From 38fbe38984072a0ff4b56f25dfe00734e03243e4 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Mon, 7 Jul 2025 14:20:21 +0800 Subject: [PATCH] feat(cilium): v1.17.5, gateway API --- kube/deploy/apps/rclone-retro/app/hr.yaml | 12 +++++---- .../app/config/biohazard/helm-values.yaml | 26 ++++++++++++++++++- .../core/_networking/cilium/app/hr.yaml | 7 +++-- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/kube/deploy/apps/rclone-retro/app/hr.yaml b/kube/deploy/apps/rclone-retro/app/hr.yaml index dde5528a..da39ef92 100644 --- a/kube/deploy/apps/rclone-retro/app/hr.yaml +++ b/kube/deploy/apps/rclone-retro/app/hr.yaml @@ -171,11 +171,13 @@ spec: readOnly: true data: existingClaim: rclone-retro-data - globalMounts: - - subPath: data - path: /data - - subPath: cache - path: /.cache + advancedMounts: + app: + app: + - subPath: data + path: /data + - subPath: cache + path: /.cache # nfs: # type: nfs # server: "${IP_TRUENAS:=127.0.0.1}" diff --git a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml index 2adce4f4..326e7995 100644 --- a/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml +++ b/kube/deploy/core/_networking/cilium/app/config/biohazard/helm-values.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/tags/v1.16.4/install/kubernetes/cilium/values.schema.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/cilium/cilium/refs/tags/v1.17.5/install/kubernetes/cilium/values.schema.json ## NOTE: required for Talos securityContext: @@ -89,3 +89,27 @@ hubble: ui: enabled: true rollOutPods: true + +## NOTE: egress gateway +egressGateway: + enabled: true + +## NOTE: ingress/gateway + +ingressController: + enabled: true + enforceHttps: true + loadbalancerMode: shared + defaultSecretNamespace: ingress + defaultSecretName: short-domain-tls + service: + annotations: + lbipam.cilium.io/ips: "${APP_IP_CILIUM_INGRESS:=127.0.0.1}" + +gatewayAPI: + enabled: true + enableAlpn: true + enableAppProtocol: true + xffNumTrustedHops: 1 + gatewayClass: + create: "true" diff --git a/kube/deploy/core/_networking/cilium/app/hr.yaml b/kube/deploy/core/_networking/cilium/app/hr.yaml index 20924707..7ac71b0a 100644 --- a/kube/deploy/core/_networking/cilium/app/hr.yaml +++ b/kube/deploy/core/_networking/cilium/app/hr.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://flux.jank.ing/helmrelease/v2/github/cilium/cilium/v1.16.5/install/kubernetes/cilium +# yaml-language-server: $schema=https://flux.jank.ing/helmrelease/v2/github/cilium/cilium/v1.17.5/install/kubernetes/cilium apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: @@ -16,7 +16,7 @@ spec: chart: spec: chart: cilium - version: "1.17.4" + version: "1.17.5" sourceRef: name: cilium-charts kind: HelmRepository @@ -105,6 +105,9 @@ spec: #annotations: # grafana_folder: "Cilium" eventQueueSize: "50000" # default is 6144 which fills up + dropEventEmitter: + enabled: true + reasons: [auth_required, policy_denied, policy_deny, fib_lookup_failed, unsupported_l3_protocol, service_backend_not_found] operator: prometheus: enabled: true