Skip to content

Commit

Permalink
use strict cidrs from state file
Browse files Browse the repository at this point in the history
  • Loading branch information
3u13r committed Oct 23, 2023
1 parent cbc7406 commit 5462998
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 19 deletions.
13 changes: 9 additions & 4 deletions cli/internal/helm/overrides.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,19 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
}
}

strictMode := map[string]any{
"enabled": true,
"nodeCIDRList": []string{output.IPCidrNode},
}

extraVals["k8sServiceHost"] = output.InClusterEndpoint
extraVals["k8sServicePort"] = constants.KubernetesPort
if provider == cloudprovider.GCP {
extraVals["ipv4NativeRoutingCIDR"] = output.GCP.IPCidrPod
extraVals["strictModeCIDR"] = output.GCP.IPCidrPod
strictMode["podCIDRList"] = []string{output.GCP.IPCidrPod}
}
extraVals["encryption"] = map[string]any{
"strictMode": strictMode,
}
return extraVals
}
Expand All @@ -63,9 +71,6 @@ func extraConstellationServicesValues(
extraVals["verification-service"] = map[string]any{
"attestationVariant": cfg.GetAttestationConfig().GetVariant().String(),
}
extraVals["konnectivity"] = map[string]any{
"loadBalancerIP": output.ClusterEndpoint,
}

extraVals["key-service"] = map[string]any{
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
Expand Down
24 changes: 9 additions & 15 deletions cli/internal/helm/values.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,8 @@ var ciliumVals = map[string]map[string]any{
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
"nodeCIDRList": []string{"192.168.179.0/24"},
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
},
},
"l7Proxy": false,
Expand Down Expand Up @@ -61,9 +60,8 @@ var ciliumVals = map[string]map[string]any{
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
"nodeCIDRList": []string{"10.9.0.0/24"},
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
},
},
"l7Proxy": false,
Expand Down Expand Up @@ -106,9 +104,7 @@ var ciliumVals = map[string]map[string]any{
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
"nodeCIDRList": []string{"192.168.178.0/24"},
"enabled": true,
},
},
"image": map[string]any{
Expand Down Expand Up @@ -144,9 +140,8 @@ var ciliumVals = map[string]map[string]any{
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
"nodeCIDRList": []string{"192.168.178.0/24"},
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
},
},
"l7Proxy": false,
Expand Down Expand Up @@ -186,9 +181,8 @@ var ciliumVals = map[string]map[string]any{
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
"nodeCIDRList": []string{},
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
},
},
"image": map[string]any{
Expand Down

0 comments on commit 5462998

Please sign in to comment.