diff --git a/examples/load-balanced-route-servers/routeserver-b.ss.yml b/examples/load-balanced-route-servers/routeserver-b.ss.yml new file mode 100644 index 0000000..93c113b --- /dev/null +++ b/examples/load-balanced-route-servers/routeserver-b.ss.yml @@ -0,0 +1,203 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: meshrr-conf +data: + meshrr.conf.yml: |+ + encrypted_root_pw: NOLOGIN + asn: "65000.1" + mode: evpnrs + bgpgroups: + - name: MESHRR-CORE + type: mesh + source: + sourcetype: dns + hostname: meshrr-core + - name: MESHRR-CLIENTS + type: subtractive + prefixes: + - 192.168.0.0/16 + asranges: + - 65001-65535 +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: routeserver-b + namespace: metallb +spec: + addresses: + - 192.168.255.2/32 + autoAssign: false +--- +apiVersion: metallb.io/v1beta1 +kind: BGPAdvertisement +metadata: + name: routeserver-b + namespace: metallb +spec: + ipAddressPools: + - routeserver-b + communities: + - 65000:0 +--- +apiVersion: v1 +kind: Service +metadata: + name: routeserver-b + annotations: + metallb.universe.tf/address-pool: routeserver-b +spec: + ports: + - name: bgp + port: 179 + protocol: TCP + targetPort: bgp + selector: + app: meshrr-evpnrs + side: b + type: LoadBalancer + externalTrafficPolicy: Local +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: routeserver-b + labels: + app: meshrr-evpnrs + side: b +spec: + serviceName: routeserver + podManagementPolicy: "Parallel" + selector: + matchLabels: + app: meshrr-evpnrs + side: b + replicas: 2 + template: + metadata: + labels: + app: meshrr-evpnrs + side: b + spec: + volumes: + - name: config + emptyDir: {} + - name: ssh-id + emptyDir: {} + - name: meshrr-conf + configMap: + defaultMode: 256 + items: + - key: meshrr.conf.yml + mode: 256 + path: meshrr.conf.yml + name: meshrr-conf + optional: false + initContainers: + - name: meshrr-init + image: ghcr.io/juniper/meshrr:next + imagePullPolicy: IfNotPresent + args: ["init"] + volumeMounts: + - name: ssh-id + mountPath: /secret/ssh/ + - name: config + mountPath: /config/ + - name: meshrr-conf + mountPath: /opt/meshrr/conf/meshrr.conf.yml + readOnly: true + subPath: meshrr.conf.yml + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: LICENSE_KEY + valueFrom: + secretKeyRef: + name: crpd-license + key: crpd-license + - name: MESHRR_MODE + value: evpnrs + containers: + - name: crpd + image: localhost/juniper/crpd:23.2R1.13 + imagePullPolicy: Never + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: bgp + timeoutSeconds: 3 + readinessProbe: + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 2 + tcpSocket: + port: bgp + timeoutSeconds: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + ports: + - name: bgp + containerPort: 179 + protocol: TCP + - name: ssh + containerPort: 22 + protocol: TCP + - name: netconf + containerPort: 830 + protocol: TCP + volumeMounts: + - name: config + mountPath: /config/ + securityContext: + allowPrivilegeEscalation: true + privileged: true + runAsNonRoot: false + - name: meshrr + image: ghcr.io/juniper/meshrr:next + imagePullPolicy: IfNotPresent + args: ["sidecar"] + startupProbe: + exec: + command: + - cat + - /tmp/connected-to-crpd + initialDelaySeconds: 5 + periodSeconds: 3 + volumeMounts: + - name: ssh-id + mountPath: /secret/ssh/ + - name: meshrr-conf + mountPath: /opt/meshrr/conf/meshrr.conf.yml + readOnly: true + subPath: meshrr.conf.yml + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: side + operator: In + values: + - "b" + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - meshrr-evpnrs + topologyKey: kubernetes.io/hostname