Add support for deploying CiliumLoadBalancerIPPool and `CiliumBGPPe…

…eringPolicy`
projectsyn · Jun 20, 2024 · ceeb649 · ceeb649
1 parent 1343163
commit ceeb649
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 0 deletions.
diff --git a/class/cilium.yml b/class/cilium.yml
@@ -25,6 +25,7 @@ parameters:
         - input_paths:
             - ${_base_directory}/component/aggregated-clusterroles.jsonnet
             - ${_base_directory}/component/egress-gateway-policies.jsonnet
+            - ${_base_directory}/component/bgp-control-plane.jsonnet
           input_type: jsonnet
           output_path: ${_instance}/
 
@@ -49,6 +50,7 @@ parameters:
         - input_paths:
             - ${_base_directory}/component/aggregated-clusterroles.jsonnet
             - ${_base_directory}/component/egress-gateway-policies.jsonnet
+            - ${_base_directory}/component/bgp-control-plane.jsonnet
           input_type: jsonnet
           output_path: ${_instance}/
         - input_paths:

diff --git a/class/defaults.yml b/class/defaults.yml
@@ -100,6 +100,8 @@ parameters:
 
     bgp:
       enabled: false
+      peerings: {}
+      loadbalancer_ip_pools: {}
 
     olm:
       source:

diff --git a/component/bgp-control-plane.jsonnet b/component/bgp-control-plane.jsonnet
@@ -0,0 +1,56 @@
+local com = import 'lib/commodore.libjsonnet';
+local kap = import 'lib/kapitan.libjsonnet';
+local kube = import 'lib/kube.libjsonnet';
+
+local inv = kap.inventory();
+local params = inv.parameters.cilium;
+
+local CiliumLoadBalancerIPPool(name) =
+  kube._Object('cilium.io/v2alpha1', 'CiliumLoadBalancerIPPool', name);
+
+local CiliumBGPPeeringPolicy(name) =
+  kube._Object('cilium.io/v2alpha1', 'CiliumBGPPeeringPolicy', name);
+
+local render_peering(name, peering) =
+  local render_vrouter(config) = config {
+    neighbors: std.objectValues(std.mapWithKey(
+      function(peerAddr, n) n {
+        peerAddress: peerAddr,
+      },
+      super.neighbors
+    )),
+  };
+  {
+    spec: {
+      nodeSelector: std.get(peering, 'nodeSelector', {}),
+      virtualRouters: std.map(
+        render_vrouter,
+        std.objectValues(peering.virtualRouters)
+      ),
+    } + com.makeMergeable(std.get(peering, 'spec', {})),
+  };
+
+local peerings = com.generateResources(
+  std.mapWithKey(render_peering, params.bgp.peerings),
+  CiliumBGPPeeringPolicy
+);
+
+local render_ip_pool(name, pool) =
+  {
+    spec: {
+      cidrs: std.objectValues(pool.cidrs),
+      serviceSelector: std.get(pool, 'serviceSelector', {}),
+    } + com.makeMergeable(std.get(pool, 'spec', {})),
+  };
+
+local lb_ip_pools = com.generateResources(
+  std.mapWithKey(render_ip_pool, params.bgp.loadbalancer_ip_pools),
+  CiliumLoadBalancerIPPool,
+);
+
+{
+  [if params.bgp.enabled && std.length(peerings) > 0 then
+    '40_bgp_peerings']: peerings,
+  [if params.bgp.enabled && std.length(lb_ip_pools) > 0 then
+    '40_loadbalancer_ip_pools']: lb_ip_pools,
+}
diff --git a/tests/bgp-control-plane.yml b/tests/bgp-control-plane.yml
@@ -2,3 +2,43 @@ parameters:
   cilium:
     bgp:
       enabled: true
+      peerings:
+        lb-services:
+          nodeSelector:
+            matchLabels:
+              node-role.kubernetes.io/infra: ''
+          virtualRouters:
+            lbs:
+              localASN: 64512
+              exportPodCIDR: false
+              neighbors:
+                '192.0.2.2/32':
+                  peerASN: 64512
+                '192.0.2.3/32':
+                  peerASN: 64512
+              serviceSelector:
+                matchLabels:
+                  syn.tools/load-balancer-class: cilium
+          spec:
+            virtualRouters:
+              - localASN: 64513
+                neighbors:
+                  - peerAddress: '192.0.2.100/32'
+                    peerASN: 64513
+      loadbalancer_ip_pools:
+        lb-services:
+          cidrs:
+            tn2:
+              cidr: 198.51.100.32/27
+            tn3:
+              start: 203.0.113.10
+              stop: 203.0.113.20
+          serviceSelector:
+            matchLabels:
+              syn.tools/load-balancer-class: cilium
+        lb-services-2:
+          cidrs:
+            tn3:
+              cidr: 203.0.113.32/27
+          spec:
+            enabled: false
diff --git a/tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml b/tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml
@@ -0,0 +1,26 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPPeeringPolicy
+metadata:
+  annotations: {}
+  labels:
+    name: lb-services
+  name: lb-services
+spec:
+  nodeSelector:
+    matchLabels:
+      node-role.kubernetes.io/infra: ''
+  virtualRouters:
+    - exportPodCIDR: false
+      localASN: 64512
+      neighbors:
+        - peerASN: 64512
+          peerAddress: 192.0.2.2/32
+        - peerASN: 64512
+          peerAddress: 192.0.2.3/32
+      serviceSelector:
+        matchLabels:
+          syn.tools/load-balancer-class: cilium
+    - localASN: 64513
+      neighbors:
+        - peerASN: 64513
+          peerAddress: 192.0.2.100/32
diff --git a/tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml b/tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml
@@ -0,0 +1,28 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  annotations: {}
+  labels:
+    name: lb-services
+  name: lb-services
+spec:
+  cidrs:
+    - cidr: 198.51.100.32/27
+    - start: 203.0.113.10
+      stop: 203.0.113.20
+  serviceSelector:
+    matchLabels:
+      syn.tools/load-balancer-class: cilium
+---
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  annotations: {}
+  labels:
+    name: lb-services-2
+  name: lb-services-2
+spec:
+  cidrs:
+    - cidr: 203.0.113.32/27
+  enabled: false
+  serviceSelector: {}
-Original file line number
+Diff line change
@@ Expand Up / @@ -100,6 +100,8 @@ parameters: @@
         bgp:
           enabled: false
+          peerings: {}
+          loadbalancer_ip_pools: {}
         olm:
           source:
@@ Expand Down @@