shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔧 cilium talos config

Browse Source
This commit is contained in:
auricom
2023-11-27 10:39:17 +01:00
parent 6042634b7a
commit 7fc839b6ba
2 changed files with 57 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
View File

@@ -59,6 +59,7 @@ spec:
enabled: true enabled: true
ingress: ingress:
enabled: true enabled: true
className: nginx
hosts: hosts:
- &host "cilium.${SECRET_CLUSTER_DOMAIN}" - &host "cilium.${SECRET_CLUSTER_DOMAIN}"
tls: tls:
@@ -68,8 +69,8 @@ spec:
ipam: ipam:
mode: kubernetes mode: kubernetes
ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR} ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR}
k8sServiceHost: cluster-0.${SECRET_DOMAIN} k8sServiceHost: localhost
k8sServicePort: 6443 k8sServicePort: 7445
kubeProxyReplacement: strict kubeProxyReplacement: strict
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
loadBalancer: loadBalancer:
@@ -80,7 +81,27 @@ spec:
rollOutPods: true rollOutPods: true
rollOutCiliumPods: true rollOutCiliumPods: true
securityContext: securityContext:
privileged: true capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
tunnel: disabled tunnel: disabled
l7proxy: true l7proxy: true
ingressController: ingressController:
@@ -90,13 +111,13 @@ spec:
loadbalancerMode: shared loadbalancerMode: shared
service: service:
loadBalancerIP: "${CLUSTER_LB_CILIUM}" loadBalancerIP: "${CLUSTER_LB_CILIUM}"
# postRenderers: postRenderers:
# - kustomize: - kustomize:
# patchesStrategicMerge: patchesStrategicMerge:
# - kind: Service - kind: Service
# apiVersion: v1 apiVersion: v1
# metadata: metadata:
# name: cilium-ingress name: cilium-ingress
# namespace: *ns namespace: *ns
# spec: spec:
# externalTrafficPolicy: Local externalTrafficPolicy: Local

26
kubernetes/bootstrap/cilium/values.yaml
View File

@@ -13,8 +13,8 @@ hubble:
ipam: ipam:
mode: kubernetes mode: kubernetes
ipv4NativeRoutingCIDR: 10.69.0.0/16 ipv4NativeRoutingCIDR: 10.69.0.0/16
k8sServiceHost: 192.168.9.100 k8sServiceHost: localhost
k8sServicePort: 6443 k8sServicePort: 7445
kubeProxyReplacement: strict kubeProxyReplacement: strict
loadBalancer: loadBalancer:
algorithm: maglev algorithm: maglev
@@ -24,5 +24,25 @@ operator:
rollOutPods: true rollOutPods: true
rollOutCiliumPods: true rollOutCiliumPods: true
securityContext: securityContext:
privileged: true capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
tunnel: disabled tunnel: disabled