Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

Add cilium to flux

Browse Source
This commit is contained in:
Lumpiasty
2025-02-12 00:16:46 +01:00
parent 8959077130
commit 0dbb3c2e19
4 changed files with 179 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
infra/configs/bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPClusterConfig
metadata:
name: router
spec:
bgpInstances:
- name: "main"
localASN: 65000
peers:
- name: barracuda
peerASN: 65000
peerAddress: 2001:470:61a3:100:ffff:ffff:ffff:ffff
peerConfigRef:
name: cilium-peer
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeerConfig
metadata:
name: cilium-peer
spec:
timers:
keepAliveTimeSeconds: 3
holdTimeSeconds: 9
connectRetryTimeSeconds: 12
gracefulRestart:
enabled: true
restartTimeSeconds: 60
families:
- afi: ipv4
safi: unicast
advertisements:
matchLabels:
advertise: bgp
- afi: ipv6
safi: unicast
advertisements:
matchLabels:
advertise: bgp
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPAdvertisement
metadata:
name: bgp-advertisements
labels:
advertise: bgp
spec:
advertisements:
- advertisementType: "CiliumPodIPPool"
# Wanting to advertise all pools
# https://docs.cilium.io/en/v1.16/network/bgp-control-plane/bgp-control-plane-v2/#multipool-ipam
selector:
matchExpressions:
- { key: somekey, operator: NotIn, values: ["never-used-value"] }
- advertisementType: Service
service:
addresses:
# Not advertising ClusterIP - kubeproxyreplacement should? translate them directly to pod ips
# Not advertising ExternalIP - they should be reachable via static config
- LoadBalancerIP
selector:
matchExpressions:
- { key: somekey, operator: NotIn, values: ["never-used-value"] }

8
infra/configs/loadbalancer-ippool.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "blue-pool"
spec:
blocks:
- cidr: 10.44.0.0/16
- cidr: 2001:470:61a3:400::/112

106
infra/controllers/cilium.yaml Normal file
View File

@@ -0,0 +1,106 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kube-system
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cilium
namespace: kube-system
spec:
interval: 24h
url: https://helm.cilium.com/stable
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cilium
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: cilium
version: 1.16.6
sourceRef:
kind: HelmRepository
name: cilium
namespace: kube-system
interval: 12h
values:
# Talos specific
# https://www.talos.dev/v1.9/kubernetes-guides/network/deploying-cilium/
kubeProxyReplacement: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
k8sServiceHost: localhost
k8sServicePort: 7445
# Homelab
routingMode: native
ipv6:
enabled: true
# Enable managing of IP Pools via CRD
ipam:
mode: multi-pool
operator:
autoCreateCiliumPodIPPools:
default:
# In line with controlplane.yml
ipv4:
cidrs:
- 10.42.0.0/16
maskSize: 24
ipv6:
cidrs:
- 2001:470:61a3:200::/104
maskSize: 120
# Disable masquerading, ipv4 is done at router level
enableIPv4Masquerade: false
enableIPv6Masquerade: false
# Enable peering announcing routes via BGP
bgpControlPlane:
enabled: true
# Decrease requests
resources:
requests:
cpu: 0
operator:
resources:
requests:
cpu: 0
envoy:
resources:
requests:
cpu: 0

3
infra/kustomization.yaml
View File

@@ -1,10 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- controllers/cilium.yaml
- controllers/nginx.yaml
- controllers/dns-public.yaml
- controllers/cert-manager.yaml
- controllers/openebs.yaml
- diskpools/zoma-dibaiyin-hdd.yaml
- configs/bgp-cluster-config.yaml
- configs/loadbalancer-ippool.yaml
- configs/cluster-issuer.yaml
- configs/single-hdd-sc.yaml