wip on cilium, squash

arichtman · Apr 27, 2024 · 3179de1 · 3179de1
1 parent 4d3ed60
commit 3179de1
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/cilium.yaml b/cilium.yaml
@@ -0,0 +1,5 @@
+cni:
+  confPath: /run/cni/net.d
+# ipv6:
+#   enbabled: true
+kubeProxyReplacement: "true"
diff --git a/modules/nixos/worker-node/default.nix b/modules/nixos/worker-node/default.nix
@@ -15,6 +15,9 @@ in
       networking.firewall.allowedTCPPorts = [
         # Kubelet access
         10250
+        # Cilium
+        # 4245
+        # 4240
       ];
       services = {
         kubernetes = {
@@ -31,13 +34,18 @@ in
               --rotate-server-certificates \
               --rotate-certificates \
             '';
+            # Cilium
+            # cni.configDir = "/run/cni/net.d";
+            # cni.config = [];
             kubeconfig = {
               certFile = "${config.services.kubernetes.secretsPath}/kubelet-apiserver-client.pem";
               keyFile = "${config.services.kubernetes.secretsPath}/kubelet-apiserver-client-key.pem";
               caFile = config.services.kubernetes.caFile;
             };
           };
           proxy = {
+            # Cilium
+            # enable = false;
             kubeconfig = {
               certFile = "${config.services.kubernetes.secretsPath}/proxy-apiserver-client.pem";
               keyFile = "${config.services.kubernetes.secretsPath}/proxy-apiserver-client-key.pem";

diff --git a/shells/myshell/default.nix b/shells/myshell/default.nix
@@ -16,6 +16,9 @@ mkShell {
     kubectl
     kubectx
     kubernetes-helm
+    # Cilium
+    # cilium-cli
+    # hubble
     # Certificates and secrets
     xkcdpass
     step-cli