chore(k8s-peterg): Use Helm chart to manage cilium

2025-11-09 13:43:20 +01:00 · 2025-11-09 13:43:20 +01:00 · 52b257a2ff
commit 52b257a2ff
parent 6b331ca18f
3 changed files with 46 additions and 6 deletions
--- a/k8s-peterg/cilium/kustomization.yaml
+++ b/k8s-peterg/cilium/kustomization.yaml
@ -4,7 +4,14 @@ kind: Kustomization
 namespace: kube-system

 resources:
-  - namespace.yaml
  - ip-pool.yaml
  - gateways.yaml
  - httproute.yaml
+
+helmCharts:
+  - name: cilium
+    repo: https://helm.cilium.io
+    namespace: kube-system
+    releaseName: cilium
+    version: 1.18.3
+    valuesFile: values.yaml
--- a/k8s-peterg/cilium/namespace.yaml
+++ b/k8s-peterg/cilium/namespace.yaml
@ -1,5 +0,0 @@
---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kube-system
--- a/k8s-peterg/cilium/values.yaml
+++ b/k8s-peterg/cilium/values.yaml
@ -0,0 +1,38 @@
+k8sServiceHost: localhost
+k8sServicePort: 7445
+kubeProxyReplacement: true
+
+cgroup:
+  hostRoot: /sys/fs/cgroup
+  autoMount:
+    enabled: false
+
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+
+hubble:
+  relay:
+    enabled: true
+  ui:
+    enabled: true
+
+gatewayAPI:
+  enabled: true
+  enableAlpn: true
+  enableAppProtocol: true