jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity Actions

Manage Cilium via flux again.

Browse source
This commit is contained in:
Joseph Hanson 2024-04-18 14:05:38 -05:00
parent ed04761f06
commit 25dbfb4019
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
7 changed files with 211 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml Normal file
View file

@ -0,0 +1,37 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
# comments courtesy of JJGadgets
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
metadata:
name: bgp-loadbalancer-ip-main
spec:
nodeSelector:
matchLabels:
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
virtualRouters:
- localASN: 64512
exportPodCIDR: false
serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
matchExpressions:
- {
key: thisFakeSelector,
operator: NotIn,
values: ["will-match-and-announce-all-services"],
}
neighbors:
- peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
peerASN: 64512
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: main-pool
spec:
cidrs:
- cidr: 10.45.0.1/24

75
kubernetes/apps/kube-system/cilium/app/helmrelease.yaml Normal file
View file

@ -0,0 +1,75 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cilium
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: cilium
version: 1.15.4
sourceRef:
kind: HelmRepository
name: cilium
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
hubble:
serviceMonitor:
enabled: true
relay:
prometheus:
serviceMonitor:
enabled: true
ui:
enabled: true
rollOutPods: true
ingress:
className: "internal-nginx"
hosts:
- &host hubble.jahanson.tech
tls:
- hosts:
- *host
metrics:
enabled:
- dns:query
- drop
- tcp
- flow
- port-distribution
- icmp
- http
serviceMonitor:
enabled: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium
operator:
prometheus:
enabled: true
serviceMonitor:
enabled: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium
prometheus:
enabled: true
serviceMonitor:
enabled: true
dashboards:
enabled: true
annotations:
grafana_folder: Cilium

13
kubernetes/apps/kube-system/cilium/app/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./bgppeeringpolicy.yaml
- ./helmrelease.yaml
configMapGenerator:
- name: cilium-helm-values
files:
- values.yaml=./resources/values.yml
configurations:
- kustomizeconfig.yaml

7
kubernetes/apps/kube-system/cilium/app/kustomizeconfig.yaml Normal file
View file

@ -0,0 +1,7 @@
---
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- path: spec/valuesFrom/name
kind: HelmRelease

59
kubernetes/apps/kube-system/cilium/app/resources/values.yml Normal file
View file

@ -0,0 +1,59 @@
cluster:
name: homelab
id: 1
bandwidthManager:
enabled: true
bbr: true
bpf:
masquerade: true
tproxy: true
autoDirectNodeRoutes: true
ipv4NativeRoutingCIDR: 10.244.0.0/16
routingMode: native
loadBalancer:
algorithm: maglev
mode: dsr
containerRuntime:
integration: containerd
localRedirectPolicy: true
operator:
rollOutPods: true
ipam:
mode: kubernetes
kubeProxyReplacement: true
k8sServiceHost: 127.0.0.1
k8sServicePort: 7445
rollOutCiliumPods: true
cgroup:
automount:
enabled: false
hostRoot: /sys/fs/cgroup
bgp:
enabled: false
announce:
loadbalancerIP: true
podCIDR: false
bgpControlPlane:
enabled: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE

19
kubernetes/apps/kube-system/cilium/ks.yaml Normal file
View file

@ -0,0 +1,19 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cilium
namespace: flux-system
spec:
targetNamespace: kube-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
interval: 10m
path: "./kubernetes/apps/kube-system/cilium/app"
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: true

2
kubernetes/apps/kube-system/kustomization.yaml
View file

@ -6,7 +6,7 @@ resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
# - ./cilium/ks.yaml
- ./cilium/ks.yaml
- ./descheduler/ks.yaml
- ./fstrim/ks.yaml
- ./metrics-server/ks.yaml