{{- if and .Values.cni.enabled (eq .Values.cni.type "cilium") }} {{/* Use the kube-proxy replacement by default NOTE(mkjpryor) When using the kube-proxy replacement Cilium must be told the host and port for the Kubernetes API as it is responsible for handling service traffic We can use the templating support in the addon provider to extract this dynamically from the CAPI cluster resource spec */}} {{- $kubeProxyReplacement := dig "kubeProxyReplacement" true .Values.cni.cilium.release.values }} --- apiVersion: v1 kind: Secret metadata: name: {{ include "cluster-addons.componentName" (list . "cni-cilium") }}-config labels: {{- include "cluster-addons.componentLabels" (list . "cni-cilium") | nindent 4 }} addons.stackhpc.com/watch: "" stringData: defaults: | # Use IPs allocated to each node by Kubernetes # This respects the pod CIDR specified in the CAPI cluster resource ipam: mode: kubernetes {{- if $kubeProxyReplacement }} kubeProxyReplacement: true k8sServiceHost: {{ "{{" }} cluster.spec.controlPlaneEndpoint.host {{ "}}" }} k8sServicePort: {{ "{{" }} cluster.spec.controlPlaneEndpoint.port {{ "}}" }} {{- end }} overrides: | {{- toYaml .Values.cni.cilium.release.values | nindent 4 }} --- apiVersion: addons.stackhpc.com/v1alpha1 kind: HelmRelease metadata: name: {{ include "cluster-addons.componentName" (list . "cni-cilium") }} labels: {{ include "cluster-addons.componentLabels" (list . "cni-cilium") | nindent 4 }} annotations: # Tell Argo to ignore the non-controller owner references for this object argocd.argoproj.io/sync-options: "ControllerReferencesOnly=true" spec: clusterName: {{ include "cluster-addons.clusterName" . }} bootstrap: true chart: {{ toYaml .Values.cni.cilium.chart | nindent 4 }} targetNamespace: {{ .Values.cni.cilium.release.namespace }} releaseName: cni-cilium valuesSources: - secret: name: {{ include "cluster-addons.componentName" (list . "cni-cilium") }}-config key: defaults - secret: name: {{ include "cluster-addons.componentName" (list . "cni-cilium") }}-config key: overrides {{- end }}