github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 10:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(cilium): switch MetalLB BGP to GoBGP BGPControlPlane

Browse Source 
Signed-off-by: JJGadgets <git@jjgadgets.tech>
This commit is contained in:
JJGadgets
2023-02-25 03:06:11 +08:00
parent 1218ee5078
commit e3facf19d8
3 changed files with 35 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kube/1-clusters/Biohazard/2-config/4-vars.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: flux-system
data:
CONFIG_TZ: ENC[AES256_GCM,data:QU5C/D/cxN6t4t55/7A=,iv:Qt83MzR1mPAuKobVQZJQR72SXLAwWwI7HkDxOAkqofs=,tag:3FtJVBMHMSVMgiJWqmqf1g==,type:str]
ASN_ROUTER: ENC[AES256_GCM,data:un6dO7E=,iv:+/4l7pVBFV1Beuvceu7ZbmnmM8jO8oEdxJleSis6EcM=,tag:yB5k4SMRS4HqkdGscBvUBw==,type:str]
ASN_CLUSTER: ENC[AES256_GCM,data:v1ltZfY=,iv:Ip1sIVFLw4j6qbqKYf0jANRglSlAnKZhqNdRunZdR24=,tag:fOsYxQObj0Wv664IoRtm9A==,type:str]
ASN_ROUTER: ENC[AES256_GCM,data:/7gZcwY=,iv:ldZNIACK5B4ZvMWYCzHN9zUlArkOIySHSTUrjlrEF1s=,tag:98OXCN+tI2BIt8CEo99QVA==,type:str]
IP_ROUTER_VLAN_K8S: ENC[AES256_GCM,data:ngwfmrXjohzP,iv:U5DSCUUCZbIhwVAgv2gW98t8d8QwDSOM2YybNQWpgAw=,tag:vPTdK0CHET13l3x2eWb7gA==,type:str]
IP_CLUSTER_VIP: ENC[AES256_GCM,data:gadONjiA2bMF,iv:YuVxPGCFVyN+wBtjnWDXe7C5NeTCIyCS+pC6P61iHEY=,tag:ubGWCm3/1Z1ihu2gjiWCbg==,type:str]
IP_LB_CIDR: ENC[AES256_GCM,data:/qxOk5Vn8Q1/isE+iw==,iv:BhOMIotgJEWcLJOfP/unKrjX72ZEY1RfBtt5P14hQko=,tag:BSCy1PquhSew/ofhyGOLFg==,type:str]
@@ -47,8 +48,8 @@ sops:
SnpvS3RUUlFMM1dUNGZQNkVqQ2VqNDAKywch6CgtS1AFLYxfML5dB7/5V6qZ0ob1
63vBpqjOza3EqvfNKo+UMtK/fRK0Q5jlpuI+0/z9VrxzKEWsgUCBVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-24T08:14:45Z"
mac: ENC[AES256_GCM,data:RgJhOP6HgY2QwrMqdwvn3ogwXqQ5WwdCW/SgBHHj9vlBzPYHACRqRiJ2UMYhWtejObhxUwn3AVXgFmnBvMC9yAkOtHagKCLMR1rK4n/U9YkG8jBESsxU4JAL8tXPQEkBPJg4izM/5FwzJCzQdkeaNzgs9s22wdH/gGkw3KMN1UE=,iv:h5WnPwMh9F/qRAsbOnYHC1E4k/qcZJaUfAm0LP6Pv9M=,tag:hPS3MrdOwgiHotuiyeTKsQ==,type:str]
lastmodified: "2023-02-24T19:05:17Z"
mac: ENC[AES256_GCM,data:cCMVcKChabWizcyg6TXYvyM9gh9m0W6ynKD+ikQabJKKoi+yRObSIbA5fMm0TDTuRv9YOV4jzwA2Uq2E/FESaGFUpdKtbxXYL+tewW+bi1bNJi+SsxNojlBesEzvqYSsvtu9cCOcsyNnrnYwuFYCNVcPys96+z7YTQz2x5yR4bI=,iv:y8vGJ4roXdBYegqEeJkSINVpOf2pKWTQBANQLKhTCUg=,tag:mD86S4S+4yGEwoxV4w8TJg==,type:str]
pgp:
- created_at: "2023-02-22T08:12:31Z"
enc: |

35
kube/3-deploy/1-core/01-networking/cilium/install.yaml
View File

@@ -1,20 +1,18 @@
apiVersion: v1
kind: ConfigMap
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeeringPolicy
metadata:
name: bgp-config
namespace: kube-system
data:
config.yaml: |
peers:
- peer-address: "${IP_ROUTER_VLAN_K8S}"
peer-asn: "${ASN_ROUTER}"
my-asn: "${ASN_ROUTER}"
address-pools:
- name: main-addr-pool
protocol: bgp
avoid-buggy-ips: true
addresses:
- "${IP_LB_CIDR}"
name: home-opnsense-main
spec:
nodeSelector:
matchLabels:
kubernetes.io/os: "linux"
virtualRouters:
- localASN: "${ASN_CLUSTER}"
exportPodCIDR: true
neighbors:
- peerAddress: "${IP_ROUTER_VLAN_K8S}"
peerASN: "${ASN_ROUTER}"
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
@@ -57,11 +55,8 @@ spec:
tunnel: vxlan
ipam:
mode: kubernetes
bgp:
bgpControlPlane:
enabled: true
announce:
loadbalancerIP: true
podCIDR: true
loadBalancer:
algorithm: maglev
mode: snat

24
kube/3-deploy/2-apps/insurgency-sandstorm/2-install.yaml
View File

@@ -16,7 +16,7 @@ spec:
image:
repository: docker.io/andrewmhub/insurgency-sandstorm
tag: lite # I wish this wasn't how it's tagged, but alas
args: ["-hostname=\"${CONFIG_SANDSTORM_NAME}\"", "-Log", "-Port=27102", "-QueryPort=27131", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}"]
args: ["-hostname=\"${CONFIG_SANDSTORM_NAME}\"", "-Log", "-Port=27012", "-QueryPort=27131", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}"]
dnsPolicy: ClusterFirstWithHostNet
dnsConfig:
options:
@@ -35,20 +35,20 @@ spec:
main:
enabled: true
# type: ClusterIP
type: NodePort
type: LoadBalancer
externalTrafficPolicy: Local
# loadBalancerIP: "${APP_IP_SANDSTORM}"
# externalIPs:
# - "${APP_IP_SANDSTORM}"
loadBalancerIP: "${APP_IP_SANDSTORM}"
externalIPs:
- "${APP_IP_SANDSTORM}"
ports:
http:
enabled: false
primary: false
gameudp:
enabled: true
port: 27102
targetPort: 27102
nodePort: 27102
port: 27012
targetPort: 27012
nodePort: 27012
protocol: UDP
queryudp:
enabled: true
@@ -65,6 +65,14 @@ spec:
- -c
- chown -R 1000:1000 /home/steam/steamcmd/sandstorm
- chmod -R 775 /home/steam/steamcmd/sandstorm
- chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Mods
- chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Mods
- chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config
- chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config
- chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Config
- chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Config
- chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Saved/SaveGames
- chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/SaveGames
securityContext:
runAsUser: 0
volumeMounts: