Marcel Straub
eb00ba2c5a
- Upgraded to - Talos v1.11 (newest) - Kubernetes v1.34 - Added test application for LB-IPAM - Fixed IPv4 stack: - BGP advertisement of Services (ClusterIP, ExternalIP and LoadBalancerIP) - Fixed CoreDNS (integration between Talos HostDNS and Cilium BPF) Co-authored-by: Marcel Straub <m@straubs.eu> Reviewed-on: #11
120 lines
2.9 KiB
YAML
120 lines
2.9 KiB
YAML
---
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumBGPClusterConfig
|
|
metadata:
|
|
name: vy-eis-mk8-de-bgp
|
|
spec:
|
|
nodeSelector:
|
|
matchLabels:
|
|
kubernetes.io/os: linux
|
|
bgpInstances:
|
|
- name: "ASN65001"
|
|
localASN: 65001
|
|
peers:
|
|
- name: "vy-eis-mk8-de-1-v6"
|
|
peerASN: 65000
|
|
peerAddress: 2a13:fc80:1:a::1
|
|
peerConfigRef:
|
|
name: "vy-eis-mk8-de-bgp-1-peer-config"
|
|
# - name: "vy-eis-mk8-de-1-v4"
|
|
# peerASN: 65000
|
|
# peerAddress: 10.51.10.1
|
|
# peerConfigRef:
|
|
# name: "vy-eis-mk8-de-bgp-1-peer-config"
|
|
---
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumBGPPeerConfig
|
|
metadata:
|
|
name: vy-eis-mk8-de-bgp-1-peer-config
|
|
spec:
|
|
|
|
# Optimized timers for datacenter environments
|
|
timers:
|
|
connectRetryTimeSeconds: 5
|
|
holdTimeSeconds: 9
|
|
keepAliveTimeSeconds: 3
|
|
|
|
# Enable graceful restart for zero-downtime operations
|
|
gracefulRestart:
|
|
enabled: true
|
|
restartTimeSeconds: 15
|
|
|
|
# Custom transport configuration
|
|
transport:
|
|
peerPort: 179
|
|
|
|
# Address family configuration with advertisements
|
|
families:
|
|
- afi: ipv4
|
|
safi: unicast
|
|
advertisements:
|
|
matchLabels:
|
|
advertise: "datacenter-bgp"
|
|
- afi: ipv6
|
|
safi: unicast
|
|
advertisements:
|
|
matchLabels:
|
|
advertise: "datacenter-bgp"
|
|
---
|
|
apiVersion: cilium.io/v2
|
|
kind: CiliumBGPAdvertisement
|
|
metadata:
|
|
name: pod-cidr-advertisements
|
|
labels:
|
|
advertise: "datacenter-bgp"
|
|
spec:
|
|
advertisements:
|
|
- advertisementType: "PodCIDR"
|
|
attributes:
|
|
communities:
|
|
standard: ["65001:100", "65001:200"]
|
|
large: ["65001:100:1"]
|
|
wellKnown: ["no-export"]
|
|
localPreference: 200
|
|
|
|
- advertisementType: "Service"
|
|
service:
|
|
addresses:
|
|
- ClusterIP
|
|
- ExternalIP
|
|
- LoadBalancerIP
|
|
selector: # select all services by a dummy expression always matching
|
|
matchExpressions:
|
|
- {key: somekey, operator: NotIn, values: ['never-used-value']}
|
|
|
|
# That at least works for the PodCIDR
|
|
# - advertisementType: "PodCIDR"
|
|
# attributes:
|
|
# communities:
|
|
# standard: ["65001:100", "65001:200"]
|
|
# large: ["65001:100:1"]
|
|
# wellKnown: ["no-export"]
|
|
# localPreference: 200
|
|
|
|
# # LoadBalancer services
|
|
# - advertisementType: "Service"
|
|
# service:
|
|
# addresses:
|
|
# - LoadBalancerIP
|
|
# # selector:
|
|
# # matchLabels:
|
|
# # service-type: "external"
|
|
# attributes:
|
|
# communities:
|
|
# standard: ["65001:300"]
|
|
# localPreference: 150
|
|
|
|
# # ClusterIP services for internal access
|
|
# - advertisementType: "Service"
|
|
# service:
|
|
# addresses:
|
|
# - ClusterIP
|
|
# # selector:
|
|
# # matchExpressions:
|
|
# # - key: "internal-bgp"
|
|
# # operator: "In"
|
|
# # values: ["enabled"]
|
|
# attributes:
|
|
# communities:
|
|
# standard: ["65001:400"]
|
|
# localPreference: 100 |