From a0e6b1ed1bf6d0cf3d3b567b4207c2bb00b786c2 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 8 May 2024 14:50:50 -0500 Subject: [PATCH] BGP --> L2 Announcements --- .../cilium/app/bgppeeringpolicy.yaml | 37 ------------ .../kube-system/cilium/app/kustomization.yaml | 3 +- .../cilium/app/resources/values.yml | 59 +++++++++---------- .../cilium/config/kustomization.yaml | 6 ++ .../apps/kube-system/cilium/config/l2.yaml | 24 ++++++++ kubernetes/apps/kube-system/cilium/ks.yaml | 33 +++++++++-- 6 files changed, 87 insertions(+), 75 deletions(-) delete mode 100644 kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml create mode 100644 kubernetes/apps/kube-system/cilium/config/kustomization.yaml create mode 100644 kubernetes/apps/kube-system/cilium/config/l2.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml b/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml deleted file mode 100644 index f7c0bc34..00000000 --- a/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPPeeringPolicy -# comments courtesy of JJGadgets -# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED! -# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap -# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB -metadata: - name: bgp-loadbalancer-ip-main -spec: - nodeSelector: - matchLabels: - kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster - virtualRouters: - - localASN: 64512 - exportPodCIDR: false - serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced - matchExpressions: - - { - key: thisFakeSelector, - operator: NotIn, - values: ["will-match-and-announce-all-services"], - } - neighbors: - - peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation - peerASN: 64512 - ---- -# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: main-pool -spec: - cidrs: - - cidr: 10.45.0.1/24 \ No newline at end of file diff --git a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml index d647f145..1d9e11c6 100644 --- a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./bgppeeringpolicy.yaml - ./helmrelease.yaml configMapGenerator: - name: cilium-helm-values @@ -12,4 +11,4 @@ configMapGenerator: configurations: - kustomizeconfig.yaml generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + disableNameSuffixHash: true diff --git a/kubernetes/apps/kube-system/cilium/app/resources/values.yml b/kubernetes/apps/kube-system/cilium/app/resources/values.yml index 900632e1..41676483 100644 --- a/kubernetes/apps/kube-system/cilium/app/resources/values.yml +++ b/kubernetes/apps/kube-system/cilium/app/resources/values.yml @@ -1,46 +1,41 @@ -cluster: - name: homelab - id: 1 -cni: - exclusive: false +--- +autoDirectNodeRoutes: true bandwidthManager: enabled: true bbr: true bpf: masquerade: true tproxy: true - -autoDirectNodeRoutes: true -ipv4NativeRoutingCIDR: 10.244.0.0/16 -routingMode: native - -loadBalancer: - algorithm: maglev - mode: dsr - -containerRuntime: - integration: containerd - -localRedirectPolicy: true -operator: - replicas: 1 -ipam: - mode: kubernetes -kubeProxyReplacement: true -k8sServiceHost: 127.0.0.1 -k8sServicePort: 7445 -rollOutCiliumPods: true cgroup: automount: enabled: false hostRoot: /sys/fs/cgroup -bgp: - enabled: false - announce: - loadbalancerIP: true - podCIDR: false -bgpControlPlane: +cluster: + id: 1 + name: homelab +cni: + exclusive: false +containerRuntime: + integration: containerd +endpointRoutes: enabled: true +ipam: + mode: kubernetes +ipv4NativeRoutingCIDR: 10.244.0.0/16 +k8sServiceHost: 127.0.0.1 +k8sServicePort: 7445 +kubeProxyReplacement: true +kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 +l2announcements: + enabled: true +loadBalancer: + algorithm: maglev + mode: dsr +localRedirectPolicy: true +operator: + replicas: 1 +rollOutCiliumPods: true +routingMode: native securityContext: capabilities: ciliumAgent: diff --git a/kubernetes/apps/kube-system/cilium/config/kustomization.yaml b/kubernetes/apps/kube-system/cilium/config/kustomization.yaml new file mode 100644 index 00000000..89773e64 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/config/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./l2.yaml diff --git a/kubernetes/apps/kube-system/cilium/config/l2.yaml b/kubernetes/apps/kube-system/cilium/config/l2.yaml new file mode 100644 index 00000000..5c68a493 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/config/l2.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: l2-policy +spec: + loadBalancerIPs: true + interfaces: ["^enp.*"] + nodeSelector: + matchLabels: + kubernetes.io/os: linux +--- +# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: l2-pool +spec: + allowFirstLastIPs: "Yes" + blocks: + - # Controller VIP: 192.168.42.120 + start: 10.45.0.1 + stop: 10.45.0.30 diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml index 9c1ef7f8..b4985e68 100644 --- a/kubernetes/apps/kube-system/cilium/ks.yaml +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -10,10 +10,35 @@ spec: commonMetadata: labels: app.kubernetes.io/name: *app - interval: 10m path: "./kubernetes/apps/kube-system/cilium/app" - prune: true + prune: false sourceRef: kind: GitRepository name: homelab - wait: true \ No newline at end of file + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cilium-config + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: cilium + path: ./kubernetes/apps/kube-system/cilium/config + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m