wheatley/kubernetes
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

chore(cilium): Move Cilium configuration to kustomize-bases

Browse source
This commit is contained in:
Peter 2025-12-14 13:57:30 +01:00
parent 1420189990
commit 471e15389e
Signed by: Peter
SSH key fingerprint: SHA256:B5tYaxBExaDm74r1px9iVeZ6F/ZDiyiy9SbBqfZYrvg
12 changed files with 75 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

27
k8s-peterg/cilium/gateways.yaml
View file

@ -26,30 +26,3 @@ spec:
certificateRefs: certificateRefs:
- kind: Secret - kind: Secret
name: tls-wildcard-peterg-nl name: tls-wildcard-peterg-nl
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: internal
spec:
gatewayClassName: cilium
addresses:
- type: IPAddress
value: 10.167.84.11
listeners:
- allowedRoutes:
namespaces:
from: All
name: http
port: 80
protocol: HTTP
- allowedRoutes:
namespaces:
from: All
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- kind: Secret
name: tls-wildcard-peterg-nl

16
k8s-peterg/cilium/httproute.yaml
View file

@ -1,22 +1,6 @@
--- ---
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata:
name: http-filter-redirect
spec:
parentRefs:
- name: public
sectionName: http
- name: internal
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata: metadata:
name: hubble-route name: hubble-route
namespace: kube-system namespace: kube-system

7
k8s-peterg/cilium/ip-pool.yaml
View file

@ -14,10 +14,3 @@ metadata:
spec: spec:
blocks: blocks:
- cidr: "10.7.65.250/32" - cidr: "10.7.65.250/32"
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: l2adv
spec:
loadBalancerIPs: true

19
k8s-peterg/cilium/kustomization.yaml
View file

@ -4,14 +4,19 @@ kind: Kustomization
namespace: kube-system namespace: kube-system
resources: resources:
- ../../kustomize-bases/cilium
- ip-pool.yaml - ip-pool.yaml
- gateways.yaml - gateways.yaml
- httproute.yaml - httproute.yaml
helmCharts: patches:
- name: cilium - patch: |-
repo: https://helm.cilium.io - op: replace
namespace: kube-system path: /spec/addresses/0/value
releaseName: cilium value: 10.167.84.11
version: 1.18.3 - op: replace
valuesFile: values.yaml path: /spec/listeners/1/tls/certificateRefs/0/name
value: tls-wildcard-peterg-nl
target:
kind: Gateway
name: internal

7
k8s-wheatley/cilium/ip-pool.yaml
View file

@ -6,10 +6,3 @@ metadata:
spec: spec:
blocks: blocks:
- cidr: "10.13.37.30/32" - cidr: "10.13.37.30/32"
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: l2adv
spec:
loadBalancerIPs: true

19
k8s-wheatley/cilium/kustomization.yaml
View file

@ -4,14 +4,19 @@ kind: Kustomization
namespace: kube-system namespace: kube-system
resources: resources:
- ../../kustomize-bases/cilium
- ip-pool.yaml - ip-pool.yaml
- gateways.yaml - gateways.yaml
- httproute.yaml - httproute.yaml
helmCharts: patches:
- name: cilium - patch: |-
repo: https://helm.cilium.io - op: replace
namespace: kube-system path: /spec/addresses/0/value
releaseName: cilium value: 10.13.37.30
version: 1.18.3 - op: replace
valuesFile: values.yaml path: /spec/listeners/1/tls/certificateRefs/0/name
value: tls-wildcard-wheatley-in
target:
kind: Gateway
name: internal

38
k8s-wheatley/cilium/values.yaml
View file

@ -1,38 +0,0 @@
k8sServiceHost: localhost
k8sServicePort: 7445
kubeProxyReplacement: true
cgroup:
hostRoot: /sys/fs/cgroup
autoMount:
enabled: false
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
hubble:
relay:
enabled: true
ui:
enabled: true
gatewayAPI:
enabled: true
enableAlpn: true
enableAppProtocol: true

12
k8s-wheatley/cilium/gateways.yaml → kustomize-bases/cilium/gateways.yaml
View file

@ -7,7 +7,7 @@ spec:
gatewayClassName: cilium gatewayClassName: cilium
addresses: addresses:
- type: IPAddress - type: IPAddress
value: 10.13.37.30 value: placeholder
listeners: listeners:
- allowedRoutes: - allowedRoutes:
namespaces: namespaces:
@ -15,3 +15,13 @@ spec:
name: http name: http
port: 80 port: 80
protocol: HTTP protocol: HTTP
- allowedRoutes:
namespaces:
from: All
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- kind: Secret
name: placeholder

16
kustomize-bases/cilium/httproute.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-filter-redirect
spec:
parentRefs:
- name: public
sectionName: http
- name: internal
sectionName: http
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https

17
kustomize-bases/cilium/kustomization.yaml Normal file
View file

@ -0,0 +1,17 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- l2-advertisement.yaml
- gateways.yaml
- httproute.yaml
helmCharts:
- name: cilium
repo: https://helm.cilium.io
namespace: kube-system
releaseName: cilium
version: 1.18.3
valuesFile: values.yaml

7
kustomize-bases/cilium/l2-advertisement.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: l2adv
spec:
loadBalancerIPs: true

0
k8s-peterg/cilium/values.yaml → kustomize-bases/cilium/values.yaml
View file