Remove deprecated Argo CD application configurations and related files for noble cluster, including root-application.yaml, kustomization.yaml, and individual application manifests for argocd, cilium, longhorn, kube-vip, and monitoring components. Update kube-vip daemonset.yaml to enhance deployment strategy and environment variables for improved configuration.

2026-03-27 23:02:17 -04:00
parent 4263da65d8
commit d2c53fc553
37 changed files with 778 additions and 1042 deletions
--- a/clusters/noble/apps/cilium/values.yaml
+++ b/clusters/noble/apps/cilium/values.yaml
@@ -0,0 +1,44 @@
+# Cilium on Talos — phase 1: bring up CNI while kube-proxy still runs.
+# See README.md for install order (before MetalLB scheduling) and optional kube-proxy replacement.
+#
+# Chart: cilium/cilium — pin version in helm command (e.g. 1.16.6).
+# Ref: https://www.talos.dev/latest/kubernetes-guides/network/deploying-cilium/
+
+ipam:
+  mode: kubernetes
+
+kubeProxyReplacement: "false"
+
+# Host-network components cannot use kubernetes.default ClusterIP; Talos KubePrism (enabled by default)
+# on 127.0.0.1:7445 proxies to healthy apiservers and avoids flaky dials to cluster.controlPlane.endpoint (VIP).
+# Ref: https://www.talos.dev/latest/kubernetes-guides/configuration/kubeprism/
+k8sServiceHost: "127.0.0.1"
+k8sServicePort: "7445"
+
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+
+# Workaround: Talos host DNS forwarding + bpf masquerade can break CoreDNS; see Talos Cilium guide "Known issues".
+bpf:
+  masquerade: false