clustermesh script

Author: rayaisaiah

hack/aks/Makefile

@@ -121,6 +121,11 @@ overlay-net-up: ## Create vnet, nodenet subnets
 	$(AZCLI) network vnet create -g $(GROUP) -l $(REGION) --name $(VNET) --address-prefixes 10.0.0.0/8 -o none
 	$(AZCLI) network vnet subnet create -g $(GROUP) --vnet-name $(VNET) --name nodenet --address-prefix 10.10.0.0/16 -o none
 
+cilium-net-up: ## Create vnet, nodenet and podnet subnets
+  $(AZCLI) network vnet create -g $(GROUP) -l $(REGION) --name $(VNET) --address-prefixes $(VNET_PREFIX) -o none
+  $(AZCLI) network vnet subnet create -g $(GROUP) --vnet-name $(VNET) --name nodenet --address-prefixes $(NODE_SUBNET_PREFIX) -o none
+  $(AZCLI) network vnet subnet create -g $(GROUP) --vnet-name $(VNET) --name podnet --address-prefixes $(POD_SUBNET_PREFIX) -o none
+
 ##@ AKS Clusters
 
 byocni-up: swift-byocni-up ## Alias to swift-byocni-up
@@ -258,6 +263,26 @@ swift-byocni-nokubeproxy-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT BYO CNI
 		--yes
 	@$(MAKE) set-kubeconf
 
+cilium-clustermesh-byocni-nokubeproxy-up: rg-up cilium-net-up ## Bring up a Cilium BYO CNI cluster without kube-proxy
+  $(AZCLI) aks create -n $(CLUSTER) -g $(GROUP) -l $(REGION) \
+    --auto-upgrade-channel $(AUTOUPGRADE) \
+    --node-os-upgrade-channel $(NODEUPGRADE) \
+    --kubernetes-version $(K8S_VER) \
+    --node-count $(NODE_COUNT) \
+    --node-vm-size $(VM_SIZE) \
+    --load-balancer-sku basic \
+    --network-plugin none \
+    --pod-cidr $(POD_CIDR) \
+    --service-cidr $(SVC_CIDR) \
+    --dns-service-ip $(DNS_IP) \
+    --vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \
+    --pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet \
+    --no-ssh-key \
+    --os-sku $(OS_SKU) \
+    --kube-proxy-config ./kube-proxy.json \
+    --yes
+		@$(MAKE) set-kubeconf
+
 swift-cilium-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT Cilium cluster
 	$(AZCLI) aks create -n $(CLUSTER) -g $(GROUP) -l $(REGION) \
 		--auto-upgrade-channel $(AUTOUPGRADE) \

hack/scripts/enable-cilium-cluster-mesh.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+# Requires
+# sufix1 - unique single digit whole number 1-9. Cannot match sufix2
+# sufix2 - unique single digit whole number 1-9. Cannot match sufix1
+# SUB - GUID for subscription
+# clusterType - cilium-clustermesh-byocni-nokubeproxy-up is primary atm, but leaving for testing later.
+# Example command: clusterPrefix=isaiahraya sufix1=1 sufix2=2 SUB=d9eabe18-12f6-4421-934a-d7e2327585f5 clusterType=cilium-clustermesh-byocni-nokubeproxy-up ./enable-cilium-cluster-mesh.sh
+ 
+sufixes="${sufix1} ${sufix2}"
+install=helm
+echo "sufixes ${sufixes}"
+ 
+cd ../..
+for unique in $sufixes; do
+    make -C ./hack/aks $clusterType \
+        AZCLI=az REGION=westus2 SUB=$SUB \
+        CLUSTER=${clusterPrefix}-${unique} \
+        POD_CIDR=192.${unique}0.0.0/16 SVC_CIDR=192.${unique}1.0.0/16 DNS_IP=192.${unique}1.0.10 \
+        VNET_PREFIX=10.${unique}0.0.0/16 NODE_SUBNET_PREFIX=10.${unique}0.0.0/17 POD_SUBNET_PREFIX=10.${unique}0.128.0/17
+ 
+    kubectl config use-context ${clusterPrefix}-${unique}
+ 
+    if [ $install == "helm" ]; then
+        helm upgrade --install -n kube-system cilium cilium/cilium \
+        --version v1.16.1 \
+        --set cluster.name=${clusterPrefix}-${unique} \
+        --set azure.resourceGroup=${clusterPrefix}-${unique}-rg \
+        --set cluster.id=${unique} \
+        --set ipam.operator.clusterPoolIPv4PodCIDRList='{192.'${unique}'0.0.0/16}' \
+        --set hubble.enabled=false \
+        --set envoy.enabled=false
+    fi
+done
+ 
+cd hack/scripts
+ 
+VNET_ID1=$(az network vnet show \
+    --resource-group "${clusterPrefix}-${sufix1}-rg" \
+    --name "${clusterPrefix}-${sufix1}-vnet" \
+    --query id -o tsv)
+ 
+VNET_ID2=$(az network vnet show \
+    --resource-group "${clusterPrefix}-${sufix2}-rg" \
+    --name "${clusterPrefix}-${sufix2}-vnet" \
+    --query id -o tsv)
+ 
+az network vnet peering create \
+    -g "${clusterPrefix}-${sufix1}-rg" \
+    --name "peering-${clusterPrefix}-${sufix1}-to-${clusterPrefix}-${sufix2}" \
+    --vnet-name "${clusterPrefix}-${sufix1}-vnet" \
+    --remote-vnet "${VNET_ID2}" \
+    --allow-vnet-access
+ 
+az network vnet peering create \
+    -g "${clusterPrefix}-${sufix2}-rg" \
+    --name "peering-${clusterPrefix}-${sufix2}-to-${clusterPrefix}-${sufix1}" \
+    --vnet-name "${clusterPrefix}-${sufix2}-vnet" \
+    --remote-vnet "${VNET_ID1}" \
+    --allow-vnet-access
+ 
+ 
+cilium clustermesh enable --context ${clusterPrefix}-${sufix1} --enable-kvstoremesh=true
+cilium clustermesh enable --context ${clusterPrefix}-${sufix2} --enable-kvstoremesh=true
+ 
+ 
+cilium clustermesh status --context ${clusterPrefix}-${sufix1} --wait
+cilium clustermesh status --context ${clusterPrefix}-${sufix2} --wait
+ 
+# # CA is passed between clusters in this step
+cilium clustermesh connect --context ${clusterPrefix}-${sufix1} --destination-context ${clusterPrefix}-${sufix2}
+ 
+# For 3+ clusters
+# cilium clustermesh connect --context ${clusterPrefix}-${sufix1} --destination-context ${clusterPrefix}-${sufix2}  --connection-mode mesh
+# These can be run in parallel in different bash shells