Merge pull request #3 from Smana/chore_gateway_api_crds

chore: deploy gateway api crds using Flux
Smana · Aug 3, 2023 · 99c21f5 · 99c21f5
2 parents 3e524ae + 4628e0d
commit 99c21f5
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 6 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -2,7 +2,6 @@ repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform.git
     rev: v1.79.1
     hooks:
-      - id: terraform_docs
       - id: terraform_fmt
       - id: terraform_validate
       - id: terraform_tfsec

diff --git a/infrastructure/base/cilium/kustomization.yaml b/infrastructure/base/cilium/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - release.yaml
+  - source.yaml
diff --git a/infrastructure/base/cilium/release.yaml b/infrastructure/base/cilium/release.yaml
@@ -0,0 +1,56 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cilium
+spec:
+  releaseName: cilium
+  chart:
+    spec:
+      chart: cilium
+      sourceRef:
+        kind: HelmRepository
+        name: cilium
+        namespace: kube-system
+      version: "1.14.0"
+  interval: 10m0s
+  install:
+    remediation:
+      retries: 3
+  values:
+    bandwidthManager:
+      enabled: true
+    bpf:
+      preallocateMaps: true
+    egressMasqueradeInterfaces: eth0
+    eni:
+      enabled: true
+    installNoConntrackIptablesRules: true
+    ipam:
+      mode: eni
+    kubeProxyReplacement: strict
+    operator:
+      resources:
+        limits:
+          cpu: 100m
+          memory: 100Mi
+      rollOutPods: true # Reload pods when the configmap is updated
+    prometheus:
+      enabled: true
+      serviceMonitor:
+        enabled: false
+    resources:
+      limits:
+        cpu: 300m
+        memory: 256Mi
+    routingMode: native
+    tunnel: disabled
+    envoy:
+      enabled: true
+      resources:
+        limits:
+          memory: 300Mi
+        requests:
+          cpu: 200m
+          memory:
+    gatewayAPI:
+      enabled: true
diff --git a/infrastructure/base/cilium/source.yaml b/infrastructure/base/cilium/source.yaml
@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: cilium
+spec:
+  interval: 30m
+  url: https://helm.cilium.io
diff --git a/taskfile.yaml b/taskfile.yaml
@@ -1,6 +1,6 @@
 env:
   DOCKER_IMG: "ghcr.io/antonbabenko/pre-commit-terraform"
-  DOCKER_TAG: "latest"
+  DOCKER_TAG: "v1.79.1"
   REPO_NAME: "action-terraform-ci"
 
 version: "3"

diff --git a/terraform/eks/eks.tf b/terraform/eks/eks.tf
@@ -12,13 +12,13 @@ module "eks" {
   cluster_addons = {
     coredns = {
       most_recent = true
-      configuration_values = {
+      configuration_values = jsonencode({
         tolerations = [
           {
             operator = "Exists"
           }
         ]
-      }
+      })
     }
     kube-proxy = {
       most_recent = true

diff --git a/terraform/eks/helm_values/cilium.yaml b/terraform/eks/helm_values/cilium.yaml
@@ -15,6 +15,7 @@ operator:
       cpu: 100m
       memory: 100Mi
   rollOutPods: true # Reload pods when the configmap is updated
+# Can't enable servicemonitor as the CRD is not yet installed
 prometheus:
   enabled: true
   serviceMonitor:
@@ -33,5 +34,6 @@ envoy:
     requests:
       cpu: 200m
       memory:
-gatewayAPI:
-  enabled: true
+# Deployed using Flux as we need to deploy the Gateway API CRDs first
+# gatewayAPI:
+#   enabled: true