roles/k3s: update cilium config v1.13.0
This commit is contained in:
parent
e5407dcb11
commit
bb317a8685
@ -3,17 +3,20 @@ ip=$1
|
||||
|
||||
cat > /tmp/egress.yaml << EOF
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
kind: CiliumEgressGatewayPolicy
|
||||
metadata:
|
||||
name: egress-nat
|
||||
name: egress-nat-policy
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
role: egress-gateway
|
||||
egress:
|
||||
- {}
|
||||
egressNAT:
|
||||
- source: 10.42.0.0/16
|
||||
translation: $ip
|
||||
selectors:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
role: egress-gateway
|
||||
destinationCIDRs:
|
||||
- "0.0.0.0/0"
|
||||
egressGateway:
|
||||
nodeSelector:
|
||||
matchLabels:
|
||||
node.kubernetes.io/name: tky-connector.onwalk.net
|
||||
egressIP: $ip
|
||||
EOF
|
||||
kubectl apply -f /tmp/egress.yaml
|
||||
|
||||
@ -1,8 +1,9 @@
|
||||
mkdir -pv /opt/rancher/k3s
|
||||
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.24.7+k3s1 sh -s - \
|
||||
curl -sfL https://get.k3s.io | sh -s - \
|
||||
--disable=traefik \
|
||||
--flannel-backend=none \
|
||||
--disable-network-policy \
|
||||
--disable-kube-proxy \
|
||||
--write-kubeconfig-mode 644 \
|
||||
--write-kubeconfig ~/.kube/config \
|
||||
--data-dir=/opt/rancher/k3s \
|
||||
@ -21,19 +22,12 @@ sudo wget --no-check-certificate https://mirrors.onwalk.net/tools/linux-${ARCH}/
|
||||
sudo chmod 755 /usr/local/bin/helm
|
||||
|
||||
helm install cilium cilium/cilium --version 1.13.1 \
|
||||
--namespace kube-system \
|
||||
--set global.kubeProxyReplacement=strict \
|
||||
--set global.masquerade=false \
|
||||
--set global.nodePort.enabled=true \
|
||||
--set global.tunnel=disabled \
|
||||
--set nodeinit.enabled=true \
|
||||
--set nodeinit.reconfigureKubelet=true \
|
||||
--set cni.binPath=/opt/cni/bin \
|
||||
--set cni.customConf=true \
|
||||
--set cni.confTemplate=/etc/cilium/cilium-cni.conf.tmpl \
|
||||
--set hubble.enabled=true \
|
||||
--set hubble.listenAddress=":4244" \
|
||||
--set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}"
|
||||
--namespace kube-system \
|
||||
--set egressGateway.enabled=true \
|
||||
--set bpf.masquerade=true \
|
||||
--set kubeProxyReplacement=strict \
|
||||
--set operator.replicas=1 \
|
||||
--set l7Proxy=false
|
||||
|
||||
helm repo add artifact https://artifact.onwalk.net/chartrepo/k8s/ | echo true
|
||||
helm repo up
|
||||
|
||||
Loading…
Reference in New Issue
Block a user