Skip to content

Commit b823c45

Browse files
committed
up
1 parent decbd8b commit b823c45

3 files changed

Lines changed: 7 additions & 0 deletions

File tree

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,8 @@ cilium install \
9595
```
9696

9797
> **Important:** `cluster.name` must match `infrastructure/networking/cilium/values.yaml` for Hubble certificate SANs. After ArgoCD deploys, it takes over Cilium management at Wave 0.
98+
>
99+
> If `cilium install` is run without `--set cluster.name=talos-prod-cluster`, certificates are generated for `default` or `kind-kind`. When ArgoCD later configures Cilium to expect `talos-prod-cluster`, the certificates will not match, causing TLS handshake failures in Hubble Relay (`x509: certificate signed by unknown authority`).
98100
99101
### Step 2: Install Gateway API CRDs
100102

omni/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,7 @@ See the complete guide: [docs/CILIUM_CNI.md](docs/CILIUM_CNI.md)
140140
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
141141

142142
cilium install \
143+
--set cluster.name=talos-prod-cluster \
143144
--set ipam.mode=kubernetes \
144145
--set kubeProxyReplacement=true \
145146
--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \

omni/docs/CILIUM_CNI.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ Simple installation without Gateway API support:
113113

114114
```bash
115115
cilium install \
116+
--set cluster.name=talos-prod-cluster \
116117
--set ipam.mode=kubernetes \
117118
--set kubeProxyReplacement=true \
118119
--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
@@ -133,6 +134,7 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
133134

134135
# Then install Cilium
135136
cilium install \
137+
--set cluster.name=talos-prod-cluster \
136138
--set ipam.mode=kubernetes \
137139
--set kubeProxyReplacement=true \
138140
--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
@@ -156,6 +158,7 @@ kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/downloa
156158

157159
# Install Cilium with Hubble
158160
cilium install \
161+
--set cluster.name=talos-prod-cluster \
159162
--set ipam.mode=kubernetes \
160163
--set kubeProxyReplacement=true \
161164
--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
@@ -779,6 +782,7 @@ Enable service mesh features:
779782

780783
```bash
781784
cilium install \
785+
--set cluster.name=talos-prod-cluster \
782786
--set kubeProxyReplacement=strict \
783787
--set ingressController.enabled=true \
784788
--set envoy.enabled=true

0 commit comments

Comments
 (0)