michael/cilium-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updating cilium values for virt cluster

Browse source
This commit is contained in:
Michael Trip 2025-02-03 20:52:35 +01:00
parent 994b19f209
commit 2bc6111b7c
2 changed files with 102 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

97
cilium-values-virt.yaml Normal file
View file

@ -0,0 +1,97 @@
upgradeCompatibility: "1.16"
cluster:
name: virt-cluster
id: 1
kubeProxyReplacement: true
# Talos specific
k8sServiceHost: localhost
k8sServicePort: 7445
securityContext:
capabilities:
ciliumAgent: [ CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID ]
cleanCiliumState: [ NET_ADMIN, SYS_ADMIN, SYS_RESOURCE ]
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
# https://docs.cilium.io/en/stable/network/concepts/ipam/
ipam:
mode: kubernetes
devices: [ eth0, br0 ]
operator:
rollOutPods: true
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
# Roll out cilium agent pods automatically when ConfigMap is updated.
rollOutCiliumPods: true
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 200m
memory: 512Mi
#debug:
# enabled: true
# Increase rate limit when doing L2 announcements
#k8sClientRateLimit:
# qps: 20
# burst: 100
# l2announcements:
# enabled: true
externalIPs:
enabled: true
enableCiliumEndpointSlice: true
ipv6:
enabled: true
loadBalancer:
# https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing
algorithm: maglev
gatewayAPI:
enabled: false # We disable gatewayAPI for now
# envoy: # Because we disable gatewayAPI, we also don´t need envoy for now.
# securityContext:
# capabilities:
# keepCapNetBindService: true
# envoy: [ NET_ADMIN, PERFMON, SYS_ADMIN, BPF ]
# ingressController:
# enabled: true
# default: true
# loadbalancerMode: dedicated
# service:
# annotations:
# io.cilium/lb-ipam-ips: "10.99.101.50 2a02:a44d:67b4:501:ffff::"
# labels:
# network-announcement: "l2"
hubble:
enabled: true
relay:
enabled: true
rollOutPods: true
ui:
enabled: true
rollOutPods: true

7
cilium-values.yaml
View file

@ -1,3 +1,4 @@
upgradeCompatibility: "1.16"
cluster: cluster:
name: kube-cluster name: kube-cluster
id: 1 id: 1
@ -68,13 +69,15 @@ loadBalancer:
gatewayAPI: gatewayAPI:
enabled: true enabled: true
# externalTrafficPolicy: Cluster
envoy: envoy:
securityContext: securityContext:
capabilities: capabilities:
keepCapNetBindService: true keepCapNetBindService: true
envoy: [ NET_ADMIN, PERFMON, BPF ] envoy: [ NET_ADMIN, PERFMON, SYS_ADMIN, BPF ]
debug:
admin:
enabled: true
# ingressController: # ingressController:
# enabled: true # enabled: true