Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity
Files
aa3c74d6a757b89327ce5b810394375b907f6af1
klaster/infra/controllers/cilium.yaml

108 lines
2.1 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: kube-system
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cilium
namespace: kube-system
spec:
interval: 24h
url: https://helm.cilium.io/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cilium
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: cilium
version: 1.19.2
sourceRef:
kind: HelmRepository
name: cilium
namespace: kube-system
interval: 12h
values:
# Talos specific
# https://www.talos.dev/v1.9/kubernetes-guides/network/deploying-cilium/
kubeProxyReplacement: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
k8sServiceHost: localhost
k8sServicePort: 7445
# Homelab
routingMode: native
ipv6:
enabled: true
# Enable managing of IP Pools via CRD
ipam:
mode: multi-pool
operator:
autoCreateCiliumPodIPPools:
default:
# In line with controlplane.yml
ipv4:
cidrs:
- 10.42.0.0/16
maskSize: 24
ipv6:
cidrs:
- 2001:470:61a3:200::/104
maskSize: 120
# Disable masquerading, ipv4 is done at router level
enableIPv4Masquerade: false
enableIPv6Masquerade: false
# Enable peering announcing routes via BGP
bgpControlPlane:
enabled: true
# Decrease requests
resources:
requests:
cpu: 0
operator:
replicas: 1
resources:
requests:
cpu: 0
envoy:
resources:
requests:
cpu: 0
Reference in New Issue View Git Blame Copy Permalink