Initial commit

tmpl/cilium.yaml

@@ -0,0 +1,46 @@
+kubeProxyReplacement: "strict"
+k8sServiceHost: "{{ .master_node_ip }}"
+k8sServicePort: "6443"
+hostServices:
+  enabled: false
+externalIPs:
+  enabled: true
+nodePort:
+  enabled: true
+hostPort:
+  enabled: true
+image:
+  pullPolicy: "IfNotPresent"
+ipam:
+  mode: "kubernetes"
+tunnel: "{{ .tunnel }}"
+cluster:
+  name: "{{ .cname }}"
+  id: "{{ .cnum }}"
+ipv4NativeRoutingCIDR: "10.0.0.0/9"
+operator:
+  replicas: 1
+# ---
+bgpControlPlane:
+  enabled: {{ .bgp_control_plane_enabled }}
+ingressController:
+  default: {{ .ingress_controller_default }}
+  enabled: {{ .ingress_controller_enabled }}
+  loadbalancerMode: "{{ .loadbalancer_mode }}"
+ipv4NativeRoutingCIDR: "10.0.0.0/9"
+gatewayAPI:
+  enabled: {{ .gateway_api_enabled }}
+loadBalancer:
+  l7:
+    backend: envoy
+# ---
+hubble:
+  relay:
+    enabled: true
+  ui:
+    enabled: true
+  tls:
+    auto:
+      enabled: true
+      method: "helm"
+      certValidityDuration: "1095"

tmpl/ippools.yaml

@@ -0,0 +1,7 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: "clilium-pool"
+spec:
+  cidrs:
+  - cidr: "{{ .lb_pool_cdir }}"

tmpl/k3d-config.yaml

@@ -0,0 +1,52 @@
+apiVersion: k3d.io/v1alpha4
+kind: Simple
+metadata:
+  name: {{ .cname }}
+servers: 1
+agents: 2
+image: docker.io/rancher/k3s:v1.25.7-k3s1
+kubeAPI:
+  hostIP: {{ .host_ip }}
+  hostPort: "6443"
+network: cilium
+token: CiliumTest1
+volumes:
+  - volume: {{ .work_dir }}/bin/k3d-entrypoint-cilium.sh:/bin/k3d-entrypoint-cilium.sh
+    nodeFilters:
+    - all
+options:
+  k3d:
+    wait: true
+    timeout: "6m0s"
+    disableLoadbalancer: true
+    disableImageVolume: false
+    disableRollback: false
+  k3s: # options passed on to K3s itself
+    extraArgs:
+      - arg: --tls-san=127.0.0.1
+        nodeFilters:
+          - server:*
+      - arg: --disable=servicelb
+        nodeFilters:
+        - server:*
+      - arg: --disable=traefik
+        nodeFilters:
+        - server:*
+      - arg: --disable-network-policy
+        nodeFilters:
+          - server:*
+      - arg: --flannel-backend=none
+        nodeFilters:
+          - server:*
+      - arg: --disable=kube-proxy
+        nodeFilters:
+          - server:*
+      - arg: --cluster-cidr={{ .cluster_subnet }}
+        nodeFilters:
+          - server:*
+      - arg: --service-cidr={{ .service_subnet }}
+        nodeFilters:
+          - server:*
+  kubeconfig:
+    updateDefaultKubeconfig: true
+    switchCurrentContext: true

tmpl/kind-config.yaml

@@ -0,0 +1,15 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: {{ .cname }}
+nodes:
+- role: control-plane
+- role: worker
+- role: worker
+- role: worker
+networking:
+  apiServerAddress: "{{ .host_ip }}"
+  apiServerPort: 6443
+  disableDefaultCNI: true
+  kubeProxyMode: none
+  podSubnet: "{{ .cluster_subnet }}"
+  serviceSubnet: "{{ .service_subnet }}"

tmpl/metallb-crds.yaml

@@ -0,0 +1,17 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: cilium-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - {{ .lb_pool_range }}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: cilium-pool
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - cilium-pool