From 86102cc186d8bf17a50ccd7dd99f9301646cec1a Mon Sep 17 00:00:00 2001 From: Dennis Marttinen Date: Thu, 2 Jan 2025 13:49:50 +0200 Subject: [PATCH] feat: support enabling the Cilium BGP Control Plane https://docs.cilium.io/en/stable/network/bgp-control-plane/bgp-control-plane/ Signed-off-by: Dennis Marttinen --- bootstrap.py | 9 +++++++++ clusters/example.yaml | 2 ++ 2 files changed, 11 insertions(+) diff --git a/bootstrap.py b/bootstrap.py index 1c22e9d..dd359df 100755 --- a/bootstrap.py +++ b/bootstrap.py @@ -48,6 +48,9 @@ Optional("host-network"): bool, Optional("privileged-ports"): bool, }, + Optional("bgp"): { + "enabled": bool, + }, }, Optional("sops"): str_schema, Optional("flux"): { @@ -483,6 +486,12 @@ def apply_configuration(node_set, configuration_file, global_patches): "policyAuditMode=true", # Audit mode, do not block traffic ] + if bgp := config["cluster"]["cilium"].get("bgp"): + if bgp["enabled"]: + cilium_opts += [ + "bgpControlPlane.enabled=true", # Enable BGP Control Plane + ] + # Normally Envoy has SYS_ADMIN, but that can be replaced with PERFMON and BPF, see # https://github.com/cilium/cilium/blob/v1.16.1/install/kubernetes/cilium/values.yaml#L2263-L2271 envoy_caps = ["NET_ADMIN", "PERFMON", "BPF"] diff --git a/clusters/example.yaml b/clusters/example.yaml index 7a7c5ab..4b85161 100644 --- a/clusters/example.yaml +++ b/clusters/example.yaml @@ -22,6 +22,8 @@ cluster: # (in the style of NodePort) without requiring a LoadBalancer service (optional) host-network: false privileged-ports: false # Allow Envoy to bind to ports <1024 when using Gateway API (optional) + bgp: # Configure Cilium BGP Control Plane support (optional) + enabled: true # Enable Cilium BGP Control Plane sops: my-cluster.example.com # GPG ID/fingerprint of Mozilla SOPS key (https://github.com/mozilla/sops) (optional) flux: # Configuration for Flux (GitOps) (optional) # Install specific (extra) Flux components, see https://fluxcd.io/flux/components/ for details