chore(cilium): Move Cilium configuration to kustomize-bases

k8s-wheatley/cilium/gateways.yaml

@@ -1,17 +0,0 @@
----
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
-  name: internal
-spec:
-  gatewayClassName: cilium
-  addresses:
-    - type: IPAddress
-      value: 10.13.37.30
-  listeners:
-    - allowedRoutes:
-        namespaces:
-          from: All
-      name: http
-      port: 80
-      protocol: HTTP

k8s-wheatley/cilium/ip-pool.yaml

@@ -6,10 +6,3 @@ metadata:
 spec:
   blocks:
     - cidr: "10.13.37.30/32"
----
-apiVersion: "cilium.io/v2alpha1"
-kind: CiliumL2AnnouncementPolicy
-metadata:
-  name: l2adv
-spec:
-  loadBalancerIPs: true

k8s-wheatley/cilium/kustomization.yaml

@@ -4,14 +4,19 @@ kind: Kustomization
 namespace: kube-system
 
 resources:
+  - ../../kustomize-bases/cilium
   - ip-pool.yaml
   - gateways.yaml
   - httproute.yaml
 
-helmCharts:
-  - name: cilium
-    repo: https://helm.cilium.io
-    namespace: kube-system
-    releaseName: cilium
-    version: 1.18.3
-    valuesFile: values.yaml
+patches:
+  - patch: |-
+      - op: replace
+        path: /spec/addresses/0/value
+        value: 10.13.37.30 
+      - op: replace
+        path: /spec/listeners/1/tls/certificateRefs/0/name
+        value: tls-wildcard-wheatley-in
+    target:
+      kind: Gateway
+      name: internal

k8s-wheatley/cilium/values.yaml

@@ -1,38 +0,0 @@
-k8sServiceHost: localhost
-k8sServicePort: 7445
-kubeProxyReplacement: true
-
-cgroup:
-  hostRoot: /sys/fs/cgroup
-  autoMount:
-    enabled: false
-
-securityContext:
-  capabilities:
-    ciliumAgent:
-      - CHOWN
-      - KILL
-      - NET_ADMIN
-      - NET_RAW
-      - IPC_LOCK
-      - SYS_ADMIN
-      - SYS_RESOURCE
-      - DAC_OVERRIDE
-      - FOWNER
-      - SETGID
-      - SETUID
-    cleanCiliumState:
-      - NET_ADMIN
-      - SYS_ADMIN
-      - SYS_RESOURCE
-
-hubble:
-  relay:
-    enabled: true
-  ui:
-    enabled: true
-
-gatewayAPI:
-  enabled: true
-  enableAlpn: true
-  enableAppProtocol: true