From 7c5f1f58e70dd0f7c1a41e74a7162346a96a80fc Mon Sep 17 00:00:00 2001
From: Martyn Ranyard <m@rtyn.berlin>
Date: Mon, 13 Nov 2023 20:20:52 +0100
Subject: [PATCH] Manage cilium with argo plus enable the ARP mode

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
---
 everything-app/app-cilium.yaml | 46 ++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 everything-app/app-cilium.yaml

diff --git a/everything-app/app-cilium.yaml b/everything-app/app-cilium.yaml
new file mode 100644
index 0000000..f44dad6
--- /dev/null
+++ b/everything-app/app-cilium.yaml
@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cilium
+  namespace: argocd
+spec:
+  destination:
+    namespace: kube-system
+    server: https://kubernetes.default.svc
+  project: infra
+  source:
+    chart: cilium
+    repoURL: https://helm.cilium.io/
+    targetRevision: 1.14.3
+    helm:
+      parameters:
+        - name: ipam.mode
+          value: kubernetes
+        - name: kubeProxyReplacement
+          value: true
+        - name: securityContext.capabilities.ciliumAgent
+          value: {CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}
+        - name: securityContext.capabilities.cleanCiliumState
+          value: {NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}
+        - name: cgroup.autoMount.enabled
+          value: false
+        - name: cgroup.hostRoot
+          value: /sys/fs/cgroup
+        - name: k8sServiceHost
+          value: localhost
+        - name: k8sServicePort
+          value: 7445
+        - name: l2announcements.enabled
+          value: true
+        - name: k8sClientRateLimit.qps
+          value: 30
+        - name: k8sClientRateLimit.burst
+          value: 50
+  syncPolicy:
+    automated:
+      selfHeal: true
+
+
+
+
+