feat: Let flux manage cilium after bootstrap

bootstrap.sh

@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
+root=$(git rev-parse --show-toplevel)
 
 tools=(talosctl cilium-cli yq helm)
 cilium_version=1.18.4
@@ -101,6 +102,7 @@ elif [ ! $count -eq 0 ]; then
 	echo " [Success]"
 fi
 
+cluster_env=$(kubectl get configmaps -n flux-system cluster-variables -o jsonpath={.data.cluster_env})
 if ! helm status -n kube-system cilium &> /dev/null; then
 	echo "Installing cilium..."
 	helm repo add cilium https://helm.cilium.io/ > /dev/null
@@ -110,7 +112,8 @@ if ! helm status -n kube-system cilium &> /dev/null; then
 		cilium/cilium \
 		--version ${cilium_version} \
 		--namespace kube-system \
-		--values cilium.yaml
+		--values ${root}/controllers/cilium/base/values.yaml \
+		--values ${root}/controllers/cilium/${cluster_env}/values.yaml
 fi
 
 cilium-cli status --wait

clusters/testing/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
   - flux-system/
   - ../../controllers/artifacts.yaml
+  - ../../controllers/cilium/cilium.yaml
   - ../../controllers/cert-manager/cert-manager.yaml
   - ../../configs/artifacts.yaml
   - ../../configs/letsencrypt/letsencrypt.yaml

controllers/artifacts.yaml

@@ -9,6 +9,11 @@ spec:
       kind: GitRepository
       name: flux-system
   artifacts:
+    - name: cilium
+      originRevision: "@foundation"
+      copy:
+        - from: "@foundation/controllers/cilium/**"
+          to: "@artifact/"
     - name: cert-manager
       originRevision: "@foundation"
       copy:

controllers/cilium/base/helm-release.yaml

@@ -0,0 +1,30 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cilium
+  namespace: cilium
+spec:
+  interval: 12h
+  targetNamespace: kube-system
+  install:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 2m
+  upgrade:
+    strategy:
+      name: RetryOnFailure
+      retryInterval: 3m
+  chart:
+    spec:
+      chart: cilium
+      version: "1.x"
+      sourceRef:
+        kind: HelmRepository
+        name: cilium
+      interval: 24h
+  valuesFrom:
+    - kind: ConfigMap
+      name: values-base
+    - kind: ConfigMap
+      name: values-overlay
+      optional: true

controllers/cilium/base/helm-repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cilium
+  namespace: cilium
+spec:
+  interval: 24h
+  url: https://helm.cilium.io

controllers/cilium/base/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helm-repository.yaml
+  - helm-release.yaml
+
+configurations:
+  - name-reference.yaml
+
+configMapGenerator:
+  - name: values-base
+    namespace: cilium
+    files:
+      - values.yaml

controllers/cilium/base/name-reference.yaml

@@ -0,0 +1,6 @@
+nameReference:
+  - kind: ConfigMap
+    version: v1
+    fieldSpecs:
+      - path: spec/valuesFrom/name
+        kind: HelmRelease

controllers/cilium/base/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cilium

controllers/cilium/base/values.yaml

@@ -29,8 +29,3 @@ gatewayAPI:
   enabled: true
   enableAlpn: true
   enableAppProtocol: true
-operator:
-  replicas: 1
-hubble:
-  relay:
-    enabled: true

controllers/cilium/cilium.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cilium
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
+  sourceRef:
+    kind: ExternalArtifact
+    name: cilium
+  path: ./${cluster_env}
+  prune: true
+  wait: true

controllers/cilium/production/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base

controllers/cilium/staging/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+
+configMapGenerator:
+  - name: values-overlay
+    namespace: cilium
+    files:
+      - values.yaml

controllers/cilium/staging/values.yaml

@@ -0,0 +1,2 @@
+operator:
+  replicas: 1