k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cilium

Browse Source
This commit is contained in:
Philip Haupt
2025-03-29 23:57:43 +01:00
parent 658edb9e7a
commit be99626c72
7 changed files with 2208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cilium/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
# argocd/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- main.yaml

2064
cilium/main.yaml Normal file
View File

File diff suppressed because one or more lines are too long

9
cilium/src/announce.yaml Normal file
View File

@@ -0,0 +1,9 @@
# kubernetes/cilium/announce.yaml
apiVersion: cilium.io/v2alpha1
kind: CiliumL2AnnouncementPolicy
metadata:
name: default-l2-announcement-policy
namespace: kube-system
spec:
externalIPs: true
loadBalancerIPs: true

7
cilium/src/gatewayclass.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: cilium
namespace: kube-system
spec:
controllerName: io.cilium/gateway-controller

10
cilium/src/ip-pool.yaml Normal file
View File

@@ -0,0 +1,10 @@
# kubernetes/cilium/ip-pool.yaml
apiVersion: cilium.io/v2alpha1
kind: CiliumLoadBalancerIPPool
metadata:
name: ip-pool
namespase: kube-system
spec:
blocks:
- start: 192.168.0.129
stop: 192.168.0.190

17
cilium/src/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
# kubernetes/cilium/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- announce.yaml
- gatewayclass.yaml
- ip-pool.yaml
helmCharts:
- name: cilium
repo: https://helm.cilium.io
version: 1.17.1
releaseName: cilium
includeCRDs: true
namespace: kube-system
valuesFile: values.yaml

94
cilium/src/values.yaml Normal file
View File

@@ -0,0 +1,94 @@
cluster:
name: talos
id: 1
bpf:
hostLegacyRouting: true
kubeProxyReplacement: true
# Talos specific
k8sServiceHost: localhost
k8sServicePort: 7445
securityContext:
capabilities:
ciliumAgent: [ CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID ]
cleanCiliumState: [ NET_ADMIN, SYS_ADMIN, SYS_RESOURCE ]
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
# https://docs.cilium.io/en/stable/network/concepts/ipam/
ipam:
mode: kubernetes
operator:
rollOutPods: true
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
# Roll out cilium agent pods automatically when ConfigMap is updated.
rollOutCiliumPods: true
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 200m
memory: 512Mi
#debug:
# enabled: true
# Increase rate limit when doing L2 announcements
k8sClientRateLimit:
qps: 20
burst: 100
l2announcements:
enabled: true
externalIPs:
enabled: true
devices: eth+
enableCiliumEndpointSlice: true
loadBalancer:
# https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing
algorithm: maglev
gatewayAPI:
enabled: true
envoy:
securityContext:
capabilities:
keepCapNetBindService: true
envoy: [ NET_ADMIN, PERFMON, BPF ]
ingressController:
enabled: true
default: true
loadbalancerMode: shared
service:
annotations:
io.cilium/lb-ipam-ips: 192.168.0.180
hubble:
peerService:
clusterDomain: cluster.local
enabled: true
relay:
enabled: true
rollOutPods: true
ui:
enabled: true
rollOutPods: true