From a675ad127b25eebebc6ce55a3a7c7a8f406653e7 Mon Sep 17 00:00:00 2001 From: Erki Aas Date: Fri, 1 Aug 2025 22:44:56 +0300 Subject: [PATCH] full ipv4/6 bgp mesh with router and pve --- tigera-operator/custom-resources.yaml | 134 +++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 1 deletion(-) diff --git a/tigera-operator/custom-resources.yaml b/tigera-operator/custom-resources.yaml index 87cfe78..cbe4d02 100644 --- a/tigera-operator/custom-resources.yaml +++ b/tigera-operator/custom-resources.yaml @@ -20,6 +20,13 @@ spec: name: default-ipv4-ippool natOutgoing: Disabled nodeSelector: all() + - blockSize: 122 + cidr: 2001:bb8:4008:21:244::/80 + disableBGPExport: false + disableNewAllocations: false + nodeSelector: all() + encapsulation: None + natOutgoing: Disabled --- apiVersion: projectcalico.org/v3 kind: IPPool @@ -36,6 +43,21 @@ spec: vxlanMode: Never natOutgoing: true --- +apiVersion: projectcalico.org/v3 +kind: IPPool +metadata: + name: default-ipv6-ippool +spec: + allowedUses: + - Workload + - Tunnel + blockSize: 122 + cidr: 2001:bb8:4008:21:244::/80 + ipipMode: Never + nodeSelector: all() + vxlanMode: Never + natOutgoing: false +--- # This section configures the Calico API server. # For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer apiVersion: operator.tigera.io/v1 @@ -50,7 +72,7 @@ metadata: name: mikrotik-router spec: peerIP: 172.21.255.254 - asNumber: 64567 + asNumber: 64512 keepOriginalNextHop: true password: secretKeyRef: @@ -58,10 +80,120 @@ spec: key: password --- apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: mikrotik-router-ipv6 +spec: + peerIP: 2001:bb8:4008:21:ffff:ffff:ffff:fffe + asNumber: 64512 + keepOriginalNextHop: true + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve90 +spec: + peerIP: 172.21.20.90 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve91 +spec: + peerIP: 172.21.20.91 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve92 +spec: + peerIP: 172.21.20.92 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve93 +spec: + peerIP: 172.21.20.93 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve90-ipv6 +spec: + peerIP: 2001:bb8:4008:21:20::90 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve91-ipv6 +spec: + peerIP: 2001:bb8:4008:21:20::91 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve92-ipv6 +spec: + peerIP: 2001:bb8:4008:21:20::92 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: pve93-ipv6 +spec: + peerIP: 2001:bb8:4008:21:20::93 + asNumber: 64512 + password: + secretKeyRef: + name: bgp-secrets + key: password +--- +apiVersion: projectcalico.org/v3 kind: BGPConfiguration metadata: name: default spec: + asNumber: 64512 serviceLoadBalancerIPs: - cidr: 172.21.51.4/32 - cidr: 172.21.53.1/32