From b2d32ec80ed0e9a024abd67417d043f4892f53b2 Mon Sep 17 00:00:00 2001 From: alexlebens Date: Thu, 22 Aug 2024 10:59:25 -0500 Subject: [PATCH] change gateway settings --- .../cl01tl/services/cert-manager/values.yaml | 6 ++-- .../cilium-l2-announcement-policy.yaml | 16 ++++++++++ clusters/cl01tl/standalone/cilium/values.yaml | 31 ++++++++----------- 3 files changed, 31 insertions(+), 22 deletions(-) create mode 100644 clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml diff --git a/clusters/cl01tl/services/cert-manager/values.yaml b/clusters/cl01tl/services/cert-manager/values.yaml index f02e0d5c8..43ffbf7ca 100644 --- a/clusters/cl01tl/services/cert-manager/values.yaml +++ b/clusters/cl01tl/services/cert-manager/values.yaml @@ -3,10 +3,8 @@ cert-manager: enabled: true keep: true replicaCount: 2 - config: - apiVersion: controller.config.cert-manager.io/v1alpha1 - kind: ControllerConfiguration - enableGatewayAPI: true + extraArgs: + - --enable-gateway-api prometheus: enabled: true servicemonitor: diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml new file mode 100644 index 000000000..c6a04fd6a --- /dev/null +++ b/clusters/cl01tl/standalone/cilium/templates/cilium-l2-announcement-policy.yaml @@ -0,0 +1,16 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: default-l2-announcement-policy + namespace: cilium + labels: + app.kubernetes.io/name: default-l2-announcement-policy + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: network + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + interfaces: + - enp6s0 + externalIPs: true + loadBalancerIPs: true diff --git a/clusters/cl01tl/standalone/cilium/values.yaml b/clusters/cl01tl/standalone/cilium/values.yaml index 3fdc65bd1..6f8d77c7d 100644 --- a/clusters/cl01tl/standalone/cilium/values.yaml +++ b/clusters/cl01tl/standalone/cilium/values.yaml @@ -1,6 +1,4 @@ cilium: - k8sServiceHost: "localhost" - k8sServicePort: "7445" securityContext: capabilities: ciliumAgent: @@ -23,27 +21,15 @@ cilium: envoy: securityContext: capabilities: + envoy: + - NET_ADMIN + - PERFMON + - BPF keepCapNetBindService: true enableK8sEndpointSlice: true enableCiliumEndpointSlice: false ingressController: enabled: false - default: true - loadbalancerMode: shared - enforceHttps: true - enableProxyProtocol: true - ingressLBAnnotationPrefixes: ['lbipam.cilium.io', 'nodeipam.cilium.io', 'service.beta.kubernetes.io', 'service.kubernetes.io'] - defaultSecretNamespace: cilium - defaultSecretName: tls-secret - secretsNamespace: - create: false - name: cilium - sync: true - service: - name: cilium-ingress - type: LoadBalancer - insecureNodePort: 30000 - secureNodePort: 30001 gatewayAPI: enabled: true enableProxyProtocol: false @@ -86,7 +72,16 @@ cilium: enabled: true ipv6: enabled: false + k8sServiceHost: "localhost" + k8sServicePort: "7445" kubeProxyReplacement: "true" + l2announcements: + enabled: true + externalIPs: + enabled: true + k8sClientRateLimit: + qps: 50 + burst: 100 prometheus: enabled: true port: 9962