From 6e2ee65d48b97234922c557b6bcba531f413702d Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 14 Aug 2023 04:54:15 +0000 Subject: [PATCH] Updating master hosts and cilium. --- ansible/kubernetes/inventory/hosts.yaml | 8 +- .../kube-system/cilium/app/helmrelease.yaml | 96 +++++++++++++++---- 2 files changed, 79 insertions(+), 25 deletions(-) diff --git a/ansible/kubernetes/inventory/hosts.yaml b/ansible/kubernetes/inventory/hosts.yaml index 7cc29d4..367175b 100644 --- a/ansible/kubernetes/inventory/hosts.yaml +++ b/ansible/kubernetes/inventory/hosts.yaml @@ -7,11 +7,11 @@ kubernetes: master: hosts: eonwe: - ansible_host: 10.2.0.4 - nienna: - ansible_host: 10.2.0.5 + ansible_host: 10.2.1.13 arlen: - ansible_host: 10.2.0.6 + ansible_host: 10.2.1.14 + nienna: + ansible_host: 10.2.1.15 worker: hosts: aule: diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml index 57f3d76..dd4516e 100644 --- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -5,23 +5,17 @@ metadata: name: cilium namespace: kube-system spec: + interval: 30m chart: spec: chart: cilium - interval: 30m + version: 1.14.0 sourceRef: kind: HelmRepository name: cilium namespace: flux-system - version: 1.14.0 - interval: 30m - - valuesFrom: - - kind: ConfigMap - name: cilium-values maxHistory: 2 install: - createNamespace: true remediation: retries: 3 upgrade: @@ -31,29 +25,89 @@ spec: uninstall: keepHistory: false values: + autoDirectNodeRoutes: true + bpf: + masquerade: true + bgp: + enabled: false + cluster: + name: kubernetes + id: 1 + containerRuntime: + integration: containerd + socketPath: /var/run/k3s/containerd/containerd.sock + endpointRoutes: + enabled: true hubble: - ui: - ingress: - enabled: true - annotations: - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - className: "nginx" - hosts: - - &host hubble-valinor.valinor.social - tls: - - hosts: - - *host + enabled: true metrics: + enabled: + - dns:query + - drop + - tcp + - flow + - port-distribution + - icmp + - http serviceMonitor: enabled: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium relay: + enabled: true + rollOutPods: true prometheus: serviceMonitor: enabled: true - prometheus: - serviceMonitor: + ui: enabled: true + rollOutPods: true + ingress: + enabled: true + className: internal + hosts: + - &host hubble.valinor.social + tls: + - hosts: + - *host + ipam: + mode: kubernetes + ipv4NativeRoutingCIDR: 10.32.0.0/16 + k8sServiceHost: 10.2.0.3 + k8sServicePort: 6443 + kubeProxyReplacement: strict + kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 + l2announcements: + enabled: true + leaseDuration: 120s + leaseRenewDeadline: 60s + leaseRetryPeriod: 1s + loadBalancer: + algorithm: maglev + mode: dsr + localRedirectPolicy: true operator: + rollOutPods: true prometheus: + enabled: true serviceMonitor: enabled: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium + prometheus: + enabled: true + serviceMonitor: + enabled: true + trustCRDsExist: true + dashboards: + enabled: true + annotations: + grafana_folder: Cilium + rollOutCiliumPods: true + securityContext: + privileged: true + tunnel: disabled