kubernetes/apps/kube-system/cilium/app/bgppeeringpolicy.yaml

@@ -1,37 +0,0 @@
----
-# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io%2Fciliumbgppeeringpolicy_v2alpha1.json
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPPeeringPolicy
-# comments courtesy of JJGadgets
-# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
-# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
-# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
-metadata:
-  name: bgp-loadbalancer-ip-main
-spec:
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
-  virtualRouters:
-    - localASN: 64512
-      exportPodCIDR: false
-      serviceSelector: # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
-        matchExpressions:
-          - {
-            key: thisFakeSelector,
-            operator: NotIn,
-            values: ["will-match-and-announce-all-services"],
-          }
-      neighbors:
-        - peerAddress: "10.1.1.1/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
-          peerASN: 64512
-
----
-# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
-apiVersion: "cilium.io/v2alpha1"
-kind: CiliumLoadBalancerIPPool
-metadata:
-  name: main-pool
-spec:
-  cidrs:
-    - cidr: 10.45.0.1/24

kubernetes/apps/kube-system/cilium/app/kustomization.yaml

@@ -3,7 +3,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./bgppeeringpolicy.yaml
   - ./helmrelease.yaml
 configMapGenerator:
   - name: cilium-helm-values
@@ -12,4 +11,4 @@ configMapGenerator:
 configurations:
   - kustomizeconfig.yaml
 generatorOptions:
-  disableNameSuffixHash: true
+  disableNameSuffixHash: true

kubernetes/apps/kube-system/cilium/app/resources/values.yml

@@ -1,46 +1,41 @@
-cluster:
-  name: homelab
-  id: 1
-cni:
-  exclusive: false
+---
+autoDirectNodeRoutes: true
 bandwidthManager:
   enabled: true
   bbr: true
 bpf:
   masquerade: true
   tproxy: true
-
-autoDirectNodeRoutes: true
-ipv4NativeRoutingCIDR: 10.244.0.0/16
-routingMode: native
-
-loadBalancer:
-  algorithm: maglev
-  mode: dsr
-
-containerRuntime:
-  integration: containerd
-
-localRedirectPolicy: true
-operator:
-  replicas: 1
-ipam:
-  mode: kubernetes
-kubeProxyReplacement: true
-k8sServiceHost: 127.0.0.1
-k8sServicePort: 7445
-rollOutCiliumPods: true
 cgroup:
   automount:
     enabled: false
   hostRoot: /sys/fs/cgroup
-bgp:
-  enabled: false
-  announce:
-    loadbalancerIP: true
-    podCIDR: false
-bgpControlPlane:
+cluster:
+  id: 1
+  name: homelab
+cni:
+  exclusive: false
+containerRuntime:
+  integration: containerd
+endpointRoutes:
   enabled: true
+ipam:
+  mode: kubernetes
+ipv4NativeRoutingCIDR: 10.244.0.0/16
+k8sServiceHost: 127.0.0.1
+k8sServicePort: 7445
+kubeProxyReplacement: true
+kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
+l2announcements:
+  enabled: true
+loadBalancer:
+  algorithm: maglev
+  mode: dsr
+localRedirectPolicy: true
+operator:
+  replicas: 1
+rollOutCiliumPods: true
+routingMode: native
 securityContext:
   capabilities:
     ciliumAgent:

kubernetes/apps/kube-system/cilium/config/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./l2.yaml

kubernetes/apps/kube-system/cilium/config/l2.yaml

@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliuml2announcementpolicy_v2alpha1.json
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: l2-policy
+spec:
+  loadBalancerIPs: true
+  interfaces: ["^enp.*"]
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/os: linux
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/cilium.io/ciliumloadbalancerippool_v2alpha1.json
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: l2-pool
+spec:
+  allowFirstLastIPs: "Yes"
+  blocks:
+    - # Controller VIP: 192.168.42.120
+      start: 10.45.0.1
+      stop: 10.45.0.30

kubernetes/apps/kube-system/cilium/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@@ -10,10 +10,35 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  interval: 10m
   path: "./kubernetes/apps/kube-system/cilium/app"
-  prune: true
+  prune: false
   sourceRef:
     kind: GitRepository
     name: homelab
-  wait: true
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app cilium-config
+  namespace: flux-system
+spec:
+  targetNamespace: kube-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cilium
+  path: ./kubernetes/apps/kube-system/cilium/config
+  prune: false # never should be deleted
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m