Updating master hosts and cilium.

2023-08-14 04:54:15 +00:00 · 2023-08-14 04:54:15 +00:00 · 6e2ee65d48
commit 6e2ee65d48
parent 0d5bc7f3ed
2 changed files with 79 additions and 25 deletions
--- a/ansible/kubernetes/inventory/hosts.yaml
+++ b/ansible/kubernetes/inventory/hosts.yaml
@ -7,11 +7,11 @@ kubernetes:
    master:
      hosts:
        eonwe:
-          ansible_host: 10.2.0.4
-        nienna:
-          ansible_host: 10.2.0.5
+          ansible_host: 10.2.1.13
        arlen:
-          ansible_host: 10.2.0.6
+          ansible_host: 10.2.1.14
+        nienna:
+          ansible_host: 10.2.1.15
    worker:
      hosts:
        aule:
--- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
@ -5,23 +5,17 @@ metadata:
  name: cilium
  namespace: kube-system
 spec:
+  interval: 30m
  chart:
    spec:
      chart: cilium
-      interval: 30m
+      version: 1.14.0
      sourceRef:
        kind: HelmRepository
        name: cilium
        namespace: flux-system
-      version: 1.14.0
-  interval: 30m
-
-  valuesFrom:
-    - kind: ConfigMap
-      name: cilium-values
  maxHistory: 2
  install:
-    createNamespace: true
    remediation:
      retries: 3
  upgrade:
@ -31,29 +25,89 @@ spec:
  uninstall:
    keepHistory: false
  values:
+    autoDirectNodeRoutes: true
+    bpf:
+      masquerade: true
+    bgp:
+      enabled: false
+    cluster:
+      name: kubernetes
+      id: 1
+    containerRuntime:
+      integration: containerd
+      socketPath: /var/run/k3s/containerd/containerd.sock
+    endpointRoutes:
+      enabled: true
    hubble:
-      ui:
-        ingress:
+      enabled: true
+      metrics:
+        enabled:
+          - dns:query
+          - drop
+          - tcp
+          - flow
+          - port-distribution
+          - icmp
+          - http
+        serviceMonitor:
+          enabled: true
+        dashboards:
          enabled: true
          annotations:
-            nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-          className: "nginx"
+            grafana_folder: Cilium
+      relay:
+        enabled: true
+        rollOutPods: true
+        prometheus:
+          serviceMonitor:
+            enabled: true
+      ui:
+        enabled: true
+        rollOutPods: true
+        ingress:
+          enabled: true
+          className: internal
          hosts:
-            - &host hubble-valinor.valinor.social
+            - &host hubble.valinor.social
          tls:
            - hosts:
                - *host
-      metrics:
-        serviceMonitor:
-          enabled: true
-      relay:
-        prometheus:
-          serviceMonitor:
-            enabled: true
-    prometheus:
-      serviceMonitor:
+    ipam:
+      mode: kubernetes
+    ipv4NativeRoutingCIDR: 10.32.0.0/16
+    k8sServiceHost: 10.2.0.3
+    k8sServicePort: 6443
+    kubeProxyReplacement: strict
+    kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+    l2announcements:
      enabled: true
+      leaseDuration: 120s
+      leaseRenewDeadline: 60s
+      leaseRetryPeriod: 1s
+    loadBalancer:
+      algorithm: maglev
+      mode: dsr
+    localRedirectPolicy: true
    operator:
+      rollOutPods: true
      prometheus:
+        enabled: true
        serviceMonitor:
          enabled: true
+      dashboards:
+        enabled: true
+        annotations:
+          grafana_folder: Cilium
+    prometheus:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+        trustCRDsExist: true
+    dashboards:
+      enabled: true
+      annotations:
+        grafana_folder: Cilium
+    rollOutCiliumPods: true
+    securityContext:
+      privileged: true
+    tunnel: disabled