fix: cilium config

Signed-off-by: Michael Fornaro <[email protected]>
xunholy · May 4, 2024 · e0a5c92 · e0a5c92
1 parent cf4c871
commit e0a5c92
Show file tree

Hide file tree

Showing 19 changed files with 515 additions and 379 deletions.
diff --git a/.github/renovate/autoMerge.json5 b/.github/renovate/autoMerge.json5
@@ -1,4 +1,5 @@
 {
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "packageRules": [
     {
       "description": "Auto Merge GitHub Actions",

diff --git a/.github/renovate/commitMessage.json5 b/.github/renovate/commitMessage.json5
@@ -1,4 +1,5 @@
 {
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "commitMessageTopic": "{{depName}}",
   "commitMessageExtra": "to {{newVersion}}",
   "commitMessageSuffix": "",

diff --git a/.github/renovate/labels.json5 b/.github/renovate/labels.json5
@@ -1,4 +1,5 @@
 {
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "packageRules": [
     {
       "matchUpdateTypes": ["major"],

diff --git a/.github/workflows/flux-diff.yaml b/.github/workflows/flux-diff.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Flux: Diff"
 
 on:

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Lint"
 
 on:

diff --git a/.github/workflows/oidc.yaml b/.github/workflows/oidc.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Example: GCP Workload identity Federation"
 
 on:

diff --git a/.github/workflows/publish-cluster-oci.yaml b/.github/workflows/publish-cluster-oci.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Publish OCI artifact"
 
 on:

diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Docs: Release to GitHub pages"
 
 on:

diff --git a/.github/workflows/publish-kubernetes-schemas.yaml b/.github/workflows/publish-kubernetes-schemas.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 # This Github Action is responsible for publishing Kubernetes schemas to an OCI registry.
 # It is triggered by a push to the main branch, a weekly schedule, or a manual dispatch.
 name: "Publish Kubernetes Schemas"

diff --git a/.github/workflows/schedule-renovate.yaml b/.github/workflows/schedule-renovate.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Schedule: Renovate"
 
 on:
@@ -24,13 +26,13 @@ on:
       - ".github/renovate/*"
 
 env:
-  LOG_LEVEL: debug
-  RENOVATE_DRY_RUN: false
+  LOG_LEVEL: "${{ inputs.logLevel || 'debug' }}"
+  RENOVATE_DRY_RUN: "${{ inputs.dryRun == true }}"
   RENOVATE_PLATFORM: github
   RENOVATE_PLATFORM_COMMIT: true
-  RENOVATE_ONBOARDING_CONFIG_FILE_NAME: .github/renovate.json5
   RENOVATE_AUTODISCOVER: true
   RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}"
+  WORKFLOW_RENOVATE_VERSION: "${{ inputs.version || 'latest' }}"
   RENOVATE_USERNAME: "${{ secrets.BOT_USERNAME }}[bot]"
   RENOVATE_GIT_AUTHOR: "${{ secrets.BOT_USERNAME }} <${{ secrets.BOT_USER_ID }}+${{ secrets.BOT_USERNAME }}[bot]@users.noreply.github.com>"
 
@@ -41,11 +43,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
-      - name: Override default config from dispatch variables
-        run: |
-          echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" >> "${GITHUB_ENV}"
-          echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "${GITHUB_ENV}"
-
       - name: Validate Renovate Configuration
         uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1
 
@@ -61,3 +58,4 @@ jobs:
         with:
           configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}"
           token: "x-access-token:${{ steps.generate-token.outputs.token }}"
+          renovate-version: "${{ env.WORKFLOW_RENOVATE_VERSION }}"
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Terraform: Plan And Apply"
 
 on:

diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml
@@ -1,3 +1,5 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: "Flux: Run E2E Tests In KIND"
 
 on:

diff --git a/kubernetes/namespaces/base/kube-system/cilium/app/1.14.x.yaml b/kubernetes/namespaces/base/kube-system/cilium/app/1.14.x.yaml
@@ -36,9 +36,9 @@ imagePullSecrets:
 # @default -- `"~/.kube/config"`
 # kubeConfigPath: ""
 # -- (string) Kubernetes service host
-k8sServiceHost: 192.168.50.200
+k8sServiceHost: localhost
 # -- (string) Kubernetes service port
-k8sServicePort: 6443
+k8sServicePort: 7445
 
 cluster:
   # -- Name of the cluster. Only required for Cluster Mesh and mutual authentication with SPIRE.

diff --git a/talos/generated/controlplane.enc.yaml b/talos/generated/controlplane.enc.yaml
diff --git a/talos/generated/node.enc.yaml b/talos/generated/node.enc.yaml
diff --git a/talos/generated/talosconfig.enc.yaml b/talos/generated/talosconfig.enc.yaml
@@ -2,18 +2,18 @@ context: talos-default
 contexts:
     talos-default:
         endpoints:
-            - 192.168.50.200
-        ca: ENC[AES256_GCM,data:bWojgek/wyqM5O0G6na1EkanskCc+xGJF2+pEZ5JNXI1ru55X4ttQaTnd4Y72609PRrn8eJBKuvv30wIG8ovnRAuGt59C05NYDPRu1GdIZmGvjrF+5sl1jWbt8kUh7c7jMds/alExSbpO6TCXq8UuSTki9U6X5N0wI494ZkqoGmLI0YoLxNzJOdLYvVK+wLOwhtpbmoE4aoKGwiIpkNdlx5Ddf22xJjKTeuE56kQUH9wjXgOgvzIe5WCnQsojICpkJ5YBHIsiYdQU0Tt89OneNl8h4ew78zb1bIe3inUvwq8KGJEN55sH36kgDm1nI6tVz+ImDEHDdOJgf40bisSiyFtuNNSHRCa7N7TbWQ4Sg5poe7rQLUxZ/Y3VmAsP7hTBGs3RprBKInBDf+gxwd439oGLfD/U48lADvZF7SObhylCa0Uljhe8a8NcXHmltu/0zmk/zlGI+GMMJsQV9xYDLZDGK7IdyFoAgnQf+Hmvw4aQdxWSMLIorjS9pqzyJUfApHfGGWpgh4U7EtWahXAiS9/mzfv2aSrGyM0laTUFcpaUZfORL3plEcIr+++uCZUdQPlGxi1m5J1OXR1EoP7VzWp6+Qyw3aosXlorPKHisam2MkU9DqtXvLkZJr8CXlZX023v2e/5fhrRt5ff5BqH8jmun1aYfzZ0ID5v9vxaxC8WCMwcbaE7av0lpEmMM5bBsGAOf3n+M8OavK0DPTsF2/qMDnQoTTT6RZxFcD6WYyoMA+6grRHMaTU1xX43aSOum8kHrn6eiv8CG52IV6GmZhXGkem9szzelibFYz8kNvI6tGbylOH6E6mzI02SqW/FLc0iwQvqCdcNzTiSqvUP72GYnBfVHM2oPxCt2Kd+BKrt+6l,iv:krGgL7t1/icXmENB5sZl6b4I3OnlXmXE3b+pDDMkyMU=,tag:OmRdpRbWBEl2W71Gn7cd9A==,type:str]
-        crt: ENC[AES256_GCM,data:r/MPMUPcfjR0hKDx14SE37OzL53yzzz5RbSAYlSwsX7N9VCwl2dGKHRYqpGcGEu0e7/mCgyYZnbfxGBg9rUuEUKmQAWmOXJ3cHrJjS2WBmdxzyVOobgu1IsspcUl6nvZxr8Bx/CobI47uTYsGdZhz1/UbvvHkpGeBYEpkyT8v2BJEd1sabx8Ail6mrHPqSovgqWdD1QykOImWtNSyAgmA/1aZOVrCDeboRJ8PDTTxUGhABnfMy9YAAqvlL0YIRhnu7EB/7kp+/5yoapTV5k2EIv1SM/jCf1zLAbDlbXXruWn7maN8141BrJdTXurftaQr/TAdOCUaBYc5/RAfocB15mORV1oh6uYS2jau8U5F5pQlTUWPlak9UUNmgj55eQO8vdUC2PdIOqVnY+m7ZyQfM4CqeWNfO8251rXGXkcGBi6Nt7+XGo1mn72/sHd6j29GpFTq+uHJYSeR8qwJO/PPkdxFcy1I66WDSCy1aFynIAMYc1p85HJFRuqa9wfwlfDR1ZfxRhdzMXYBFPvGCxyLpYbGiUznPalbhDfkCtF10hAFKNjr6tQHj8SiLvclF2ok3VhUhdP7zACIb6zHawSXRSDzn2OOwMvCQVFjo6wnv1nye1TIHFZw5nWvTwQr5/a1eiE9uTPZQNYEVCpAQZYwuTgJjAKfCYtCf1chqpnLkzbyqEmre07hPERP4sWad0rvzGlHx5hxpiJN8bW8oDQSScVBoWTmxbtfcwQW6ad9BsdH/3ubbWIxjsyohQiWXFI+uwtB7f4vmpYyy8IcBXGZ/f9MmedauxuMOUvjmMz+0ZOuXMJTcLo4w==,iv:aIqZUCUy1rVSou+jKW6VRyFkejqUnQ9qMBjb0E9T860=,tag:QLb8mkjMEVBcjo8DHXqgwg==,type:str]
-        key: ENC[AES256_GCM,data:L/k+CrAozQsBzHuS0+EDTPSECMBCbR4I8T2+k7mbdGZafI8v1QIlFpLzM1CRLaGrmzHWRIuDKCizczOMk8f2Jr7ySJK7vfz83ShkKba/NR0FY24HHW+vfJLwH+QeHKrmmYTzpTm/o85uesWTTM4f2Rs7+18CmxEJeU95gfV6OlDSGmvhobAEYPy/icd1m3DZUtm8Q/R9zPdTVL84RymFFGdC3oXLNp7JuyK+evVUuNLke9C1,iv:hMBpAc2q8lLN6s+GGB4ZEfPYuKuHE1NZ+949AhxpO44=,tag:/ueGsIEhFI7OuRL2HyoMLA==,type:str]
+            - 127.0.0.1
+        ca: ENC[AES256_GCM,data:DhO5VdKzXxHZ0oLlerIFbTJlcW6OI3UBMdEHRE1d50/AwK9EP9ArfR0ZZ6Espi9ei7iS1uuWerN661a090xBgxikRoWi4HEkIVyx8HuinVdMPFDB6AsvR95ymzzpgdN/PfB++0APXgL0adiAe3zIZFtgaWtctVNMPInqkrbzyD8ouGOT8FipqYqd8JKm+F80yxL5X3Zc1mitu4ugIJNUCs6kRFdBG35TS0MUCoSF3P80oSKtRRBKz9qgoguUQ7G9h//Pe79YBlsVxwEPl+8VTMxrS+ku/nPk1D52JquGfQH1yTMAxFtSM2mdH4kEL6RqSxaC849WGLzCzc3UG5jHZYIGbeX2RLG1/HzOo9wrVnrcQX8H0zSEGYSEQVVY0WaF440hqXuDwG4cSLL6JGvm1aL/1Xgf3A2pML1MPz4kbIUSOTGPNH6R4gh6VkbhqGKNoEjTVNOpxFJjnYK/R5kn/RQcF5xq7sKjPXSpyhNrpzzkQ2H86b+QrolOlKx5Fu/tQQr+qZPizoXEbwf31v0Cex1Akylcgy7dvl1Xfwwmr5id2rGUZRO9RmclpykccQ0S96JTTlpIJ7wpyGVUWzoK8Q+JKNn0jvRUKldGWWPJTt6XzkP1U//eEOs3e8yOfy787yE66TC4o+69v4ESCsBK2Ys1PlM/lIRMg7cmvRTB1q8bkFB1sFh2MKaAfHt2twGySoEkIl9xUh4XDgo+fRlBb4ElEGy4R1XqGPElxuc2AMXrbgJMwWjwKBQIBW63FcPO656bbgAwMNR8FPYKwMwE3N3q2B3e68Qw8iV0IBdpDz+s/c8PLdk14THzb5D5ZP1nc+XxqJrXd1Jd5uq/iq+E+lqORQtK4E+cfqltRd8TVouAByQn,iv:QAEU1Lt4SOXR1C8roW7mOGBH16poDpCubC976X2iFIU=,tag:PuPdtDMBgM0xgbmr4Fsa0g==,type:str]
+        crt: ENC[AES256_GCM,data:Wwq1QjTUTRtB3BAjNIyyxMHHRQQ1CrwYeePE2Ly9agJrK0dByG5qZtLhagI1Ou5baGV2g0heUyQeI7FRwCJ67c5kwPJF6gMitAOj/AQ9m2zCvcg0cALsH3qAzGuQ52do2mIz+kn/oGGR40MlHifjdR5VMs8ETAus42MfN79WZ2kQou47TBDTf0MERT5Fj+5YzVzjS8VqF1KnquTQ0P9WgspE0RKkgrf41Wr4hEoFNFCSzkcdWbTP0cOrZic2iJTbxbB0+Tr8U+VI8uhGM9EMc3rrLYgmjOGfLRlPnBHY5oKpv+m+8DxIImb/lpmearJohXnyaiTjaMR3MkriYSkkbHTAtYHBpC91mSjN4puk2S0Xj2D+u3XRwxcv8Kwcz9uyYkWKUvbAEdaYio2rgnfTpHsjcmIn4+8NEjfwiOmXSSgof7GDqvyq0myqupplhMkmGhyUOtUU7uiHE/Nr2Ah/5C68YaCkeHnrkE5RxPml76/51poIBWevG+E3zTiVs+Jh8bpmlAJbuz3FuL6tXgdtd2/6edhbjo56CD1mIPEQWNE46urWAuH2YdEjYVCrg2sUFJfyRM3aq9Si3doeoZAsXXuuxMoBV5FGtQD7xrrw6tC5GZSp3Jybjz+VkA4rPNE87o8mmAhPpbsp8Fle3J2VgkTDl3AviiAQOE4CKMZHGH+MooOmkvtEc8zw7CLScguLYxNqHCKHdlwWh1ZmXEBypvWLtoOeoBrwNLoza0pBT7T/zGaYihnCrOooRvtlV5WA5Xcyc0CZtSn8/egPqj6/sBrV6x1HWPMjF+Fic1ahMpPAvVolLWeurQ==,iv:xuUp2c9X70ZPKIOu2LNhu0sG2ZaMJ+FjHTwhhIb6ecQ=,tag:bO/1spiIxNuetN5On8CwQw==,type:str]
+        key: ENC[AES256_GCM,data:EtOYqikMIcpjrN4nN6c9nHdAx2tVpfgUiGjb3sLu9HgUdq24GzFxW7RoZGFsatIq5p72x+axKUUNXYMgWE4p6CtfZG4f6mzFhpS3MWbFrGoND1QJdghF86+7IYwptN3alZ73N43powd1okd8/hnkFmVLJVvVPaztjpySTynbkGUypqvESu7mk0oFqWNj9GmYWOIA8shICOcrluV57HAdU3CTIfhPen90pdcqb5M2ahQj4pLa,iv:5VXvmN6ZxhEsQ39reJE+LaAYNXtZFT7syxxOCqQm+7Q=,tag:Q71BJfpw1ift5o6h3wJt3Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-03-02T07:39:53Z"
-    mac: ENC[AES256_GCM,data:MzFTl8Sf4RmOzVdn/VLWFVCHncyU3LNNO2LsJ9zuH1HaN3UNt5qGqU3ECxWp9jG7hdYbwzx0UfhptyHYG3QXQdDA36QDKtbl0MmRqF/GdWXxQy2XT3KHrvUTSjNLH3r9l7Gsw4t4vyFbOgj25wBEHBmkiQZzP+dfjw0vUJJBBsk=,iv:KXt+ydJZRK4boWcgwK8pqWHFw1Gl/DVZKE+DrxQa+6A=,tag:zvF8FIm90SpyIUAZJW+/CQ==,type:str]
+    lastmodified: "2024-05-04T23:34:43Z"
+    mac: ENC[AES256_GCM,data:cy3km17xKtsEv9/8b/DhtXmB+yueEaUr95MnYaDDgx750rg/l3P+abX2zzG1AXPdWh9NrjsSID6g9BK1g4pbrvUaV9r1g/Gr/qVFfdZV6D6K/z+tqhNF+jy4PC90bk5Pbm6VEhapRn2RzK3eEOJf3iDZLQyplJNTJL1nr3hMJNI=,iv:50xOxcGA7t2vssvHJ/hPMeUQYt9zcHT5Slu6Se1ShVc=,tag:7l9BbC3HK+5gR83irBKXxw==,type:str]
     pgp:
         - created_at: "2023-03-02T05:49:10Z"
           enc: |

diff --git a/talos/integrations/cilium/README.md b/talos/integrations/cilium/README.md
@@ -14,9 +14,9 @@ helm repo add cilium https://helm.cilium.io/
 
 ```bash
 helm install cilium cilium/cilium \
-  --version=1.12.1 \
+  --version=1.14.5 \
   --namespace=kube-system \
-  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.12.1.yaml
+  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.14.5.yaml
 ```
 
 Post successful installation of Cilium it's option to run the Cilium network connectivity tests
@@ -27,9 +27,9 @@ Upgrade path
 
 ```bash
 helm upgrade cilium cilium/cilium \
-  --version 1.21.1 \
+  --version 1.14.5 \
   --namespace=kube-system \
-  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.12.1.yaml
+  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.14.5.yaml
 ```
 
 ## Service Mesh
@@ -45,18 +45,18 @@ helm upgrade -n kube-system cilium ./install/kubernetes/cilium --values=../k8s-g
 
 ```bash
 helm template cilium/cilium \
-  --version=1.12.1 \
+  --version=1.14.5 \
   --namespace=kube-system \
-  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.12.1.yaml > kubernetes/namespaces/base/kube-system/cilium/install/cilium-1-12-1.yaml
+  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.14.5.yaml > kubernetes/namespaces/base/kube-system/cilium/install/cilium-1-12-1.yaml
 ```
 
 ```bash
 flux create helmrelease cilium \
   --source=HelmRepository/cilium-chart \
   --namespace=kube-system \
   --chart=cilium \
-  --chart-version=1.12.1 \
-  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.12.1.yaml \
+  --chart-version=1.14.5 \
+  --values=kubernetes/namespaces/base/kube-system/cilium/install/1.14.5.yaml \
   --export > kubernetes/namespaces/base/kube-system/cilium/install/helmrelease.yaml
 ```