feat(cilium): v1.17.5, gateway API

2026-01-27 10:18:27 +00:00 · 2025-07-07 14:20:21 +08:00
parent db6769a9b3
commit 38fbe38984
3 changed files with 37 additions and 8 deletions
--- a/kube/deploy/apps/rclone-retro/app/hr.yaml
+++ b/kube/deploy/apps/rclone-retro/app/hr.yaml
@@ -171,11 +171,13 @@ spec:
            readOnly: true
      data:
        existingClaim: rclone-retro-data
-        globalMounts:
-          - subPath: data
-            path: /data
-          - subPath: cache
-            path: /.cache
+        advancedMounts:
+          app:
+            app:
+              - subPath: data
+                path: /data
+              - subPath: cache
+                path: /.cache
      # nfs:
      #   type: nfs
      #   server: "${IP_TRUENAS:=127.0.0.1}"
--- a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
+++ b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml
@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/tags/v1.16.4/install/kubernetes/cilium/values.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/tags/v1.17.5/install/kubernetes/cilium/values.schema.json

 ## NOTE: required for Talos
 securityContext:
@@ -89,3 +89,27 @@ hubble:
  ui:
    enabled: true
    rollOutPods: true
+
+## NOTE: egress gateway
+egressGateway:
+  enabled: true
+
+## NOTE: ingress/gateway
+
+ingressController:
+  enabled: true
+  enforceHttps: true
+  loadbalancerMode: shared
+  defaultSecretNamespace: ingress
+  defaultSecretName: short-domain-tls
+  service:
+    annotations:
+      lbipam.cilium.io/ips: "${APP_IP_CILIUM_INGRESS:=127.0.0.1}"
+
+gatewayAPI:
+  enabled: true
+  enableAlpn: true
+  enableAppProtocol: true
+  xffNumTrustedHops: 1
+  gatewayClass:
+    create: "true"
--- a/kube/deploy/core/_networking/cilium/app/hr.yaml
+++ b/kube/deploy/core/_networking/cilium/app/hr.yaml
@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://flux.jank.ing/helmrelease/v2/github/cilium/cilium/v1.16.5/install/kubernetes/cilium
+# yaml-language-server: $schema=https://flux.jank.ing/helmrelease/v2/github/cilium/cilium/v1.17.5/install/kubernetes/cilium
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
@@ -16,7 +16,7 @@ spec:
  chart:
    spec:
      chart: cilium
-      version: "1.17.4"
+      version: "1.17.5"
      sourceRef:
        name: cilium-charts
        kind: HelmRepository
@@ -105,6 +105,9 @@ spec:
          #annotations:
          #  grafana_folder: "Cilium"
      eventQueueSize: "50000" # default is 6144 which fills up
+      dropEventEmitter:
+        enabled: true
+        reasons: [auth_required, policy_denied, policy_deny, fib_lookup_failed, unsupported_l3_protocol, service_backend_not_found]
    operator:
      prometheus:
        enabled: true