BGP --> L2 Announcements #271
6 changed files with 87 additions and 75 deletions
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json
|
|
||||||
apiVersion: cilium.io/v2alpha1
|
|
||||||
kind: CiliumBGPPeeringPolicy
|
|
||||||
# comments courtesy of JJGadgets
|
|
||||||
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
|
|
||||||
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
|
|
||||||
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
|
|
||||||
metadata:
|
|
||||||
name: bgp-loadbalancer-ip-main
|
|
||||||
spec:
|
|
||||||
nodeSelector:
|
|
||||||
matchLabels:
|
|
||||||
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
|
|
||||||
virtualRouters:
|
|
||||||
- localASN: 64512
|
|
||||||
exportPodCIDR: false
|
|
||||||
serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
|
|
||||||
matchExpressions:
|
|
||||||
- {
|
|
||||||
key: thisFakeSelector,
|
|
||||||
operator: NotIn,
|
|
||||||
values: ["will-match-and-announce-all-services"],
|
|
||||||
}
|
|
||||||
neighbors:
|
|
||||||
- peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
|
|
||||||
peerASN: 64512
|
|
||||||
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
|
|
||||||
apiVersion: "cilium.io/v2alpha1"
|
|
||||||
kind: CiliumLoadBalancerIPPool
|
|
||||||
metadata:
|
|
||||||
name: main-pool
|
|
||||||
spec:
|
|
||||||
cidrs:
|
|
||||||
- cidr: 10.45.0.1/24
|
|
|
@ -3,7 +3,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./bgppeeringpolicy.yaml
|
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
configMapGenerator:
|
configMapGenerator:
|
||||||
- name: cilium-helm-values
|
- name: cilium-helm-values
|
||||||
|
@ -12,4 +11,4 @@ configMapGenerator:
|
||||||
configurations:
|
configurations:
|
||||||
- kustomizeconfig.yaml
|
- kustomizeconfig.yaml
|
||||||
generatorOptions:
|
generatorOptions:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
||||||
|
|
|
@ -1,46 +1,41 @@
|
||||||
cluster:
|
---
|
||||||
name: homelab
|
autoDirectNodeRoutes: true
|
||||||
id: 1
|
|
||||||
cni:
|
|
||||||
exclusive: false
|
|
||||||
bandwidthManager:
|
bandwidthManager:
|
||||||
enabled: true
|
enabled: true
|
||||||
bbr: true
|
bbr: true
|
||||||
bpf:
|
bpf:
|
||||||
masquerade: true
|
masquerade: true
|
||||||
tproxy: true
|
tproxy: true
|
||||||
|
|
||||||
autoDirectNodeRoutes: true
|
|
||||||
ipv4NativeRoutingCIDR: 10.244.0.0/16
|
|
||||||
routingMode: native
|
|
||||||
|
|
||||||
loadBalancer:
|
|
||||||
algorithm: maglev
|
|
||||||
mode: dsr
|
|
||||||
|
|
||||||
containerRuntime:
|
|
||||||
integration: containerd
|
|
||||||
|
|
||||||
localRedirectPolicy: true
|
|
||||||
operator:
|
|
||||||
replicas: 1
|
|
||||||
ipam:
|
|
||||||
mode: kubernetes
|
|
||||||
kubeProxyReplacement: true
|
|
||||||
k8sServiceHost: 127.0.0.1
|
|
||||||
k8sServicePort: 7445
|
|
||||||
rollOutCiliumPods: true
|
|
||||||
cgroup:
|
cgroup:
|
||||||
automount:
|
automount:
|
||||||
enabled: false
|
enabled: false
|
||||||
hostRoot: /sys/fs/cgroup
|
hostRoot: /sys/fs/cgroup
|
||||||
bgp:
|
cluster:
|
||||||
enabled: false
|
id: 1
|
||||||
announce:
|
name: homelab
|
||||||
loadbalancerIP: true
|
cni:
|
||||||
podCIDR: false
|
exclusive: false
|
||||||
bgpControlPlane:
|
containerRuntime:
|
||||||
|
integration: containerd
|
||||||
|
endpointRoutes:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ipam:
|
||||||
|
mode: kubernetes
|
||||||
|
ipv4NativeRoutingCIDR: 10.244.0.0/16
|
||||||
|
k8sServiceHost: 127.0.0.1
|
||||||
|
k8sServicePort: 7445
|
||||||
|
kubeProxyReplacement: true
|
||||||
|
kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
|
||||||
|
l2announcements:
|
||||||
|
enabled: true
|
||||||
|
loadBalancer:
|
||||||
|
algorithm: maglev
|
||||||
|
mode: dsr
|
||||||
|
localRedirectPolicy: true
|
||||||
|
operator:
|
||||||
|
replicas: 1
|
||||||
|
rollOutCiliumPods: true
|
||||||
|
routingMode: native
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
ciliumAgent:
|
ciliumAgent:
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./l2.yaml
|
24
kubernetes/apps/kube-system/cilium/config/l2.yaml
Normal file
24
kubernetes/apps/kube-system/cilium/config/l2.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json
|
||||||
|
apiVersion: cilium.io/v2alpha1
|
||||||
|
kind: CiliumL2AnnouncementPolicy
|
||||||
|
metadata:
|
||||||
|
name: l2-policy
|
||||||
|
spec:
|
||||||
|
loadBalancerIPs: true
|
||||||
|
interfaces: ["^enp.*"]
|
||||||
|
nodeSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
|
||||||
|
apiVersion: cilium.io/v2alpha1
|
||||||
|
kind: CiliumLoadBalancerIPPool
|
||||||
|
metadata:
|
||||||
|
name: l2-pool
|
||||||
|
spec:
|
||||||
|
allowFirstLastIPs: "Yes"
|
||||||
|
blocks:
|
||||||
|
- # Controller VIP: 192.168.42.120
|
||||||
|
start: 10.45.0.1
|
||||||
|
stop: 10.45.0.30
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -10,10 +10,35 @@ spec:
|
||||||
commonMetadata:
|
commonMetadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: *app
|
app.kubernetes.io/name: *app
|
||||||
interval: 10m
|
|
||||||
path: "./kubernetes/apps/kube-system/cilium/app"
|
path: "./kubernetes/apps/kube-system/cilium/app"
|
||||||
prune: true
|
prune: false
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
name: homelab
|
name: homelab
|
||||||
wait: true
|
wait: true
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
---
|
||||||
|
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: &app cilium-config
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
targetNamespace: kube-system
|
||||||
|
commonMetadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: *app
|
||||||
|
dependsOn:
|
||||||
|
- name: cilium
|
||||||
|
path: ./kubernetes/apps/kube-system/cilium/config
|
||||||
|
prune: false # never should be deleted
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: homelab
|
||||||
|
wait: false
|
||||||
|
interval: 30m
|
||||||
|
retryInterval: 1m
|
||||||
|
timeout: 5m
|
||||||
|
|
Loading…
Reference in a new issue