From 787a5f1841e5aa30c376be5be22c7599e334be0d Mon Sep 17 00:00:00 2001
From: George Raven <GeorgeRavenCommunity@pm.me>
Date: Thu, 4 Apr 2024 22:50:37 +0100
Subject: [PATCH] Added basic cilium

---
 charts/cilium/.helmignore | 23 +++++++++++++++++++++++
 charts/cilium/Chart.yaml  | 30 ++++++++++++++++++++++++++++++
 charts/cilium/values.yaml | 19 +++++++++++++++++++
 3 files changed, 72 insertions(+)
 create mode 100644 charts/cilium/.helmignore
 create mode 100644 charts/cilium/Chart.yaml
 create mode 100644 charts/cilium/values.yaml

diff --git a/charts/cilium/.helmignore b/charts/cilium/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/charts/cilium/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/cilium/Chart.yaml b/charts/cilium/Chart.yaml
new file mode 100644
index 00000000..f375f6f8
--- /dev/null
+++ b/charts/cilium/Chart.yaml
@@ -0,0 +1,30 @@
+apiVersion: v2
+name: cilium
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "4"
+
+dependencies:
+- name: cilium
+  version: 1.15.3
+  repository: "https://helm.cilium.io/"
+
diff --git a/charts/cilium/values.yaml b/charts/cilium/values.yaml
new file mode 100644
index 00000000..0b87a554
--- /dev/null
+++ b/charts/cilium/values.yaml
@@ -0,0 +1,19 @@
+cilium:
+  ipam:
+    mode: kubernetes
+  kubeProxyReplacement: true # <-- REPLACES KUBE PROXY
+  securityContext:
+    capabilities:
+      ciliumAgent: [CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
+      cleanCiliumState: [NET_ADMIN, SYS_ADMIN, SYS_RESOURCE]
+  cgroup:
+    autoMount:
+      enabled: false
+    hostRoot: /sys/fs/cgroup
+    # KubePrism direct access to api server for cilium
+    # available since talos 1.6 and is only bound to localhost:7445 for internal server use
+    # https://www.talos.dev/v1.6/kubernetes-guides/configuration/kubeprism/
+    # https://www.talos.dev/v1.6/kubernetes-guides/network/deploying-cilium/
+  # https://github.com/cilium/cilium/issues/20679
+  k8sServiceHost: localhost
+  k8sServicePort: 6443