🚀 cilium helm-release

2025-09-28 13:05:26 +02:00 · 2022-12-02 01:03:54 +01:00
parent c94650ac7c
commit 74441f5cb0
3 changed files with 81 additions and 1 deletions
--- a/infrastructure/talos/cluster-0/cni/values.yaml
+++ b/infrastructure/talos/cluster-0/cni/values.yaml
@@ -12,7 +12,7 @@ hubble:
  enabled: false
 ipam:
  mode: kubernetes
-ipv4NativeRoutingCIDR: 10.244.0.0/16
+ipv4NativeRoutingCIDR: 10.69.0.0/16
 k8sServiceHost: 192.168.9.100
 k8sServicePort: 6443
 kubeProxyReplacement: strict
--- a/kubernetes/cluster-0/core/cilium/helm-release.yaml
+++ b/kubernetes/cluster-0/core/cilium/helm-release.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app cilium
+  namespace: kube-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: cilium
+      version: 1.12.4
+      sourceRef:
+        kind: HelmRepository
+        name: cilium
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 5
+  upgrade:
+    remediation:
+      retries: 5
+  values:
+    autoDirectNodeRoutes: true
+    bgp:
+      announce:
+        loadbalancerIP: true
+      enabled: true
+    cluster:
+      id: 1
+      name: cluster-0
+    containerRuntime:
+      integration: containerd
+    endpointRoutes:
+      enabled: true
+    hubble:
+      enabled: true
+      metrics:
+        enabled:
+          - dns:query;ignoreAAAA
+          - drop
+          - tcp
+          - flow
+          - port-distribution
+          - icmp
+          - http
+      relay:
+        enabled: true
+        rollOutPods: true
+      serviceMonitor:
+        enabled: true
+      ui:
+        enabled: true
+        ingress:
+          enabled: true
+          hosts:
+            - &host "cilium.${SECRET_CLUSTER_DOMAIN}"
+          tls:
+            - hosts:
+                - *host
+        rollOutPods: true
+    ipam:
+      mode: kubernetes
+    ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR}
+    k8sServiceHost: cluster-0.${SECRET_DOMAIN}
+    k8sServicePort: 6443
+    kubeProxyReplacement: strict
+    kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+    loadBalancer:
+      algorithm: maglev
+      mode: dsr
+    localRedirectPolicy: true
+    operator:
+      rollOutPods: true
+    rollOutCiliumPods: true
+    securityContext:
+      privileged: true
+    tunnel: disabled
--- a/kubernetes/cluster-0/core/cilium/kustomization.yaml
+++ b/kubernetes/cluster-0/core/cilium/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 namespace: kube-system
 resources:
  - ./configmap.yaml
+  - ./helm-release.yaml