/
BGP.yaml
48 lines (48 loc) · 2.16 KB
/
BGP.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
# MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
# "CiliumBGPPeeringPolicy" Custom Resource will replace the old MetalLB BGP's "bgp-config" ConfigMap
# "CiliumBGPPeeringPolicy" is used with `bgpControlPlane.enabled: true` which uses GoBGP, NOT the old `bgp.enabled: true` which uses MetalLB
metadata:
name: bgp-loadbalancer-ip-main
spec:
nodeSelector:
matchLabels:
kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
virtualRouters:
- localASN: &router ${ASN_ROUTER} # ASNs are processed in uint32
exportPodCIDR: false
serviceSelector: &all # this replaces address-pools, instead of defining the range of IPs that can be assigned to LoadBalancer services, now services have to match below selectors for their LB IPs to be announced
matchExpressions:
- {key: io.cilium/bgp, operator: NotIn, values: ["deny", "false"]}
- {key: io.cilium/internal, operator: NotIn, values: ["true"]}
neighbors:
- peerAddress: "${IP_ROUTER_VLAN_K8S}/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
peerASN: *router
gracefulRestart:
enabled: true
restartTimeSeconds: 120
- localASN: &ec2 ${ASN_EC2_INGRESS}
exportPodCIDR: false
serviceSelector: *all
neighbors:
- peerAddress: "${IP_EC2_NON_K8S}/32"
peerASN: *ec2
- localASN: ${ASN_CLUSTER_NODES}
exportPodCIDR: false
serviceSelector: *all
neighbors:
- &nodes
peerAddress: "${IP_ROUTER_VLAN_K8S_PREFIX}1/32"
peerASN: ${ASN_CLUSTER_NODES}
peerPort: 61790
- <<: *nodes
peerAddress: "${IP_ROUTER_VLAN_K8S_PREFIX}2/32"
- <<: *nodes
peerAddress: "${IP_ROUTER_VLAN_K8S_PREFIX}3/32"
# - <<: *nodes
# peerAddress: "127.0.0.1/32"
# - <<: *nodes
# peerAddress: "127.0.0.1/32"
# peerPort: 61791