feat(helm): update cilium ( 1.15.8 → 1.16.1 )

deedee-ops · Aug 15, 2024 · 1f1cfee · 1f1cfee
1 parent 21ee7c1
commit 1f1cfee
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 19 deletions.
diff --git a/kubernetes/apps/kube-system/cilium/Chart.yaml b/kubernetes/apps/kube-system/cilium/Chart.yaml
@@ -6,5 +6,5 @@ version: 1.0.0
 type: application
 dependencies:
   - name: cilium
-    version: 1.15.8
+    version: 1.16.1
     repository: https://helm.cilium.io
diff --git a/kubernetes/apps/kube-system/cilium/application.yaml b/kubernetes/apps/kube-system/cilium/application.yaml
@@ -38,3 +38,13 @@ spec:
       name: hubble-server-certs
       jsonPointers:
         - "/data"
+    - kind: DaemonSet
+      group: apps
+      name: cilium
+      jsonPointers:
+        - "/spec/template/spec/containers/0/volumeMounts/0/readOnly"
+    - kind: DaemonSet
+      group: apps
+      name: cilium-envoy
+      jsonPointers:
+        - "/spec/template/spec/containers/0/volumeMounts/0/readOnly"
diff --git a/kubernetes/apps/kube-system/cilium/templates/bgp.yaml b/kubernetes/apps/kube-system/cilium/templates/bgp.yaml
@@ -6,31 +6,71 @@ kind: CiliumLoadBalancerIPPool
 metadata:
   name: pool
 spec:
-  cidrs:
+  blocks:
     - cidr: "<path:kubernetes/data/internal/base#CIDR_LOADBALANCER>"
 ---
+# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgpclusterconfig_v2alpha1.json
 apiVersion: cilium.io/v2alpha1
-# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json
-kind: CiliumBGPPeeringPolicy
+kind: CiliumBGPClusterConfig
 metadata:
-  name: bgp-peering-policy
+  name: cilium-bgp
+  namespace: kube-system
 spec:
-  virtualRouters:
-    - localASN: <path:kubernetes/data/internal/base#ASN_CLUSTER>
-      serviceSelector:
+  nodeSelector:
+    matchExpressions:
+      - key: topology.kubernetes.io/zone
+        operator: In
+        values:
+          - worker
+  bgpInstances:
+    - name: "deedee"
+      localASN: <path:kubernetes/data/internal/base#ASN_CLUSTER>
+      peers:
+        - name: "dexter"
+          peerASN: <path:kubernetes/data/internal/base#ASN_ROUTER>
+          peerAddress: "<path:kubernetes/data/internal/base#IP_ROUTER>"
+          peerConfigRef:
+            name: "cilium-peer"
+---
+# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgppeerconfig_v2alpha1.json
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPPeerConfig
+metadata:
+  name: cilium-peer
+  namespace: kube-system
+spec:
+  families:
+    - afi: ipv4
+      safi: unicast
+      advertisements:
+        matchLabels:
+          advertise: "bgp"
+  gracefulRestart:
+    enabled: true
+    restartTimeSeconds: 30
+  timers:
+    connectRetryTimeSeconds: 12
+    holdTimeSeconds: 9
+    keepAliveTimeSeconds: 3
+---
+# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgpadvertisement_v2alpha1.json
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPAdvertisement
+metadata:
+  name: cilium-advert
+  namespace: kube-system
+  labels:
+    advertise: bgp
+spec:
+  advertisements:
+    - advertisementType: "Service"
+      service:
+        addresses:
+          - LoadBalancerIP
+      selector:
         matchExpressions:
-          - key: "io.cilium/bgp-announce"
+          - key: io.cilium/bgp-announce
             operator: NotIn
             values:
               - ignore
-      neighbors:
-        - peerAddress: "<path:kubernetes/data/internal/base#IP_ROUTER>/32"
-          peerASN: <path:kubernetes/data/internal/base#ASN_ROUTER>
-          eBGPMultihopTTL: 10
-          connectRetryTimeSeconds: 120
-          holdTimeSeconds: 90
-          keepAliveTimeSeconds: 30
-          gracefulRestart:
-            enabled: true
-            restartTimeSeconds: 120
 # {{ end }}