disable bgp

2025-06-19 20:44:08 -05:00
parent 297698c2f9
commit 880f924864
7 changed files with 125 additions and 104 deletions
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-advertisement.yaml
@@ -1,19 +1,19 @@
-apiVersion: cilium.io/v2alpha1
+# apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPAdvertisement
+# kind: CiliumBGPAdvertisement
-metadata:
+# metadata:
-  name: cilium-bgp-advertisements
+#   name: cilium-bgp-advertisements
-  namespace: {{ .Release.Namespace }}
+#   namespace: {{ .Release.Namespace }}
-  labels:
+#   labels:
-    app.kubernetes.io/name: cilium-bgp-advertisements
+#     app.kubernetes.io/name: cilium-bgp-advertisements
-    app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
+# spec:
-  advertisements:
+#   advertisements:
-    - advertisementType: "Service"
+#     - advertisementType: "Service"
-      service:
+#       service:
-        addresses:
+#         addresses:
-          - ExternalIP
+#           - ExternalIP
-          - LoadBalancerIP
+#           - LoadBalancerIP
-      selector:
+#       selector:
-        matchExpressions:
+#         matchExpressions:
-         - {key: somekey, operator: NotIn, values: ['never-used-value']}
+#          - {key: somekey, operator: NotIn, values: ['never-used-value']}
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-cluster-config.yaml
@@ -1,22 +1,22 @@
-apiVersion: cilium.io/v2alpha1
+# apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPClusterConfig
+# kind: CiliumBGPClusterConfig
-metadata:
+# metadata:
-  name: cilium-bgp
+#   name: cilium-bgp
-  namespace: {{ .Release.Namespace }}
+#   namespace: {{ .Release.Namespace }}
-  labels:
+#   labels:
-    app.kubernetes.io/name: cilium-bgp
+#     app.kubernetes.io/name: cilium-bgp
-    app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
+# spec:
-  nodeSelector:
+#   nodeSelector:
-    matchLabels:
+#     matchLabels:
-      node-role.kubernetes.io/bgp: "65020"
+#       node-role.kubernetes.io/bgp: "65020"
-  bgpInstances:
+#   bgpInstances:
-    - name: "65020"
+#     - name: "65020"
-      localASN: 65020
+#       localASN: 65020
-      peers:
+#       peers:
-        - name: "udm-65000"
+#         - name: "udm-65000"
-          peerASN: 65000
+#           peerASN: 65000
-          peerAddress: 192.168.1.1
+#           peerAddress: 192.168.1.1
-          peerConfigRef:
+#           peerConfigRef:
-            name: "cilium-peer"
+#             name: "cilium-peer"
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-bgp-peer-config.yaml
@@ -1,23 +1,23 @@
-apiVersion: cilium.io/v2alpha1
+# apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPPeerConfig
+# kind: CiliumBGPPeerConfig
-metadata:
+# metadata:
-  name: cilium-peer
+#   name: cilium-peer
-  namespace: {{ .Release.Namespace }}
+#   namespace: {{ .Release.Namespace }}
-  labels:
+#   labels:
-    app.kubernetes.io/name: cilium-peer
+#     app.kubernetes.io/name: cilium-peer
-    app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
+# spec:
-  timers:
+#   timers:
-    holdTimeSeconds: 9
+#     holdTimeSeconds: 9
-    keepAliveTimeSeconds: 3
+#     keepAliveTimeSeconds: 3
-  ebgpMultihop: 4
+#   ebgpMultihop: 4
-  gracefulRestart:
+#   gracefulRestart:
-    enabled: true
+#     enabled: true
-    restartTimeSeconds: 15
+#     restartTimeSeconds: 15
-  families:
+#   families:
-    - afi: ipv4
+#     - afi: ipv4
-      safi: unicast
+#       safi: unicast
-      advertisements:
+#       advertisements:
-        matchLabels:
+#         matchLabels:
-          app.kubernetes.io/name: cilium-bgp-advertisements
+#           app.kubernetes.io/name: cilium-bgp-advertisements
--- a/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -11,5 +11,26 @@ spec:
  blocks:
    - start: "10.232.1.21"
      stop: "10.232.1.23"
-    - start: "10.232.1.200"
+    - start: "10.232.2.21"
-      stop: "10.232.1.240"
+      stop: "10.232.2.23"
  serviceSelector:
    matchLabels:
      io.kubernetes.service.namespace: blocky
      io.kubernetes.service.namespace: traefik
      io.kubernetes.service.namespace: plex
 ---
 apiVersion: "cilium.io/v2alpha1"
 kind: CiliumLoadBalancerIPPool
 metadata:
  name: bgp-ip-pool
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: bgp-ip-pool
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
  blocks:
    - start: "10.232.2.100"
      stop: "10.232.2.200"
  disabled: true
--- a/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/gateway.yaml
@@ -1,35 +1,35 @@
-apiVersion: gateway.networking.k8s.io/v1
+# apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
+# kind: Gateway
-metadata:
+# metadata:
-  name: tls-gateway
+#   name: tls-gateway
-  namespace: {{ .Release.Namespace }}
+#   namespace: {{ .Release.Namespace }}
-  labels:
+#   labels:
-    app.kubernetes.io/name: tls-gateway
+#     app.kubernetes.io/name: tls-gateway
-    app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
+#   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
-spec:
+# spec:
-  gatewayClassName: cilium
+#   gatewayClassName: cilium
-  listeners:
+#   listeners:
-    - allowedRoutes:
+#     - allowedRoutes:
-        namespaces:
+#         namespaces:
-          from: All
+#           from: All
-      hostname: '*.alexlebens.net'
+#       hostname: '*.alexlebens.net'
-      name: http
+#       name: http
-      port: 80
+#       port: 80
-      protocol: HTTP
+#       protocol: HTTP
-    - allowedRoutes:
+#     - allowedRoutes:
-        namespaces:
+#         namespaces:
-          from: All
+#           from: All
-      hostname: '*.alexlebens.net'
+#       hostname: '*.alexlebens.net'
-      name: https
+#       name: https
-      port: 443
+#       port: 443
-      protocol: HTTPS
+#       protocol: HTTPS
-      tls:
+#       tls:
-        certificateRefs:
+#         certificateRefs:
-          - group: ''
+#           - group: ''
-            kind: Secret
+#             kind: Secret
-            name: https-gateway-cert
+#             name: https-gateway-cert
-            namespace: kube-system
+#             namespace: kube-system
-        mode: Terminate
+#         mode: Terminate
--- a/clusters/cl01tl/standalone/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/standalone/cilium/templates/http-route.yaml
@@ -11,8 +11,8 @@ spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
-      name: tls-gateway
+      name: traefik-gateway
-      namespace: kube-system
+      namespace: traefik
  hostnames:
    - hubble.alexlebens.net
  rules:
--- a/clusters/cl01tl/standalone/cilium/values.yaml
+++ b/clusters/cl01tl/standalone/cilium/values.yaml
@@ -28,7 +28,7 @@ cilium:
  l2announcements:
    enabled: false
  bgpControlPlane:
-    enabled: true
+    enabled: false
    secretsNamespace:
      name: kube-system
    statusReport: