From a15d1f66784822f331a05bf7ce2035d9d0160da9 Mon Sep 17 00:00:00 2001 From: Archisman Date: Tue, 20 Aug 2024 20:49:23 +0530 Subject: [PATCH 1/5] Updating Cilium version to 1.16.0 in ClusterAPI HelmChartProxy Signed-off-by: Archisman --- argocd-helm-charts/capi-cluster/templates/cilium.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/argocd-helm-charts/capi-cluster/templates/cilium.yaml b/argocd-helm-charts/capi-cluster/templates/cilium.yaml index 25a319a5d..468c9bd71 100644 --- a/argocd-helm-charts/capi-cluster/templates/cilium.yaml +++ b/argocd-helm-charts/capi-cluster/templates/cilium.yaml @@ -12,7 +12,7 @@ spec: chartName: cilium namespace: cilium releaseName: cilium - version: 1.15.3 + version: 1.16.0 options: waitForJobs: true wait: true From d924b26c738e63b29a048a7bfbc193b7ab0946d2 Mon Sep 17 00:00:00 2001 From: Archisman Date: Tue, 20 Aug 2024 20:51:17 +0530 Subject: [PATCH 2/5] Adding Cilium specific CNI ingress rules in AWSCluster for ClusterAPI Signed-off-by: Archisman --- .../charts/aws/templates/AWSCluster.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/argocd-helm-charts/capi-cluster/charts/aws/templates/AWSCluster.yaml b/argocd-helm-charts/capi-cluster/charts/aws/templates/AWSCluster.yaml index c4a86d715..6551133e9 100644 --- a/argocd-helm-charts/capi-cluster/charts/aws/templates/AWSCluster.yaml +++ b/argocd-helm-charts/capi-cluster/charts/aws/templates/AWSCluster.yaml @@ -11,5 +11,19 @@ spec: network: vpc: cidrBlock: {{ .Values.vpc.cidrBlock }} + cni: + cniIngressRules: + - description: Cilium + protocol: "tcp" + fromPort: 4240 + toPort: 4240 + - description: Cilium VXLAN overlay + protocol: "udp" + fromPort: 8472 + toPort: 8472 + - description: Cilium health checks + protocol: "icmp" + fromPort: 8 + toPort: 8 controlPlaneLoadBalancer: loadBalancerType: {{ .Values.controlPlane.loadBalancerType }} From 31bc6afa575c485abdc15613dd21413aa9761fa2 Mon Sep 17 00:00:00 2001 From: Archisman Date: Tue, 20 Aug 2024 20:54:17 +0530 Subject: [PATCH 3/5] Updating CertManager version and enabling CertManager CRDs to be installed - in HelmChartProxy for ClusterAPI Signed-off-by: Archisman --- argocd-helm-charts/capi-cluster/templates/cert-manager.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/argocd-helm-charts/capi-cluster/templates/cert-manager.yaml b/argocd-helm-charts/capi-cluster/templates/cert-manager.yaml index 410e5fd8f..0cbea9961 100644 --- a/argocd-helm-charts/capi-cluster/templates/cert-manager.yaml +++ b/argocd-helm-charts/capi-cluster/templates/cert-manager.yaml @@ -11,10 +11,13 @@ spec: chartName: cert-manager namespace: cert-manager releaseName: cert-manager - version: v1.14.3 + version: v1.15.2 options: waitForJobs: true wait: true timeout: 5m0s install: createNamespace: true + valuesTemplate: | + crds: + enabled: true From 3ec5e9c3bae5a8b9c8eea5d43157e98fef54ba7e Mon Sep 17 00:00:00 2001 From: Archisman Date: Tue, 20 Aug 2024 20:55:33 +0530 Subject: [PATCH 4/5] Removing unnecessary ClusterAPI HelmChartProxy Signed-off-by: Archisman --- .../capi-cluster/templates/cluster-api.yaml | 30 ------------------- 1 file changed, 30 deletions(-) delete mode 100644 argocd-helm-charts/capi-cluster/templates/cluster-api.yaml diff --git a/argocd-helm-charts/capi-cluster/templates/cluster-api.yaml b/argocd-helm-charts/capi-cluster/templates/cluster-api.yaml deleted file mode 100644 index c99e7e6cf..000000000 --- a/argocd-helm-charts/capi-cluster/templates/cluster-api.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: addons.cluster.x-k8s.io/v1alpha1 -kind: HelmChartProxy -metadata: - name: cluster-api-{{ .Values.global.clusterName }} - namespace: capi-cluster-{{ .Values.global.customerid }} -spec: - clusterSelector: - matchLabels: - cluster.x-k8s.io/name: {{ .Values.global.clusterName }} - repoURL: https://kubernetes-sigs.github.io/cluster-api-operator - chartName: cluster-api-operator - namespace: cluster-api - releaseName: cluster-api - version: 0.10.1 - options: - waitForJobs: true - wait: true - timeout: 5m0s - install: - createNamespace: true - valuesTemplate: | - addon: helm - bootstrap: kubeadm:{{ .Values.global.clusterAPI.version }} - controlPlane: kubeadm:{{ .Values.global.clusterAPI.version }} - core: cluster-api:{{ .Values.global.clusterAPI.version }} - {{- if (.Values.global.capa).version }} - infrastructure: aws:{{ .Values.global.capa.version }} - {{- else if (.Values.global.caph).version }} - infrastructure: hetzner:{{ .Values.global.caph.version }} - {{- end }} From 9c22d854146887828bfd20a7eddab9c268784ddd Mon Sep 17 00:00:00 2001 From: Archisman Date: Tue, 20 Aug 2024 20:58:58 +0530 Subject: [PATCH 5/5] Adding commented out code for Cilium NetKit support Signed-off-by: Archisman --- argocd-helm-charts/capi-cluster/templates/cilium.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/argocd-helm-charts/capi-cluster/templates/cilium.yaml b/argocd-helm-charts/capi-cluster/templates/cilium.yaml index 468c9bd71..60ce23c21 100644 --- a/argocd-helm-charts/capi-cluster/templates/cilium.yaml +++ b/argocd-helm-charts/capi-cluster/templates/cilium.yaml @@ -30,6 +30,17 @@ spec: mode: "kubernetes" rollOutCiliumPods: true priorityClassName: "system-node-critical" + + # Uncomment to enable Cilium NetKit feature. + # NOTE : Works for Linux Kernel version 6.7 and above. + # routingMode: native + # bpf: + # masquerade: true + # datapathMode: netkit + # autoDirectNodeRoutes: true + # ipv4NativeRoutingCIDR: {{`{{ .AWSCluster.spec.network.vpc.cidrBlock }}`}} + # directRoutingSkipUnreachable: true + hubble: metrics: enabled: