fix: add cilium values for talos
This commit is contained in:
parent
4450ef0df9
commit
aabdcb93ee
GPG key ID:
FEC9E2FC15235964
1 changed files with 26 additions and 4 deletions
|
|
@ -17,13 +17,14 @@ spec:
|
|||
values:
|
||||
l2announcements:
|
||||
enabled: true
|
||||
leaseRetryPeriod: 5s
|
||||
leaseDuration: 300s
|
||||
leaseRenewDeadline: 10s
|
||||
# leaseRetryPeriod: 5s
|
||||
# leaseDuration: 300s
|
||||
# leaseRenewDeadline: 10s
|
||||
k8sClientRateLimit:
|
||||
qps: 43
|
||||
burst: 86
|
||||
kubeProxyReplacement: true
|
||||
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
||||
k8sServiceHost: 10.96.0.1
|
||||
k8sServicePort: 443
|
||||
devices: enp+ #0s31f6
|
||||
|
|
@ -33,7 +34,7 @@ spec:
|
|||
rollOutCiliumPods: true
|
||||
ipam:
|
||||
mode: kubernetes
|
||||
ipv4NativeRoutingCIDR: 10.42.0.0/16
|
||||
ipv4NativeRoutingCIDR: 10.244.0.0/16 # pod cidr
|
||||
autoDirectNodeRoutes: true
|
||||
routingMode: native
|
||||
localRedirectPolicy: true
|
||||
|
|
@ -45,3 +46,24 @@ spec:
|
|||
enabled: true
|
||||
ui:
|
||||
enabled: true
|
||||
# Required by talos
|
||||
securityContext:
|
||||
capabilities:
|
||||
ciliumAgent:
|
||||
- CHOWN
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- IPC_LOCK
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
- PERFMON
|
||||
- BPF
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- SETGID
|
||||
- SETUID
|
||||
cleanCiliumState:
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue