From 1fced18e713cc7dbadccaaa59c185e5bc8e10a26 Mon Sep 17 00:00:00 2001
From: Andrei Kartashov <a@ioot.xyz>
Date: Mon, 4 Sep 2023 13:36:43 +0700
Subject: [PATCH] add cilium

---
 state/gullfaxi/system/cilium/application.yaml | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 state/gullfaxi/system/cilium/application.yaml

diff --git a/state/gullfaxi/system/cilium/application.yaml b/state/gullfaxi/system/cilium/application.yaml
new file mode 100644
index 0000000..f12c1da
--- /dev/null
+++ b/state/gullfaxi/system/cilium/application.yaml
@@ -0,0 +1,47 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cilium
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: kube-system
+  project: system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    repoURL: https://helm.cilium.io/
+    chart: cilium
+    targetRevision: 1.14.1
+    helm:
+      values: |
+        # https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/values.yaml
+        kubeProxyReplacement: strict
+        k8sServiceHost: 192.168.1.8
+        k8sServicePort: 6443
+        operator:
+          replicas: 1
+        bpf:
+          masquerade: true
+        hubble:
+          relay:
+            enabled: true
+          ui:
+            enabled: true
+            ingress:
+              enabled: true
+              className: nginx
+              annotations:
+                cert-manager.io/cluster-issuer: letsencrypt
+                nginx.ingress.kubernetes.io/auth-url: "https://oauth2.ioot.xyz/oauth2/auth"
+                nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.ioot.xyz/oauth2/start?rd=$scheme://$host$request_uri"
+              hosts:
+                - hubble.ioot.xyz
+              tls:
+                - hosts:
+                    - hubble.ioot.xyz
+                  secretName: hubble-tls