refactor: cilium helm

kubernetes/apps/kube-system/cilium/app/helmrelease.yaml

@@ -1,33 +1,38 @@
 ---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: cilium
+spec:
+  interval: 5m
+  layerSelector:
+    mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
+    operation: copy
+  ref:
+    tag: 1.17.3
+  url: oci://ghcr.io/home-operations/charts-mirror/cilium
+---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name:  cilium
 spec:
-  interval: 30m
+  interval: 1h
-  chart:
+  chartRef:
-    spec:
+    kind: OCIRepository
-      chart: cilium
-      version: 1.17.3
-      sourceRef:
-        kind: HelmRepository
     name: cilium
-        namespace: flux-system
-  maxHistory: 2
   install:
-    createNamespace: true
     remediation:
-      retries: 3
+      retries: -1
   upgrade:
     cleanupOnFail: true
     remediation:
       retries: 3
-  uninstall:
-    keepHistory: false
   valuesFrom:
     - kind: ConfigMap
-      name: cilium-helm-values
+      name: cilium-values
   values:
     hubble:
       enabled: true
@@ -57,3 +62,5 @@ spec:
           enabled: true
           className: internal
           hosts: ["hubble.${SECRET_EXTERNAL_DOMAIN}"]
+    operator:
+      tolerations: []

kubernetes/apps/kube-system/cilium/app/kustomization.yaml

@@ -4,9 +4,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./helmrelease.yaml
+  - ./networks.yaml
 configMapGenerator:
-  - name: cilium-helm-values
+  - name: cilium-values
     files:
-      - values.yaml=./helm-values.yaml
+      - values.yaml=./helm/values.yaml
 configurations:
-  - kustomizeconfig.yaml
+  - ./helm/kustomizeconfig.yaml

kubernetes/apps/kube-system/cilium/app/networks.yaml

@@ -19,3 +19,11 @@ spec:
       neighbors:
         - peerAddress: ${LOCAL_LAN_OPNSENSE}/24
           peerASN: 64512
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: main-pool
+spec:
+  blocks:
+    - cidr: ${CILIUM_BGP_SVC_RANGE}

kubernetes/apps/kube-system/cilium/config/bgp-pool.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: cilium.io/v2alpha1
-kind: CiliumLoadBalancerIPPool
-metadata:
-  name: main-pool
-spec:
-  blocks:
-    - cidr: ${CILIUM_BGP_SVC_RANGE}

kubernetes/apps/kube-system/cilium/config/kustomization.yaml

@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./bgp-policy.yaml
-  - ./bgp-pool.yaml

kubernetes/apps/kube-system/cilium/ks.yaml

@@ -11,37 +11,6 @@ spec:
       app.kubernetes.io/name: *app
   interval: 1h
   path: ./kubernetes/apps/kube-system/cilium/app
-  postBuild:
-    substitute:
-      APP: *app
-  prune: false
-  retryInterval: 2m
-  sourceRef:
-    kind: GitRepository
-    name: home-ops-kubernetes
-    namespace: flux-system
-  targetNamespace: *namespace
-  timeout: 5m
-  wait: false
----
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app cilium-config
-  namespace: &namespace kube-system
-spec:
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cilium-app
-      namespace: *namespace
-  interval: 1h
-  path: ./kubernetes/apps/kube-system/cilium/config
-  postBuild:
-    substitute:
-      APP: *app
   prune: false
   retryInterval: 2m
   sourceRef: