Update Cilium application.yaml to enhance ignoreDifferences for cilium-operator Deployment and improve Helm sync handling. Modify kube-vip daemonset.yaml to adjust VIP interface and add new environment variables for better configuration. Update README.md with troubleshooting tips for kube-vip and Helm upgrade conflicts.

2026-03-27 19:29:54 -04:00
parent ae5bfdf2f7
commit 4263da65d8
3 changed files with 79 additions and 15 deletions
--- a/clusters/noble/apps/cilium/application.yaml
+++ b/clusters/noble/apps/cilium/application.yaml
@@ -7,8 +7,8 @@ metadata:
    argocd.argoproj.io/sync-wave: "0"
 spec:
  project: default
-  # Helm TLS material for Hubble is rotated/generated; Argo SSA and CLI helm
-  # upgrades both touch Secret data and cause apply conflicts unless ignored.
+  # Argo SSA vs CLI helm: ignore generated TLS and fields Argo commonly owns so
+  # RespectIgnoreDifferences can skip fighting Helm on sync.
  ignoreDifferences:
    - group: ""
      kind: Secret
@@ -16,6 +16,13 @@ spec:
      namespace: kube-system
      jqPathExpressions:
        - .data
+    - group: apps
+      kind: Deployment
+      name: cilium-operator
+      namespace: kube-system
+      jsonPointers:
+        - /spec/replicas
+        - /spec/strategy/rollingUpdate/maxUnavailable
  destination:
    server: https://kubernetes.default.svc
    namespace: kube-system
--- a/clusters/noble/apps/kube-vip/vip-daemonset.yaml
+++ b/clusters/noble/apps/kube-vip/vip-daemonset.yaml
@@ -23,6 +23,8 @@ spec:
        - key: node-role.kubernetes.io/master
          operator: Exists
          effect: NoSchedule
+        - operator: Exists
+          effect: NoExecute
      containers:
        - name: kube-vip
          image: ghcr.io/kube-vip/kube-vip:v0.8.3
@@ -36,17 +38,32 @@ spec:
              value: "192.168.50.230"
            - name: port
              value: "6443"
+            # Physical uplink from `talosctl -n <cp-ip> get links` (this cluster: ens18).
            - name: vip_interface
-              value: "eth0"
+              value: "ens18"
+            - name: vip_subnet
+              value: "32"
+            - name: vip_leaderelection
+              value: "true"
            - name: cp_enable
              value: "true"
+            - name: cp_namespace
+              value: "kube-system"
            - name: svc_enable
              value: "true"
-            - name: servicesElection
+            # Env is svc_election (not servicesElection); see pkg/kubevip/config_envvar.go
+            - name: svc_election
              value: "true"
+            - name: vip_leaseduration
+              value: "5"
+            - name: vip_renewdeadline
+              value: "3"
+            - name: vip_retryperiod
+              value: "1"
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - NET_RAW
+                - SYS_TIME