feat: Move to Cilium

hosts/vm-k1s/configuration.nix

@@ -33,6 +33,9 @@
     enable = true;
     extraFlags = [
       "--cluster-domain ${inputs.secrets.lab.k3s.clusterDomain}"
+      "--flannel-backend=none"
+      "--disable-network-policy"
+      "--disable-kube-proxy"
     ];
     disable = [
       # "coredns" # CoreDNS is required for Flux to be able to bootstrap the cluster (Flux needs to resolve the git repo)
@@ -55,8 +58,43 @@
       "1-secrets-backup" = {
         source = "/opt/k3s-secrets-backup/secrets.yaml";
       };
+      cilium-secrets-namespace = {
+        content = ''
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: cilium-secrets
+        '';
+      };
     };
     autoDeployCharts = {
+      cilium = {
+        name = "cilium";
+        repo = "oci://quay.io/cilium/charts/cilium";
+        version = "1.18.6";
+        hash = "";
+        createNamespace = true;
+        targetNamespace = "cilium-system";
+        values = {
+          operator.replicas = 1;
+          kubeProxyReplacement = true;
+          ipam.operator.clusterPoolIPv4PodCIDRList = [ "10.11.0.0/16" ];
+          cluster = {
+            id = 1;
+            name = "vm-k1s";
+          };
+          k8sServiceHost = "10.10.50.60";
+          k8sServicePort = 6443;
+          gatewayAPI = {
+            enabled = true;
+            secretsNamespace.create = false;
+          };
+          tls.secretsNamespace.create = false;
+        };
+        extraFieldDefinitions = {
+          spec.bootstrap = true;
+        };
+      };
       flux-operator = {
         name = "flux-operator";
         repo = "oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator";
@@ -152,11 +190,14 @@
 
   environment.variables = {
     KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
+    CILIUM_NAMESPACE = "cilium-system";
   };
 
   environment.systemPackages = with pkgs; [
     fluxcd
     k9s
+    cilium-cli
+    hubble
   ];
 
   # Use correct disko profile