starting homelab RKE2 cluster
This commit is contained in:
Matthias Hinrichs
@@ -0,0 +1,92 @@
|
||||
# 1. Definiert, WAS angekündigt wird (LoadBalancer IPs)
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumBGPAdvertisement
|
||||
metadata:
|
||||
name: bgp-advertisement
|
||||
labels:
|
||||
bgp.cilium.io/advertise: loadbalancer-services
|
||||
spec:
|
||||
advertisements:
|
||||
- advertisementType: "Service"
|
||||
service:
|
||||
addresses:
|
||||
- LoadBalancerIP
|
||||
selector:
|
||||
matchLabels: {}
|
||||
---
|
||||
|
||||
# 2. Definiert, an WEN wir senden (Dein UniFi Router)
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumBGPPeerConfig
|
||||
metadata:
|
||||
name: unifi-peer-config
|
||||
spec:
|
||||
families:
|
||||
- afi: ipv4
|
||||
safi: unicast
|
||||
advertisements:
|
||||
matchLabels:
|
||||
bgp.cilium.io/advertise: loadbalancer-services
|
||||
gracefulRestart:
|
||||
enabled: true
|
||||
---
|
||||
|
||||
# 3. Verknüpft alles mit deinem Node
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumBGPClusterConfig
|
||||
metadata:
|
||||
name: bpg-cluster-config
|
||||
spec:
|
||||
nodeSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/os: linux
|
||||
bgpInstances:
|
||||
- name: "asus-pn51-e1"
|
||||
localASN: 65200
|
||||
peers:
|
||||
- name: "unifi-router"
|
||||
peerAddress: 192.168.1.1
|
||||
peerASN: 65100 # Hier gehört die Remote-ASN jetzt hin!
|
||||
peerConfigRef:
|
||||
name: unifi-peer-config
|
||||
|
||||
---
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: "envoy-gateway-pool"
|
||||
spec:
|
||||
blocks:
|
||||
- cidr: "192.168.200.240/28"
|
||||
serviceSelector:
|
||||
matchLabels: {}
|
||||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
name: envoy-gateway-class
|
||||
spec:
|
||||
controllerName: gateway.envoyproxy.io/gatewayclass-controller
|
||||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: external-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
gatewayClassName: envoy-gateway-class
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
- name: https
|
||||
protocol: HTTPS
|
||||
port: 443
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: All
|
||||
Reference in New Issue
Block a user