Configured Cilium load balancer and ArgoCD for HTTP access

kubernetes/configuration.auto.tfvars.example

@@ -1,3 +1,10 @@
 # Kubernetes
 kubernetes_config_path    = "~/.kube/config"
 Kubernetes_config_context = "admin@yourclustername"
+
+# Cilium Load Balancer
+cilium_load_balancer_ip_range_start = "192.168.10.95"
+cilium_load_balancer_ip_range_stop = "192.168.10.99"
+
+# ArgoCD
+argocd_domain = "argocd.local"

kubernetes/helm_charts/cilium-lb-config/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: cilium-lb-config
+description: Helm chart for installing Cilium load balancer configuration
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "1.0"

kubernetes/helm_charts/cilium-lb-config/templates/cilium-l2-announcement-policy.yaml

@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  externalIPs: true
+  loadBalancerIPs: true

kubernetes/helm_charts/cilium-lb-config/templates/cilium-load-balancer-ip-pool.yaml

@@ -0,0 +1,8 @@
+apiVersion: cilium.io/v2
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-pool
+spec:
+  blocks:
+    - start: {{ .Values.ciliumLoadBalancerIpRange.start}}
+      stop: {{ .Values.ciliumLoadBalancerIpRange.stop }}

kubernetes/helm_charts/cilium-lb-config/values.yaml

@@ -0,0 +1,3 @@
+ciliumLoadBalancerIpRange:
+  start: ""
+  stop: ""

kubernetes/helm_releases.tf

@@ -6,4 +6,43 @@ resource "helm_release" "argocd" {
   version          = "8.3.1"
   repository       = "https://argoproj.github.io/argo-helm"
   timeout          = 120
+  set = [
+    {
+      name  = "global.domain"
+      value = var.argocd_domain
+    },
+    {
+      name  = "configs.params.server\\.insecure"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.enabled"
+      value = "true"
+    },
+    {
+      name  = "server.ingress.ingressClassName"
+      value = "cilium"
+    },
+    {
+      name  = "server.ingress.annotations.ingress\\.cilium\\.io/force-https"
+      value = "disabled"
+    },
+  ]
+}
+
+resource "helm_release" "cilium_lb_config" {
+  depends_on = [helm_release.argocd]
+  name       = "cilium-lb-config"
+  chart      = "${path.module}/helm_charts/cilium-lb-config"
+  timeout    = 60
+  set = [
+    {
+      name  = "ciliumLoadBalancerIpRange.start"
+      value = var.cilium_load_balancer_ip_range_start
+    },
+    {
+      name  = "ciliumLoadBalancerIpRange.stop"
+      value = var.cilium_load_balancer_ip_range_stop
+    },
+  ]
 }

kubernetes/variables.tf

@@ -7,3 +7,16 @@ variable "Kubernetes_config_context" {
   type      = string
   sensitive = true
 }
+
+variable "cilium_load_balancer_ip_range_start" {
+  type      = string
+}
+
+variable "cilium_load_balancer_ip_range_stop" {
+  type      = string
+}
+
+variable "argocd_domain" {
+  type      = string
+}
+