alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

feat: disable l2 announcement
Some checks failed
lint-test-helm / lint-helm (push) Successful in 15s
Details
render-manifests-push / render-manifests-push (push) Successful in 37s
Details
renovate / renovate (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-02-05 14:40:58 -06:00
parent d9c05c3407
commit 50fc9b4c57
4 changed files with 67 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
View File

@@ -1,18 +1,18 @@
apiVersion: "cilium.io/v2alpha1" # apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy # kind: CiliumL2AnnouncementPolicy
metadata: # metadata:
name: node-gateway-l2-policy # name: node-gateway-l2-policy
namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
labels: # labels:
app.kubernetes.io/name: node-gateway-l2-policy # app.kubernetes.io/name: node-gateway-l2-policy
app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
spec: # spec:
nodeSelector: # nodeSelector:
matchLabels: # matchLabels:
kubernetes.io/hostname: talos-ix7-xku # kubernetes.io/hostname: talos-ix7-xku
interfaces: # interfaces:
- end0 # - end0
- enp6s0 # - enp6s0
externalIPs: true # externalIPs: true
loadBalancerIPs: true # loadBalancerIPs: true

92
clusters/cl01tl/helm/cilium/templates/gateway.yaml
View File

@@ -1,46 +1,46 @@
apiVersion: gateway.networking.k8s.io/v1 # apiVersion: gateway.networking.k8s.io/v1
kind: Gateway # kind: Gateway
metadata: # metadata:
name: cilium-tls-gateway # name: cilium-tls-gateway
namespace: {{ .Release.Namespace }} # namespace: {{ .Release.Namespace }}
labels: # labels:
app.kubernetes.io/name: cilium-tls-gateway # app.kubernetes.io/name: cilium-tls-gateway
app.kubernetes.io/instance: {{ .Release.Name }} # app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} # app.kubernetes.io/part-of: {{ .Release.Name }}
annotations: # annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer # cert-manager.io/cluster-issuer: letsencrypt-issuer
io.cilium/lb-ipam-ips: "10.232.1.23" # io.cilium/lb-ipam-ips: "10.232.1.23"
spec: # spec:
addresses: # addresses:
- type: IPAddress # - type: IPAddress
value: 10.232.1.23 # value: 10.232.1.23
gatewayClassName: cilium # gatewayClassName: cilium
listeners: # listeners:
- allowedRoutes: # - allowedRoutes:
namespaces: # namespaces:
from: All # from: All
hostname: '*.alexlebens.net' # hostname: '*.alexlebens.net'
name: https # name: https
port: 443 # port: 443
protocol: HTTPS # protocol: HTTPS
tls: # tls:
certificateRefs: # certificateRefs:
- group: '' # - group: ''
kind: Secret # kind: Secret
name: https-gateway-cert # name: https-gateway-cert
namespace: kube-system # namespace: kube-system
mode: Terminate # mode: Terminate
- allowedRoutes: # - allowedRoutes:
namespaces: # namespaces:
from: All # from: All
hostname: 'alexlebens.net' # hostname: 'alexlebens.net'
name: https-domain # name: https-domain
port: 443 # port: 443
protocol: HTTPS # protocol: HTTPS
tls: # tls:
certificateRefs: # certificateRefs:
- group: '' # - group: ''
kind: Secret # kind: Secret
name: https-gateway-cert # name: https-gateway-cert
namespace: kube-system # namespace: kube-system
mode: Terminate # mode: Terminate

4
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -11,8 +11,8 @@ spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
kind: Gateway kind: Gateway
name: cilium-tls-gateway name: traefik-gateway
namespace: kube-system namespace: traefik
hostnames: hostnames:
- hubble.alexlebens.net - hubble.alexlebens.net
rules: rules:

2
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -26,7 +26,7 @@ cilium:
- SYS_ADMIN - SYS_ADMIN
- SYS_RESOURCE - SYS_RESOURCE
l2announcements: l2announcements:
enabled: true enabled: false
bgpControlPlane: bgpControlPlane:
enabled: false enabled: false
secretsNamespace: secretsNamespace: