Configured Cilium load balancer and ArgoCD for HTTP access

2025-09-19 18:28:59 +02:00
parent cd8fff21f5
commit b57e34b5bb
8 changed files with 109 additions and 8 deletions
--- a/kubernetes/configuration.auto.tfvars.example
+++ b/kubernetes/configuration.auto.tfvars.example
@@ -1,3 +1,10 @@
 # Kubernetes
 kubernetes_config_path    = "~/.kube/config"
 Kubernetes_config_context = "admin@yourclustername"
+
+# Cilium Load Balancer
+cilium_load_balancer_ip_range_start = "192.168.10.95"
+cilium_load_balancer_ip_range_stop = "192.168.10.99"
+
+# ArgoCD
+argocd_domain = "argocd.local"
--- a/kubernetes/helm_charts/cilium-lb-config/Chart.yaml
+++ b/kubernetes/helm_charts/cilium-lb-config/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+name: cilium-lb-config
+description: Helm chart for installing Cilium load balancer configuration
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"
--- a/kubernetes/helm_charts/cilium-lb-config/templates/cilium-l2-announcement-policy.yaml
+++ b/kubernetes/helm_charts/cilium-lb-config/templates/cilium-l2-announcement-policy.yaml
@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  externalIPs: true
+  loadBalancerIPs: true
--- a/kubernetes/helm_charts/cilium-lb-config/templates/cilium-load-balancer-ip-pool.yaml
+++ b/kubernetes/helm_charts/cilium-lb-config/templates/cilium-load-balancer-ip-pool.yaml
@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-pool
+spec:
+  blocks:
+    - start: {{ .Values.ciliumLoadBalancerIpRange.start}}
+      stop: {{ .Values.ciliumLoadBalancerIpRange.stop }}
--- a/kubernetes/helm_charts/cilium-lb-config/values.yaml
+++ b/kubernetes/helm_charts/cilium-lb-config/values.yaml
@@ -0,0 +1,3 @@
+ciliumLoadBalancerIpRange:
+  start: ""
+  stop: ""
--- a/kubernetes/helm_releases.tf
+++ b/kubernetes/helm_releases.tf
@@ -1,9 +1,48 @@
 resource "helm_release" "argocd" {
-  name       = "argo-cd"
-  namespace = "argocd"
+  name             = "argo-cd"
+  namespace        = "argocd"
  create_namespace = true
-  chart      = "argo-cd"
-  version    = "8.3.1"
-  repository = "https://argoproj.github.io/argo-helm"
-  timeout    = 120
+  chart            = "argo-cd"
+  version          = "8.3.1"
+  repository       = "https://argoproj.github.io/argo-helm"
+  timeout          = 120
+  set = [
+    {
+      name  = "global.domain"
+      value = var.argocd_domain
+    },
+    {
+      name  = "configs.params.server\\.insecure"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.enabled"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.ingressClassName"
+      value = "cilium"
+    },
+    {
+      name  = "server.ingress.annotations.ingress\\.cilium\\.io/force-https"
+      value = "disabled"
+    },
+  ]
+}
+
+resource "helm_release" "cilium_lb_config" {
+  depends_on = [helm_release.argocd]
+  name       = "cilium-lb-config"
+  chart      = "${path.module}/helm_charts/cilium-lb-config"
+  timeout    = 60
+  set = [
+    {
+      name  = "ciliumLoadBalancerIpRange.start"
+      value = var.cilium_load_balancer_ip_range_start
+    },
+    {
+      name  = "ciliumLoadBalancerIpRange.stop"
+      value = var.cilium_load_balancer_ip_range_stop
+    },
+  ]
 }
--- a/kubernetes/providers.tf
+++ b/kubernetes/providers.tf
@@ -1,10 +1,10 @@
 terraform {
-        required_providers {
+  required_providers {
    helm = {
      source  = "hashicorp/helm"
      version = "3.0.2"
    }
-        }
+  }
 }

 provider "helm" {
--- a/kubernetes/variables.tf
+++ b/kubernetes/variables.tf
@@ -7,3 +7,16 @@ variable "Kubernetes_config_context" {
  type      = string
  sensitive = true
 }
+
+variable "cilium_load_balancer_ip_range_start" {
+  type      = string
+}
+
+variable "cilium_load_balancer_ip_range_stop" {
+  type      = string
+}
+
+variable "argocd_domain" {
+  type      = string
+}
+