Updated cilium for talos.

This commit is contained in:
Joseph Hanson 2024-02-15 16:54:45 -06:00
parent d51302bf18
commit d769b327a3

View file

@ -50,9 +50,13 @@ spec:
extraConfig: extraConfig:
allow-localhost: policy # enable policies for localhost allow-localhost: policy # enable policies for localhost
kubeProxyReplacement: true kubeProxyReplacement: true
k8sServiceHost: ${K8S_SERVICE_ENDPOINT} k8sServiceHost: 127.0.0.1
k8sServicePort: 6443 k8sServicePort: 7445
rollOutCiliumPods: true rollOutCiliumPods: true
cgroup:
automount:
enabled: false
hostRoot: /sys/fs/cgroup
bgp: bgp:
enabled: false enabled: false
announce: announce:
@ -60,3 +64,21 @@ spec:
podCIDR: false podCIDR: false
bgpControlPlane: bgpControlPlane:
enabled: true enabled: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE