test(bgp): enable bgp in cilium

Signed-off-by: Vegard Hagen <[email protected]>

Author: vehagn

k8s/apps/dev/whoami/svc.yaml

@@ -4,7 +4,10 @@ metadata:
   name: whoami
   namespace: whoami
   annotations:
-    io.cilium/lb-ipam-ips: 192.168.1.223
+    io.cilium/lb-ipam-ips: 192.168.1.223,172.20.10.200
+  labels:
+    ip-pool: default
+    advertise: bgp
 spec:
   type: LoadBalancer
   selector:

k8s/apps/utils/torrent/svc-torrent.yaml

@@ -4,7 +4,10 @@ metadata:
   name: torrent-torrent
   namespace: torrent
   annotations:
-    io.cilium/lb-ipam-ips: 192.168.1.225
+    io.cilium/lb-ipam-ips: 192.168.1.225,172.20.10.250
+  labels:
+    ip-pool: default
+    advertise: bgp
 spec:
   type: LoadBalancer
   selector:

k8s/infra/auth/lldap/svc.yaml

@@ -4,7 +4,10 @@ metadata:
   name: lldap
   namespace: lldap
   annotations:
-    io.cilium/lb-ipam-ips: 192.168.1.242
+    io.cilium/lb-ipam-ips: 192.168.1.242,172.20.10.120
+  labels:
+    ip-pool: default
+    advertise: bgp
 spec:
   type: LoadBalancer
   # https://kubernetes.io/docs/concepts/services-networking/cluster-ip-allocation/

k8s/infra/network/cilium/bgp-advertisement.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2
+kind: CiliumBGPAdvertisement
+metadata:
+  name: loadbalancer-services
+  labels:
+    advertise: loadbalancer-services
+spec:
+  advertisements:
+    - advertisementType: "Service"
+      service:
+        addresses:
+          - LoadBalancerIP
+      selector:
+        matchLabels:
+          advertise: bgp

k8s/infra/network/cilium/bgp-cluster-config.yaml

@@ -0,0 +1,17 @@
+apiVersion: cilium.io/v2
+kind: CiliumBGPClusterConfig
+metadata:
+  name: cilium-unifi
+spec:
+  nodeSelector:
+    matchLabels:
+      node-role.kubernetes.io/control-plane: ""
+  bgpInstances:
+    - name: "65200"
+      localASN: 65200
+      peers:
+        - name: "ucg-max-65100"
+          peerASN: 65100
+          peerAddress: 172.20.10.1
+          peerConfigRef:
+            name: cilium-peer

k8s/infra/network/cilium/bgp-peer-config.yaml

@@ -0,0 +1,14 @@
+apiVersion: cilium.io/v2
+kind: CiliumBGPPeerConfig
+metadata:
+  name: cilium-peer
+spec:
+  gracefulRestart:
+    enabled: true
+    restartTimeSeconds: 15
+  families:
+    - afi: ipv4
+      safi: unicast
+      advertisements:
+        matchLabels:
+          advertise: loadbalancer-services

k8s/infra/network/cilium/default-ip-pool.yaml

@@ -0,0 +1,10 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: default-ip-pool
+spec:
+  blocks:
+    - cidr: "172.20.10.0/24"
+  serviceSelector:
+    matchLabels:
+      ip-pool: default

k8s/infra/network/cilium/kustomization.yaml

@@ -4,6 +4,10 @@ kind: Kustomization
 resources:
   - announce.yaml
   - ip-pool.yaml
+  - default-ip-pool.yaml
+  - bgp-advertisement.yaml
+  - bgp-peer-config.yaml
+  - bgp-cluster-config.yaml
   - dashboards/cilium.yaml
   - dashboards/cilium-operator.yaml
 

k8s/infra/network/cilium/values.yaml

@@ -23,6 +23,11 @@ cgroup:
 bpf:
   hostLegacyRouting: true
 
+## ???
+# routingMode: "host"
+# ipv4NativeRoutingCIDR=10.0.0.0/8
+# k8s.requireIPv4PodCIDR=true
+
 # https://docs.cilium.io/en/stable/network/concepts/ipam/
 ipam:
   mode: kubernetes
@@ -64,6 +69,10 @@ k8sClientRateLimit:
   qps: 20
   burst: 100
 
+# https://docs.cilium.io/en/latest/network/bgp-control-plane/bgp-control-plane-v2/
+bgpControlPlane:
+  enabled: true
+
 l2announcements:
   enabled: true
 

k8s/infra/network/dns/adguard/svc.yaml

@@ -4,7 +4,10 @@ metadata:
   name: adguard
   namespace: dns
   annotations:
-    io.cilium/lb-ipam-ips: 192.168.1.253
+    io.cilium/lb-ipam-ips: 192.168.1.253,172.20.10.153
+  labels:
+    ip-pool: default
+    advertise: bgp
 spec:
   type: LoadBalancer
   ports: