feat(config): Add SOPS configuration and BGP load balancer resources

Author: TheMeinerLP

clusters/feather-core/.sops.pub.asc

@@ -0,0 +1,63 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGfVv8wBEADIJh39ScklRQN7SxoJLYXWebesjC/6BA4X7APlHMjQfZoekNNJ
+cNSimF9lmP1PRrcdTdxE+4G01zsU5G/9N0PG29xzILNuV1xyGUbYZ0kHJgjoVKsd
+g9nFGGRgVce7MTdo5A4XwGwSsGchXdfkJLmrBgVvf4vMHKKFrYgwLcN/+UGu1V9y
+YSuRODZF5sqlcqAArj5Oo5jjZ0DQa5HgsTksOOb7Dnze3QHAx/J9POWR/tk/vOKu
+YO4tVYAzoaVXxzEjtMZsydGJka69yXrDP+HGsTjmboPeSLx+/zfmGI6AuWVhuEf7
+u2qCuW3m8yQqBxU5MunNls1slU+mtWw/c0jZmsikLO0ojOr9/+Uqvnk+voMhP9/1
+DJWnKkaPI5nJ49tUuYSBYlvLo1Vs2H/u2NtXh/pYoLs+DIydKtmVq0kVCJzrS5H2
+i2UewLPgXLkP+6gvFbR2+bUAuZr/SAtx1xBMoNE7Qgo4zd8W8WttvFgqxCB6Tfrt
+lVPDqk+CdVTFTR7HZ0Pb1f10vq44RSExJ0TLBosyTLhIsz0ihP5lFCDHoOdijBmJ
+lf5LvT6kwwHGe/Wr+FkwBKQrwXWXAjxjRsGRQLH7hBBNYv6xwUg7b/hB5NHDTARr
+q6ZWFb01IDOjt4iv0aLliCfihMyDbpI1DWoqt3QuVE0+rQo8Y5Ppdo/RmwARAQAB
+tCdjbHVzdGVyMC5vbmVsaXRlLmZlYXRoZXIgKGZsdXggc2VjcmV0cymJAlIEEwEI
+ADwWIQQCMYMctAuOWHtzU8ujr3J3ISBaYgUCZ9W/zAMbLwQFCwkIBwICIgIGFQoJ
+CAsCBBYCAwECHgcCF4AACgkQo69ydyEgWmJ5/w//XylABtAf7Ae0teUdeHW1cRFN
+yfMP/zdcZnmOfKQV0gThG5GXIwp443zJ0k2+qPPt1Goe1RvODwNdHglFAMe/qoii
+lzy+0yw2CgVdIMVnnTZh5HkHCwUA01GaqzVSPtL0pySDPfKsiF99NKSWy5Xpb/VP
+KRYQN9Qy0et1QWsATeQkO2xYCRyD2BuiazPpalXcu+YtNeIefxHahkR+beqOcw6t
+mn40h+oAaXI7ohRf/urh9haOiWcgN7ihlxmSh6kL5N1fTIVyGhzm3yi0ifCvnj22
+wqX18/QDLqPfPUw+H1IlvLSnlJAsTMLYoPrYDImM/rmttuO7FexiXIAMgJoPkbIq
+wqjnOnnR7l+1G7w8IoIg+9UiUdi1jsX6Xrtm+q97O9H6OfOA1SwqLdDJtWvkFE/l
+CN2XoW/9SpcyHbB77JzxsRduJe96UVLC2TA3VNkI7Hw4CLLlsoNuV1YOeV5quPas
+ZlKVkaeXBQuoPlYh7MotjN6x7ecdX9c/Q/aZxPzAZQxSmzScy7gUFcHOGQSS29Nq
+FRpReNvFNu0hJ/h84t3/UcNvmLy+F2x136Z8bH1ud7Md4QLlEfFCvPEhPLBwM58I
+5maKT/3NHBsVMp2pFzOcffIAZq8vSUQjjtQmLNx8NdXZSC+iNFrm2XemQDcTNj8J
+XZNKjLCCHe6wIMufHmm5Ag0EZ9W/zAEQANMNOyLACnoVZMdLXXTjUYqVmO6ApROy
+8nTMeayWfaiLuxjT8Lv7L0VQUsOFOuAcpdqufRgme0HarbHwA0KdecRyjoNEW+gN
+sHjRAP+c4SBZj3g4uUZNRg501I6IK91ghORTtToWKPBWiJdb0qEoOJbzd2yDU6BK
+/NKPSV1pWqkVvdDvIyE1XTeUO6KXUA8p1/v4C4UovQFuT/mhHcyV9ilryj1qnS5o
+hwTHMNSS8cRw2vagkphSZ25EiUnTSwdETPC0wx3nu8AgGlTEYeOHEfvKM52py16z
+KS/DuAdLO2ABcdYeEYSStiiF24t7zcqn1IJTBXSTQ7SMsaMxknKgX+ZY8Y+vk8PI
+Gs7/eYBA9P8mRrqJ56bRJWoxxRJ+v/aXtU4yuJeIVGw/+P6IVaapDG1iYKv2txFQ
+LIk58IMiB665sikRE42Gtqu/RZEV6lQOQQVubVGR7O9l2sPqW+kTR+HBDCKh127e
+6qi4EGJMukyR+aCy8LmIpYs4MRZ0MbvCOQK8/7q7PmKDgxy3vIbhiRDnRvf/V6h8
++ON9B5cOjwCWur3adI0JQeWAYSIaFB7PbjKQNuIunfyIhcNu8+IxspFsFXinO4SH
+6ccOyDcgPiXHs9BNeRTsl367PYTbqvssaAqVA6kyznUNFPu9S4VEZ1TMe20cn0IM
+ce/tPHzuzoIZABEBAAGJBGwEGAEIACAWIQQCMYMctAuOWHtzU8ujr3J3ISBaYgUC
+Z9W/zAIbLgJACRCjr3J3ISBaYsF0IAQZAQgAHRYhBFGgXJF5WcZ+YwlcngWbRp0W
+X+I4BQJn1b/MAAoJEAWbRp0WX+I4NiAQALb3PJ9cuNgqN9hAMospEifhg9n4Pjsg
+43BLBZfzV1vIRW/E06c7yTOTSgjjpU1zXvtnht670GEuCLxb1u/oK2ZR7+Hsv19m
+Y+iBY4adj79pJMafNMUsfTkl3gDCweZk/bHHVRxE2Wz331lWe9Hug+EVGlBAPho5
+7QuamD5oZnfKe7TnJwOTozbFW2jEZpDazIf1e5VNxeXW1fYAPfWbLdQL48JZWb1k
+If04aqoHQaY7ORYzXF6Kztla5bRpe27Qc+utgZWtspCQ8NFgx0xFOTmsLq6lHNNa
+QvNUtKAX+0oIfc6/Ys1dH1miiyDR0oc9M6dbITKRdTzWST3pevzBEx8jogZ3aQF6
+Uai3N3EAqsTeR0tr0O1Mc2417dSfeWfpHgf+RNq8LXDN731hFGUTNwB0F9qgSQBY
+OTYVQ8lkV066oqAN3uF0cUlRmtBuYsi4jhRkEmeOL+5Y/Ckh4cL1gozYZaQuzmp6
+p05xzD6Tm4QyJgQ8HPh9fJvnauBfJJSOyn9yvOm6JiD3C4srLW/onnn4IpoN30yp
+gkOGQ9z4oWNH0Ez1BaswHYwEhFGkaIRASoJNnYIrgbuO+Bcz5zcFY1Wj4ASWTKqU
+VRTbOym1u0l6YyXnYfmY49onazm+PTJZoBv62KUSaD73OL5X1yZHLxvyvoh6SsxQ
+TSd61GouHCJ/ZhcP/ipv0h+jXSgnXzSQkLD9eZrM/VKucUKk01jAkqFAVvtSqMi+
+EIOpvvDUEY9TJD53lEOS3F3XcnJ5yNY2SQbpH3xmE+TerSUeZcn0HklwKcG3QrIu
+/ea8b84EXGxHlChRZoP5V85z8X4LWnnfieDxaN0NdLkaufB8tc6iGdJpIWRXxHGl
+yZFGNWvv+V56SnEcFY6x7V5Rnsyqq56XRV5B0aSn6eGHF8Ljj1UNU07/qBaPvsjC
+Bm6pHIB939dsHMfdH6hPo26TxaMqV7lFCC0CR5fGaOtLBitO0yQGH9SmWJjr54Pf
+Uj0Dztp5naVqWMPDoolN9qvJ3LJ37eU9jcuykWUAlrls4CyiiZDD/+jvb+9nvDEf
+ywDTxOguFB+GtbDT8D19lOa2porRxINDkyN5bqMOWADPKdpfBGHFkQTdmawc+ltg
+USrOZumVbJJF0MEJ4d3NS4uNa1Hwrp1qDUWwo2ssNnx+rLPHDFzf9mIecyXd7A2P
+98CST5taJM3E6P5BJHhysBo63HuxvLlTAALal+mz8OgxkMfP5Q7E2X57MR9O8YCs
+q4c7PV+RO4gHURVbH1AOxLrW4xGcu20NMTNXfc026R+WxrFmpqDm2GJM2c2QREkh
+rnE+R0EJGENUsvPYdlR8Sm0ybwVKq29ZGWt+bC4DCt+yVn1J9g41KAxhPHUm
+=te2g
+-----END PGP PUBLIC KEY BLOCK-----

clusters/feather-core/.sops.yaml

@@ -0,0 +1,14 @@
+creation_rules:
+  - pgp: 0231831CB40B8E587B7353CBA3AF727721205A62
+    path_regex: .*.env
+  - pgp: 0231831CB40B8E587B7353CBA3AF727721205A62
+    path_regex: .*.sops.env
+  - pgp: 0231831CB40B8E587B7353CBA3AF727721205A62
+    path_regex: .sops.yaml
+  - pgp: 0231831CB40B8E587B7353CBA3AF727721205A62
+    path_regex: s3.conf
+  - pgp: 0231831CB40B8E587B7353CBA3AF727721205A62
+    path_regex: .dockerconfigjson
+  - path_regex: .*.yaml
+    encrypted_regex: ^(ca_password|provisioner_password|intermediate_ca_key|root_ca_key|\.dockerconfigjson|sql\.php)$
+    pgp: 0231831CB40B8E587B7353CBA3AF727721205A62

clusters/feather-core/ipconfig.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ipconfig
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure/clusters/feather-core/ipconfig
+  prune: true
+  wait: true
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg

infrastructure/clusters/feathre-core/ipconfig/bgp-dc01.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: bgp-dc01
+spec:
+  nodeSelector:
+    matchLabels:
+      topology.kubernetes.io/zone: "dc01"
+  bgpInstances:
+    - name: "dc01-64601"
+      localASN: 64601
+      peers:
+        - name: "opsense-dc01"
+          peerASN: 64504
+          peerAddress: 10.200.3.1

infrastructure/clusters/feathre-core/ipconfig/bgp-dc06.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPClusterConfig
+metadata:
+  name: bgp-dc06
+spec:
+  nodeSelector:
+    matchLabels:
+      topology.kubernetes.io/zone: "dc06"
+  bgpInstances:
+    - name: "dc06-64606"
+      localASN: 64606
+      peers:
+        - name: "opsense-dc01"
+          peerASN: 64504
+          peerAddress: 10.200.3.1

infrastructure/clusters/feathre-core/ipconfig/cilium-bgpadvertisement-lb.yaml

@@ -0,0 +1,15 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumBGPAdvertisement
+metadata:
+  name: bgp-advertisements
+spec:
+  advertisements:
+    - advertisementType: "Service"
+      service:
+        addresses:
+          - LoadBalancerIP
+      selector:
+        matchExpressions:
+          - key: "onelite.feather/bgp"
+            operator: In
+            values: ["announce"]

infrastructure/clusters/feathre-core/ipconfig/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - lb-dc01.yaml
+  - lb-dc06.yaml
+  - bgp-dc01.yaml
+  - bgp-dc06.yaml
+  - cilium-bgpadvertisement-lb.yaml

infrastructure/clusters/feathre-core/ipconfig/lb-dc01.yaml

@@ -0,0 +1,12 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: lb-dc01
+spec:
+  cidrs:
+    - cidr: 10.210.90.0/28
+  serviceSelector:
+    matchExpressions:
+      - key: onelite.feather/site
+        operator: In
+        values: ["dc01"]

infrastructure/clusters/feathre-core/ipconfig/lb-dc06.yaml

@@ -0,0 +1,12 @@
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: lb-dc06
+spec:
+  cidrs:
+    - cidr: 10.200.90.0/28
+  serviceSelector:
+    matchExpressions:
+      - key: onelite.feather/site
+        operator: In
+        values: ["dc06"]