temporary readjustment

This commit is contained in:
Joseph Hanson 2024-02-16 09:52:13 -06:00
parent f3140bee79
commit 3f4d488b8b
17 changed files with 592 additions and 1 deletions

View file

@ -0,0 +1,588 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null
name: ciliumbgppeeringpolicies.cilium.io
spec:
group: cilium.io
names:
categories:
- cilium
- ciliumbgp
kind: CiliumBGPPeeringPolicy
listKind: CiliumBGPPeeringPolicyList
plural: ciliumbgppeeringpolicies
shortNames:
- bgpp
singular: ciliumbgppeeringpolicy
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2alpha1
schema:
openAPIV3Schema:
description: CiliumBGPPeeringPolicy is a Kubernetes third-party resource for
instructing Cilium's BGP control plane to create virtual BGP routers.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is a human readable description of a BGP peering policy
properties:
nodeSelector:
description: "NodeSelector selects a group of nodes where this BGP
Peering Policy applies. \n If empty / nil this policy applies to
all nodes."
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the value from the
MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
virtualRouters:
description: A list of CiliumBGPVirtualRouter(s) which instructs the
BGP control plane how to instantiate virtual BGP routers.
items:
description: CiliumBGPVirtualRouter defines a discrete BGP virtual
router configuration.
properties:
exportPodCIDR:
default: false
description: ExportPodCIDR determines whether to export the
Node's private CIDR block to the configured neighbors.
type: boolean
localASN:
description: LocalASN is the ASN of this virtual router. Supports
extended 32bit ASNs
format: int64
maximum: 4294967295
minimum: 0
type: integer
neighbors:
description: Neighbors is a list of neighboring BGP peers for
this virtual router
items:
description: CiliumBGPNeighbor is a neighboring peer for use
in a CiliumBGPVirtualRouter configuration.
properties:
advertisedPathAttributes:
description: AdvertisedPathAttributes can be used to apply
additional path attributes to selected routes when advertising
them to the peer. If empty / nil, no additional path
attributes are advertised.
items:
description: CiliumBGPPathAttributes can be used to
apply additional path attributes to matched routes
when advertising them to a BGP peer.
properties:
communities:
description: Communities defines a set of community
values advertised in the supported BGP Communities
path attributes. If nil / not set, no BGP Communities
path attribute will be advertised.
properties:
large:
description: Large holds a list of the BGP Large
Communities Attribute (RFC 8092) values.
items:
description: BGPLargeCommunity type represents
a value of the BGP Large Communities Attribute
(RFC 8092), as three 4-byte decimal numbers
separated by colons.
pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$
type: string
type: array
standard:
description: Standard holds a list of "standard"
32-bit BGP Communities Attribute (RFC 1997)
values defined as numeric values.
items:
description: BGPStandardCommunity type represents
a value of the "standard" 32-bit BGP Communities
Attribute (RFC 1997) as a 4-byte decimal
number or two 2-byte decimal numbers separated
by a colon (<0-65535>:<0-65535>). For example,
no-export community value is 65553:65281.
pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$|^([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]):([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
type: string
type: array
wellKnown:
description: WellKnown holds a list "standard"
32-bit BGP Communities Attribute (RFC 1997)
values defined as well-known string aliases
to their numeric values.
items:
description: "BGPWellKnownCommunity type represents
a value of the \"standard\" 32-bit BGP Communities
Attribute (RFC 1997) as a well-known string
alias to its numeric value. Allowed values
and their mapping to the numeric values:
\n internet = 0x00000000
(0:0) planned-shut = 0xffff0000
(65535:0) accept-own = 0xffff0001
(65535:1) route-filter-translated-v4 = 0xffff0002
(65535:2) route-filter-v4 = 0xffff0003
(65535:3) route-filter-translated-v6 = 0xffff0004
(65535:4) route-filter-v6 = 0xffff0005
(65535:5) llgr-stale = 0xffff0006
(65535:6) no-llgr = 0xffff0007
(65535:7) blackhole = 0xffff029a
(65535:666) no-export =
0xffffff01\t(65535:65281) no-advertise =
0xffffff02 (65535:65282) no-export-subconfed
\ = 0xffffff03 (65535:65283) no-peer
\ = 0xffffff04 (65535:65284)"
enum:
- internet
- planned-shut
- accept-own
- route-filter-translated-v4
- route-filter-v4
- route-filter-translated-v6
- route-filter-v6
- llgr-stale
- no-llgr
- blackhole
- no-export
- no-advertise
- no-export-subconfed
- no-peer
type: string
type: array
type: object
localPreference:
description: LocalPreference defines the preference
value advertised in the BGP Local Preference path
attribute. As Local Preference is only valid for
iBGP peers, this value will be ignored for eBGP
peers (no Local Preference path attribute will
be advertised). If nil / not set, the default
Local Preference of 100 will be advertised in
the Local Preference path attribute for iBGP peers.
format: int64
maximum: 4294967295
minimum: 0
type: integer
selector:
description: Selector selects a group of objects
of the SelectorType resulting into routes that
will be announced with the configured Attributes.
If nil / not set, all objects of the SelectorType
are selected.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the
value from the MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
selectorType:
description: 'SelectorType defines the object type
on which the Selector applies: - For "PodCIDR"
the Selector matches k8s CiliumNode resources
(path attributes apply to routes announced for
PodCIDRs of selected CiliumNodes. Only affects
routes of cluster scope / Kubernetes IPAM CIDRs,
not Multi-Pool IPAM CIDRs. - For "CiliumLoadBalancerIPPool"
the Selector matches CiliumLoadBalancerIPPool
custom resources (path attributes apply to routes
announced for selected CiliumLoadBalancerIPPools).
- For "CiliumPodIPPool" the Selector matches CiliumPodIPPool
custom resources (path attributes apply to routes
announced for allocated CIDRs of selected CiliumPodIPPools).'
enum:
- PodCIDR
- CiliumLoadBalancerIPPool
- CiliumPodIPPool
type: string
required:
- selectorType
type: object
type: array
authSecretRef:
description: AuthSecretRef is the name of the secret to
use to fetch a TCP authentication password for this
peer.
type: string
connectRetryTimeSeconds:
default: 120
description: ConnectRetryTimeSeconds defines the initial
value for the BGP ConnectRetryTimer (RFC 4271, Section
8).
format: int32
maximum: 2147483647
minimum: 1
type: integer
eBGPMultihopTTL:
default: 1
description: EBGPMultihopTTL controls the multi-hop feature
for eBGP peers. Its value defines the Time To Live (TTL)
value used in BGP packets sent to the neighbor. The
value 1 implies that eBGP multi-hop feature is disabled
(only a single hop is allowed). This field is ignored
for iBGP peers.
format: int32
maximum: 255
minimum: 1
type: integer
families:
description: "Families, if provided, defines a set of
AFI/SAFIs the speaker will negotiate with it's peer.
\n If this slice is not provided the default families
of IPv6 and IPv4 will be provided."
items:
description: CiliumBGPFamily represents a AFI/SAFI address
family pair.
properties:
afi:
description: Afi is the Address Family Identifier
(AFI) of the family.
enum:
- ipv4
- ipv6
- l2vpn
- ls
- opaque
type: string
safi:
description: Safi is the Subsequent Address Family
Identifier (SAFI) of the family.
enum:
- unicast
- multicast
- mpls_label
- encapsulation
- vpls
- evpn
- ls
- sr_policy
- mup
- mpls_vpn
- mpls_vpn_multicast
- route_target_constraints
- flowspec_unicast
- flowspec_vpn
- key_value
type: string
required:
- afi
- safi
type: object
type: array
gracefulRestart:
description: GracefulRestart defines graceful restart
parameters which are negotiated with this neighbor.
If empty / nil, the graceful restart capability is disabled.
properties:
enabled:
description: Enabled flag, when set enables graceful
restart capability.
type: boolean
restartTimeSeconds:
default: 120
description: RestartTimeSeconds is the estimated time
it will take for the BGP session to be re-established
with peer after a restart. After this period, peer
will remove stale routes. This is described RFC
4724 section 4.2.
format: int32
maximum: 4095
minimum: 1
type: integer
required:
- enabled
type: object
holdTimeSeconds:
default: 90
description: HoldTimeSeconds defines the initial value
for the BGP HoldTimer (RFC 4271, Section 4.2). Updating
this value will cause a session reset.
format: int32
maximum: 65535
minimum: 3
type: integer
keepAliveTimeSeconds:
default: 30
description: KeepaliveTimeSeconds defines the initial
value for the BGP KeepaliveTimer (RFC 4271, Section
8). It can not be larger than HoldTimeSeconds. Updating
this value will cause a session reset.
format: int32
maximum: 65535
minimum: 1
type: integer
peerASN:
description: PeerASN is the ASN of the peer BGP router.
Supports extended 32bit ASNs
format: int64
maximum: 4294967295
minimum: 0
type: integer
peerAddress:
description: PeerAddress is the IP address of the peer.
This must be in CIDR notation and use a /32 to express
a single host.
format: cidr
type: string
peerPort:
default: 179
description: PeerPort is the TCP port of the peer. 1-65535
is the range of valid port numbers that can be specified.
If unset, defaults to 179.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- peerASN
- peerAddress
type: object
minItems: 1
type: array
podIPPoolSelector:
description: "PodIPPoolSelector selects CiliumPodIPPools based
on labels. The virtual router will announce allocated CIDRs
of matching CiliumPodIPPools. \n If empty / nil no CiliumPodIPPools
will be announced."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the value from
the MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
serviceSelector:
description: "ServiceSelector selects a group of load balancer
services which this virtual router will announce. The loadBalancerClass
for a service must be nil or specify a class supported by
Cilium, e.g. \"io.cilium/bgp-control-plane\". Refer to the
following document for additional details regarding load balancer
classes: \n https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
\n If empty / nil no services will be announced."
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
description: MatchLabelsValue represents the value from
the MatchLabels {key,value} pair.
maxLength: 63
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
required:
- localASN
- neighbors
type: object
minItems: 1
type: array
required:
- virtualRouters
type: object
required:
- metadata
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

3
.gitignore vendored
View file

@ -10,4 +10,7 @@ Thumbs.db
*.key *.key
*.pem *.pem
kubeconfig* kubeconfig*
talosconfig.yaml
omniconfig.yaml
omni-template.yaml
config.xml config.xml

View file

@ -6,5 +6,5 @@ resources:
# Pre Flux-Kustomizations # Pre Flux-Kustomizations
- ./namespace.yaml - ./namespace.yaml
# Flux-Kustomizations # Flux-Kustomizations
- ./cilium/ks.yaml # - ./cilium/ks.yaml
- ./metrics-server/ks.yaml - ./metrics-server/ks.yaml