Merge pull request #32 from twelho/bgp

feat: support enabling the Cilium BGP Control Plane
twelho · Jan 2, 2025 · 9921800 · 9921800
2 parents 49b30f4 + 86102cc
commit 9921800
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/bootstrap.py b/bootstrap.py
@@ -48,6 +48,9 @@
                     Optional("host-network"): bool,
                     Optional("privileged-ports"): bool,
                 },
+                Optional("bgp"): {
+                    "enabled": bool,
+                },
             },
             Optional("sops"): str_schema,
             Optional("flux"): {
@@ -483,6 +486,12 @@ def apply_configuration(node_set, configuration_file, global_patches):
             "policyAuditMode=true",  # Audit mode, do not block traffic
         ]
 
+    if bgp := config["cluster"]["cilium"].get("bgp"):
+        if bgp["enabled"]:
+            cilium_opts += [
+                "bgpControlPlane.enabled=true",  # Enable BGP Control Plane
+            ]
+
     # Normally Envoy has SYS_ADMIN, but that can be replaced with PERFMON and BPF, see
     # https://github.com/cilium/cilium/blob/v1.16.1/install/kubernetes/cilium/values.yaml#L2263-L2271
     envoy_caps = ["NET_ADMIN", "PERFMON", "BPF"]

diff --git a/clusters/example.yaml b/clusters/example.yaml
@@ -22,6 +22,8 @@ cluster:
       # (in the style of NodePort) without requiring a LoadBalancer service (optional)
       host-network: false
       privileged-ports: false # Allow Envoy to bind to ports <1024 when using Gateway API (optional)
+    bgp: # Configure Cilium BGP Control Plane support (optional)
+      enabled: true # Enable Cilium BGP Control Plane
   sops: my-cluster.example.com # GPG ID/fingerprint of Mozilla SOPS key (https://github.com/mozilla/sops) (optional)
   flux: # Configuration for Flux (GitOps) (optional)
     # Install specific (extra) Flux components, see https://fluxcd.io/flux/components/ for details