init

2025-06-23 23:05:28 +07:00
commit e8f9d2bbe7
42 changed files with 14772 additions and 0 deletions
--- a/talos-k8s/cilium/ippool.yaml
+++ b/talos-k8s/cilium/ippool.yaml
@@ -0,0 +1,7 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: pool
+spec:
+  blocks:
+    - cidr: 192.168.23.21/32
--- a/talos-k8s/cilium/l2-announcement-policy.yaml
+++ b/talos-k8s/cilium/l2-announcement-policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: policy1
+spec:
+  serviceSelector:
+    matchLabels:
+      color: blue
+  nodeSelector:
+    matchExpressions:
+      - key: node-role.kubernetes.io/control-plane
+        operator: DoesNotExist
+  interfaces:
+    - ^eth+
+  externalIPs: true
+  loadBalancerIPs: true
--- a/talos-k8s/cilium/values.yaml
+++ b/talos-k8s/cilium/values.yaml
@@ -0,0 +1,35 @@
+ipam:
+  mode: kubernetes
+kubeProxyReplacement: true
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+k8sServiceHost: 192.168.23.20
+k8sServicePort: 6443
+l2announcements:
+  enabled: true
+devices: ens+
+hubble:
+  relay:
+    enabled: true
+  ui:
+    enabled: true