From c36bceabf28cae77230229b5b997827d4faa6fc2 Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Mon, 5 May 2025 16:55:17 +0400
Subject: [PATCH] Enable user-added params in tenant cluster Cilium (#917)

Users requested the possibility of passing custom values to the Cilium
HelmRelease in tenant k8s clusters to enable its latest features, such
as support for the Gateway API. This customization is now available via
the `valuesOverride` field under `addons.cilium` in the kubernetes' app
values.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Added support for custom override values for the Cilium addon,
allowing users to configure Cilium settings via the values file.
- **Chores**
  - Updated the Kubernetes chart version to 0.20.0.
  - Updated version mappings to reflect the new chart version.
- **Documentation**
- Updated Kubernetes managed service docs to include configuration
details for Cilium addon overrides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

(cherry picked from commit 0346dc05bbc0cd723cb43417311668e54511fd23)
Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 packages/apps/bucket/README.md                   |  3 +++
 packages/apps/bucket/values.schema.json          |  5 +++++
 packages/apps/bucket/values.yaml                 |  1 +
 packages/apps/kubernetes/Chart.yaml              |  2 +-
 packages/apps/kubernetes/README.md               |  1 +
 .../templates/helmreleases/cilium.yaml           | 16 ++++++++++------
 packages/apps/kubernetes/values.schema.json      | 10 ++++++++++
 packages/apps/kubernetes/values.yaml             |  6 ++++++
 packages/apps/versions_map                       |  3 ++-
 9 files changed, 39 insertions(+), 8 deletions(-)
 create mode 100644 packages/apps/bucket/README.md
 create mode 100644 packages/apps/bucket/values.schema.json
 create mode 100644 packages/apps/bucket/values.yaml

diff --git a/packages/apps/bucket/README.md b/packages/apps/bucket/README.md
new file mode 100644
index 00000000..89749b1d
--- /dev/null
+++ b/packages/apps/bucket/README.md
@@ -0,0 +1,3 @@
+# S3 bucket
+
+## Parameters
diff --git a/packages/apps/bucket/values.schema.json b/packages/apps/bucket/values.schema.json
new file mode 100644
index 00000000..decc79aa
--- /dev/null
+++ b/packages/apps/bucket/values.schema.json
@@ -0,0 +1,5 @@
+{
+    "title": "Chart Values",
+    "type": "object",
+    "properties": {}
+}
\ No newline at end of file
diff --git a/packages/apps/bucket/values.yaml b/packages/apps/bucket/values.yaml
new file mode 100644
index 00000000..0967ef42
--- /dev/null
+++ b/packages/apps/bucket/values.yaml
@@ -0,0 +1 @@
+{}
diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml
index 05076167..7daa8598 100644
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.19.0
+version: 0.20.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/packages/apps/kubernetes/README.md b/packages/apps/kubernetes/README.md
index 94a4ff6e..79c01191 100644
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -44,6 +44,7 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 | --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
 | `addons.certManager.enabled`                  | Enables the cert-manager                                                                                                                                          | `false` |
 | `addons.certManager.valuesOverride`           | Custom values to override                                                                                                                                         | `{}`    |
+| `addons.cilium.valuesOverride`                | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.enabled`                 | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)                                                                                          | `false` |
 | `addons.ingressNginx.valuesOverride`          | Custom values to override                                                                                                                                         | `{}`    |
 | `addons.ingressNginx.hosts`                   | List of domain names that should be passed through to the cluster by upper cluster                                                                                | `[]`    |
diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
index 6b03bdb3..448e5976 100644
--- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
@@ -1,3 +1,12 @@
+{{- define "cozystack.defaultCiliumValues" -}}
+cilium:
+  k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
+  k8sServicePort: 6443
+  routingMode: tunnel
+  enableIPv4Masquerade: true
+  ipv4NativeRoutingCIDR: ""
+{{- end }}
+
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -31,12 +40,7 @@ spec:
     remediation:
       retries: -1
   values:
-    cilium:
-      k8sServiceHost: {{ .Release.Name }}.{{ .Release.Namespace }}.svc
-      k8sServicePort: 6443
-      routingMode: tunnel
-      enableIPv4Masquerade: true
-      ipv4NativeRoutingCIDR: ""
+    {{- toYaml (deepCopy .Values.addons.cilium.valuesOverride | mergeOverwrite (fromYaml (include "cozystack.defaultCiliumValues" .))) | nindent 4 }}
   dependsOn:
   {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
diff --git a/packages/apps/kubernetes/values.schema.json b/packages/apps/kubernetes/values.schema.json
index c69a30aa..7a2ac3d1 100644
--- a/packages/apps/kubernetes/values.schema.json
+++ b/packages/apps/kubernetes/values.schema.json
@@ -145,6 +145,16 @@
             }
           }
         },
+        "cilium": {
+          "type": "object",
+          "properties": {
+            "valuesOverride": {
+              "type": "object",
+              "description": "Custom values to override",
+              "default": {}
+            }
+          }
+        },
         "ingressNginx": {
           "type": "object",
           "properties": {
diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml
index 388c465b..805d5bec 100644
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -42,6 +42,12 @@ addons:
     enabled: false
     valuesOverride: {}
 
+  ## Cilium CNI plugin
+  ##
+  cilium:
+    ## @param addons.cilium.valuesOverride Custom values to override
+    valuesOverride: {}
+
   ## Ingress-NGINX Controller
   ##
   ingressNginx:
diff --git a/packages/apps/versions_map b/packages/apps/versions_map
index 749d92e0..b7c09ab7 100644
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -59,7 +59,8 @@ kubernetes 0.16.0 077045b0
 kubernetes 0.17.0 1fbbfcd0
 kubernetes 0.17.1 fd240701
 kubernetes 0.18.0 721c12a7
-kubernetes 0.19.0 HEAD
+kubernetes 0.19.0 93bdf411
+kubernetes 0.20.0 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e