feat(cilium): BGP password

2026-01-27 18:18:26 +00:00 · 2024-12-08 18:38:30 +08:00
parent 63bb904c2f
commit ff5411dff6
2 changed files with 26 additions and 0 deletions
--- a/kube/deploy/core/_networking/cilium/loadbalancer/BGP.yaml
+++ b/kube/deploy/core/_networking/cilium/loadbalancer/BGP.yaml
@@ -21,6 +21,7 @@ spec:
      neighbors:
        - peerAddress: "${IP_ROUTER_VLAN_K8S}/32" # unlike bgp-config ConfigMap, peerAddress needs to be in CIDR notation
          peerASN: *router
+          authSecretRef: cilium-bgp-password-router
          gracefulRestart:
            enabled: true
            restartTimeSeconds: 120
--- a/kube/deploy/core/_networking/cilium/loadbalancer/es.yaml
+++ b/kube/deploy/core/_networking/cilium/loadbalancer/es.yaml
@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name cilium-bgp-password-router
+  namespace: kube-system
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1p
+  dataFrom:
+    - extract:
+        key: "Cilium - ${CLUSTER_NAME}"
+        # key: "Cilium - biohazard"
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: *name
+    template:
+      type: Opaque
+      data:
+        password: '{{ .SECRET_CILIUM_BGP_PASSWORD_ROUTER }}'
+