Add cilium again

2024-02-19 19:20:23 +00:00
parent 161a6f0fa5
commit 83e4ded87a
6 changed files with 35 additions and 24 deletions
--- a/infra/cilium/announce.yaml
+++ b/infra/cilium/announce.yaml
@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: default-l2-announcement-policy
+  namespace: kube-system
+spec:
+  externalIPs: true
+  loadBalancerIPs: true
--- a/infra/cilium/ip-pool.yaml
+++ b/infra/cilium/ip-pool.yaml
@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-pool
+  namespace: kube-system
+spec:
+  blocks:
+    - cidr: 192.168.16.0/20
--- a/infra/cilium/kustomization.yaml
+++ b/infra/cilium/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ip-pool.yaml
+- announce.yaml
--- a/infra/kustomization.yaml
+++ b/infra/kustomization.yaml
@@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress-namespace.yaml
+- cilium
 - traefik
--- a/talos/controlplane.yaml
+++ b/talos/controlplane.yaml
@@ -83,7 +83,6 @@ cluster:
        image: registry.k8s.io/kube-controller-manager:v1.29.1
    proxy:
        disabled: true
-        image: registry.k8s.io/kube-proxy:v1.29.1
    scheduler:
        image: registry.k8s.io/kube-scheduler:v1.29.1
    discovery:
--- a/talos/readme.md
+++ b/talos/readme.md
@@ -47,29 +47,19 @@ helm install \
    cilium/cilium \
    --version 1.15.1 \
    --namespace kube-system \
-    --set rollOutCiliumPods=true \
-    --set localRedirectPolicy=true \
-    --set ipam.mode=kubernetes \
-    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
-    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set cgroup.autoMount.enabled=false \
-    --set cgroup.hostRoot=/sys/fs/cgroup \
-    --set hubble.relay.enabled=true \
-    --set hubble.ui.enabled=true \
-    --set kubeProxyReplacement=strict \
-    --set kubeProxyReplacementHealthzBindAddr=0.0.0.0:10256 \
-    --set socketLB.enabled=true \
-    --set k8sServiceHost=localhost \
-    --set k8sServicePort=7445 \
-    --set autoDirectNodeRoutes=true \
-    --set operator.replicas=1 \
-    --set externalIPs.enabled=true \
-    --set endpointRoutes.enabled=true \
-    --set bgp.enabled=false \
-    --set bgp.announce.loadbalancerIP=true \
-    --set bgp.announce.podCIDR=false \
-    --set enableCiliumEndpointSlice=true \
-    --set l2announcements.enabled=true
+    --set=ipam.mode=kubernetes \
+    --set=kubeProxyReplacement=true \
+    --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+    --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+    --set=cgroup.autoMount.enabled=false \
+    --set=cgroup.hostRoot=/sys/fs/cgroup \
+    --set=k8sServiceHost=localhost \
+    --set=k8sServicePort=7445 \
+    --set=hubble.relay.enabled=true \
+    --set=hubble.ui.enabled=true \
+    --set=l2announcements.enabled=true \
+    --set=externalIPs.enabled=true \
+    --set operator.replicas=1
 ```

 You can modify this after install with: