Добавлена конфигурация для kube-vip и l2 load balancer (#32)

* Добавлена конфигурация для kube-vip и l2 load balancer * Update gitignore * Добавлены рабочие узлы * Добавлены DNS серверы * Изменены настройки сети * Update readme * Update readme --------- Co-authored-by: Fedor Batonogov <f.batonogov@yandex.ru>
2026-03-02 00:00:55 +00:00 · 2025-01-14 12:00:19 +03:00
parent 0c4f496270
commit 3024073a96
13 changed files with 222 additions and 43 deletions
--- a/talos/cilium/ippool.yaml
+++ b/talos/cilium/ippool.yaml
@@ -0,0 +1,7 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: pool
+spec:
+  blocks:
+    - cidr: 172.16.61.20/32
--- a/talos/cilium/l2-announcement-policy.yaml
+++ b/talos/cilium/l2-announcement-policy.yaml
@@ -0,0 +1,16 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: policy1
+spec:
+  serviceSelector:
+    matchLabels:
+      color: blue
+  nodeSelector:
+    matchExpressions:
+      - key: node-role.kubernetes.io/control-plane
+        operator: DoesNotExist
+  interfaces:
+    - ^ens[160-161]+
+  externalIPs: true
+  loadBalancerIPs: true
--- a/talos/cilium/values.yaml
+++ b/talos/cilium/values.yaml
@@ -0,0 +1,39 @@
+ipam:
+  mode: kubernetes
+kubeProxyReplacement: true
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+k8sServiceHost: 172.16.61.10
+k8sServicePort: 6443
+l2announcements:
+  enabled: true
+devices: ens+
+hubble:
+  relay:
+    enabled: true
+  ui:
+    enabled: true
+    ingress:
+      enabled: true
+      hosts:
+        - hubble.test