Closed MichaelCade closed 3 months ago
Kargo on main [!] via usrbinkat@dev via 🐍 v3.10.12
🐋 ❯ cilium install \
--helm-set=ipam.mode=kubernetes \
--helm-set=kubeProxyReplacement=true \
--helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
--helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
--helm-set=cgroup.autoMount.enabled=false \
--helm-set=cgroup.hostRoot=/sys/fs/cgroup \
--helm-set=k8sServiceHost=localhost \
--helm-set=k8sServicePort=7445 --dry-run-helm-values
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
cluster:
name: optiplexprime.kargo.dev
ipam:
mode: kubernetes
k8sServiceHost: 192.168.1.40
k8sServicePort: 6443
kubeProxyReplacement: strict
operator:
replicas: 1
routingMode: tunnel
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
serviceAccounts:
cilium:
name: cilium
operator:
name: cilium-operator
tunnelProtocol: vxlan
deploying via cilium cli with these flags and helm chart values works as expected per docs.
https://www.talos.dev/v1.6/kubernetes-guides/network/deploying-cilium/
Currently working with these values:
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
cluster:
name: kargo
cni:
install: true
externalIPs:
enabled: true
gatewayAPI:
enabled: true
hostPort:
enabled: true
hostServices:
enabled: false
image:
pullPolicy: IfNotPresent
ipam:
mode: kubernetes
k8sServiceHost: localhost
k8sServicePort: 7445
kubeProxyReplacement: strict
nodePort:
enabled: true
operator:
replicas: 1
routingMode: tunnel
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
serviceAccounts:
cilium:
name: cilium
operator:
name: cilium-operator
tunnelProtocol: vxlan
Added ingress
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
cluster:
name: talos-metal
devices: br0
externalIPs:
enabled: true
ingressController:
default: true
enabled: true
loadbalancerMode: shared
ipam:
mode: kubernetes
k8sServiceHost: 192.168.169.210
k8sServicePort: 6443
kubeProxyReplacement: strict
l2announcements:
enabled: true
operator:
replicas: 1
routingMode: tunnel
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
serviceAccounts:
cilium:
name: cilium
operator:
name: cilium-operator
tunnelProtocol: vxlan