mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-30 15:37:44 +02:00
00e5385436
| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | helm | cilium | 1.14.2 | 1.14.3 |
103 lines
2.4 KiB
YAML
103 lines
2.4 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: &app cilium
|
|
namespace: &ns kube-system
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: cilium
|
|
version: 1.14.3
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: cilium
|
|
namespace: flux-system
|
|
maxHistory: 2
|
|
install:
|
|
createNamespace: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
cleanupOnFail: true
|
|
remediation:
|
|
retries: 3
|
|
uninstall:
|
|
keepHistory: false
|
|
values:
|
|
autoDirectNodeRoutes: true
|
|
bgp:
|
|
announce:
|
|
loadbalancerIP: true
|
|
enabled: true
|
|
cluster:
|
|
id: 1
|
|
name: cluster-0
|
|
containerRuntime:
|
|
integration: containerd
|
|
endpointRoutes:
|
|
enabled: true
|
|
hubble:
|
|
enabled: true
|
|
metrics:
|
|
enabled:
|
|
- dns:query;ignoreAAAA
|
|
- drop
|
|
- tcp
|
|
- flow
|
|
- port-distribution
|
|
- icmp
|
|
- http
|
|
relay:
|
|
enabled: true
|
|
rollOutPods: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
ui:
|
|
enabled: true
|
|
ingress:
|
|
enabled: true
|
|
hosts:
|
|
- &host "cilium.${SECRET_CLUSTER_DOMAIN}"
|
|
tls:
|
|
- hosts:
|
|
- *host
|
|
rollOutPods: true
|
|
ipam:
|
|
mode: kubernetes
|
|
ipv4NativeRoutingCIDR: ${CILIUM_POD_CIDR}
|
|
k8sServiceHost: cluster-0.${SECRET_DOMAIN}
|
|
k8sServicePort: 6443
|
|
kubeProxyReplacement: strict
|
|
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
|
loadBalancer:
|
|
algorithm: maglev
|
|
mode: dsr
|
|
localRedirectPolicy: true
|
|
operator:
|
|
rollOutPods: true
|
|
rollOutCiliumPods: true
|
|
securityContext:
|
|
privileged: true
|
|
tunnel: disabled
|
|
l7proxy: true
|
|
ingressController:
|
|
enabled: true
|
|
defaultSecretNamespace: networking
|
|
defaultSecretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
|
|
loadbalancerMode: shared
|
|
service:
|
|
loadBalancerIP: "${CLUSTER_LB_CILIUM}"
|
|
# postRenderers:
|
|
# - kustomize:
|
|
# patchesStrategicMerge:
|
|
# - kind: Service
|
|
# apiVersion: v1
|
|
# metadata:
|
|
# name: cilium-ingress
|
|
# namespace: *ns
|
|
# spec:
|
|
# externalTrafficPolicy: Local
|