37 lines
1.1 KiB
Bash
37 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
cat > template.yaml << 'EOF'
|
|
cluster:
|
|
network:
|
|
cni:
|
|
name: none
|
|
proxy:
|
|
disabled: true
|
|
inlineManifests:
|
|
- name: cilium
|
|
contents: |
|
|
__CILIUM_MANIFEST__
|
|
EOF
|
|
|
|
helm repo add cilium https://helm.cilium.io/
|
|
helm template \
|
|
cilium \
|
|
cilium/cilium \
|
|
--version 1.17.3 \
|
|
--namespace kube-system \
|
|
--set ipam.mode=kubernetes \
|
|
--set hubble.relay.enabled=true \
|
|
--set hubble.ui.enabled=true \
|
|
--set l2announcements.enabled=true \
|
|
--set kubeProxyReplacement=true \
|
|
--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
|
|
--set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
|
|
--set cgroup.autoMount.enabled=false \
|
|
--set cgroup.hostRoot=/sys/fs/cgroup \
|
|
--set k8sServiceHost=localhost \
|
|
--set k8sServicePort=7445 | sed 's/^/ /' > manifest.tmp
|
|
|
|
sed -e '/__CILIUM_MANIFEST__/r manifest.tmp' -e '/__CILIUM_MANIFEST__/d' template.yaml > cilium.yaml
|
|
|
|
rm manifest.tmp
|
|
rm template.yaml |