Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Move to Cilium

Browse Source
This commit is contained in:
Jan-Bulthuis 2026-01-17 13:32:26 +01:00
parent cf10e1e963
commit b5a37bb46c
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/vm-k1s/configuration.nix
View File

@ -33,6 +33,8 @@
enable = true;
extraFlags = [
"--cluster-domain ${inputs.secrets.lab.k3s.clusterDomain}"
"--flannel-backend=none"
"--disable-network-policy"
];
disable = [
# "coredns" # CoreDNS is required for Flux to be able to bootstrap the cluster (Flux needs to resolve the git repo)
@ -41,6 +43,7 @@
"local-storage"
"metrics-server"
"runtimes"
"kube-proxy"
];
manifests = {
git-ssh-key = {
@ -57,6 +60,20 @@
};
};
autoDeployCharts = {
cilium = {
name = "cilium";
repo = "oci://quay.io/cilium/charts/cilium";
version = "1.17.12";
hash = "sha256-TfT6sFseOKq3+3solqF6+foEukl34MZzD3T4skCVBEI=";
createNamespace = true;
targetNamespace = "cilium-system";
values = {
operator.replicas = 1;
};
extraFieldDefinitions = {
spec.bootstrap = true;
};
};
flux-operator = {
name = "flux-operator";
repo = "oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator";
@ -137,7 +154,7 @@
kind: List
items:" > /opt/k3s-secrets-backup/namespaces.yaml
${pkgs.gnugrep}/bin/grep -oP '\snamespace: \K.*' /opt/k3s-secrets-backup/secrets.yaml | sort -u | while read -r ns; do
${pkgs.gnugrep}/bin/grep -oP '\snamespace: \K.*' /opt/k3s-secrets-backup/secrets.yaml | sort -u | ${pkgs.gnugrep}/bin/grep -v -e "cilium-secrets" | while read -r ns; do
echo "- apiVersion: v1
kind: Namespace
metadata:
@ -152,11 +169,14 @@
environment.variables = {
KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
CILIUM_NAMESPACE = "cilium-system";
};
environment.systemPackages = with pkgs; [
fluxcd
k9s
cilium-cli
hubble
];
# Use correct disko profile