Compare commits

..

2 commits

6 changed files with 87 additions and 75 deletions

View file

@ -1,37 +0,0 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
# comments courtesy of JJGadgets
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
metadata:
name: bgp-loadbalancer-ip-main
spec:
nodeSelector:
matchLabels:
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
virtualRouters:
- localASN: 64512
exportPodCIDR: false
serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
matchExpressions:
- {
key: thisFakeSelector,
operator: NotIn,
values: ["will-match-and-announce-all-services"],
}
neighbors:
- peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
peerASN: 64512
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: main-pool
spec:
cidrs:
- cidr: 10.45.0.1/24

View file

@ -3,7 +3,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./bgppeeringpolicy.yaml
- ./helmrelease.yaml - ./helmrelease.yaml
configMapGenerator: configMapGenerator:
- name: cilium-helm-values - name: cilium-helm-values

View file

@ -1,46 +1,41 @@
cluster: ---
name: homelab autoDirectNodeRoutes: true
id: 1
cni:
exclusive: false
bandwidthManager: bandwidthManager:
enabled: true enabled: true
bbr: true bbr: true
bpf: bpf:
masquerade: true masquerade: true
tproxy: true tproxy: true
autoDirectNodeRoutes: true
ipv4NativeRoutingCIDR: 10.244.0.0/16
routingMode: native
loadBalancer:
algorithm: maglev
mode: dsr
containerRuntime:
integration: containerd
localRedirectPolicy: true
operator:
replicas: 1
ipam:
mode: kubernetes
kubeProxyReplacement: true
k8sServiceHost: 127.0.0.1
k8sServicePort: 7445
rollOutCiliumPods: true
cgroup: cgroup:
automount: automount:
enabled: false enabled: false
hostRoot: /sys/fs/cgroup hostRoot: /sys/fs/cgroup
bgp: cluster:
enabled: false id: 1
announce: name: homelab
loadbalancerIP: true cni:
podCIDR: false exclusive: false
bgpControlPlane: containerRuntime:
integration: containerd
endpointRoutes:
enabled: true enabled: true
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: 10.244.0.0/16
k8sServiceHost: 127.0.0.1
k8sServicePort: 7445
kubeProxyReplacement: true
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
l2announcements:
enabled: true
loadBalancer:
algorithm: maglev
mode: dsr
localRedirectPolicy: true
operator:
replicas: 1
rollOutCiliumPods: true
routingMode: native
securityContext: securityContext:
capabilities: capabilities:
ciliumAgent: ciliumAgent:

View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./l2.yaml

View file

@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json
apiVersion: cilium.io/v2alpha1
kind: CiliumL2AnnouncementPolicy
metadata:
name: l2-policy
spec:
loadBalancerIPs: true
interfaces: ["^enp.*"]
nodeSelector:
matchLabels:
kubernetes.io/os: linux
---
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
apiVersion: cilium.io/v2alpha1
kind: CiliumLoadBalancerIPPool
metadata:
name: l2-pool
spec:
allowFirstLastIPs: "Yes"
blocks:
- # Controller VIP: 192.168.42.120
start: 10.45.0.1
stop: 10.45.0.30

View file

@ -1,5 +1,5 @@
--- ---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
@ -10,10 +10,35 @@ spec:
commonMetadata: commonMetadata:
labels: labels:
app.kubernetes.io/name: *app app.kubernetes.io/name: *app
interval: 10m
path: "./kubernetes/apps/kube-system/cilium/app" path: "./kubernetes/apps/kube-system/cilium/app"
prune: true prune: false
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
name: homelab name: homelab
wait: true wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cilium-config
namespace: flux-system
spec:
targetNamespace: kube-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cilium
path: ./kubernetes/apps/kube-system/cilium/config
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m