Try adding an ip pool

2024-02-19 00:53:49 +00:00
parent feb521736d
commit 9e657a1b99
6 changed files with 41 additions and 9689 deletions
--- a/clusters/get/flux-system/gotk-components.yaml
+++ b/clusters/get/flux-system/gotk-components.yaml
--- a/infra/cilium/announce.yaml
+++ b/infra/cilium/announce.yaml
@@ -0,0 +1,8 @@
 apiVersion: cilium.io/v2alpha1
 kind: CiliumL2AnnouncementPolicy
 metadata:
  name: l2-announcement-policy
  namespace: kube-system
 spec:
  externalIPs: true
  loadBalancerIPs: true
--- a/infra/cilium/ip-pool.yaml
+++ b/infra/cilium/ip-pool.yaml
@@ -0,0 +1,9 @@
 apiVersion: cilium.io/v2alpha1
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: default-pool
  namespace: kube-system
 spec:
  blocks:
    - start: 192.168.2.10
      stop: 192.168.2.254
--- a/infra/cilium/kustomization.yaml
+++ b/infra/cilium/kustomization.yaml
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ip-pool.yaml
 - announce.yaml
--- a/infra/kustomization.yaml
+++ b/infra/kustomization.yaml
@@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress-namespace.yaml
 - cilium
 - traefik
--- a/talos/readme.md
+++ b/talos/readme.md
@@ -47,19 +47,29 @@ helm install \
    cilium/cilium \
    --version 1.15.1 \
    --namespace kube-system \
    --set rollOutCiliumPods=true \
    --set localRedirectPolicy=true \
    --set ipam.mode=kubernetes \
-    --set=kubeProxyReplacement=true \
+    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
-    --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+    --set cgroup.autoMount.enabled=false \
-    --set=cgroup.autoMount.enabled=false \
+    --set cgroup.hostRoot=/sys/fs/cgroup \
    --set=cgroup.hostRoot=/sys/fs/cgroup \
    --set hubble.relay.enabled=true \
    --set hubble.ui.enabled=true \
-    --set=k8sServiceHost=localhost \
+    --set kubeProxyReplacement=strict \
-    --set=k8sServicePort=7445 \
+    --set kubeProxyReplacementHealthzBindAddr=0.0.0.0:10256 \
    --set socketLB.enabled=true \
    --set k8sServiceHost=localhost \
    --set k8sServicePort=7445 \
    --set autoDirectNodeRoutes=true \
    --set operator.replicas=1 \
    --set externalIPs.enabled=true \
-    --set enableCiliumEndpointSlice=true
+    --set endpointRoutes.enabled=true \
    --set bgp.enabled=false \
    --set bgp.announce.loadbalancerIP=true \
    --set bgp.announce.podCIDR=false \
    --set enableCiliumEndpointSlice=true \
    --set l2announcements.enabled=true
 ```
 You can modify this after install with: