covidnetes/k8s-cilium-node-label
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10 Commits 1 Branch 0 Tags
1da2e795c2e7ba63bafd238f73bf349075ce5904
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tobias Trabelsi 1da2e795c2
Some checks failed
Lint and Test Charts / lint-test (push) Has been cancelled
Details
Build and Test / Test (push) Failing after 21s
Details
Build and Test / Build_Image_arm64 (push) Successful in 2m4s
Details
Build and Test / Build_Image_amd64 (push) Has been cancelled
Details
fix(): informer should now reach to changes and not process everything every 2 seconds. also corrected path in probes
2026-01-20 21:55:32 +01:00
.gitea/workflows
chore(): more refined release process
2026-01-19 22:28:57 +01:00
charts/k8s-cilium-node-label
fix(): informer should now reach to changes and not process everything every 2 seconds. also corrected path in probes
2026-01-20 21:55:32 +01:00
cmd
feat(): switch to informer
2026-01-19 21:55:00 +01:00
internal
fix(): informer should now reach to changes and not process everything every 2 seconds. also corrected path in probes
2026-01-20 21:55:32 +01:00
.gitignore
Initial commit
2026-01-18 21:48:53 +00:00
Dockerfile
feat(): initial untested implementation
2026-01-18 23:35:57 +01:00
go.mod
feat(): switch to informer
2026-01-19 21:55:00 +01:00
go.sum
feat(): switch to informer
2026-01-19 21:55:00 +01:00
LICENSE
Initial commit
2026-01-18 21:48:53 +00:00
README.md
feat(): increased test coverage and added simple workflow to build OCI image
2026-01-19 22:07:09 +01:00

README.md

k8s-cilium-node-label

Description

  • Purpose: Small controller/tool that discovers Cilium L2 announcement leases in the kube-system namespace and labels the corresponding Kubernetes nodes. Useful to mark nodes that are announcing L2 services (for example, to drive MetalLB or other consumers).
  • Where: Core logic lives in internal/kube.go.

Features

  • Discover leases: Finds leases with the cilium-l2announce* prefix.
  • Parse holder identity: Extracts node names from lease spec.holderIdentity.
  • Label nodes: Labels nodes with a configurable label when they are announcing L2 addresses.

Requirements

  • Go 1.20+ (or the version used in your environment).
  • Kubernetes cluster (the binary is intended to run in-cluster by default).
  • RBAC: a ServiceAccount with permissions to list/watch leases (coordination.k8s.io) and get/update nodes.

Configuration

  • By default the code uses in-cluster configuration (rest.InClusterConfig()), so run it as a Pod.
  • The label key used for nodes is configurable in the code (Config.CiliumLabel in callers).

Build

Build locally:

go build ./...

Run directly:

# Run from the repository root (may require KUBECONFIG for out-of-cluster testing)
go run ./cmd

Running in-cluster

  • Create a small Deployment with a ServiceAccount that has RBAC permitting access to leases and nodes.
  • Example RBAC (high-level):
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cilium-node-labeler
rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["list", "watch"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "update"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cilium-node-labeler-binding
subjects:
  - kind: ServiceAccount
    name: <service-account-name>
    namespace: <namespace>
roleRef:
  kind: ClusterRole
  name: cilium-node-labeler
  apiGroup: rbac.authorization.k8s.io

Development

Testing

  • Run unit tests:
go test ./...

License

  • See the LICENSE file in this repository.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 89 KiB
Languages
Go 84.7%
Smarty 11.9%
Dockerfile 3.4%