squash all

Mostly copied over from my old repo and modified for app of apps. Cleaning up the mess from migration Signed-off-by: gwg313 <gwg313@pm.me>
2025-07-03 08:02:33 -04:00 · 2025-07-03 08:02:33 -04:00 · 52933116f0
commit 52933116f0
parent 471f30f0b1
104 changed files with 2532 additions and 44 deletions
--- a/metallb/Chart.yaml
+++ b/metallb/Chart.yaml
@ -0,0 +1,7 @@
+apiVersion: v2
+name: metallb
+version: 0.1.0
+dependencies:
+  - name: metallb
+    version: 0.13.12
+    repository: https://metallb.github.io/metallb
--- a/metallb/config/ipaddresspool.yaml
+++ b/metallb/config/ipaddresspool.yaml
@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default
+  namespace: metallb-system
+spec:
+  addresses:
+    - 10.1.10.50-10.1.10.100
--- a/metallb/config/kustomization.yaml
+++ b/metallb/config/kustomization.yaml
@ -0,0 +1,3 @@
+resources:
+  - ipaddresspool.yaml
+  - l2advertisement.yaml
--- a/metallb/config/l2advertisement.yaml
+++ b/metallb/config/l2advertisement.yaml
@ -0,0 +1,5 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: metallb-system
--- a/metallb/namespace.yaml
+++ b/metallb/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
--- a/metallb/values.yaml
+++ b/metallb/values.yaml
@ -0,0 +1,46 @@
+metallb:
+  controller:
+    enabled: true
+  speaker:
+    enabled: true
+    hostNetwork: true
+    podAnnotations:
+      sidecar.istio.io/inject: "false"
+    tolerations:
+      - operator: Exists
+    securityContext:
+      allowPrivilegeEscalation: false
+      privileged: false
+      capabilities:
+        drop: ["ALL"]
+  # keep FRR disabled – GoBGP mode works fine and avoids NET_ADMIN
+  frr:
+    enabled: false
+  configInline:
+    peers:
+      - peer-address: 10.1.10.1 # OPNsense LAN IP
+        peer-asn: 65551 # ASN you set on OPNsense
+        my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense
+        hold-time: 90s
+        source-address: 10.1.10.3 # Talos node IP (optional but fine)
+      - peer-address: 10.1.10.1 # OPNsense LAN IP
+        peer-asn: 65551 # ASN you set on OPNsense
+        my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense
+        hold-time: 90s
+        source-address: 10.1.10.4 # Talos node IP (optional but fine)
+      - peer-address: 10.1.10.1 # OPNsense LAN IP
+        peer-asn: 65551 # ASN you set on OPNsense
+        my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense
+        hold-time: 90s
+        source-address: 10.1.10.5 # Talos node IP (optional but fine)
+      - peer-address: 10.1.10.1 # OPNsense LAN IP
+        peer-asn: 65551 # ASN you set on OPNsense
+        my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense
+        hold-time: 90s
+        source-address: 10.1.10.6 # Talos node IP (optional but fine)
+        # router-id optional – can omit or make unique per node
+    address-pools:
+      - name: default
+        protocol: bgp
+        addresses:
+          - 10.1.10.50-10.1.10.100