From 1f1cfee7fdf2d11facf9f404ee3e44007db5c6c5 Mon Sep 17 00:00:00 2001 From: "robodexo2000[bot]" <150604236+robodexo2000[bot]@users.noreply.github.com> Date: Thu, 15 Aug 2024 06:13:07 +0000 Subject: [PATCH] =?UTF-8?q?feat(helm):=20update=20cilium=20(=201.15.8=20?= =?UTF-8?q?=E2=86=92=201.16.1=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kubernetes/apps/kube-system/cilium/Chart.yaml | 2 +- .../apps/kube-system/cilium/application.yaml | 10 +++ .../kube-system/cilium/templates/bgp.yaml | 76 ++++++++++++++----- 3 files changed, 69 insertions(+), 19 deletions(-) diff --git a/kubernetes/apps/kube-system/cilium/Chart.yaml b/kubernetes/apps/kube-system/cilium/Chart.yaml index dea3f36b1..de43c308f 100644 --- a/kubernetes/apps/kube-system/cilium/Chart.yaml +++ b/kubernetes/apps/kube-system/cilium/Chart.yaml @@ -6,5 +6,5 @@ version: 1.0.0 type: application dependencies: - name: cilium - version: 1.15.8 + version: 1.16.1 repository: https://helm.cilium.io diff --git a/kubernetes/apps/kube-system/cilium/application.yaml b/kubernetes/apps/kube-system/cilium/application.yaml index 7af8dc807..e73d5e8b8 100644 --- a/kubernetes/apps/kube-system/cilium/application.yaml +++ b/kubernetes/apps/kube-system/cilium/application.yaml @@ -38,3 +38,13 @@ spec: name: hubble-server-certs jsonPointers: - "/data" + - kind: DaemonSet + group: apps + name: cilium + jsonPointers: + - "/spec/template/spec/containers/0/volumeMounts/0/readOnly" + - kind: DaemonSet + group: apps + name: cilium-envoy + jsonPointers: + - "/spec/template/spec/containers/0/volumeMounts/0/readOnly" diff --git a/kubernetes/apps/kube-system/cilium/templates/bgp.yaml b/kubernetes/apps/kube-system/cilium/templates/bgp.yaml index 8a65eb8f7..c8029f12d 100644 --- a/kubernetes/apps/kube-system/cilium/templates/bgp.yaml +++ b/kubernetes/apps/kube-system/cilium/templates/bgp.yaml @@ -6,31 +6,71 @@ kind: CiliumLoadBalancerIPPool metadata: name: pool spec: - cidrs: + blocks: - cidr: "" --- +# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgpclusterconfig_v2alpha1.json apiVersion: cilium.io/v2alpha1 -# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgppeeringpolicy_v2alpha1.json -kind: CiliumBGPPeeringPolicy +kind: CiliumBGPClusterConfig metadata: - name: bgp-peering-policy + name: cilium-bgp + namespace: kube-system spec: - virtualRouters: - - localASN: - serviceSelector: + nodeSelector: + matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - worker + bgpInstances: + - name: "deedee" + localASN: + peers: + - name: "dexter" + peerASN: + peerAddress: "" + peerConfigRef: + name: "cilium-peer" +--- +# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgppeerconfig_v2alpha1.json +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPPeerConfig +metadata: + name: cilium-peer + namespace: kube-system +spec: + families: + - afi: ipv4 + safi: unicast + advertisements: + matchLabels: + advertise: "bgp" + gracefulRestart: + enabled: true + restartTimeSeconds: 30 + timers: + connectRetryTimeSeconds: 12 + holdTimeSeconds: 9 + keepAliveTimeSeconds: 3 +--- +# yaml-language-server: $schema=https://deedee-ops.github.io/schemas/cilium.io/ciliumbgpadvertisement_v2alpha1.json +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPAdvertisement +metadata: + name: cilium-advert + namespace: kube-system + labels: + advertise: bgp +spec: + advertisements: + - advertisementType: "Service" + service: + addresses: + - LoadBalancerIP + selector: matchExpressions: - - key: "io.cilium/bgp-announce" + - key: io.cilium/bgp-announce operator: NotIn values: - ignore - neighbors: - - peerAddress: "/32" - peerASN: - eBGPMultihopTTL: 10 - connectRetryTimeSeconds: 120 - holdTimeSeconds: 90 - keepAliveTimeSeconds: 30 - gracefulRestart: - enabled: true - restartTimeSeconds: 120 # {{ end }}