Update Canal to v3.23.4 for k8s 1.22+

upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template

@@ -1,4 +1,4 @@
-# Pulled and modified from: https://docs.projectcalico.org/v3.23/manifests/canal.yaml
+# Pulled and modified from: https://projectcalico.docs.tigera.io/archive/v3.23/manifests/canal.yaml
 
 ---
 # Source: calico/templates/calico-config.yaml
@@ -865,6 +865,11 @@ spec:
                   node appears to use the IP of the ingress node; this requires a
                   permissive L2 network.  [Default: Tunnel]'
                 type: string
+              bpfHostConntrackBypass:
+                description: 'BPFHostConntrackBypass Controls whether to bypass Linux
+                  conntrack in BPF mode for workloads and services. [Default: true
+                  - bypass Linux conntrack]'
+                type: boolean
               bpfKubeProxyEndpointSlicesEnabled:
                 description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
                   whether Felix's embedded kube-proxy accepts EndpointSlices or not.
@@ -1061,7 +1066,6 @@ spec:
                   are auto-detected.
                 type: string
               floatingIPs:
-                default: Disabled
                 description: FloatingIPs configures whether or not Felix will program
                   floating IP addresses.
                 enum:
@@ -1384,8 +1388,8 @@ spec:
                 type: boolean
               vxlanEnabled:
                 description: 'VXLANEnabled overrides whether Felix should create the
-                  VXLAN tunnel device for VXLAN networking. Optional as Felix determines
+                  VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
-                  this based on the existing IP pools. [Default: nil (unset)]'
+                  determines this based on the existing IP pools. [Default: nil (unset)]'
                 type: boolean
               vxlanMTU:
                 description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
@@ -4366,7 +4370,7 @@ spec:
       securityContext:
         fsGroup: 65534
       containers:
-      - image: calico/typha:v3.23.3
+      - image: calico/typha:v3.23.4
         name: calico-typha
         ports:
         - containerPort: 5473
@@ -4476,7 +4480,7 @@ spec:
         # This container installs the CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
-          image: docker.io/calico/cni:v3.23.3
+          image: docker.io/calico/cni:v3.23.4
           command: ["/opt/cni/bin/install"]
           envFrom:
           - configMapRef:
@@ -4524,7 +4528,7 @@ spec:
         # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
         # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
         - name: "mount-bpffs"
-          image: docker.io/calico/node:v3.23.3
+          image: docker.io/calico/node:v3.23.4
           command: ["calico-node", "-init", "-best-effort"]
           volumeMounts:
             - mountPath: /sys/fs
@@ -4549,7 +4553,7 @@ spec:
         # container programs network policy and routes on each
         # host.
         - name: calico-node
-          image: docker.io/calico/node:v3.23.3
+          image: docker.io/calico/node:v3.23.4
           envFrom:
           - configMapRef:
               # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode.
@@ -4840,7 +4844,7 @@ spec:
       priorityClassName: system-cluster-critical
       containers:
         - name: calico-kube-controllers
-          image: docker.io/calico/kube-controllers:v3.23.3
+          image: docker.io/calico/kube-controllers:v3.23.4
           env:
             # Choose which controllers to run.
             - name: ENABLED_CONTROLLERS