change gateway settings

2024-08-22 10:59:25 -05:00
parent 2eafe1dd62
commit b2d32ec80e
3 changed files with 31 additions and 22 deletions
--- a/clusters/cl01tl/services/cert-manager/values.yaml
+++ b/clusters/cl01tl/services/cert-manager/values.yaml
@@ -3,10 +3,8 @@ cert-manager:
    enabled: true
    keep: true
  replicaCount: 2
-  config:
-    apiVersion: controller.config.cert-manager.io/v1alpha1
-    kind: ControllerConfiguration  
-    enableGatewayAPI: true
+  extraArgs:
+    - --enable-gateway-api
  prometheus:
    enabled: true
    servicemonitor:
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: default-l2-announcement-policy
+  namespace: cilium
+  labels:
+    app.kubernetes.io/name: default-l2-announcement-policy
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: network
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  interfaces:
+    - enp6s0
+  externalIPs: true
+  loadBalancerIPs: true
--- a/clusters/cl01tl/standalone/cilium/values.yaml
+++ b/clusters/cl01tl/standalone/cilium/values.yaml
@@ -1,6 +1,4 @@
 cilium:
-  k8sServiceHost: "localhost"
-  k8sServicePort: "7445"
  securityContext:
    capabilities:
      ciliumAgent:
@@ -23,27 +21,15 @@ cilium:
  envoy:
    securityContext:
      capabilities:
+        envoy:
+          - NET_ADMIN
+          - PERFMON
+          - BPF
        keepCapNetBindService: true
  enableK8sEndpointSlice: true
  enableCiliumEndpointSlice: false
  ingressController:
    enabled: false
-    default: true
-    loadbalancerMode: shared
-    enforceHttps: true
-    enableProxyProtocol: true
-    ingressLBAnnotationPrefixes: ['lbipam.cilium.io', 'nodeipam.cilium.io', 'service.beta.kubernetes.io', 'service.kubernetes.io']
-    defaultSecretNamespace: cilium
-    defaultSecretName: tls-secret
-    secretsNamespace:
-      create: false
-      name: cilium
-      sync: true
-    service:
-      name: cilium-ingress
-      type: LoadBalancer
-      insecureNodePort: 30000
-      secureNodePort: 30001
  gatewayAPI:
    enabled: true
    enableProxyProtocol: false
@@ -86,7 +72,16 @@ cilium:
    enabled: true
  ipv6:
    enabled: false
+  k8sServiceHost: "localhost"
+  k8sServicePort: "7445"
  kubeProxyReplacement: "true"
+  l2announcements:
+    enabled: true
+  externalIPs:
+    enabled: true
+  k8sClientRateLimit:
+    qps: 50
+    burst: 100
  prometheus:
    enabled: true
    port: 9962