diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml index 4c2f1fa6e..cd5373578 100644 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml @@ -1,19 +1,19 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPAdvertisement -metadata: - name: cilium-bgp-advertisements - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cilium-bgp-advertisements - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - advertisements: - - advertisementType: "Service" - service: - addresses: - - ExternalIP - - LoadBalancerIP - selector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} +# apiVersion: cilium.io/v2alpha1 +# kind: CiliumBGPAdvertisement +# metadata: +# name: cilium-bgp-advertisements +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: cilium-bgp-advertisements +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# advertisements: +# - advertisementType: "Service" +# service: +# addresses: +# - ExternalIP +# - LoadBalancerIP +# selector: +# matchExpressions: +# - {key: somekey, operator: NotIn, values: ['never-used-value']} diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml index 7412ee4b1..52671a04d 100644 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml @@ -1,22 +1,22 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPClusterConfig -metadata: - name: cilium-bgp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cilium-bgp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - nodeSelector: - matchLabels: - node-role.kubernetes.io/bgp: "65020" - bgpInstances: - - name: "65020" - localASN: 65020 - peers: - - name: "udm-65000" - peerASN: 65000 - peerAddress: 192.168.1.1 - peerConfigRef: - name: "cilium-peer" +# apiVersion: cilium.io/v2alpha1 +# kind: CiliumBGPClusterConfig +# metadata: +# name: cilium-bgp +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: cilium-bgp +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# nodeSelector: +# matchLabels: +# node-role.kubernetes.io/bgp: "65020" +# bgpInstances: +# - name: "65020" +# localASN: 65020 +# peers: +# - name: "udm-65000" +# peerASN: 65000 +# peerAddress: 192.168.1.1 +# peerConfigRef: +# name: "cilium-peer" diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml index 25bd2e313..c011d57b4 100644 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml @@ -1,23 +1,23 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPPeerConfig -metadata: - name: cilium-peer - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: cilium-peer - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - timers: - holdTimeSeconds: 9 - keepAliveTimeSeconds: 3 - ebgpMultihop: 4 - gracefulRestart: - enabled: true - restartTimeSeconds: 15 - families: - - afi: ipv4 - safi: unicast - advertisements: - matchLabels: - app.kubernetes.io/name: cilium-bgp-advertisements +# apiVersion: cilium.io/v2alpha1 +# kind: CiliumBGPPeerConfig +# metadata: +# name: cilium-peer +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: cilium-peer +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# timers: +# holdTimeSeconds: 9 +# keepAliveTimeSeconds: 3 +# ebgpMultihop: 4 +# gracefulRestart: +# enabled: true +# restartTimeSeconds: 15 +# families: +# - afi: ipv4 +# safi: unicast +# advertisements: +# matchLabels: +# app.kubernetes.io/name: cilium-bgp-advertisements diff --git a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml b/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml index a9a0c2167..2c0db0527 100644 --- a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml @@ -11,5 +11,26 @@ spec: blocks: - start: "10.232.1.21" stop: "10.232.1.23" - - start: "10.232.1.200" - stop: "10.232.1.240" + - start: "10.232.2.21" + stop: "10.232.2.23" + serviceSelector: + matchLabels: + io.kubernetes.service.namespace: blocky + io.kubernetes.service.namespace: traefik + io.kubernetes.service.namespace: plex + +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumLoadBalancerIPPool +metadata: + name: bgp-ip-pool + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: bgp-ip-pool + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + blocks: + - start: "10.232.2.100" + stop: "10.232.2.200" + disabled: true diff --git a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml index 94f7446de..8a8274e01 100644 --- a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml @@ -1,35 +1,35 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: tls-gateway - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: tls-gateway - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - cert-manager.io/cluster-issuer: letsencrypt-issuer -spec: - gatewayClassName: cilium - listeners: - - allowedRoutes: - namespaces: - from: All - hostname: '*.alexlebens.net' - name: http - port: 80 - protocol: HTTP - - allowedRoutes: - namespaces: - from: All - hostname: '*.alexlebens.net' - name: https - port: 443 - protocol: HTTPS - tls: - certificateRefs: - - group: '' - kind: Secret - name: https-gateway-cert - namespace: kube-system - mode: Terminate +# apiVersion: gateway.networking.k8s.io/v1 +# kind: Gateway +# metadata: +# name: tls-gateway +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: tls-gateway +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/part-of: {{ .Release.Name }} +# annotations: +# cert-manager.io/cluster-issuer: letsencrypt-issuer +# spec: +# gatewayClassName: cilium +# listeners: +# - allowedRoutes: +# namespaces: +# from: All +# hostname: '*.alexlebens.net' +# name: http +# port: 80 +# protocol: HTTP +# - allowedRoutes: +# namespaces: +# from: All +# hostname: '*.alexlebens.net' +# name: https +# port: 443 +# protocol: HTTPS +# tls: +# certificateRefs: +# - group: '' +# kind: Secret +# name: https-gateway-cert +# namespace: kube-system +# mode: Terminate diff --git a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml b/clusters/cl01tl/standalone/cilium/templates/http-route.yaml index 029fcd577..603a5e574 100644 --- a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml +++ b/clusters/cl01tl/standalone/cilium/templates/http-route.yaml @@ -11,8 +11,8 @@ spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway - name: tls-gateway - namespace: kube-system + name: traefik-gateway + namespace: traefik hostnames: - hubble.alexlebens.net rules: diff --git a/clusters/cl01tl/standalone/cilium/values.yaml b/clusters/cl01tl/standalone/cilium/values.yaml index dfdfc42c9..dc70c2a44 100644 --- a/clusters/cl01tl/standalone/cilium/values.yaml +++ b/clusters/cl01tl/standalone/cilium/values.yaml @@ -28,7 +28,7 @@ cilium: l2announcements: enabled: false bgpControlPlane: - enabled: true + enabled: false secretsNamespace: name: kube-system statusReport: