From e3facf19d89d65a6c3efc147c05e3aefce136532 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Sat, 25 Feb 2023 03:06:11 +0800 Subject: [PATCH] feat(cilium): switch MetalLB BGP to GoBGP BGPControlPlane Signed-off-by: JJGadgets --- .../1-clusters/Biohazard/2-config/4-vars.yaml | 7 ++-- .../1-core/01-networking/cilium/install.yaml | 35 ++++++++----------- .../insurgency-sandstorm/2-install.yaml | 24 ++++++++----- 3 files changed, 35 insertions(+), 31 deletions(-) diff --git a/kube/1-clusters/Biohazard/2-config/4-vars.yaml b/kube/1-clusters/Biohazard/2-config/4-vars.yaml index d5d59fe5..fc08c3a2 100644 --- a/kube/1-clusters/Biohazard/2-config/4-vars.yaml +++ b/kube/1-clusters/Biohazard/2-config/4-vars.yaml @@ -5,7 +5,8 @@ metadata: namespace: flux-system data: CONFIG_TZ: ENC[AES256_GCM,data:QU5C/D/cxN6t4t55/7A=,iv:Qt83MzR1mPAuKobVQZJQR72SXLAwWwI7HkDxOAkqofs=,tag:3FtJVBMHMSVMgiJWqmqf1g==,type:str] - ASN_ROUTER: ENC[AES256_GCM,data:un6dO7E=,iv:+/4l7pVBFV1Beuvceu7ZbmnmM8jO8oEdxJleSis6EcM=,tag:yB5k4SMRS4HqkdGscBvUBw==,type:str] + ASN_CLUSTER: ENC[AES256_GCM,data:v1ltZfY=,iv:Ip1sIVFLw4j6qbqKYf0jANRglSlAnKZhqNdRunZdR24=,tag:fOsYxQObj0Wv664IoRtm9A==,type:str] + ASN_ROUTER: ENC[AES256_GCM,data:/7gZcwY=,iv:ldZNIACK5B4ZvMWYCzHN9zUlArkOIySHSTUrjlrEF1s=,tag:98OXCN+tI2BIt8CEo99QVA==,type:str] IP_ROUTER_VLAN_K8S: ENC[AES256_GCM,data:ngwfmrXjohzP,iv:U5DSCUUCZbIhwVAgv2gW98t8d8QwDSOM2YybNQWpgAw=,tag:vPTdK0CHET13l3x2eWb7gA==,type:str] IP_CLUSTER_VIP: ENC[AES256_GCM,data:gadONjiA2bMF,iv:YuVxPGCFVyN+wBtjnWDXe7C5NeTCIyCS+pC6P61iHEY=,tag:ubGWCm3/1Z1ihu2gjiWCbg==,type:str] IP_LB_CIDR: ENC[AES256_GCM,data:/qxOk5Vn8Q1/isE+iw==,iv:BhOMIotgJEWcLJOfP/unKrjX72ZEY1RfBtt5P14hQko=,tag:BSCy1PquhSew/ofhyGOLFg==,type:str] @@ -47,8 +48,8 @@ sops: SnpvS3RUUlFMM1dUNGZQNkVqQ2VqNDAKywch6CgtS1AFLYxfML5dB7/5V6qZ0ob1 63vBpqjOza3EqvfNKo+UMtK/fRK0Q5jlpuI+0/z9VrxzKEWsgUCBVQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-24T08:14:45Z" - mac: ENC[AES256_GCM,data:RgJhOP6HgY2QwrMqdwvn3ogwXqQ5WwdCW/SgBHHj9vlBzPYHACRqRiJ2UMYhWtejObhxUwn3AVXgFmnBvMC9yAkOtHagKCLMR1rK4n/U9YkG8jBESsxU4JAL8tXPQEkBPJg4izM/5FwzJCzQdkeaNzgs9s22wdH/gGkw3KMN1UE=,iv:h5WnPwMh9F/qRAsbOnYHC1E4k/qcZJaUfAm0LP6Pv9M=,tag:hPS3MrdOwgiHotuiyeTKsQ==,type:str] + lastmodified: "2023-02-24T19:05:17Z" + mac: ENC[AES256_GCM,data:cCMVcKChabWizcyg6TXYvyM9gh9m0W6ynKD+ikQabJKKoi+yRObSIbA5fMm0TDTuRv9YOV4jzwA2Uq2E/FESaGFUpdKtbxXYL+tewW+bi1bNJi+SsxNojlBesEzvqYSsvtu9cCOcsyNnrnYwuFYCNVcPys96+z7YTQz2x5yR4bI=,iv:y8vGJ4roXdBYegqEeJkSINVpOf2pKWTQBANQLKhTCUg=,tag:mD86S4S+4yGEwoxV4w8TJg==,type:str] pgp: - created_at: "2023-02-22T08:12:31Z" enc: | diff --git a/kube/3-deploy/1-core/01-networking/cilium/install.yaml b/kube/3-deploy/1-core/01-networking/cilium/install.yaml index 23a384b2..af264006 100644 --- a/kube/3-deploy/1-core/01-networking/cilium/install.yaml +++ b/kube/3-deploy/1-core/01-networking/cilium/install.yaml @@ -1,20 +1,18 @@ -apiVersion: v1 -kind: ConfigMap +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPPeeringPolicy metadata: - name: bgp-config - namespace: kube-system -data: - config.yaml: | - peers: - - peer-address: "${IP_ROUTER_VLAN_K8S}" - peer-asn: "${ASN_ROUTER}" - my-asn: "${ASN_ROUTER}" - address-pools: - - name: main-addr-pool - protocol: bgp - avoid-buggy-ips: true - addresses: - - "${IP_LB_CIDR}" + name: home-opnsense-main +spec: + nodeSelector: + matchLabels: + kubernetes.io/os: "linux" + virtualRouters: + - localASN: "${ASN_CLUSTER}" + exportPodCIDR: true + neighbors: + - peerAddress: "${IP_ROUTER_VLAN_K8S}" + peerASN: "${ASN_ROUTER}" --- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease @@ -57,11 +55,8 @@ spec: tunnel: vxlan ipam: mode: kubernetes - bgp: + bgpControlPlane: enabled: true - announce: - loadbalancerIP: true - podCIDR: true loadBalancer: algorithm: maglev mode: snat diff --git a/kube/3-deploy/2-apps/insurgency-sandstorm/2-install.yaml b/kube/3-deploy/2-apps/insurgency-sandstorm/2-install.yaml index e012b463..6ee67418 100644 --- a/kube/3-deploy/2-apps/insurgency-sandstorm/2-install.yaml +++ b/kube/3-deploy/2-apps/insurgency-sandstorm/2-install.yaml @@ -16,7 +16,7 @@ spec: image: repository: docker.io/andrewmhub/insurgency-sandstorm tag: lite # I wish this wasn't how it's tagged, but alas - args: ["-hostname=\"${CONFIG_SANDSTORM_NAME}\"", "-Log", "-Port=27102", "-QueryPort=27131", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}"] + args: ["-hostname=\"${CONFIG_SANDSTORM_NAME}\"", "-Log", "-Port=27012", "-QueryPort=27131", "-MapCycle=MapCycle", "-NoEAC", "-EnableCheats", "-Mods", "-mutators=${CONFIG_SANDSTORM_MUTATORS}", "-ModDownloadTravelTo=${CONFIG_SANDSTORM_INIT_MAP}?Scenario=Scenario_${CONFIG_SANDSTORM_INIT_MAP}_${CONFIG_SANDSTORM_INIT_SCENARIO}"] dnsPolicy: ClusterFirstWithHostNet dnsConfig: options: @@ -35,20 +35,20 @@ spec: main: enabled: true # type: ClusterIP - type: NodePort + type: LoadBalancer externalTrafficPolicy: Local - # loadBalancerIP: "${APP_IP_SANDSTORM}" - # externalIPs: - # - "${APP_IP_SANDSTORM}" + loadBalancerIP: "${APP_IP_SANDSTORM}" + externalIPs: + - "${APP_IP_SANDSTORM}" ports: http: enabled: false primary: false gameudp: enabled: true - port: 27102 - targetPort: 27102 - nodePort: 27102 + port: 27012 + targetPort: 27012 + nodePort: 27012 protocol: UDP queryudp: enabled: true @@ -65,6 +65,14 @@ spec: - -c - chown -R 1000:1000 /home/steam/steamcmd/sandstorm - chmod -R 775 /home/steam/steamcmd/sandstorm + - chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Mods + - chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Mods + - chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config + - chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Saved/Config + - chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Config + - chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/Config + - chown -R 1000:1000 /home/steam/steamcmd/sandstorm/Insurgency/Saved/SaveGames + - chmod -R 775 /home/steam/steamcmd/sandstorm/Insurgency/SaveGames securityContext: runAsUser: 0 volumeMounts: