feat(kubernetes): deploy cilium as unified network solution #64

nicklasfrahm · 2023-12-01T22:57:32Z

This deploys cilium. Currently the following issues need solving:

Gateway API
Gateway LoadBalancer remains Pending (workaround: use cilium 1.15.0-pre.2)

Can't use CiliumLoadBalancerIPPool with /32 prefix (expect 1 available IP, got 0)

nicklasfrahm@gl552vw:~/repos/nicklasfrahm/infrastructure$ k get ippools
NAME     DISABLED   CONFLICTING   IPS AVAILABLE   AGE
public   false      False         0               28m

Traffic to externalIP gets rejected (ERR_CONNECTION_REFUSED, NetworkPolicy missing?)
Verify in-cluster traffic

So far I am not happy with the complexity of this. Possbily it may be easier to use hostNetwork pods with the Envoy Gateway. I think I should not rely on LoadBalancer type services for ingress traffic. For internal traffic, I can do that because I have my own isolated BGP communities.

github-actions · 2023-12-01T22:59:10Z

🍹 `preview` on infrastructure/foundation

Pulumi report

Previewing update (foundation)

View Live: https://app.pulumi.com/nicklasfrahm/infrastructure/foundation/previews/4e9eb931-a345-44a8-ae90-c8387815cd45

@ Previewing update.......

@ Previewing update..................................................................
pulumi:pulumi:Stack infrastructure-foundation running 
nicklasfrahm:dns:Zone foundation-c.zone-nicklasfrahm.dev  
nicklasfrahm:dns:GithubPages foundation-c.zone-nicklasfrahm.dev-c.githubpages-@  
nicklasfrahm:dns:A foundation-c.zone-nicklasfrahm.dev-c.a-delta.srv  
nicklasfrahm:dns:A foundation-c.zone-nicklasfrahm.dev-c.a-zebra.srv  
nicklasfrahm:dns:Site foundation-c.zone-nicklasfrahm.dev-c.site-zebra  
nicklasfrahm:dns:CNAME foundation-c.zone-nicklasfrahm.dev-c.cname-gitops  
nicklasfrahm:dns:Zone foundation-c.zone-odance.nl  
nicklasfrahm:dns:GithubPages foundation-c.zone-nicklasfrahm.dev-c.githubpages-kubestack  
nicklasfrahm:dns:CNAME foundation-c.zone-nicklasfrahm.dev-c.cname-api  
nicklasfrahm:dns:Site foundation-c.zone-nicklasfrahm.dev-c.site-november  
@ Previewing update....
nicklasfrahm:dns:A foundation-c.zone-nicklasfrahm.dev-c.a-alfa.srv  
pulumi:providers:cloudflare foundation-c.zone-nicklasfrahm.dev-p.cloudflare  
nicklasfrahm:dns:Site foundation-c.zone-nicklasfrahm.dev-c.site-moos  
nicklasfrahm:dns:A foundation-c.zone-nicklasfrahm.dev-c.a-bravo.srv  
nicklasfrahm:dns:CNAME foundation-c.zone-nicklasfrahm.dev-c.cname-mc-survival  
nicklasfrahm:dns:A foundation-c.zone-nicklasfrahm.dev-c.a-charlie.srv  
nicklasfrahm:dns:CNAME foundation-c.zone-odance.nl-c.cname-@  
pulumi:providers:cloudflare foundation-c.zone-odance.nl-p.cloudflare  
cloudflare:index:Zone foundation-c.zone-nicklasfrahm.dev-r.zone  
cloudflare:index:Zone foundation-c.zone-odance.nl-r.zone  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.a-delta.srv-r.record-172.31.255.3  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.cname-mc-survival-r.record-delta.nicklasfrahm.dev  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.a-bravo.srv-r.record-172.31.255.1  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-kubestack-r.record-www  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-kubestack-r.record-cname  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-@-r.record-185.199.110.153  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-moos-r.record-wildcard  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.a-zebra.srv-r.record-10.0.11.102  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.cname-api-r.record-delta.nicklasfrahm.dev  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-november-r.record-base  
cloudflare:index:Record [email protected]  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-@-r.record-185.199.109.153  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.a-alfa.srv-r.record-172.31.255.0  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.a-charlie.srv-r.record-172.31.255.2  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-moos-r.record-base  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-@-r.record-185.199.108.153  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-zebra-r.record-base  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.cname-gitops-r.record-delta.nicklasfrahm.dev  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.githubpages-@-r.record-185.199.111.153  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-zebra-r.record-wildcard  
cloudflare:index:Record foundation-c.zone-nicklasfrahm.dev-c.site-november-r.record-wildcard  
cloudflare:index:Record foundation-c.zone-odance.nl-c.cname-@-r.record-delta.nicklasfrahm.dev  
pulumi:pulumi:Stack infrastructure-foundation  
Resources:
43 unchanged

nicklasfrahm · 2023-12-15T01:06:59Z

Closing this for now, due to configuration complexity.

nicklasfrahm added 3 commits December 1, 2023 19:54

feat(dns): add edge router server records

f941cc6

Merge branch 'main' into feature/cilium

06e410e

feat(kubernetes): create draft for cilium and Gateway API

f99bd4b

nicklasfrahm marked this pull request as draft December 1, 2023 22:57

nicklasfrahm added 2 commits December 2, 2023 00:49

fix(cilium): fix pending loadbalancer

cdf4c1a

fix(docs): add TODO

adbfea1

nicklasfrahm closed this Dec 15, 2023

nicklasfrahm added the ❌ wontfix This will not be worked on label Dec 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(kubernetes): deploy cilium as unified network solution #64

feat(kubernetes): deploy cilium as unified network solution #64

nicklasfrahm commented Dec 1, 2023 •

edited

Loading

github-actions bot commented Dec 1, 2023 •

edited

Loading

nicklasfrahm commented Dec 15, 2023

feat(kubernetes): deploy cilium as unified network solution #64

feat(kubernetes): deploy cilium as unified network solution #64

Conversation

nicklasfrahm commented Dec 1, 2023 • edited Loading

github-actions bot commented Dec 1, 2023 • edited Loading

🍹 preview on infrastructure/foundation

nicklasfrahm commented Dec 15, 2023

nicklasfrahm commented Dec 1, 2023 •

edited

Loading

github-actions bot commented Dec 1, 2023 •

edited

Loading

🍹 `preview` on infrastructure/foundation