manifests/infrastructure/cilium/release.yaml

# manifests/infrastructure/cilium/release.yaml
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cilium
  namespace: kube-system
spec:
  interval: 5m
  chart:
    spec:
      chart: cilium
      version: "1.18.3"
      sourceRef:
        kind: HelmRepository
        name: cilium
        namespace: kube-system
      interval: 1m
  values:
    operator:
      replicas: 2
    ipam:
      mode: kubernetes
    # Explicitly use VLAN interface for inter-node communication
    devices: "enp9s0"
    nodePort:
      enabled: true
    hostFirewall:
      enabled: true
    hubble:
      relay:
        enabled: true
      ui:
        enabled: true
      peerService:
        clusterDomain: cluster.local
    etcd:
      clusterDomain: cluster.local
    kubeProxyReplacement: true
    securityContext:
      capabilities:
        ciliumAgent:
        - CHOWN
        - KILL
        - NET_ADMIN
        - NET_RAW
        - IPC_LOCK
        - SYS_ADMIN
        - SYS_RESOURCE
        - DAC_OVERRIDE
        - FOWNER
        - SETGID
        - SETUID
        cleanCiliumState:
        - NET_ADMIN
        - SYS_ADMIN
        - SYS_RESOURCE
    cgroup:
      autoMount:
        enabled: true
      hostRoot: /sys/fs/cgroup
    k8sServiceHost: api.keyboardvagabond.com
    k8sServicePort: "6443"
redaction (#1) Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me> 2025-12-24 13:40:47 +00:00			`# manifests/infrastructure/cilium/release.yaml`
			`---`
			`apiVersion: helm.toolkit.fluxcd.io/v2`
			`kind: HelmRelease`
			`metadata:`
			`name: cilium`
			`namespace: kube-system`
			`spec:`
			`interval: 5m`
			`chart:`
			`spec:`
			`chart: cilium`
			`version: "1.18.3"`
			`sourceRef:`
			`kind: HelmRepository`
			`name: cilium`
			`namespace: kube-system`
			`interval: 1m`
			`values:`
			`operator:`
			`replicas: 2`
			`ipam:`
			`mode: kubernetes`
			`# Explicitly use VLAN interface for inter-node communication`
			`devices: "enp9s0"`
			`nodePort:`
			`enabled: true`
			`hostFirewall:`
			`enabled: true`
			`hubble:`
			`relay:`
			`enabled: true`
			`ui:`
			`enabled: true`
			`peerService:`
			`clusterDomain: cluster.local`
			`etcd:`
			`clusterDomain: cluster.local`
			`kubeProxyReplacement: true`
			`securityContext:`
			`capabilities:`
			`ciliumAgent:`
			`- CHOWN`
			`- KILL`
			`- NET_ADMIN`
			`- NET_RAW`
			`- IPC_LOCK`
			`- SYS_ADMIN`
			`- SYS_RESOURCE`
			`- DAC_OVERRIDE`
			`- FOWNER`
			`- SETGID`
			`- SETUID`
			`cleanCiliumState:`
			`- NET_ADMIN`
			`- SYS_ADMIN`
			`- SYS_RESOURCE`
			`cgroup:`
			`autoMount:`
			`enabled: true`
			`hostRoot: /sys/fs/cgroup`
			`k8sServiceHost: api.keyboardvagabond.com`
			`k8sServicePort: "6443"`