Add a few more steps to bootstrap.

kubernetes/bootstrap/readme.md

@@ -7,8 +7,27 @@
 ```sh
 omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml
 ```
+## CNI
 
-## Flux
+### Install Cilium
+
+```sh
+cilium install \
+    --helm-set=ipam.mode=kubernetes \
+    --helm-set=kubeProxyReplacement=true \
+    --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+    --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+    --helm-set=cgroup.autoMount.enabled=false \
+    --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
+    --helm-set=k8sServiceHost=127.0.0.1 \
+    --helm-set=k8sServicePort=7445 \
+    --helm-set=bgpControlPlane.enabled=true \
+    --helm-set=bgp.enabled=false \
+    --helm-set=bgp.announce.loadbalancerIP=true \
+    --helm-set=bgp.announce.podCIDR=false
+```
+
+## Flux Prep
 
 ### Install Flux
 
@@ -25,10 +44,15 @@ sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
 sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
 sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
 kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml
-kubectl apply -k kubernetes/bootstrap/kps-crds/
 ```
 
-### Kick off Flux applying this repository
+## Wipe Rook Ceph
+
+```sh
+kubectl apply -f kubernetes/tools/wiperook.yaml
+```
+
+## Kick off Flux applying this repository
 
 ```sh
 kubectl apply --server-side --kustomize ./kubernetes/flux/config