infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Let flux manage cilium after bootstrap

Browse Source
This commit is contained in:
Dreaded_X
2025-12-02 02:21:16 +01:00
parent 2d2573f2fa
commit 75f6c62d03
13 changed files with 104 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/artifacts.yaml
View File

@@ -9,6 +9,11 @@ spec:
kind: GitRepository
name: flux-system
artifacts:
- name: cilium
originRevision: "@foundation"
copy:
- from: "@foundation/controllers/cilium/**"
to: "@artifact/"
- name: cert-manager
originRevision: "@foundation"
copy:

30
controllers/cilium/base/helm-release.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cilium
namespace: cilium
spec:
interval: 12h
targetNamespace: kube-system
install:
strategy:
name: RetryOnFailure
retryInterval: 2m
upgrade:
strategy:
name: RetryOnFailure
retryInterval: 3m
chart:
spec:
chart: cilium
version: "1.x"
sourceRef:
kind: HelmRepository
name: cilium
interval: 24h
valuesFrom:
- kind: ConfigMap
name: values-base
- kind: ConfigMap
name: values-overlay
optional: true

8
controllers/cilium/base/helm-repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cilium
namespace: cilium
spec:
interval: 24h
url: https://helm.cilium.io

15
controllers/cilium/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- helm-repository.yaml
- helm-release.yaml
configurations:
- name-reference.yaml
configMapGenerator:
- name: values-base
namespace: cilium
files:
- values.yaml

6
controllers/cilium/base/name-reference.yaml Normal file
View File

@@ -0,0 +1,6 @@
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- path: spec/valuesFrom/name
kind: HelmRelease

4
controllers/cilium/base/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: cilium

31
controllers/cilium/base/values.yaml Normal file
View File

@@ -0,0 +1,31 @@
ipam:
mode: kubernetes
kubeProxyReplacement: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
k8sServiceHost: localhost
k8sServicePort: 7445
gatewayAPI:
enabled: true
enableAlpn: true
enableAppProtocol: true

15
controllers/cilium/cilium.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cilium
namespace: flux-system
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
sourceRef:
kind: ExternalArtifact
name: cilium
path: ./${cluster_env}
prune: true
wait: true

4
controllers/cilium/production/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base

10
controllers/cilium/staging/kustomization.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
configMapGenerator:
- name: values-overlay
namespace: cilium
files:
- values.yaml

2
controllers/cilium/staging/values.yaml Normal file
View File

@@ -0,0 +1,2 @@
operator:
replicas: 1