enable bgp
This commit is contained in:
parent
ba5f1cae58
commit
2050138b10
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 36 additions and 3 deletions
|
|
@ -7,6 +7,8 @@ bandwidthManager:
|
||||||
bpf:
|
bpf:
|
||||||
masquerade: true
|
masquerade: true
|
||||||
tproxy: true
|
tproxy: true
|
||||||
|
bgpControlPlane:
|
||||||
|
enabled: true
|
||||||
cgroup:
|
cgroup:
|
||||||
automount:
|
automount:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
@ -19,9 +21,9 @@ cni:
|
||||||
enableRuntimeDeviceDetection: true
|
enableRuntimeDeviceDetection: true
|
||||||
endpointRoutes:
|
endpointRoutes:
|
||||||
enabled: true
|
enabled: true
|
||||||
hubble:
|
|
||||||
enable: false
|
|
||||||
envoy:
|
envoy:
|
||||||
|
enabled: false
|
||||||
|
hubble:
|
||||||
enable: false
|
enable: false
|
||||||
ipam:
|
ipam:
|
||||||
mode: kubernetes
|
mode: kubernetes
|
||||||
|
|
@ -37,6 +39,7 @@ loadBalancer:
|
||||||
mode: dsr
|
mode: dsr
|
||||||
localRedirectPolicy: true
|
localRedirectPolicy: true
|
||||||
operator:
|
operator:
|
||||||
|
replicas: 2
|
||||||
rollOutPods: true
|
rollOutPods: true
|
||||||
rollOutCiliumPods: true
|
rollOutCiliumPods: true
|
||||||
routingMode: native
|
routingMode: native
|
||||||
|
|
@ -50,6 +53,8 @@ securityContext:
|
||||||
- IPC_LOCK
|
- IPC_LOCK
|
||||||
- SYS_ADMIN
|
- SYS_ADMIN
|
||||||
- SYS_RESOURCE
|
- SYS_RESOURCE
|
||||||
|
- PERFMON
|
||||||
|
- BPF
|
||||||
- DAC_OVERRIDE
|
- DAC_OVERRIDE
|
||||||
- FOWNER
|
- FOWNER
|
||||||
- SETGID
|
- SETGID
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./l2.yaml
|
# - ./l2.yaml
|
||||||
|
- l3.yaml
|
||||||
|
|
|
||||||
27
kubernetes/apps/kube-system/cilium/config/l3.yaml
Normal file
27
kubernetes/apps/kube-system/cilium/config/l3.yaml
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json
|
||||||
|
apiVersion: cilium.io/v2alpha1
|
||||||
|
kind: CiliumBGPPeeringPolicy
|
||||||
|
# comments courtesy of JJGadgets
|
||||||
|
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
|
||||||
|
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
|
||||||
|
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
|
||||||
|
metadata:
|
||||||
|
name: bgp-loadbalancer-ip-main
|
||||||
|
spec:
|
||||||
|
nodeSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
|
||||||
|
virtualRouters:
|
||||||
|
- localASN: 64514
|
||||||
|
exportPodCIDR: false
|
||||||
|
serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
|
||||||
|
matchExpressions:
|
||||||
|
- {
|
||||||
|
key: thisFakeSelector,
|
||||||
|
operator: NotIn,
|
||||||
|
values: ["will-match-and-announce-all-services"],
|
||||||
|
}
|
||||||
|
neighbors:
|
||||||
|
- peerAddress: "10.33.44.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
|
||||||
|
peerASN: 64513
|
||||||
Reference in a new issue