feat: enable gateway and l2

2026-02-12 13:09:05 -06:00
parent 35f982b6f2
commit 7f4e75f2b5
4 changed files with 67 additions and 68 deletions
--- a/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
@@ -1,18 +1,17 @@
-# apiVersion: "cilium.io/v2alpha1"
+apiVersion: "cilium.io/v2alpha1"
-# kind: CiliumL2AnnouncementPolicy
+kind: CiliumL2AnnouncementPolicy
-# metadata:
+metadata:
-#   name: node-gateway-l2-policy
+  name: node-gateway-l2-policy
-#   namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
-#   labels:
+  labels:
-#     app.kubernetes.io/name: node-gateway-l2-policy
+    app.kubernetes.io/name: node-gateway-l2-policy
-#     app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
+spec:
-#   nodeSelector:
+  nodeSelector:
-#     matchLabels:
+    matchLabels:
-#       kubernetes.io/hostname: talos-ix7-xku
+      kubernetes.io/hostname: talos-ix7-xku
-#   interfaces:
+  interfaces:
-#     - end0
+    - "^enp.*"
-#     - enp6s0
+  externalIPs: true
-#   externalIPs: true
+  loadBalancerIPs: true
 #   loadBalancerIPs: true
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -9,8 +9,6 @@ metadata:
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  blocks:
    - start: "10.232.1.21"
      stop: "10.232.1.23"
    - start: "10.232.2.21"
      stop: "10.232.2.23"
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -1,46 +1,46 @@
-# apiVersion: gateway.networking.k8s.io/v1
+apiVersion: gateway.networking.k8s.io/v1
-# kind: Gateway
+kind: Gateway
-# metadata:
+metadata:
-#   name: cilium-tls-gateway
+  name: cilium-tls-gateway
-#   namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
-#   labels:
+  labels:
-#     app.kubernetes.io/name: cilium-tls-gateway
+    app.kubernetes.io/name: cilium-tls-gateway
-#     app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
-#   annotations:
+  annotations:
-#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
-#     io.cilium/lb-ipam-ips: "10.232.1.23"
+    io.cilium/lb-ipam-ips: "10.232.1.23"
-# spec:
+spec:
-#   addresses:
+  addresses:
-#     - type: IPAddress
+    - type: IPAddress
-#       value: 10.232.1.23
+      value: 10.232.1.23
-#   gatewayClassName: cilium
+  gatewayClassName: cilium
-#   listeners:
+  listeners:
-#     - allowedRoutes:
+    - allowedRoutes:
-#         namespaces:
+        namespaces:
-#           from: All
+          from: All
-#       hostname: '*.alexlebens.net'
+      hostname: '*.alexlebens.net'
-#       name: https
+      name: https
-#       port: 443
+      port: 443
-#       protocol: HTTPS
+      protocol: HTTPS
-#       tls:
+      tls:
-#         certificateRefs:
+        certificateRefs:
-#           - group: ''
+          - group: ''
-#             kind: Secret
+            kind: Secret
-#             name: https-gateway-cert
+            name: https-gateway-cert
-#             namespace: kube-system
+            namespace: kube-system
-#         mode: Terminate
+        mode: Terminate
-#     - allowedRoutes:
+    - allowedRoutes:
-#         namespaces:
+        namespaces:
-#           from: All
+          from: All
-#       hostname: 'alexlebens.net'
+      hostname: 'alexlebens.net'
-#       name: https-domain
+      name: https-domain
-#       port: 443
+      port: 443
-#       protocol: HTTPS
+      protocol: HTTPS
-#       tls:
+      tls:
-#         certificateRefs:
+        certificateRefs:
-#           - group: ''
+          - group: ''
-#             kind: Secret
+            kind: Secret
-#             name: https-gateway-cert
+            name: https-gateway-cert
-#             namespace: kube-system
+            namespace: kube-system
-#         mode: Terminate
+        mode: Terminate
--- a/clusters/cl01tl/helm/cilium/values.yaml
+++ b/clusters/cl01tl/helm/cilium/values.yaml
@@ -26,7 +26,7 @@ cilium:
        - SYS_ADMIN
        - SYS_RESOURCE
  l2announcements:
-    enabled: false
+    enabled: true
  bgpControlPlane:
    enabled: false
    secretsNamespace:
@@ -37,7 +37,7 @@ cilium:
      mode: "default"
  bpf:
    hostLegacyRouting: true
-  devices: end0 enp6s0
+  devices: '^(enp|end|eth)[0-9a-z]*'
  enableK8sEndpointSlice: true
  ciliumEndpointSlice:
    enabled: true
@@ -47,6 +47,8 @@ cilium:
    enabled: true
    enableAlpn: true
    enableAppProtocol: true
    gatewayClass:
      create: true
  externalIPs:
    enabled: true
  socketLB: