diff --git a/hosts/vm-k1s/configuration.nix b/hosts/vm-k1s/configuration.nix index 474edf3..69bfd39 100644 --- a/hosts/vm-k1s/configuration.nix +++ b/hosts/vm-k1s/configuration.nix @@ -33,6 +33,9 @@ enable = true; extraFlags = [ "--cluster-domain ${inputs.secrets.lab.k3s.clusterDomain}" + "--flannel-backend=none" + "--disable-network-policy" + "--disable-kube-proxy" ]; disable = [ # "coredns" # CoreDNS is required for Flux to be able to bootstrap the cluster (Flux needs to resolve the git repo) @@ -57,6 +60,28 @@ }; }; autoDeployCharts = { + cilium = { + name = "cilium"; + repo = "oci://quay.io/cilium/charts/cilium"; + version = "1.17.12"; + hash = "sha256-TfT6sFseOKq3+3solqF6+foEukl34MZzD3T4skCVBEI="; + createNamespace = true; + targetNamespace = "cilium-system"; + values = { + operator.replicas = 1; + kubeProxyReplacement = true; + ipam.operator.clusterPoolIPv4PodCIDRList = [ "10.11.0.0/16" ]; + cluster = { + id = 1; + name = "vm-k1s"; + }; + k8sServiceHost = "10.10.50.60"; + k8sServicePort = 6443; + }; + extraFieldDefinitions = { + spec.bootstrap = true; + }; + }; flux-operator = { name = "flux-operator"; repo = "oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator"; @@ -137,7 +162,7 @@ kind: List items:" > /opt/k3s-secrets-backup/namespaces.yaml - ${pkgs.gnugrep}/bin/grep -oP '\snamespace: \K.*' /opt/k3s-secrets-backup/secrets.yaml | sort -u | while read -r ns; do + ${pkgs.gnugrep}/bin/grep -oP '\snamespace: \K.*' /opt/k3s-secrets-backup/secrets.yaml | sort -u | ${pkgs.gnugrep}/bin/grep -v -e "cilium-secrets" | while read -r ns; do echo "- apiVersion: v1 kind: Namespace metadata: @@ -152,11 +177,14 @@ environment.variables = { KUBECONFIG = "/etc/rancher/k3s/k3s.yaml"; + CILIUM_NAMESPACE = "cilium-system"; }; environment.systemPackages = with pkgs; [ fluxcd k9s + cilium-cli + hubble ]; # Use correct disko profile