From ceeb64966c23578b652091a6e532e0f64538ab30 Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Thu, 20 Jun 2024 17:30:25 +0200 Subject: [PATCH] Add support for deploying `CiliumLoadBalancerIPPool` and `CiliumBGPPeeringPolicy` --- class/cilium.yml | 2 + class/defaults.yml | 2 + component/bgp-control-plane.jsonnet | 56 +++++++++++++++++++ tests/bgp-control-plane.yml | 40 +++++++++++++ .../cilium/cilium/40_bgp_peerings.yaml | 26 +++++++++ .../cilium/40_loadbalancer_ip_pools.yaml | 28 ++++++++++ 6 files changed, 154 insertions(+) create mode 100644 component/bgp-control-plane.jsonnet create mode 100644 tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml create mode 100644 tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml diff --git a/class/cilium.yml b/class/cilium.yml index eeca4797..9d9d8785 100644 --- a/class/cilium.yml +++ b/class/cilium.yml @@ -25,6 +25,7 @@ parameters: - input_paths: - ${_base_directory}/component/aggregated-clusterroles.jsonnet - ${_base_directory}/component/egress-gateway-policies.jsonnet + - ${_base_directory}/component/bgp-control-plane.jsonnet input_type: jsonnet output_path: ${_instance}/ @@ -49,6 +50,7 @@ parameters: - input_paths: - ${_base_directory}/component/aggregated-clusterroles.jsonnet - ${_base_directory}/component/egress-gateway-policies.jsonnet + - ${_base_directory}/component/bgp-control-plane.jsonnet input_type: jsonnet output_path: ${_instance}/ - input_paths: diff --git a/class/defaults.yml b/class/defaults.yml index 81e439f8..76f695bb 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -100,6 +100,8 @@ parameters: bgp: enabled: false + peerings: {} + loadbalancer_ip_pools: {} olm: source: diff --git a/component/bgp-control-plane.jsonnet b/component/bgp-control-plane.jsonnet new file mode 100644 index 00000000..acc49fc2 --- /dev/null +++ b/component/bgp-control-plane.jsonnet @@ -0,0 +1,56 @@ +local com = import 'lib/commodore.libjsonnet'; +local kap = import 'lib/kapitan.libjsonnet'; +local kube = import 'lib/kube.libjsonnet'; + +local inv = kap.inventory(); +local params = inv.parameters.cilium; + +local CiliumLoadBalancerIPPool(name) = + kube._Object('cilium.io/v2alpha1', 'CiliumLoadBalancerIPPool', name); + +local CiliumBGPPeeringPolicy(name) = + kube._Object('cilium.io/v2alpha1', 'CiliumBGPPeeringPolicy', name); + +local render_peering(name, peering) = + local render_vrouter(config) = config { + neighbors: std.objectValues(std.mapWithKey( + function(peerAddr, n) n { + peerAddress: peerAddr, + }, + super.neighbors + )), + }; + { + spec: { + nodeSelector: std.get(peering, 'nodeSelector', {}), + virtualRouters: std.map( + render_vrouter, + std.objectValues(peering.virtualRouters) + ), + } + com.makeMergeable(std.get(peering, 'spec', {})), + }; + +local peerings = com.generateResources( + std.mapWithKey(render_peering, params.bgp.peerings), + CiliumBGPPeeringPolicy +); + +local render_ip_pool(name, pool) = + { + spec: { + cidrs: std.objectValues(pool.cidrs), + serviceSelector: std.get(pool, 'serviceSelector', {}), + } + com.makeMergeable(std.get(pool, 'spec', {})), + }; + +local lb_ip_pools = com.generateResources( + std.mapWithKey(render_ip_pool, params.bgp.loadbalancer_ip_pools), + CiliumLoadBalancerIPPool, +); + +{ + [if params.bgp.enabled && std.length(peerings) > 0 then + '40_bgp_peerings']: peerings, + [if params.bgp.enabled && std.length(lb_ip_pools) > 0 then + '40_loadbalancer_ip_pools']: lb_ip_pools, +} diff --git a/tests/bgp-control-plane.yml b/tests/bgp-control-plane.yml index a71c95cf..f77c5456 100644 --- a/tests/bgp-control-plane.yml +++ b/tests/bgp-control-plane.yml @@ -2,3 +2,43 @@ parameters: cilium: bgp: enabled: true + peerings: + lb-services: + nodeSelector: + matchLabels: + node-role.kubernetes.io/infra: '' + virtualRouters: + lbs: + localASN: 64512 + exportPodCIDR: false + neighbors: + '192.0.2.2/32': + peerASN: 64512 + '192.0.2.3/32': + peerASN: 64512 + serviceSelector: + matchLabels: + syn.tools/load-balancer-class: cilium + spec: + virtualRouters: + - localASN: 64513 + neighbors: + - peerAddress: '192.0.2.100/32' + peerASN: 64513 + loadbalancer_ip_pools: + lb-services: + cidrs: + tn2: + cidr: 198.51.100.32/27 + tn3: + start: 203.0.113.10 + stop: 203.0.113.20 + serviceSelector: + matchLabels: + syn.tools/load-balancer-class: cilium + lb-services-2: + cidrs: + tn3: + cidr: 203.0.113.32/27 + spec: + enabled: false diff --git a/tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml b/tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml new file mode 100644 index 00000000..3c180f27 --- /dev/null +++ b/tests/golden/bgp-control-plane/cilium/cilium/40_bgp_peerings.yaml @@ -0,0 +1,26 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumBGPPeeringPolicy +metadata: + annotations: {} + labels: + name: lb-services + name: lb-services +spec: + nodeSelector: + matchLabels: + node-role.kubernetes.io/infra: '' + virtualRouters: + - exportPodCIDR: false + localASN: 64512 + neighbors: + - peerASN: 64512 + peerAddress: 192.0.2.2/32 + - peerASN: 64512 + peerAddress: 192.0.2.3/32 + serviceSelector: + matchLabels: + syn.tools/load-balancer-class: cilium + - localASN: 64513 + neighbors: + - peerASN: 64513 + peerAddress: 192.0.2.100/32 diff --git a/tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml b/tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml new file mode 100644 index 00000000..15b4e0ab --- /dev/null +++ b/tests/golden/bgp-control-plane/cilium/cilium/40_loadbalancer_ip_pools.yaml @@ -0,0 +1,28 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + annotations: {} + labels: + name: lb-services + name: lb-services +spec: + cidrs: + - cidr: 198.51.100.32/27 + - start: 203.0.113.10 + stop: 203.0.113.20 + serviceSelector: + matchLabels: + syn.tools/load-balancer-class: cilium +--- +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + annotations: {} + labels: + name: lb-services-2 + name: lb-services-2 +spec: + cidrs: + - cidr: 203.0.113.32/27 + enabled: false + serviceSelector: {}