diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml index 9497ff17f..629ebd5de 100644 --- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml @@ -58,176 +58,3 @@ spec: automated: prune: true selfHeal: true ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: "lb-pool" -spec: - cidrs: - # 10.96.0.0-10.96.3.255 をloadBalancerのIPに割当可能 - - cidr: "10.96.0.0/22" ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-cp-1 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-cp-1 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 - ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-cp-2 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-cp-2 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-cp-3 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-cp-3 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-wk-1 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-wk-1 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-wk-2 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-wk-2 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 ---- -apiVersion: "cilium.io/v2alpha1" -kind: CiliumBGPPeeringPolicy -metadata: - name: peerpolicy--seichi-onp-k8s-wk-3 -spec: - nodeSelector: - matchLabels: - kubernetes.io/hostname: seichi-onp-k8s-wk-3 - virtualRouters: - - localASN: 65184 - exportPodCIDR: true - # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector - # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements - serviceSelector: - matchExpressions: - - {key: somekey, operator: NotIn, values: ['never-used-value']} - neighbors: - - peerAddress: "192.168.3.254/32" - peerASN: 65184 - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 ---- diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy.yaml new file mode 100644 index 000000000..90629340d --- /dev/null +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/bgp-peering-policy.yaml @@ -0,0 +1,163 @@ +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-cp-1 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-1 + virtualRouters: + - localASN: 65201 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 + +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-cp-2 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-2 + virtualRouters: + - localASN: 65202 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-cp-3 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-cp-3 + virtualRouters: + - localASN: 65203 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-wk-1 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-1 + virtualRouters: + - localASN: 65301 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-wk-2 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-2 + virtualRouters: + - localASN: 65302 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 +--- +apiVersion: "cilium.io/v2alpha1" +kind: CiliumBGPPeeringPolicy +metadata: + name: peerpolicy--seichi-onp-k8s-wk-3 +spec: + nodeSelector: + matchLabels: + kubernetes.io/hostname: seichi-onp-k8s-wk-3 + virtualRouters: + - localASN: 65303 + exportPodCIDR: true + # 全てのServiceIPとLoadBalancerIPを広報するためのおまじない的なserviceSelector + # https://docs.cilium.io/en/stable/network/bgp-control-plane/#service-announcements + serviceSelector: + matchExpressions: + - {key: somekey, operator: NotIn, values: ['never-used-value']} + neighbors: + - peerAddress: "192.168.3.254/32" + peerASN: 65184 + eBGPMultihopTTL: 10 + connectRetryTimeSeconds: 120 + holdTimeSeconds: 90 + keepAliveTimeSeconds: 30 + gracefulRestart: + enabled: true + restartTimeSeconds: 120 +--- diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml new file mode 100644 index 000000000..9c2a9989c --- /dev/null +++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/cilium-networking/loadlbalancer-ip-pool.yaml @@ -0,0 +1,8 @@ +apiVersion: "cilium.io/v2alpha1" +kind: CiliumLoadBalancerIPPool +metadata: + name: "lb-pool" +spec: + cidrs: + # 10.96.0.0-10.96.3.255 をloadBalancerのIPに割当可能 + - cidr: "10.96.0.0/22"