working ipv4 config

02-k8s/infra/network/cilium/bgp.yaml

@@ -16,11 +16,11 @@ spec:
           peerAddress: 2a13:fc80:1:a::1
           peerConfigRef:
             name: "vy-eis-mk8-de-bgp-1-peer-config"
-        - name: "vy-eis-mk8-de-1-v4"
-          peerASN: 65000
-          peerAddress: 10.51.10.1
-          peerConfigRef:
-            name: "vy-eis-mk8-de-bgp-1-peer-config"
+        # - name: "vy-eis-mk8-de-1-v4"
+        #   peerASN: 65000
+        #   peerAddress: 10.51.10.1
+        #   peerConfigRef:
+        #     name: "vy-eis-mk8-de-bgp-1-peer-config"
 ---
 apiVersion: cilium.io/v2
 kind: CiliumBGPPeerConfig
@@ -72,30 +72,46 @@ spec:
         wellKnown: ["no-export"]
       localPreference: 200
 
-  # LoadBalancer services
   - advertisementType: "Service"
     service:
       addresses:
-      - LoadBalancerIP
-    selector:
-      matchLabels:
-        service-type: "external"
-    attributes:
-      communities:
-        standard: ["65001:300"]
-      localPreference: 150
+        - ClusterIP
+        - ExternalIP
+        - LoadBalancerIP
+
+  # That at least works for the PodCIDR
+  # - advertisementType: "PodCIDR"
+  #   attributes:
+  #     communities:
+  #       standard: ["65001:100", "65001:200"]
+  #       large: ["65001:100:1"]
+  #       wellKnown: ["no-export"]
+  #     localPreference: 200
+
+  # # LoadBalancer services
+  # - advertisementType: "Service"
+  #   service:
+  #     addresses:
+  #     - LoadBalancerIP
+  #   # selector:
+  #   #   matchLabels:
+  #   #     service-type: "external"
+  #   attributes:
+  #     communities:
+  #       standard: ["65001:300"]
+  #     localPreference: 150
   
-  # ClusterIP services for internal access
-  - advertisementType: "Service"
-    service:
-      addresses:
-      - ClusterIP
-    selector:
-      matchExpressions:
-      - key: "internal-bgp"
-        operator: "In"
-        values: ["enabled"]
-    attributes:
-      communities:
-        standard: ["65001:400"]
-      localPreference: 100
+  # # ClusterIP services for internal access
+  # - advertisementType: "Service"
+  #   service:
+  #     addresses:
+  #     - ClusterIP
+  #   # selector:
+  #   #   matchExpressions:
+  #   #   - key: "internal-bgp"
+  #   #     operator: "In"
+  #   #     values: ["enabled"]
+  #   attributes:
+  #     communities:
+  #       standard: ["65001:400"]
+  #     localPreference: 100

02-k8s/infra/network/cilium/values.yaml

@@ -18,23 +18,24 @@ cgroup:
     enabled: false
   hostRoot: /sys/fs/cgroup
 
+bpf:
+  lbExternalClusterIP: true
 # https://www.talos.dev/latest/talos-guides/network/host-dns/#forwarding-kube-dns-to-host-dns
 # https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing
-bpf:
-  hostLegacyRouting: true
+#   hostLegacyRouting: true
 
 # https://docs.cilium.io/en/stable/network/concepts/ipam/
 ipam:
   mode: kubernetes
 
-k8s:
-  requireIPv4PodCIDR: true
-  requireIPv6PodCIDR: false
+# k8s:
+#   requireIPv4PodCIDR: true
+#   requireIPv6PodCIDR: false
 
 ipv4:
   enabled: true
 ipv6:
-  enabled: true
+  enabled: false
 
 # Avoid encapsulation for direct access
 routingMode: native
@@ -43,6 +44,12 @@ routingMode: native
 bgpControlPlane:
   enabled: true
 
+# enable instead of bgpControlPlane
+# l2announcements:
+#   enabled: false
+# externalIPs:
+#   enabled: false
+
 # Only BGP manages the routes
 # auto-direct-node-routes: true
 # direct-routing-skip-unreachable: true
@@ -54,6 +61,14 @@ ipv4-native-routing-cidr: 10.0.0.0/8
 enableIPv4Masquerade: false
 enableIPv6Masquerade: false
 
+enableIPv6BIGTCP: true
+
+bandwidthManager:
+  enabled: true
+  bbr: true
+
+#debug:
+#  enabled: true
 
 operator:
   rollOutPods: true
@@ -83,20 +98,11 @@ resources:
     cpu: 200m
     memory: 512Mi
 
-#debug:
-#  enabled: true
-
 # Increase rate limit when doing L2 announcements
 k8sClientRateLimit:
   qps: 20
   burst: 100
 
-l2announcements:
-  enabled: true
-
-externalIPs:
-  enabled: true
-
 loadBalancer:
   # https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#maglev-consistent-hashing
   algorithm: maglev