Merge pull request #2110 from GiganticMinecraft/migrate_cilium_bgp_co…

…nfig migrate bgp control plane v2 before upgrading cilium to 1.16
GiganticMinecraft · Aug 22, 2024 · 21a7054 · 21a7054
2 parents 9865ce6 + 2d31337
commit 21a7054
Show file tree

Hide file tree

Showing 2 changed files with 160 additions and 1 deletion.
diff --git a/...sts/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy-v2.yaml b/...sts/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy-v2.yaml
@@ -0,0 +1,157 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-cp-1
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-cp-1
+  bgpInstances:
+  - name: "instance-65201"
+    localASN: 65201
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-cp-2
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-cp-2
+  bgpInstances:
+  - name: "instance-65202"
+    localASN: 65202
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-cp-3
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-cp-3
+  bgpInstances:
+  - name: "instance-65203"
+    localASN: 65203
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-wk-1
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-wk-1
+  bgpInstances:
+  - name: "instance-65301"
+    localASN: 65301
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-wk-2
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-wk-2
+  bgpInstances:
+  - name: "instance-65302"
+    localASN: 65302
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-bgp-cluster-config-wk-3
+spec:
+  nodeSelector:
+    matchLabels:
+      kubernetes.io/hostname: seichi-onp-k8s-wk-3
+  bgpInstances:
+  - name: "instance-65303"
+    localASN: 65303
+    peers:
+    - name: "peer-to-router"
+      peerASN: 65184
+      peerAddress: 192.168.3.254/32
+      peerConfigRef:
+        name: "common-peer-config"
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPPeerConfig
+metadata:
+  name: common-peer-config
+spec:
+  peerPort: 179
+  eBGPMultihopTTL: 1
+  timers:
+    connectRetryTimeSeconds: 120
+    holdTimeSeconds: 90
+    keepAliveTimeSeconds: 30
+  gracefulRestart:
+    enabled: true
+    restartTimeSeconds: 120
+  families:
+    - afi: ipv4
+      safi: unicast
+      advertisements:
+        matchLabels:
+          advertise: podcidr
+    - afi: ipv4
+      safi: unicast
+      advertisements:
+        matchLabels:
+          advertise: service
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPAdvertisement
+metadata:
+  name: podcidr-advertisement
+  labels:
+    advertise: podcidr
+spec:
+  advertisements:
+    - advertisementType: PodCIDR
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPAdvertisement
+metadata:
+  name: service-advertisement
+  labels:
+    advertise: service
+spec:
+  advertisements:
+    - advertisementType: Service
+      service:
+        addresses:
+          - LoadBalancerIP
+          - ClusterIP
diff --git a/...sts/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml b/...sts/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml
@@ -3,6 +3,8 @@ kind: CiliumLoadBalancerIPPool
 metadata:
   name: "lb-pool"
 spec:
-  cidrs:
+  blocks:
   # 10.96.0.0-10.96.3.255 をloadBalancerのIPに割当可能
   - cidr: "10.96.0.0/22"
+  # allowFirstLastIPs デフォルトの挙動が no -> yes になったので注意
+  allowFirstLastIPs: yes