645ba4 100644
--- a/_service
+++ b/_service
@@ -5,7 +5,7 @@
.git
@PARENT_TAG@
v(.*)
- v0.24.2
+ v0.26.4
enable
@@ -16,5 +16,8 @@
flannel
+
+ flannel-0.26.4.tar.gz
+
diff --git a/_servicedata b/_servicedata
index 7f41696..36a3028 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/flannel-io/flannel.git
- 3d56ed16e123a6fb06841ba920664b3ce4c99cda
\ No newline at end of file
+ c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6
\ No newline at end of file
diff --git a/flannel-0.24.2.tar.gz b/flannel-0.24.2.tar.gz
deleted file mode 100644
index 8c4eecd..0000000
--- a/flannel-0.24.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:320baa7e3a40c87cc1a000c33d2a2db52664ece2f6f676f6cedc91dfaad8105b
-size 2387361
diff --git a/flannel-0.26.4.tar.gz b/flannel-0.26.4.tar.gz
new file mode 100644
index 0000000..0874f81
--- /dev/null
+++ b/flannel-0.26.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e3c481099d989535ee0c76eeca94186c942fa2cb31c7df990b05d8b3e68009e7
+size 2363143
diff --git a/flannel.changes b/flannel.changes
index 657f2f9..d3906f0 100644
--- a/flannel.changes
+++ b/flannel.changes
@@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Fri Feb 7 11:23:27 UTC 2025 - Priyanka Saggu
+
+- add `go-modules` for automated creation of go vendored modules tarball
+
+- bump go version: `BuildRequires: golang(API) >= 1.23`
+
+- delete unused `kube-flannel.yaml` source in the spec file, it is directly soured from the flannel source tar ball
+
+-------------------------------------------------------------------
+Fri Feb 7 11:16:55 UTC 2025 - Priyanka Saggu
+
+- Update to version 0.26.4:
+ * Moved to github container registry
+ * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+ * Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
+ * fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff
+ * Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
+ * Bump alpine from 20240923 to 20250108 in /images
+ * Bump golang.org/x/net from 0.31.0 to 0.33.0
+ * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+ * Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
+ * feat: add bool to control CNI config installation using Helm
+ * fix: add missing MY_NODE_NAME env in chart
+ * Bump k8s deps to 0.29.12
+ * Don't panic upon shutdown when running in standalone mode
+ * Bump golang.org/x/crypto from 0.29.0 to 0.31.0
+ * Bump alpine from 20240807 to 20240923 in /images
+ * Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
+ * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
+ * Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
+ * Use the standard context library
+ * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
+ * Updated flannel cni image to 1.6.0
+ * Updated CNI plugins version on the README
+ * Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
+ * Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
+ * Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
+ * Added check to not check br_filter in case of windows
+ * Bumo golangci-lint to latest version
+ * Bump to go 1.23
+ * Added checks for br_netfilter module
+ * Try not to cleanup multiple peers behind same PublicIP
+ * fix trivy check
+ * check that the lease includes an IP address of the requested family before configuring the flannel interface
+ * Fixed IPv6 chosen in case of public-ipv6 configured
+ * add timeout to e2e test pipelines
+ * Update k8s version ine2e tests to v1.29.8
+ * Update netlink to v1.3.0
+ * Fixed values file on flannel chart
+ * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
+ * Updated Flannel chart with Netpol containter and removed clustercidr
+ * Fix bug in hostgw-windows
+ * Fix bug in the logic polling the interface
+ * Added node-public-ip annotation
+ * Try several times to contact kube-api before failing
+ * Fixed IPv6 0 initialization
+ * wireguard backend: avoid error message if route already exists
+ * Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
+ * use wait.PollUntilContextTimeout instead of deprecated wait.Poll
+ * troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT
+ * Added configuration for pulic-ip through node annotation
+ * extension/vxlan: remove arp commands from vxlan examples
+ * Refactor TrafficManager windows files to clarify logs
+ * Add persistent-mac option to v6 too
+ * fix comparison with previous networks in SetupAndEnsureMasqRules
+ * show content of stdout and stderr when running iptables-restore returns an error
+ * Add extra check before contacting kube-api
+ * remove unimplemented error in windows trafficmngr
+ * remove --dirty flags in git describe
+ * Added leaseAttr string method with logs on VxLan
+ * remove multiClusterCidr related-code.
+ * Implement nftables masquerading for flannel
+ * fix: ipv6 iptables rules were created even when IPv6 was disabled
+ * Add tolerations to the flannel chart
+ * Added additional check for n.spec.podCIDRs
+ * Remove net-tools since it's an old package that we are not using
+ * fix iptables_windows.go
+ * Clean-up Makefile and use docker buildx locally
+ * Use manual test to ensure iptables-* binaries are present
+ * Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
+ * Bump github.com/joho/godotenv
+ * SubnetManager should use the main context
+ * Simplify TrafficManager interface
+ * refactor iptables package to prepare for nftables-based implementation
+
+- flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes bsc#1236522 (CVE-2023-45288)
+
-------------------------------------------------------------------
Fri Apr 19 17:51:42 UTC 2024 - Jeff Mahoney
diff --git a/flannel.obsinfo b/flannel.obsinfo
index f473b76..9a3c79c 100644
--- a/flannel.obsinfo
+++ b/flannel.obsinfo
@@ -1,4 +1,4 @@
name: flannel
-version: 0.24.2
-mtime: 1705661246
-commit: 3d56ed16e123a6fb06841ba920664b3ce4c99cda
+version: 0.26.4
+mtime: 1738660448
+commit: c22fb8cdd05638fbc9095f05ecce5ea3a13e16c6
diff --git a/flannel.spec b/flannel.spec
index 6818a92..407722e 100644
--- a/flannel.spec
+++ b/flannel.spec
@@ -24,7 +24,7 @@
%define flannel_container_path registry.opensuse.org/kubic/flannel
Name: flannel
-Version: 0.24.2
+Version: 0.26.4
Release: 0
Summary: An etcd backed network fabric for containers
License: Apache-2.0
@@ -32,11 +32,10 @@ Group: System/Management
Url: https://github.com/flannel-io/flannel
Source0: flannel-%{version}.tar.gz
Source1: vendor.tar.gz
-Source2: kube-flannel.yaml
Requires: iproute2
Requires: iptables
BuildRequires: golang-packaging
-BuildRequires: golang(API) >= 1.20
+BuildRequires: golang(API) >= 1.23
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExcludeArch: s390
%{go_nostrip}
diff --git a/kube-flannel.yaml b/kube-flannel.yaml
deleted file mode 100644
index 0feba26..0000000
--- a/kube-flannel.yaml
+++ /dev/null
@@ -1,223 +0,0 @@
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- name: psp.flannel.unprivileged
- annotations:
- seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
- seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
- apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
- apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
-spec:
- privileged: false
- volumes:
- - configMap
- - secret
- - emptyDir
- - hostPath
- allowedHostPaths:
- - pathPrefix: "/etc/cni/net.d"
- - pathPrefix: "/etc/kube-flannel"
- - pathPrefix: "/run/flannel"
- readOnlyRootFilesystem: false
- # Users and groups
- runAsUser:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- fsGroup:
- rule: RunAsAny
- # Privilege Escalation
- allowPrivilegeEscalation: false
- defaultAllowPrivilegeEscalation: false
- # Capabilities
- allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
- defaultAddCapabilities: []
- requiredDropCapabilities: []
- # Host namespaces
- hostPID: false
- hostIPC: false
- hostNetwork: true
- hostPorts:
- - min: 0
- max: 65535
- # SELinux
- seLinux:
- # SELinux is unused in CaaSP
- rule: 'RunAsAny'
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: flannel
-rules:
-- apiGroups: ['extensions']
- resources: ['podsecuritypolicies']
- verbs: ['use']
- resourceNames: ['psp.flannel.unprivileged']
-- apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
-- apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - nodes/status
- verbs:
- - patch
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: flannel
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: flannel
-subjects:
-- kind: ServiceAccount
- name: flannel
- namespace: kube-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: flannel
- namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: kube-flannel-cfg
- namespace: kube-system
- labels:
- tier: node
- app: flannel
-data:
- cni-conf.json: |
- {
- "name": "cbr0",
- "cniVersion": "0.3.1",
- "plugins": [
- {
- "type": "flannel",
- "delegate": {
- "hairpinMode": true,
- "isDefaultGateway": true
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- net-conf.json: |
- {
- "Network": "10.244.0.0/16",
- "Backend": {
- "Type": "vxlan"
- }
- }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-flannel-ds
- namespace: kube-system
- labels:
- tier: node
- app: flannel
-spec:
- selector:
- matchLabels:
- app: flannel
- template:
- metadata:
- labels:
- tier: node
- app: flannel
- spec:
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: kubernetes.io/os
- operator: In
- values:
- - linux
- hostNetwork: true
- priorityClassName: system-node-critical
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: flannel
- initContainers:
- - name: install-cni
- image: quay.io/coreos/flannel:v0.14.0
- command:
- - cp
- args:
- - -f
- - /etc/kube-flannel/cni-conf.json
- - /etc/cni/net.d/10-flannel.conflist
- volumeMounts:
- - name: cni
- mountPath: /etc/cni/net.d
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- containers:
- - name: kube-flannel
- image: quay.io/coreos/flannel:v0.14.0
- command:
- - /opt/bin/flanneld
- args:
- - --ip-masq
- - --kube-subnet-mgr
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: false
- capabilities:
- add: ["NET_ADMIN", "NET_RAW"]
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- volumeMounts:
- - name: run
- mountPath: /run/flannel
- - name: flannel-cfg
- mountPath: /etc/kube-flannel/
- volumes:
- - name: run
- hostPath:
- path: /run/flannel
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: flannel-cfg
- configMap:
- name: kube-flannel-cfg
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 7ef5b8e..4c368fd 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:c4473ab0014138f1aa5a51ae05cb2dbf9e0a9ea7d0c2e581bd5b66de3b42da2e
-size 8785627
+oid sha256:d5d3f4574dcd086d9b5930280ff3e70c924a0bdd37139447ec7d3bceb031c05d
+size 9041479