talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update packages in kubernetes/keys.

Browse Source
This commit is contained in:
Tom Alexander 2026-03-07 20:14:07 -05:00
parent dd0d76dfa8
commit 1369194fab
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
3 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nix/kubernetes/keys/flake.lock generated
View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1767892417, "lastModified": 1772773019,
"narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"type": "github" "type": "github"
}, },
"original": { "original": {

13
nix/kubernetes/keys/flake.nix
View File

@ -14,13 +14,15 @@
packages = forAllSystems ( packages = forAllSystems (
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = import nixpkgs {
appliedOverlay = self.overlays.default pkgs pkgs; inherit system;
overlays = [ self.overlays.default ];
};
in in
{ {
deploy_script = appliedOverlay.k8s.deploy_script; deploy_script = pkgs.k8s.deploy_script;
default = appliedOverlay.k8s.all_keys; default = pkgs.k8s.all_keys;
bootstrap_script = appliedOverlay.k8s.bootstrap_script; bootstrap_script = pkgs.k8s.bootstrap_script;
} }
); );
overlays.default = ( overlays.default = (
@ -35,7 +37,6 @@
system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
appliedOverlay = self.overlays.default pkgs pkgs;
in in
{ {
default = pkgs.mkShell { default = pkgs.mkShell {

13
nix/kubernetes/keys/scope.nix
View File

@ -234,7 +234,7 @@ makeScope newScope (
encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars); encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars);
cilium-manifest = cilium-manifest =
let let
version = "1.18.5"; version = "1.19.1";
in in
(callPackage ./package/helm-manifest/package.nix ( (callPackage ./package/helm-manifest/package.nix (
additional_vars additional_vars
@ -243,7 +243,7 @@ makeScope newScope (
owner = "cilium"; owner = "cilium";
repo = "cilium"; repo = "cilium";
tag = "v${version}"; tag = "v${version}";
hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE="; hash = "sha256-wswY4u2Z7Z8hvGVnLONxSD1Mu1RV1AglC4ijUHsCCW4=";
}; };
helm_name = "cilium"; helm_name = "cilium";
helm_namespace = "kube-system"; helm_namespace = "kube-system";
@ -262,13 +262,18 @@ makeScope newScope (
"ipv4" = { "ipv4" = {
"enabled" = true; "enabled" = true;
}; };
"externalIPs" = {
"enabled" = true;
};
"enableIPv6Masquerade" = false; "enableIPv6Masquerade" = false;
"enableIPv4BIGTCP" = true; "enableIPv4BIGTCP" = true;
"enableIPv6BIGTCP" = true; "enableIPv6BIGTCP" = true;
"routingMode" = "native"; "routingMode" = "native";
"autoDirectNodeRoutes" = true; "autoDirectNodeRoutes" = true;
"ipv4NativeRoutingCIDR" = "10.200.0.0/16"; "ipv4NativeRoutingCIDR" = "10.200.0.0/16";
"ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/80"; "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff:eeee::/96";
# "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/80";
# "l7Proxy" = true; # Needed for cilium gateway controller
"hubble" = { "hubble" = {
"relay" = { "relay" = {
@ -283,7 +288,7 @@ makeScope newScope (
}; };
}; };
"policyEnforcementMode" = "never"; "policyEnforcementMode" = "never"; # This is temporary for debugging
# TODO: Read and maybe apply https://docs.cilium.io/en/stable/operations/performance/tuning/ # TODO: Read and maybe apply https://docs.cilium.io/en/stable/operations/performance/tuning/