Add cilium LB

Author: MacroPower

apps/argo/cd/mgmt/main.k

@@ -100,6 +100,7 @@ app = argo_cd_base.app | {
         redis = _dragonfly
     }
     ingresses.main = ingress.Ingress {
+        className = "cilium"
         rules.main = {
             httpPaths.main.backend.service = {
                 name = "argo-cd-server"

apps/cilium/system/base/main.k

@@ -1,8 +1,10 @@
 import file
 
 import charts.cilium
+import charts.cilium.api.v2alpha1 as ciliumv2alpha1
 import cilium_shared
 import konfig.models.frontend
+import konfig.models.utils as modelutils
 import konfig.utils
 
 _valueFile = utils.abs_path(file.current(), "values.yaml")
@@ -14,4 +16,53 @@ app: frontend.App {
     charts.cilium = cilium.Chart {
         valueFiles: [_valueFile]
     }
+
+    extraResources.bgpPeering = ciliumv2alpha1.CiliumBGPPeeringPolicy {
+        metadata: modelutils.AppMetadataBuilder({
+            name = "cilium-ingress"
+        }, modelutils.ArgoCDOptions {
+            sync.SkipDryRunOnMissingResource = True
+        })
+        spec: {
+            # nodeSelector.matchLabels = {
+            #     "bgp.kube.macro.network/peer-group" = "main"
+            # }
+            virtualRouters = [
+                {
+                    localASN = 64512
+                    exportPodCIDR = False
+                    neighbors = [
+                        {
+                            peerAddress = "10.1.0.1/32"
+                            peerASN = 64512
+                            eBGPMultihopTTL = 1
+                        }
+                    ]
+                    serviceSelector.matchLabels = {
+                        "cilium.io/ingress": "true"
+                    }
+                }
+            ]
+        }
+    }
+
+    extraResources.ipPool = ciliumv2alpha1.CiliumLoadBalancerIPPool {
+        metadata: {
+            name = "cilium-ingress"
+        }
+        spec: {
+            blocks = [
+                {
+                    cidr = "10.10.30.0/24"
+                }
+                {
+                    cidr = "fc42:0:0:a::10:0/108"
+                }
+            ]
+            allowFirstLastIPs = "No"
+            serviceSelector.matchLabels = {
+                "cilium.io/ingress": "true"
+            }
+        }
+    }
 }

apps/cilium/system/base/values.yaml

@@ -32,6 +32,33 @@ endpointRoutes:
   ##
   enabled: false
 
+bgpControlPlane:
+  enabled: true
+  secretsNamespace:
+    create: true
+    name: cilium-bgp
+
+wellKnownIdentities:
+  enabled: true
+
+loadBalancer:
+  algorithm: maglev
+  mode: dsr
+  serviceTopology: true
+  l7:
+    backend: envoy
+
+envoyConfig:
+  enabled: true
+
+encryption:
+  enabled: true
+  type: wireguard
+
+## Enable BPF clock source probing for more efficient tick retrieval.
+##
+bpfClockProbe: false
+
 dnsPolicy: ClusterFirst
 
 operator:

apps/external/dns/base/values.yaml

@@ -11,10 +11,5 @@ sources:
 
 policy: upsert-only
 
-extraArgs:
-  - --crd-source-apiversion=externaldns.k8s.io/v1alpha1
-  - --crd-source-kind=DNSEndpoint
-  - --ingress-class=traefik
-
 serviceMonitor:
   enabled: false

apps/external/dns/mgmt/main.k

@@ -8,11 +8,14 @@ app = external_dns_base.app | {
         unifiCreds = external_dns_base.unifiCreds
     }
     charts: {
-        external_dns_cloudflare = external_dns.Chart {
-            values: external_dns_base.cloudflareValues
-        }
         external_dns_unifi = external_dns.Chart {
-            values: external_dns_base.unifiValues
+            values: external_dns_base.unifiValues | {
+                extraArgs = [
+                    "--crd-source-apiversion=externaldns.k8s.io/v1alpha1"
+                    "--crd-source-kind=DNSEndpoint"
+                    "--ingress-class=cilium"
+                ]
+            }
         }
     }
 }

bootstrap/core/mgmt/main.k

@@ -67,6 +67,8 @@ app = bootstrap.app | {
             name = "bootstrap"
             namespace = _argo_cd_namespace
         }, utils.ArgoCDOptions {
+            compare.ServerSideDiff = True
+            compare.IncludeMutationWebhook = True
             finalize = False
         })
         spec = {

konfig/models/backend/tenant_backend.k

@@ -51,6 +51,8 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
         metadata = utils.AppMetadataBuilder(_metadata | {
             name = "${config.name}-shared"
         }, utils.ArgoCDOptions {
+            compare.ServerSideDiff = True
+            compare.IncludeMutationWebhook = True
             sync.Prune = "false"
             finalize = False
         })
@@ -159,6 +161,8 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
         metadata = utils.AppMetadataBuilder(_metadata | {
             name = "${config.name}-apps"
         }, utils.ArgoCDOptions {
+            compare.ServerSideDiff = True
+            compare.IncludeMutationWebhook = True
             sync.Prune = "false"
             finalize = False
         })

konfig/models/utils/app_metadata_builder.k

@@ -1,14 +1,5 @@
 AppMetadataBuilder = lambda config: any, options: ArgoCDOptions -> {str:} {
-    _options = options
-
-    if not options.compare?.ServerSideDiff:
-        _options.compare.ServerSideDiff = True
-    if not options.compare?.IncludeMutationWebhook:
-        _options.compare.IncludeMutationWebhook = True
-    if not options?.finalize:
-        _options.finalize = True
-
-    _argoCDOptionMetadataBuilder(_options) | {
+    _argoCDOptionMetadataBuilder(options) | {
         name: config?.name
         namespace: config?.namespace
         labels: config?.labels