6 changed files with 75 additions and 87 deletions
--- a/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml
@ -0,0 +1,37 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json
 apiVersion: cilium.io/v2alpha1
 kind: CiliumBGPPeeringPolicy
 # comments courtesy of JJGadgets
 # MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
 # "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
 # "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
 metadata:
  name: bgp-loadbalancer-ip-main
 spec:
  nodeSelector:
    matchLabels:
      kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
  virtualRouters:
    - localASN: 64512
      exportPodCIDR: false
      serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
        matchExpressions:
          - {
            key: thisFakeSelector,
            operator: NotIn,
            values: ["will-match-and-announce-all-services"],
          }
      neighbors:
        - peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
          peerASN: 64512
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: main-pool
 spec:
  cidrs:
    - cidr: 10.45.0.1/24
--- a/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
+++ b/kubernetes/apps/kube-system/cilium/app/kustomization.yaml
@ -3,6 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./bgppeeringpolicy.yaml
  - ./helmrelease.yaml
 configMapGenerator:
  - name: cilium-helm-values
--- a/kubernetes/apps/kube-system/cilium/app/resources/values.yml
+++ b/kubernetes/apps/kube-system/cilium/app/resources/values.yml
@ -1,41 +1,46 @@
---
+cluster:
-autoDirectNodeRoutes: true
+  name: homelab
  id: 1
 cni:
  exclusive: false
 bandwidthManager:
  enabled: true
  bbr: true
 bpf:
  masquerade: true
  tproxy: true
 autoDirectNodeRoutes: true
 ipv4NativeRoutingCIDR: 10.244.0.0/16
 routingMode: native
 loadBalancer:
  algorithm: maglev
  mode: dsr
 containerRuntime:
  integration: containerd
 localRedirectPolicy: true
 operator:
  replicas: 1
 ipam:
  mode: kubernetes
 kubeProxyReplacement: true
 k8sServiceHost: 127.0.0.1
 k8sServicePort: 7445
 rollOutCiliumPods: true
 cgroup:
  automount:
    enabled: false
  hostRoot: /sys/fs/cgroup
-cluster:
+bgp:
-  id: 1
+  enabled: false
-  name: homelab
+  announce:
-cni:
+    loadbalancerIP: true
-  exclusive: false
+    podCIDR: false
-containerRuntime:
+bgpControlPlane:
  integration: containerd
 endpointRoutes:
  enabled: true
 ipam:
  mode: kubernetes
 ipv4NativeRoutingCIDR: 10.244.0.0/16
 k8sServiceHost: 127.0.0.1
 k8sServicePort: 7445
 kubeProxyReplacement: true
 kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
 l2announcements:
  enabled: true
 loadBalancer:
  algorithm: maglev
  mode: dsr
 localRedirectPolicy: true
 operator:
  replicas: 1
 rollOutCiliumPods: true
 routingMode: native
 securityContext:
  capabilities:
    ciliumAgent:
--- a/kubernetes/apps/kube-system/cilium/config/kustomization.yaml
+++ b/kubernetes/apps/kube-system/cilium/config/kustomization.yaml
@ -1,6 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./l2.yaml
--- a/kubernetes/apps/kube-system/cilium/config/l2.yaml
+++ b/kubernetes/apps/kube-system/cilium/config/l2.yaml
@ -1,24 +0,0 @@
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json
 apiVersion: cilium.io/v2alpha1
 kind: CiliumL2AnnouncementPolicy
 metadata:
  name: l2-policy
 spec:
  loadBalancerIPs: true
  interfaces: ["^enp.*"]
  nodeSelector:
    matchLabels:
      kubernetes.io/os: linux
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
 apiVersion: cilium.io/v2alpha1
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: l2-pool
 spec:
  allowFirstLastIPs: "Yes"
  blocks:
    - # Controller VIP: 192.168.42.120
      start: 10.45.0.1
      stop: 10.45.0.30
--- a/kubernetes/apps/kube-system/cilium/ks.yaml
+++ b/kubernetes/apps/kube-system/cilium/ks.yaml
@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@ -10,35 +10,10 @@ spec:
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  interval: 10m
  path: "./kubernetes/apps/kube-system/cilium/app"
-  prune: false
+  prune: true
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: &app cilium-config
  namespace: flux-system
 spec:
  targetNamespace: kube-system
  commonMetadata:
    labels:
      app.kubernetes.io/name: *app
  dependsOn:
    - name: cilium
  path: ./kubernetes/apps/kube-system/cilium/config
  prune: false # never should be deleted
  sourceRef:
    kind: GitRepository
    name: homelab
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m