diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy-v2.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy-v2.yaml new file mode 100644 index 000000000..0aea168c1 --- /dev/null +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy-v2.yaml @@ -0,0 +1,157 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-cp-1 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-1 + bgpInstances: + - name: "instance-65201" + localASN: 65201 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-cp-2 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-2 + bgpInstances: + - name: "instance-65202" + localASN: 65202 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-cp-3 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-3 + bgpInstances: + - name: "instance-65203" + localASN: 65203 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-wk-1 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-1 + bgpInstances: + - name: "instance-65301" + localASN: 65301 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-wk-2 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-2 + bgpInstances: + - name: "instance-65302" + localASN: 65302 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPClusterConfig +metadata: + name: cilium-bgp-cluster-config-wk-3 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-3 + bgpInstances: + - name: "instance-65303" + localASN: 65303 + peers: + - name: "peer-to-router" + peerASN: 65184 + peerAddress: 192.168.3.254/32 + peerConfigRef: + name: "common-peer-config" +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPPeerConfig +metadata: + name: common-peer-config +spec: + peerPort: 179 + eBGPMultihopTTL: 1 + timers: + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 + families: + - afi: ipv4 + safi: unicast + advertisements: + matchLabels: + advertise: podcidr + - afi: ipv4 + safi: unicast + advertisements: + matchLabels: + advertise: service +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPAdvertisement +metadata: + name: podcidr-advertisement + labels: + advertise: podcidr +spec: + advertisements: + - advertisementType: PodCIDR +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPAdvertisement +metadata: + name: service-advertisement + labels: + advertise: service +spec: + advertisements: + - advertisementType: Service + service: + addresses: + - LoadBalancerIP + - ClusterIP diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml index 9c2a9989c..cf7c55ffb 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml @@ -3,6 +3,8 @@ kind: CiliumLoadBalancerIPPool metadata: name: "lb-pool" spec: - cidrs: + blocks: # 10.96.0.0-10.96.3.255 をloadBalancerのIPに割当可能 - cidr: "10.96.0.0/22" + # allowFirstLastIPs デフォルトの挙動が no -> yes になったので注意 + allowFirstLastIPs: yes