diff --git a/.archive/cilium/app/bgpcrd.yaml b/.archive/cilium/app/bgpcrd.yaml new file mode 100644 index 00000000..30caa215 --- /dev/null +++ b/.archive/cilium/app/bgpcrd.yaml @@ -0,0 +1,588 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: ciliumbgppeeringpolicies.cilium.io +spec: + group: cilium.io + names: + categories: + - cilium + - ciliumbgp + kind: CiliumBGPPeeringPolicy + listKind: CiliumBGPPeeringPolicyList + plural: ciliumbgppeeringpolicies + shortNames: + - bgpp + singular: ciliumbgppeeringpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2alpha1 + schema: + openAPIV3Schema: + description: CiliumBGPPeeringPolicy is a Kubernetes third-party resource for + instructing Cilium's BGP control plane to create virtual BGP routers. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is a human readable description of a BGP peering policy + properties: + nodeSelector: + description: "NodeSelector selects a group of nodes where this BGP + Peering Policy applies. \n If empty / nil this policy applies to + all nodes." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from the + MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + virtualRouters: + description: A list of CiliumBGPVirtualRouter(s) which instructs the + BGP control plane how to instantiate virtual BGP routers. + items: + description: CiliumBGPVirtualRouter defines a discrete BGP virtual + router configuration. + properties: + exportPodCIDR: + default: false + description: ExportPodCIDR determines whether to export the + Node's private CIDR block to the configured neighbors. + type: boolean + localASN: + description: LocalASN is the ASN of this virtual router. Supports + extended 32bit ASNs + format: int64 + maximum: 4294967295 + minimum: 0 + type: integer + neighbors: + description: Neighbors is a list of neighboring BGP peers for + this virtual router + items: + description: CiliumBGPNeighbor is a neighboring peer for use + in a CiliumBGPVirtualRouter configuration. + properties: + advertisedPathAttributes: + description: AdvertisedPathAttributes can be used to apply + additional path attributes to selected routes when advertising + them to the peer. If empty / nil, no additional path + attributes are advertised. + items: + description: CiliumBGPPathAttributes can be used to + apply additional path attributes to matched routes + when advertising them to a BGP peer. + properties: + communities: + description: Communities defines a set of community + values advertised in the supported BGP Communities + path attributes. If nil / not set, no BGP Communities + path attribute will be advertised. + properties: + large: + description: Large holds a list of the BGP Large + Communities Attribute (RFC 8092) values. + items: + description: BGPLargeCommunity type represents + a value of the BGP Large Communities Attribute + (RFC 8092), as three 4-byte decimal numbers + separated by colons. + pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$ + type: string + type: array + standard: + description: Standard holds a list of "standard" + 32-bit BGP Communities Attribute (RFC 1997) + values defined as numeric values. + items: + description: BGPStandardCommunity type represents + a value of the "standard" 32-bit BGP Communities + Attribute (RFC 1997) as a 4-byte decimal + number or two 2-byte decimal numbers separated + by a colon (<0-65535>:<0-65535>). For example, + no-export community value is 65553:65281. + pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$|^([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]):([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + type: array + wellKnown: + description: WellKnown holds a list "standard" + 32-bit BGP Communities Attribute (RFC 1997) + values defined as well-known string aliases + to their numeric values. + items: + description: "BGPWellKnownCommunity type represents + a value of the \"standard\" 32-bit BGP Communities + Attribute (RFC 1997) as a well-known string + alias to its numeric value. Allowed values + and their mapping to the numeric values: + \n internet = 0x00000000 + (0:0) planned-shut = 0xffff0000 + (65535:0) accept-own = 0xffff0001 + (65535:1) route-filter-translated-v4 = 0xffff0002 + (65535:2) route-filter-v4 = 0xffff0003 + (65535:3) route-filter-translated-v6 = 0xffff0004 + (65535:4) route-filter-v6 = 0xffff0005 + (65535:5) llgr-stale = 0xffff0006 + (65535:6) no-llgr = 0xffff0007 + (65535:7) blackhole = 0xffff029a + (65535:666) no-export = + 0xffffff01\t(65535:65281) no-advertise = + 0xffffff02 (65535:65282) no-export-subconfed + \ = 0xffffff03 (65535:65283) no-peer + \ = 0xffffff04 (65535:65284)" + enum: + - internet + - planned-shut + - accept-own + - route-filter-translated-v4 + - route-filter-v4 + - route-filter-translated-v6 + - route-filter-v6 + - llgr-stale + - no-llgr + - blackhole + - no-export + - no-advertise + - no-export-subconfed + - no-peer + type: string + type: array + type: object + localPreference: + description: LocalPreference defines the preference + value advertised in the BGP Local Preference path + attribute. As Local Preference is only valid for + iBGP peers, this value will be ignored for eBGP + peers (no Local Preference path attribute will + be advertised). If nil / not set, the default + Local Preference of 100 will be advertised in + the Local Preference path attribute for iBGP peers. + format: int64 + maximum: 4294967295 + minimum: 0 + type: integer + selector: + description: Selector selects a group of objects + of the SelectorType resulting into routes that + will be announced with the configured Attributes. + If nil / not set, all objects of the SelectorType + are selected. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the + value from the MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + selectorType: + description: 'SelectorType defines the object type + on which the Selector applies: - For "PodCIDR" + the Selector matches k8s CiliumNode resources + (path attributes apply to routes announced for + PodCIDRs of selected CiliumNodes. Only affects + routes of cluster scope / Kubernetes IPAM CIDRs, + not Multi-Pool IPAM CIDRs. - For "CiliumLoadBalancerIPPool" + the Selector matches CiliumLoadBalancerIPPool + custom resources (path attributes apply to routes + announced for selected CiliumLoadBalancerIPPools). + - For "CiliumPodIPPool" the Selector matches CiliumPodIPPool + custom resources (path attributes apply to routes + announced for allocated CIDRs of selected CiliumPodIPPools).' + enum: + - PodCIDR + - CiliumLoadBalancerIPPool + - CiliumPodIPPool + type: string + required: + - selectorType + type: object + type: array + authSecretRef: + description: AuthSecretRef is the name of the secret to + use to fetch a TCP authentication password for this + peer. + type: string + connectRetryTimeSeconds: + default: 120 + description: ConnectRetryTimeSeconds defines the initial + value for the BGP ConnectRetryTimer (RFC 4271, Section + 8). + format: int32 + maximum: 2147483647 + minimum: 1 + type: integer + eBGPMultihopTTL: + default: 1 + description: EBGPMultihopTTL controls the multi-hop feature + for eBGP peers. Its value defines the Time To Live (TTL) + value used in BGP packets sent to the neighbor. The + value 1 implies that eBGP multi-hop feature is disabled + (only a single hop is allowed). This field is ignored + for iBGP peers. + format: int32 + maximum: 255 + minimum: 1 + type: integer + families: + description: "Families, if provided, defines a set of + AFI/SAFIs the speaker will negotiate with it's peer. + \n If this slice is not provided the default families + of IPv6 and IPv4 will be provided." + items: + description: CiliumBGPFamily represents a AFI/SAFI address + family pair. + properties: + afi: + description: Afi is the Address Family Identifier + (AFI) of the family. + enum: + - ipv4 + - ipv6 + - l2vpn + - ls + - opaque + type: string + safi: + description: Safi is the Subsequent Address Family + Identifier (SAFI) of the family. + enum: + - unicast + - multicast + - mpls_label + - encapsulation + - vpls + - evpn + - ls + - sr_policy + - mup + - mpls_vpn + - mpls_vpn_multicast + - route_target_constraints + - flowspec_unicast + - flowspec_vpn + - key_value + type: string + required: + - afi + - safi + type: object + type: array + gracefulRestart: + description: GracefulRestart defines graceful restart + parameters which are negotiated with this neighbor. + If empty / nil, the graceful restart capability is disabled. + properties: + enabled: + description: Enabled flag, when set enables graceful + restart capability. + type: boolean + restartTimeSeconds: + default: 120 + description: RestartTimeSeconds is the estimated time + it will take for the BGP session to be re-established + with peer after a restart. After this period, peer + will remove stale routes. This is described RFC + 4724 section 4.2. + format: int32 + maximum: 4095 + minimum: 1 + type: integer + required: + - enabled + type: object + holdTimeSeconds: + default: 90 + description: HoldTimeSeconds defines the initial value + for the BGP HoldTimer (RFC 4271, Section 4.2). Updating + this value will cause a session reset. + format: int32 + maximum: 65535 + minimum: 3 + type: integer + keepAliveTimeSeconds: + default: 30 + description: KeepaliveTimeSeconds defines the initial + value for the BGP KeepaliveTimer (RFC 4271, Section + 8). It can not be larger than HoldTimeSeconds. Updating + this value will cause a session reset. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + peerASN: + description: PeerASN is the ASN of the peer BGP router. + Supports extended 32bit ASNs + format: int64 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: PeerAddress is the IP address of the peer. + This must be in CIDR notation and use a /32 to express + a single host. + format: cidr + type: string + peerPort: + default: 179 + description: PeerPort is the TCP port of the peer. 1-65535 + is the range of valid port numbers that can be specified. + If unset, defaults to 179. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - peerASN + - peerAddress + type: object + minItems: 1 + type: array + podIPPoolSelector: + description: "PodIPPoolSelector selects CiliumPodIPPools based + on labels. The virtual router will announce allocated CIDRs + of matching CiliumPodIPPools. \n If empty / nil no CiliumPodIPPools + will be announced." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from + the MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + serviceSelector: + description: "ServiceSelector selects a group of load balancer + services which this virtual router will announce. The loadBalancerClass + for a service must be nil or specify a class supported by + Cilium, e.g. \"io.cilium/bgp-control-plane\". Refer to the + following document for additional details regarding load balancer + classes: \n https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class + \n If empty / nil no services will be announced." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from + the MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - localASN + - neighbors + type: object + minItems: 1 + type: array + required: + - virtualRouters + type: object + required: + - metadata + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml b/.archive/cilium/app/bgppeeringpolicy.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml rename to .archive/cilium/app/bgppeeringpolicy.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/.archive/cilium/app/helmrelease.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/helmrelease.yaml rename to .archive/cilium/app/helmrelease.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/allow-ssh.yaml b/.archive/cilium/app/netpols/allow-ssh.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/allow-ssh.yaml rename to .archive/cilium/app/netpols/allow-ssh.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/apiserver.yaml b/.archive/cilium/app/netpols/apiserver.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/apiserver.yaml rename to .archive/cilium/app/netpols/apiserver.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/cilium-health.yaml b/.archive/cilium/app/netpols/cilium-health.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/cilium-health.yaml rename to .archive/cilium/app/netpols/cilium-health.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/cilium-vxlan.yaml b/.archive/cilium/app/netpols/cilium-vxlan.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/cilium-vxlan.yaml rename to .archive/cilium/app/netpols/cilium-vxlan.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/core-dns.yaml b/.archive/cilium/app/netpols/core-dns.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/core-dns.yaml rename to .archive/cilium/app/netpols/core-dns.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/etcd.yaml b/.archive/cilium/app/netpols/etcd.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/etcd.yaml rename to .archive/cilium/app/netpols/etcd.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/fix-apiserver.yml b/.archive/cilium/app/netpols/fix-apiserver.yml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/fix-apiserver.yml rename to .archive/cilium/app/netpols/fix-apiserver.yml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/hubble-relay.yaml b/.archive/cilium/app/netpols/hubble-relay.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/hubble-relay.yaml rename to .archive/cilium/app/netpols/hubble-relay.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/hubble-ui.yaml b/.archive/cilium/app/netpols/hubble-ui.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/hubble-ui.yaml rename to .archive/cilium/app/netpols/hubble-ui.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/kubelet.yaml b/.archive/cilium/app/netpols/kubelet.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/kubelet.yaml rename to .archive/cilium/app/netpols/kubelet.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/netpols/kustomization.yaml b/.archive/cilium/app/netpols/kustomization.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/app/netpols/kustomization.yaml rename to .archive/cilium/app/netpols/kustomization.yaml diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/.archive/cilium/ks.yaml similarity index 100% rename from kubernetes/apps/kube-system/cilium/ks.yaml rename to .archive/cilium/ks.yaml diff --git a/.gitignore b/.gitignore index b5d766a3..7b420f11 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,7 @@ Thumbs.db *.key *.pem kubeconfig* +talosconfig.yaml +omniconfig.yaml +omni-template.yaml config.xml diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index 356b742a..6d153251 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -6,5 +6,5 @@ resources: # Pre Flux-Kustomizations - ./namespace.yaml # Flux-Kustomizations - - ./cilium/ks.yaml + # - ./cilium/ks.yaml - ./metrics-server/ks.yaml