github-personal/terraform-libvirt-talos
1
0
Fork 0
mirror of https://github.com/outbackdingo/terraform-libvirt-talos.git synced 2026-01-27 02:20:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
terraform-libvirt-talos/cilium.tf
Rui Lopes ebb906ed16 upgrade to cilium 1.18.2
2025-10-06 20:30:12 +00:00

135 lines
3.8 KiB
HCL
Raw Permalink Blame History

locals {
# see https://docs.cilium.io/en/stable/network/lb-ipam/
# see https://docs.cilium.io/en/stable/network/l2-announcements/
# see the CiliumL2AnnouncementPolicy type at https://github.com/cilium/cilium/blob/v1.18.2/pkg/k8s/apis/cilium.io/v2alpha1/l2announcement_types.go#L23-L42
# see the CiliumLoadBalancerIPPool type at https://github.com/cilium/cilium/blob/v1.18.2/pkg/k8s/apis/cilium.io/v2alpha1/lbipam_types.go#L22-L46
cilium_external_lb_manifests = [
{
apiVersion = "cilium.io/v2alpha1"
kind = "CiliumL2AnnouncementPolicy"
metadata = {
name = "external"
}
spec = {
loadBalancerIPs = true
interfaces = [
"eth0",
]
nodeSelector = {
matchExpressions = [
{
key = "node-role.kubernetes.io/control-plane"
operator = "DoesNotExist"
},
]
}
}
},
{
apiVersion = "cilium.io/v2alpha1"
kind = "CiliumLoadBalancerIPPool"
metadata = {
name = "external"
}
spec = {
blocks = [
{
start = cidrhost(var.cluster_node_network, var.cluster_node_network_load_balancer_first_hostnum)
stop = cidrhost(var.cluster_node_network, var.cluster_node_network_load_balancer_last_hostnum)
},
]
}
},
]
cilium_external_lb_manifest = join("---\n", [for d in local.cilium_external_lb_manifests : yamlencode(d)])
}
// see https://www.talos.dev/v1.11/kubernetes-guides/network/deploying-cilium/#method-4-helm-manifests-inline-install
// see https://docs.cilium.io/en/stable/network/servicemesh/ingress/
// see https://docs.cilium.io/en/stable/gettingstarted/hubble_setup/
// see https://docs.cilium.io/en/stable/gettingstarted/hubble/
// see https://docs.cilium.io/en/stable/helm-reference/#helm-reference
// see https://github.com/cilium/cilium/releases
// see https://github.com/cilium/cilium/tree/v1.18.2/install/kubernetes/cilium
// see https://registry.terraform.io/providers/hashicorp/helm/latest/docs/data-sources/template
data "helm_template" "cilium" {
namespace = "kube-system"
name = "cilium"
repository = "https://helm.cilium.io"
chart = "cilium"
# renovate: datasource=helm depName=cilium registryUrl=https://helm.cilium.io
version = "1.18.2"
kube_version = var.kubernetes_version
api_versions = []
set = [
{
name = "ipam.mode"
value = "kubernetes"
},
{
name = "securityContext.capabilities.ciliumAgent"
value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
},
{
name = "securityContext.capabilities.cleanCiliumState"
value = "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
},
{
name = "cgroup.autoMount.enabled"
value = "false"
},
{
name = "cgroup.hostRoot"
value = "/sys/fs/cgroup"
},
{
name = "k8sServiceHost"
value = "localhost"
},
{
name = "k8sServicePort"
value = local.common_machine_config.machine.features.kubePrism.port
},
{
name = "kubeProxyReplacement"
value = "true"
},
{
name = "l2announcements.enabled"
value = "true"
},
{
name = "devices"
value = "{eth0}"
},
{
name = "ingressController.enabled"
value = "true"
},
{
name = "ingressController.default"
value = "true"
},
{
name = "ingressController.loadbalancerMode"
value = "shared"
},
{
name = "ingressController.enforceHttps"
value = "false"
},
{
name = "envoy.enabled"
value = "true"
},
{
name = "hubble.relay.enabled"
value = "true"
},
{
name = "hubble.ui.enabled"
value = "true"
}
]
}
Reference in New Issue View Git Blame Copy Permalink