diff --git a/infra/cilium/announce.yaml b/infra/cilium/announce.yaml new file mode 100644 index 0000000..14f52b2 --- /dev/null +++ b/infra/cilium/announce.yaml @@ -0,0 +1,8 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: default-l2-announcement-policy + namespace: kube-system +spec: + externalIPs: true + loadBalancerIPs: true diff --git a/infra/cilium/ip-pool.yaml b/infra/cilium/ip-pool.yaml new file mode 100644 index 0000000..5ac0585 --- /dev/null +++ b/infra/cilium/ip-pool.yaml @@ -0,0 +1,8 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: default-pool + namespace: kube-system +spec: + blocks: + - cidr: 192.168.16.0/20 \ No newline at end of file diff --git a/infra/cilium/kustomization.yaml b/infra/cilium/kustomization.yaml new file mode 100644 index 0000000..8684aa5 --- /dev/null +++ b/infra/cilium/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ip-pool.yaml +- announce.yaml \ No newline at end of file diff --git a/infra/kustomization.yaml b/infra/kustomization.yaml index 12477b7..285c743 100644 --- a/infra/kustomization.yaml +++ b/infra/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ingress-namespace.yaml +- cilium - traefik \ No newline at end of file diff --git a/talos/controlplane.yaml b/talos/controlplane.yaml index 0a2b5bb..d22ff96 100644 --- a/talos/controlplane.yaml +++ b/talos/controlplane.yaml @@ -83,7 +83,6 @@ cluster: image: registry.k8s.io/kube-controller-manager:v1.29.1 proxy: disabled: true - image: registry.k8s.io/kube-proxy:v1.29.1 scheduler: image: registry.k8s.io/kube-scheduler:v1.29.1 discovery: diff --git a/talos/readme.md b/talos/readme.md index 90fd9b1..32d48b3 100644 --- a/talos/readme.md +++ b/talos/readme.md @@ -47,29 +47,19 @@ helm install \ cilium/cilium \ --version 1.15.1 \ --namespace kube-system \ - --set rollOutCiliumPods=true \ - --set localRedirectPolicy=true \ - --set ipam.mode=kubernetes \ - --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \ - --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \ - --set cgroup.autoMount.enabled=false \ - --set cgroup.hostRoot=/sys/fs/cgroup \ - --set hubble.relay.enabled=true \ - --set hubble.ui.enabled=true \ - --set kubeProxyReplacement=strict \ - --set kubeProxyReplacementHealthzBindAddr=0.0.0.0:10256 \ - --set socketLB.enabled=true \ - --set k8sServiceHost=localhost \ - --set k8sServicePort=7445 \ - --set autoDirectNodeRoutes=true \ - --set operator.replicas=1 \ - --set externalIPs.enabled=true \ - --set endpointRoutes.enabled=true \ - --set bgp.enabled=false \ - --set bgp.announce.loadbalancerIP=true \ - --set bgp.announce.podCIDR=false \ - --set enableCiliumEndpointSlice=true \ - --set l2announcements.enabled=true + --set=ipam.mode=kubernetes \ + --set=kubeProxyReplacement=true \ + --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \ + --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \ + --set=cgroup.autoMount.enabled=false \ + --set=cgroup.hostRoot=/sys/fs/cgroup \ + --set=k8sServiceHost=localhost \ + --set=k8sServicePort=7445 \ + --set=hubble.relay.enabled=true \ + --set=hubble.ui.enabled=true \ + --set=l2announcements.enabled=true \ + --set=externalIPs.enabled=true \ + --set operator.replicas=1 ``` You can modify this after install with: