migrate

2025-12-02 17:36:53 -06:00
parent 076a9e6bc8
commit cc2f89f9fc
27 changed files with 236 additions and 11 deletions
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml
@@ -0,0 +1,19 @@
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPAdvertisement
+# metadata:
+#   name: cilium-bgp-advertisements
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-bgp-advertisements
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   advertisements:
+#     - advertisementType: "Service"
+#       service:
+#         addresses:
+#           - ExternalIP
+#           - LoadBalancerIP
+#       selector:
+#         matchExpressions:
+#          - {key: somekey, operator: NotIn, values: ['never-used-value']}
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml
@@ -0,0 +1,22 @@
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPClusterConfig
+# metadata:
+#   name: cilium-bgp
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-bgp
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   nodeSelector:
+#     matchLabels:
+#       node-role.kubernetes.io/bgp: "65020"
+#   bgpInstances:
+#     - name: "65020"
+#       localASN: 65020
+#       peers:
+#         - name: "udm-65000"
+#           peerASN: 65000
+#           peerAddress: 192.168.1.1
+#           peerConfigRef:
+#             name: "cilium-peer"
--- a/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml
@@ -0,0 +1,23 @@
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPPeerConfig
+# metadata:
+#   name: cilium-peer
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: cilium-peer
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   timers:
+#     holdTimeSeconds: 9
+#     keepAliveTimeSeconds: 3
+#   ebgpMultihop: 4
+#   gracefulRestart:
+#     enabled: true
+#     restartTimeSeconds: 15
+#   families:
+#     - afi: ipv4
+#       safi: unicast
+#       advertisements:
+#         matchLabels:
+#           app.kubernetes.io/name: cilium-bgp-advertisements
--- a/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
@@ -0,0 +1,31 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-ip-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: default-ip-pool
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  blocks:
+    - start: "10.232.1.21"
+      stop: "10.232.1.23"
+    - start: "10.232.2.21"
+      stop: "10.232.2.23"
+
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: bgp-ip-pool
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: bgp-ip-pool
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  blocks:
+    - start: "10.232.2.100"
+      stop: "10.232.2.200"
+  disabled: true
--- a/clusters/cl01tl/helm/cilium/templates/gateway.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/gateway.yaml
@@ -0,0 +1,35 @@
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: Gateway
+# metadata:
+#   name: tls-gateway
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: tls-gateway
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+#   annotations:
+#     cert-manager.io/cluster-issuer: letsencrypt-issuer
+# spec:
+#   gatewayClassName: cilium
+#   listeners:
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: http
+#       port: 80
+#       protocol: HTTP
+#     - allowedRoutes:
+#         namespaces:
+#           from: All
+#       hostname: '*.alexlebens.net'
+#       name: https
+#       port: 443
+#       protocol: HTTPS
+#       tls:
+#         certificateRefs:
+#           - group: ''
+#             kind: Secret
+#             name: https-gateway-cert
+#             namespace: kube-system
+#         mode: Terminate
--- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml
@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-hubble
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-hubble
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - hubble.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: hubble-ui
+          port: 80
+          weight: 100