diff --git a/clusters/testing/kustomization.yaml b/clusters/testing/kustomization.yaml index f34a256..7ebdaf7 100644 --- a/clusters/testing/kustomization.yaml +++ b/clusters/testing/kustomization.yaml @@ -11,6 +11,7 @@ resources: - ../../controllers/cnpg/cnpg.yaml - ../../configs/artifacts.yaml + - ../../configs/cilium-config/cilium-config.yaml - ../../configs/certificates/certificates.yaml - ../../configs/alerts/alerts.yaml - ../../configs/longhorn-jobs/longhorn-jobs.yaml diff --git a/configs/artifacts.yaml b/configs/artifacts.yaml index 1b61bb8..2fc1e14 100644 --- a/configs/artifacts.yaml +++ b/configs/artifacts.yaml @@ -9,6 +9,11 @@ spec: kind: GitRepository name: flux-system artifacts: + - name: cilium-config + originRevision: "@foundation" + copy: + - from: "@foundation/configs/cilium-config/**" + to: "@artifact/" - name: certificates originRevision: "@foundation" copy: diff --git a/configs/cilium-config/base/cilium-l2-announcement-policy.yaml b/configs/cilium-config/base/cilium-l2-announcement-policy.yaml new file mode 100644 index 0000000..fe111e7 --- /dev/null +++ b/configs/cilium-config/base/cilium-l2-announcement-policy.yaml @@ -0,0 +1,9 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: default-policy +spec: + interfaces: + - ^eth[0-9]+ + externalIPs: true + loadBalancerIPs: true diff --git a/configs/cilium-config/base/kustomization.yaml b/configs/cilium-config/base/kustomization.yaml new file mode 100644 index 0000000..5714cb4 --- /dev/null +++ b/configs/cilium-config/base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cilium-l2-announcement-policy.yaml diff --git a/configs/cilium-config/cilium-config.yaml b/configs/cilium-config/cilium-config.yaml new file mode 100644 index 0000000..79d9532 --- /dev/null +++ b/configs/cilium-config/cilium-config.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cilium-config + namespace: flux-system +spec: + interval: 1h + retryInterval: 2m + timeout: 15m + dependsOn: + - name: cilium + sourceRef: + kind: ExternalArtifact + name: cilium-config + path: ./${cluster_env} + prune: true + wait: true diff --git a/configs/cilium-config/production/cilium-load-balancer-ip-pool.yaml b/configs/cilium-config/production/cilium-load-balancer-ip-pool.yaml new file mode 100644 index 0000000..98acd62 --- /dev/null +++ b/configs/cilium-config/production/cilium-load-balancer-ip-pool.yaml @@ -0,0 +1,7 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: default-pool +spec: + blocks: + - cidr: 10.0.2.100/24 diff --git a/configs/cilium-config/production/kustomization.yaml b/configs/cilium-config/production/kustomization.yaml new file mode 100644 index 0000000..5653725 --- /dev/null +++ b/configs/cilium-config/production/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - cilium-load-balancer-ip-pool.yaml diff --git a/configs/cilium-config/staging/cilium-load-balancer-ip-pool.yaml b/configs/cilium-config/staging/cilium-load-balancer-ip-pool.yaml new file mode 100644 index 0000000..ade16b6 --- /dev/null +++ b/configs/cilium-config/staging/cilium-load-balancer-ip-pool.yaml @@ -0,0 +1,8 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: default-pool +spec: + blocks: + - start: 192.168.1.100 + stop: 192.168.1.200 diff --git a/configs/cilium-config/staging/kustomization.yaml b/configs/cilium-config/staging/kustomization.yaml new file mode 100644 index 0000000..5653725 --- /dev/null +++ b/configs/cilium-config/staging/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - cilium-load-balancer-ip-pool.yaml