fix(cilium): back to MetalLB BGP

Signed-off-by: JJGadgets <git@jjgadgets.tech>
2026-01-27 10:18:27 +00:00 · 2023-02-25 21:40:43 +08:00
parent 759e17fcd4
commit 01a1357f38
1 changed files with 40 additions and 17 deletions
--- a/kube/3-deploy/1-core/01-networking/cilium/install.yaml
+++ b/kube/3-deploy/1-core/01-networking/cilium/install.yaml
@@ -1,21 +1,39 @@
+# ---
+# apiVersion: cilium.io/v2alpha1
+# kind: CiliumBGPPeeringPolicy # MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
+# metadata:
+#   name: home-opnsense-main
+# spec:
+#   nodeSelector:
+#     matchLabels:
+#       kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
+#   virtualRouters:
+#     - localASN: ${ASN_CLUSTER} # ASNs are processed in uint32
+#       exportPodCIDR: true
+#       serviceSelector:
+#         matchExpressions:
+#           - {key: allservices, operator: NotIn, values: ['will-be-announced']}
+#       neighbors:
+#         - peerAddress: "${IP_ROUTER_VLAN_K8S}/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
+#           peerASN: ${ASN_ROUTER}
 ---
-apiVersion: cilium.io/v2alpha1
-kind: CiliumBGPPeeringPolicy # MAKE SURE CRDs ARE INSTALLED IN CLUSTER VIA cilium-config ConfigMap OR Cilium HelmRelease/values.yaml (bgpControlPlane.enabled: true), BEFORE THIS IS APPLIED!
+apiVersion: v1
+kind: ConfigMap
 metadata:
-  name: home-opnsense-main
-spec:
-  nodeSelector:
-    matchLabels:
-      kubernetes.io/os: "linux" # match all Linux nodes, change this to match more granularly if more than 1 PeeringPolicy is to be used throughout cluster
-  virtualRouters:
-    - localASN: ${ASN_CLUSTER} # ASNs are processed in uint32
-      exportPodCIDR: true
-      serviceSelector:
-        matchExpressions:
-          - {key: allservices, operator: NotIn, values: ['will-be-announced']}
-      neighbors:
-        - peerAddress: "${IP_ROUTER_VLAN_K8S}/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
-          peerASN: ${ASN_ROUTER}
+    name: bgp-config
+    namespace: kube-system
+data:
+    config.yaml: |
+        peers:
+          - peer-address: "${IP_ROUTER_VLAN_K8S}"
+            peer-asn: ${ASN_ROUTER}
+            my-asn: ${ASN_CLUSTER}
+        address-pools:
+          - name: main-addr-pool
+            protocol: bgp
+            avoid-buggy-ips: true
+            addresses:
+              - "${IP_LB_CIDR}"
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
@@ -58,8 +76,13 @@ spec:
        tunnel: vxlan
        ipam:
            mode: kubernetes
-        bgpControlPlane:
+        bgp:
            enabled: true
+            announce:
+                loadbalancerIP: true
+                podCIDR: true
+        # bgpControlPlane:
+        #     enabled: true
            # `bgp.announce` block is moved to CiliumBGPPeeringPolicy used by bgpControlPlane, for more fine grained control over announced addresses
            # bgpControlPlane is newer GoBGP implementation, `bgp.enabled: true` and `bgp.announce` uses older MetalLB BGP implementation that is planned to be deprecated in Cilium v1.15.
        loadBalancer: