From be113e77b4a3e12d8d4de17b226a745e65f49a1e Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 17 Oct 2017 18:58:31 -0700 Subject: [PATCH] Fix links and add Calico BGP peering notes --- docs/bare-metal.md | 2 +- docs/topics/hardware.md | 36 ++++++++++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/bare-metal.md b/docs/bare-metal.md index 603c03f8..930d6870 100644 --- a/docs/bare-metal.md +++ b/docs/bare-metal.md @@ -94,7 +94,7 @@ For networks already supporting iPXE clients, you can add a `default.ipxe` confi chain http://matchbox.foo:8080/boot.ipxe ``` -For networks with Ubiquiti Routers, you can [configure the router](/topics/hardware/#ubiquiti) itself to chainload machines to iPXE and Matchbox. +For networks with Ubiquiti Routers, you can [configure the router](/topics/hardware.md#ubiquiti) itself to chainload machines to iPXE and Matchbox. For a small lab, you may wish to checkout the [quay.io/coreos/dnsmasq](https://quay.io/repository/coreos/dnsmasq) container image and [copy-paste examples](https://github.com/coreos/matchbox/blob/master/Documentation/network-setup.md#coreosdnsmasq). diff --git a/docs/topics/hardware.md b/docs/topics/hardware.md index 32dde76d..08d8e453 100644 --- a/docs/topics/hardware.md +++ b/docs/topics/hardware.md @@ -1,6 +1,6 @@ # Hardware -While bare-metal Kubernetes clusters have no special hardware requirements (beyond the [min reqs](/bare-metal#requirements)), Typhoon does ensure certain router and server hardware integrates well with Kubernetes. +While bare-metal Kubernetes clusters have no special hardware requirements (beyond the [min reqs](/bare-metal.md#requirements)), Typhoon does ensure certain router and server hardware integrates well with Kubernetes. ## Ubiquitiy @@ -108,7 +108,7 @@ commit-confirm ### Port Forwarding -Expose the [Ingress Controller](/addons/ingress#bare-metal) by adding `port-forward` rules that DNAT a port on the router's WAN interface to an internal IP and port. By convention, a public Ingress controller is assigned a fixed service IP like kube-dns (e.g. 10.3.0.12). +Expose the [Ingress Controller](/addons/ingress.md#bare-metal) by adding `port-forward` rules that DNAT a port on the router's WAN interface to an internal IP and port. By convention, a public Ingress controller is assigned a fixed service IP like kube-dns (e.g. 10.3.0.12). ``` configure @@ -141,3 +141,35 @@ set service gui https-port 4443 commit-confirm ``` +### BGP + +Add the EdgeRouter as a global BGP peer for nodes in a Kubernetes cluster (requires Calico). Neighbors will exchange `podCIDR` routes and individual pods will become routeable on the LAN. + +Configure node(s) as BGP neighbors. + +``` +show protocols bgp 1 +set protocols bgp 1 parameters router-id LAN_IP +set protocols bgp 1 neighbor NODE1_IP remote-as 64512 +set protocols bgp 1 neighbor NODE2_IP remote-as 64512 +set protocols bgp 1 neighbor NODE3_IP remote-as 64512 +``` + +View the neighbors and exchanged routes. + +``` +show ip bgp neighbors +show ip route bgp +``` + +Be sure to register the peer by creating a Calico `bgpPeer` CRD with `kubectl apply`. + +``` +apiVersion: v1 +kind: bgpPeer +metadata: + peerIP: LAN_IP + scope: global +spec: + asNumber: 64512 +```