mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-11 17:31:58 +01:00
8e492c9450
Signed-off-by: magic_rb <magic_rb@redalder.org>
55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
{
|
|
fetchFromGitHub,
|
|
runCommandNoCC,
|
|
kubernetes-helm,
|
|
formats,
|
|
lib,
|
|
}: let
|
|
inherit
|
|
(lib)
|
|
getExe'
|
|
;
|
|
ciliumSrc =
|
|
fetchFromGitHub {
|
|
owner = "cilium";
|
|
repo = "cilium";
|
|
rev = "v1.15.0";
|
|
hash = "sha256-xJFwBCnJemskm42/J4JNYrMO47REUYfc51bTJqckA7g=";
|
|
}
|
|
+ "/install/kubernetes/cilium";
|
|
|
|
extractHelmChart = helmChart: values: name: attrs:
|
|
runCommandNoCC (name + ".yaml") attrs ''
|
|
${getExe' kubernetes-helm "helm"} template --namespace kube-system -f ${(formats.json {}).generate "values.yaml" values} ${ciliumSrc} | sed 's~path: /lib/modules~path: /run/booted-system/kernel-modules~'> $out
|
|
'';
|
|
in
|
|
extractHelmChart ciliumSrc {
|
|
kubeProxyReplacement = true;
|
|
operator.replicas = 1;
|
|
containerRuntime.integration = "containerd";
|
|
# needed to install cni
|
|
securityContext.privileged = true;
|
|
cni.install = true;
|
|
cni.binPath = "/run/cilium/cni";
|
|
|
|
# helps the tests
|
|
hubble.relay.enabled = "true";
|
|
hubble.ui.enabled = "true";
|
|
|
|
# seems to pass the tests, this is needed, the nginx one doesn't cut it
|
|
ingressController.enabled = true;
|
|
ingressController.loadbalancerMode = "shared";
|
|
|
|
# https://github.com/cilium/cilium/issues/28837
|
|
localRedirectPolicy = "true";
|
|
bpf.masquerade = "true";
|
|
envoy.enabled = "true";
|
|
|
|
ipam = {
|
|
mode = "cluster-pool";
|
|
operator = {
|
|
clusterPoolIPv4PodCIDRList = ["10.64.52.0/22"];
|
|
clusterPoolIPv4MaskSize = 22;
|
|
};
|
|
};
|
|
} "cilium" {}
|