link to cilium documentation

00-infrastructure/README.md

@@ -37,6 +37,48 @@ deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-rep
 sudo apt install tofu
 ```
 
+### Deploy Talos cluster
+
+The initial deployment of the Talos cluster consists of two steps:
+
+1. Install Talos
+2. Configure Cilium networking
+3. Configure Argo CD
+
+For the future, it is planned to fully automate step 2 and 3 and integrate it into the initial ``tofu apply``.
+
+#### Setup the bare Talos kubernetes
+
+- Go to directory ``01-tofu``
+- Execute ``tofu apply``
+- Configure Kubernetes Cluster access by executing
+
+```shell
+talosctl -n 10.51.10.101 --endpoints 10.51.10.100 --talosconfig=output/talos-config.yaml kubeconfig
+```
+
+#### Configure Cilium Networking
+
+Before we can configure any other services, the K8s network must be operational.
+
+Go to directory ``../02-k8s`` and execute:
+
+```shell
+kustomize build --enable-helm infra/network/cilium | kubectl apply -f -
+```
+
+Check that the cluster now gets into a healthy state:
+
+```shell
+talosctl -n 10.51.10.101 --endpoints 10.51.10.100 --talosconfig=output/talos-config.yaml health
+```
+
+How to configure the router etc.pp. can be found at [Cilium/README.MD](../02-k8s/infra/network/cilium/README.md).
+
+#### Configure ArgoCD
+
+[Follow K8s documentation](../02-k8s/README.md).
+
 ## Important tasks
 
 ### Reuse machine secrets
@@ -54,11 +96,11 @@ kubectl run -i --tty --rm debug --image=harbor.prod.eis-mk8.de.s5b.org/internal/
 ```
 
 If the container is not automatically removed, use
+
 ```shell
 kubectl delete pod debug
 ```
 
-
 ## Literature
 - [Talos Kubernetes on Proxmox using OpenTofu](https://blog.stonegarden.dev/articles/2024/08/talos-proxmox-tofu/)
 - [Talos on Proxmox with Terraform (multiple node pools)](https://github.com/sergelogvinov/terraform-talos/tree/main/proxmox)

02-k8s/infra/network/cilium/README.md

@@ -0,0 +1,56 @@
+# Cilium Configuration
+
+## Architecture
+
+- Use native routing
+- Announce IP addresses with BGP to routers
+  - Router:
+    - ASN: 65000
+    - Address: 2a13:fc80:1:a::1
+  - K8S cluster:
+    - ASN: 65001
+    - Loadbalance IP Pools:
+      - ``public-v4-01``: 185.83.87.48/29
+      - ``public-v6-01``: 2a13:fc80:1:d201::/64
+    - Export:
+      - PodCIDR
+      - Service (ClusterIP, ExternalIP, LoadBalanceIP)
+
+## Prepare router for BGP setup
+
+The network router is assumed to be a VyOS router. The configuration assumes that the Kubernetes network is on interface ``eth1.210``.
+
+```vyos
+ bgp {
+     listen {
+         range 10.51.10.0/23 {
+             peer-group k8s-prod
+         }
+         range 2a13:fc80:1:a::/64 {
+             peer-group k8s-prod
+         }
+     }
+     neighbor eth1.210 {
+         description "K8s - Production Cluster"
+         interface {
+             peer-group k8s-prod
+         }
+     }
+     peer-group k8s-prod {
+         address-family {
+             ipv4-unicast {
+                 route-map {
+                     import ASN65001
+                 }
+             }
+             ipv6-unicast {
+                 route-map {
+                     import ASN65001
+                 }
+             }
+         }
+         remote-as 65001
+     }
+     system-as 65000
+ }
+```