Updated cilium for talos.

2024-02-15 16:54:45 -06:00 · 2024-02-15 16:54:45 -06:00 · d769b327a3
commit d769b327a3
parent d51302bf18
1 changed files with 24 additions and 2 deletions
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@ -50,9 +50,13 @@ spec:
    extraConfig:
      allow-localhost: policy        # enable policies for localhost
    kubeProxyReplacement: true
-    k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
-    k8sServicePort: 6443
+    k8sServiceHost: 127.0.0.1
+    k8sServicePort: 7445
    rollOutCiliumPods: true
+    cgroup:
+      automount:
+        enabled: false
+      hostRoot: /sys/fs/cgroup
    bgp:
      enabled: false
      announce:
@ -60,3 +64,21 @@ spec:
        podCIDR: false
    bgpControlPlane:
      enabled: true
+    securityContext:
+      capabilities:
+        ciliumAgent:
+          - CHOWN
+          - KILL
+          - NET_ADMIN
+          - NET_RAW
+          - IPC_LOCK
+          - SYS_ADMIN
+          - SYS_RESOURCE
+          - DAC_OVERRIDE
+          - FOWNER
+          - SETGID
+          - SETUID
+        cleanCiliumState:
+          - NET_ADMIN
+          - SYS_ADMIN
+          - SYS_RESOURCE