rke2-single-node/04_envoy_gateway_preparation/asus-bgp.yaml

# 1. Definiert, WAS angekündigt wird (LoadBalancer IPs)
apiVersion: cilium.io/v2
kind: CiliumBGPAdvertisement
metadata:
  name: bgp-advertisement
  labels:
    bgp.cilium.io/advertise: loadbalancer-services
spec:
  advertisements:
    - advertisementType: "Service"
      service:
        addresses:
          - LoadBalancerIP
      selector:
        matchLabels: {}
---

# 2. Definiert, an WEN wir senden (Dein UniFi Router)
apiVersion: cilium.io/v2
kind: CiliumBGPPeerConfig
metadata:
  name: unifi-peer-config
spec:
  families:
    - afi: ipv4
      safi: unicast
      advertisements:
        matchLabels:
          bgp.cilium.io/advertise: loadbalancer-services
  gracefulRestart:
    enabled: true
---

# 3. Verknüpft alles mit deinem Node
apiVersion: cilium.io/v2
kind: CiliumBGPClusterConfig
metadata:
  name: bpg-cluster-config
spec:
  nodeSelector:
    matchLabels:
      kubernetes.io/os: linux
  bgpInstances:
    - name: "asus-pn51-e1"
      localASN: 65200
      peers:
        - name: "unifi-router"
          peerAddress: 192.168.1.1
          peerASN: 65100  # Hier gehört die Remote-ASN jetzt hin!
          peerConfigRef:
            name: unifi-peer-config

---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
  name: "envoy-gateway-pool"
spec:
  blocks:
    - cidr: "192.168.200.240/28"
  serviceSelector:
    matchLabels: {}
    
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoy-gateway-class
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller

---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: external-gateway
  namespace: default
spec:
  gatewayClassName: envoy-gateway-class
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All
    - name: https
      protocol: HTTPS
      port: 443
      allowedRoutes:
        namespaces:
          from: All