enable bgp
This commit is contained in:
parent
ba5f1cae58
commit
2050138b10
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 36 additions and 3 deletions
|
|
@ -7,6 +7,8 @@ bandwidthManager:
|
|||
bpf:
|
||||
masquerade: true
|
||||
tproxy: true
|
||||
bgpControlPlane:
|
||||
enabled: true
|
||||
cgroup:
|
||||
automount:
|
||||
enabled: false
|
||||
|
|
@ -19,9 +21,9 @@ cni:
|
|||
enableRuntimeDeviceDetection: true
|
||||
endpointRoutes:
|
||||
enabled: true
|
||||
hubble:
|
||||
enable: false
|
||||
envoy:
|
||||
enabled: false
|
||||
hubble:
|
||||
enable: false
|
||||
ipam:
|
||||
mode: kubernetes
|
||||
|
|
@ -37,6 +39,7 @@ loadBalancer:
|
|||
mode: dsr
|
||||
localRedirectPolicy: true
|
||||
operator:
|
||||
replicas: 2
|
||||
rollOutPods: true
|
||||
rollOutCiliumPods: true
|
||||
routingMode: native
|
||||
|
|
@ -50,6 +53,8 @@ securityContext:
|
|||
- IPC_LOCK
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
- PERFMON
|
||||
- BPF
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- SETGID
|
||||
|
|
|
|||
|
|
@ -3,4 +3,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./l2.yaml
|
||||
# - ./l2.yaml
|
||||
- l3.yaml
|
||||
|
|
|
|||
27
kubernetes/apps/kube-system/cilium/config/l3.yaml
Normal file
27
kubernetes/apps/kube-system/cilium/config/l3.yaml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json
|
||||
apiVersion: cilium.io/v2alpha1
|
||||
kind: CiliumBGPPeeringPolicy
|
||||
# comments courtesy of JJGadgets
|
||||
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
|
||||
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
|
||||
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
|
||||
metadata:
|
||||
name: bgp-loadbalancer-ip-main
|
||||
spec:
|
||||
nodeSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
|
||||
virtualRouters:
|
||||
- localASN: 64514
|
||||
exportPodCIDR: false
|
||||
serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
|
||||
matchExpressions:
|
||||
- {
|
||||
key: thisFakeSelector,
|
||||
operator: NotIn,
|
||||
values: ["will-match-and-announce-all-services"],
|
||||
}
|
||||
neighbors:
|
||||
- peerAddress: "10.33.44.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
|
||||
peerASN: 64513
|
||||
Reference in a new issue