Revert "cilium: Introduce new network provider to the clusters"

This reverts commit 8701a6ee.

cli/Dockerfile

@@ -53,15 +53,6 @@ ENV SOPS_RELEASE=${SOPS_RELEASE}
 RUN curl -L https://github.com/mozilla/sops/releases/download/${SOPS_RELEASE}/sops-${SOPS_RELEASE}.linux > ./sops \
     && install -o root -g root -m 0755 sops /usr/local/bin/sops
 
-# Cilium CLI cache
-FROM docker.io/library/fedora:34 as cilium
-ARG CILIUM_RELEASE=latest
-ENV CILIUM_RELEASE=${CILIUM_RELEASE}
-
-RUN curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/${CILIUM_RELEASE}/download/cilium-linux-amd64.tar.gz{,.sha256sum} && \
-  sha256sum --check cilium-linux-amd64.tar.gz.sha256sum && \
-  tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
-
 # Actual start of container build
 FROM docker.io/library/fedora:34
 
@@ -101,14 +92,12 @@ COPY --from=hcloud /usr/local/bin/hcloud /usr/local/bin/hcloud
 COPY --from=helm /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=flux /usr/local/bin/flux /usr/local/bin/flux
 COPY --from=sops /usr/local/bin/sops /usr/local/bin/sops
-COPY --from=cilium /usr/local/bin/cilium /usr/local/bin/cilium
 
 RUN true \
     && echo "command -v flux >/dev/null && . <(flux completion bash)" >> /root/.bashrc \
     && echo "command -v kubectl >/dev/null && . <(kubectl completion bash)" >> /root/.bashrc \
     && echo "command -v helm >/dev/null && . <(helm completion bash)" >> /root/.bashrc \
     && echo "command -v hcloud >/dev/null && . <(hcloud completion bash)" >> /root/.bashrc \
-    && echo "command -v cilium >/dev/null && . <(cilium completion bash)" >> /root/.bashrc \
     && true
 
 # Create workspace

infrastructure/cilium/kustomization.yaml

-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kube-system
-resources:
-  - repository.yaml
-  - release.yaml

infrastructure/cilium/release.yaml

-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: cilium
-  namespace: kube-system
-spec:
-  releaseName: cilium
-  chart:
-    spec:
-      chart: cilium
-      sourceRef:
-        kind: HelmRepository
-        name: cilium
-      version: 1.10.4
-  interval: 5m
-  values:
-    l7Proxy: false
-    encryption:
-      enabled: true
-      type: wireguard
-    hubble:
-      relay:
-        enabled: false
-      ui:
-        enabled: false
-    prometheus:
-      enabled: true
-    operator:
-      prometheus:
-        enabled: true

infrastructure/cilium/repository.yaml

-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: cilium
-spec:
-  interval: 30m
-  url: https://helm.cilium.io/

infrastructure/kustomization.yaml

 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - cilium
   # kyverno
   - hcloud-csi
   - rook

terraform/firewall.tf

@@ -54,34 +54,6 @@ resource "hcloud_firewall" "k8s-node" {
       port            = "9000-9999"
       source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
   }
-  rule {
-    description     = "Prometheus operator metrics"
-    direction       = "in"
-    protocol        = "tcp"
-    port            = "8472"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium VXLAN"
-    direction       = "in"
-    protocol        = "udp"
-    port            = "8472"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium health checks"
-    direction       = "in"
-    protocol        = "tcp"
-    port            = "4240"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
-  rule {
-    description     = "Cilium Wireguard"
-    direction       = "in"
-    protocol        = "udp"
-    port            = "51871"
-    source_ips      = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
-  }
 }