Added cilium

2025-11-12 05:46:48 +01:00
parent 3200aaebaa
commit 66d2c03be4
5 changed files with 86 additions and 0 deletions
--- a/nodes/_cilium_values.yaml
+++ b/nodes/_cilium_values.yaml
@@ -0,0 +1,31 @@
+ipam:
+  mode: kubernetes
+kubeProxyReplacement: true
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+k8sServiceHost: localhost
+k8sServicePort: 7445
+gatewayAPI:
+  enabled: true
+  enableAlpn: true
+  enableAppProtocol: true
--- a/nodes/_defaults.yaml
+++ b/nodes/_defaults.yaml
@@ -2,6 +2,10 @@ schematicId: !schematic default
 arch: amd64
 talosVersion: v1.11.3
 kubernesVersion: v1.34.1
+cluster:
+  cilium:
+    version: 1.18.3
+    valuesFile: !realpath _cilium_values.yaml
 kernelArgs:
  - talos.platform=metal
  - console=tty0
@@ -27,5 +31,6 @@ patches:
  - !patch network
  - !patch vip
  - !patch tailscale
+  - !patch cilium
 patchesControlPlane:
  - !patch allow-control-plane-workloads