50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
# Optional phase 2: kube-proxy replacement via Cilium + KubePrism (Talos apid forwards :7445 → :6443).
|
|
# Prerequisites:
|
|
# 1. Phase 1 Cilium installed and healthy; nodes Ready.
|
|
# 2. Add to Talos machine config on ALL nodes:
|
|
# cluster:
|
|
# proxy:
|
|
# disabled: true
|
|
# (keep cluster.network.cni.name: none). Regenerate, apply-config, reboot as needed.
|
|
# 3. Remove legacy kube-proxy objects if still present:
|
|
# kubectl delete ds -n kube-system kube-proxy --ignore-not-found
|
|
# kubectl delete cm -n kube-system kube-proxy --ignore-not-found
|
|
# 4. helm upgrade cilium ... -f values-kpr.yaml
|
|
#
|
|
# Ref: https://www.talos.dev/latest/kubernetes-guides/network/deploying-cilium/
|
|
|
|
ipam:
|
|
mode: kubernetes
|
|
|
|
kubeProxyReplacement: "true"
|
|
|
|
k8sServiceHost: localhost
|
|
k8sServicePort: "7445"
|
|
|
|
securityContext:
|
|
capabilities:
|
|
ciliumAgent:
|
|
- CHOWN
|
|
- KILL
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- IPC_LOCK
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
cleanCiliumState:
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_RESOURCE
|
|
|
|
cgroup:
|
|
autoMount:
|
|
enabled: false
|
|
hostRoot: /sys/fs/cgroup
|
|
|
|
bpf:
|
|
masquerade: false
|