mirrors/talos-extensions
1
0
Fork 0
mirror of https://github.com/siderolabs/extensions.git synced 2026-05-05 12:16:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add bird2 system-extension

Browse Source 
Introduce bird2 routing daemon as system extension to talos linux. The
bird2 configuration must be provided via an ExtensionServiceConfig and
placed on /usr/local/etc/bird.conf

Signed-off-by: Matthias Riegler <me@m4tbit.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 491a383fdb8e6f8974ad4d4d4043156507637309)
This commit is contained in:
Matthias Riegler 2025-12-02 09:23:02 +01:00 committed by Andrey Smirnov
parent e439f3ff01
commit 8ced5f6db1
No known key found for this signature in database
GPG Key ID: 322C6F63F594CE7C
10 changed files with 273 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/renovate.json vendored
View File

@ -103,6 +103,12 @@
"matchPackageNames": [
"systemd/systemd"
]
},
{
"allowedVersions": "< 3.0.0",
"matchPackageNames": [
"https://gitlab.nic.cz/labs/bird.git"
]
}
],
"separateMajorMinor": false

4
.kres.yaml
View File

@ -6,6 +6,7 @@ spec:
- amdgpu
- amd-ucode
- binfmt-misc
- bird2
- bnx2-bnx2x
- btrfs
- chelsio-drivers
@ -299,3 +300,6 @@ spec:
- matchPackageNames:
- systemd/systemd
versioning: 'regex:^(?<major>\d+)\.?(?<minor>\d+)?\.?(?<patch>\d+)?$'
- matchPackageNames:
- https://gitlab.nic.cz/labs/bird.git
allowedVersions: "< 3.0.0"

4
Makefile
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-12-05T14:27:38Z by kres 571923f.
# Generated on 2025-12-04T12:12:14Z by kres 571923f.
# common variables
@ -63,6 +63,7 @@ TARGETS = amazon-ena
TARGETS += amdgpu
TARGETS += amd-ucode
TARGETS += binfmt-misc
TARGETS += bird2
TARGETS += bnx2-bnx2x
TARGETS += btrfs
TARGETS += chelsio-drivers
@ -296,4 +297,3 @@ release-notes: $(ARTIFACTS)
conformance:
@docker pull $(CONFORMANCE_IMAGE)
@docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce

1
README.md
View File

@ -130,6 +130,7 @@ tiers based on support level:
| Name | Tier | Image | Version | Description |
| ---- | ---- | ----- | ------- | ----------- |
| [bird2](network/bird2) | :white_large_square: contrib | [ghcr.io/siderolabs/bird2](https://github.com/siderolabs/extensions/pkgs/container/bird2) | `2.17.1` | bird2 routing daemon for Talos. bird2cl can be used to interface with the daemon (lightweight CLI only!). More info: https://bird.network.cz/ |
| [cloudflared](network/cloudflared) | :white_large_square: contrib | [ghcr.io/siderolabs/cloudflared](https://github.com/siderolabs/extensions/pkgs/container/cloudflared) | `2025.11.1` | Cloudflare Tunnel securely connects resources to Cloudflare without a public IP. A lightweight daemon (cloudflared) creates outbound-only connections to Cloudflare, allowing safe access to services like HTTP, SSH, remote desktops, and other protocols. More info: https://github.com/cloudflare/cloudflared/ |
| [lldpd](network/lldpd) | :yellow_square: extra | [ghcr.io/siderolabs/lldpd](https://github.com/siderolabs/extensions/pkgs/container/lldpd) | `1.0.20` | LLDP adds a LLDP discovery service to Talos. LLDP cli can be used to interface with the daemon. |
| [nebula](network/nebula) | :white_large_square: contrib | [ghcr.io/siderolabs/nebula](https://github.com/siderolabs/extensions/pkgs/container/nebula) | `1.9.7` | A scalable overlay networking tool with a focus on performance, simplicity and security |

158
network/bird2/README.md Normal file
View File

@ -0,0 +1,158 @@
# bird2
>
> [!WARNING]
> This SystemExtensio does **not** support dynamic reloading. A configuration change triggers a restart of bird!
Adds [bird2](https://bird.network.cz/) routing daemon as Talos system extensions.
## Installation
See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
## Usage
1. Configure the extension via `ExtensionServiceConfig` document.
```yaml
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: bird2
configFiles:
- mountPath: /usr/local/etc/bird.conf
content: |
# This is just a minimal NOOP config!
log stderr all;
router id 6.6.6.6;
protocol device {}
```
1. Apply the patch to your node's MachineConfigs
```bash
talosctl patch mc -p @bird2-config.yaml
```
## Debugging
A Bird client can be spawned by a node debug container, e.g.: `chroot /proc/$(pgrep bird)/cwd /usr/local/sbin/birdcl`
## Examples
### Dual Top of Rack uplink with CNI integration
>
> [!WARNING]
> This is a lab configuration, review and adjust to your needs before production. For this to work, ToR switches must advertise the default route.
This bird2 configuration peers with a top of rack switches, listens on localhost for BGP sessions established by a CNI (here [Cilium](https://cilium.io)) and redistributes them within the network fabric:
```yaml
---
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: bird2
configFiles:
- mountPath: /usr/local/etc/bird.conf
content: |
define FABRIC_AS = 65000;
define TALOS_NODE_AS = 65001;
define CILIUM_AS = 65002;
log stderr all;
debug protocols all;
router id from "dummy0";
protocol device {
scan time 10;
}
protocol direct loopback {
interface "dummy0";
ipv4 {
import all;
export none;
};
}
protocol kernel {
merge paths on;
learn off;
ipv4 {
export filter {
if proto = "cilium" then reject;
if proto = "loopback" then reject;
accept;
};
import none;
};
}
protocol bgp fabric_enp33s0f1np1 {
local as TALOS_NODE_AS;
source address 10.66.66.6;
neighbor 10.66.66.1 as FABRIC_AS;
ipv4 {
import all;
export all;
next hop self;
};
interface "enp33s0f1np1";
};
protocol bgp cilium {
passive on;
multihop 2; # bypass bird statup check for localhost IP address
local as TALOS_NODE_AS;
neighbor 127.0.0.1 as CILIUM_AS;
ipv4 {
import all;
export none;
};
};
```
Cilium configuration (just for demonstration purposes!):
```yaml
---
apiVersion: cilium.io/v2
kind: CiliumBGPPeerConfig
metadata:
name: cilium-bird2-nodelocal
spec:
families:
- afi: ipv4
safi: unicast
advertisements:
matchLabels:
bgp: cilium-peer
---
apiVersion: cilium.io/v2
kind: CiliumBGPAdvertisement
metadata:
name: pod-cidr-advertisement
labels:
bgp: cilium-bird2-nodelocal
spec:
advertisements:
- advertisementType: "PodCIDR"
---
apiVersion: cilium.io/v2
kind: CiliumBGPClusterConfig
metadata:
name: bird2-nodelocal-bgp
spec:
nodeSelector: {}
bgpInstances:
- name: "bird2-nodelocal-bgp-65002"
localASN: 65002
peers:
- name: "bird2-nodelocal"
peerASN: 65001
peerAddress: 127.0.0.1
peerConfigRef:
name: "cilium-bird2-nodelocal"
```

26
network/bird2/bird2.yaml Normal file
View File

@ -0,0 +1,26 @@
# © 2025 DE-CIX
# Licensed under the Mozilla Public License 2.0
# SPDX-License-Identifier: MPL-2.0
name: bird2
depends:
- service: cri
- network:
- addresses
- etcfiles
- hostname
- configuration: true
container:
entrypoint: /usr/local/sbin/bird
args:
- -f
security:
writeableRootfs: false
writeableSysfs: true
mounts:
- source: /var/run/bird
destination: /usr/local/var/run
type: bind
options:
- bind
- rw
restart: always

14
network/bird2/manifest.yaml.tmpl Normal file
View File

@ -0,0 +1,14 @@
# © 2025 DE-CIX
# Licensed under the Mozilla Public License 2.0
# SPDX-License-Identifier: MPL-2.0
version: v1alpha1
metadata:
name: bird2
version: "{{ .VERSION }}"
author: Matthias Riegler
description: |
[{{ .TIER }}] bird2 routing daemon for Talos. bird2cl can be used to interface with the daemon (lightweight CLI only!).
More info: https://bird.network.cz/
compatibility:
talos:
version: ">= v1.11.0"

53
network/bird2/pkg.yaml Normal file
View File

@ -0,0 +1,53 @@
# © 2025 DE-CIX
# Licensed under the Mozilla Public License 2.0
# SPDX-License-Identifier: MPL-2.0
name: bird2
variant: scratch
shell: /bin/bash
dependencies:
- stage: base
steps:
- sources:
- url: "https://bird.network.cz/download/bird-{{ .BIRD2_VERSION }}.tar.gz"
destination: bird2.tar.gz
sha256: "{{ .BIRD2_SHA256 }}"
sha512: "{{ .BIRD2_SHA512 }}"
env:
SOURCE_DATE_EPOCH: "{{ .BUILD_ARG_SOURCE_DATE_EPOCH }}"
prepare:
- |
tar -xf bird2.tar.gz --strip-components=1
- |
export CFLAGS="${CFLAGS} -I/usr/local/include -static"
export LDFLAGS="${LDFLAGS} -static"
./configure --disable-client --prefix=/usr/local
build:
- |
make -j $(nproc) all
install:
- |
mkdir -p /rootfs/usr/local/{etc/containers,lib/containers/bird2}
cp /pkg/bird2.yaml /rootfs/usr/local/etc/containers/bird2.yaml
make DESTDIR=/rootfs/usr/local/lib/containers/bird2 install
rm /rootfs/usr/local/lib/containers/bird2/usr/local/etc/bird.conf
test:
- |
mkdir -p /extensions-validator-rootfs
cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/bird2.spdx.json
version: "{{ .VERSION }}"
cpes:
- "cpe:2.3:a:bird_project:bird:{{ .VERSION }}:*:*:*:*:*:*:*"
licenses:
- GPL-2.0-or-later
finalize:
- from: /rootfs
to: /rootfs
- from: /pkg/manifest.yaml
to: /

5
network/bird2/vars.yaml Normal file
View File

@ -0,0 +1,5 @@
# © 2025 DE-CIX
# Licensed under the Mozilla Public License 2.0
# SPDX-License-Identifier: MPL-2.0
VERSION: "{{ .BIRD2_VERSION }}"
TIER: "contrib"

4
network/vars.yaml
View File

@ -28,3 +28,7 @@ NEWT_SHA512: 021cb93f8616a907f5d0d2e5c2979cc28669042b2cc77322633a23e49cae48e0498
NETBIRD_VERSION: 0.59.12
NETBIRD_SHA256: 2f0bdd45996f46f2e2c1dbf5a6712bba38a06cbfb7e4c00f814b0ffe149d7c6d
NETBIRD_SHA512: c1c171de52b2d65130cfdf3fb54add154dcbefdaf4d753f9ab0ca2371924ae927eff2fc504175ab0951f4e5e4986ae56006518706eb1d0312ae56c4ba19d62f6
# renovate: datasource=git-tags extractVersion=^v(?<version>.*)$ depName=https://gitlab.nic.cz/labs/bird.git
BIRD2_VERSION: "2.17.1"
BIRD2_SHA256: bfd718dfa596819b3801688783212514b467163329aec9bbcd0fa3dee03e10e9
BIRD2_SHA512: b535bc74f7e865167f40eef3dd82042f085d06de394a2eac2d94bae4c44e247b590d4c45206afe360b2d8879e33f2478117f0a0b1a5182431204cbbf595b9890