configure for ipv6 dual stack

2022-12-06 01:56:55 +13:00 · 2022-12-06 01:56:55 +13:00 · 678da5e314
commit 678da5e314
parent 5c72b57d9c
9 changed files with 117 additions and 75 deletions
--- a/ansible/inventory/inventory.yaml
+++ b/ansible/inventory/inventory.yaml
@ -36,7 +36,12 @@ all:
          hosts:
            kube01:
            # kube02:
-            # kube03:       
+            # kube03:  
+        k8s_storage:
+          hosts:
+            kube01:
+            # kube02:
+            # kube03:      
    firewalls:
      children:
        fortigate:
--- a/ansible/playbooks/05_k8s_deploy.yaml
+++ b/ansible/playbooks/05_k8s_deploy.yaml
@ -25,4 +25,4 @@
  gather_facts: false
  become: false
  roles:
-    - k8s_storage_deploy
+    - k8s_storage_ebs_deploy
--- a/ansible/roles/k8s_control/defaults/main.yaml
+++ b/ansible/roles/k8s_control/defaults/main.yaml
@ -1,10 +1,13 @@
 ---
 k8s_control_master_node: kube01.balsillie.net
 k8s_endpoint: k8s.balsillie.net
-k8s_address: "192.168.199.240"
+k8s_v4_address: "192.168.199.240"
+k8s_v6_address: "2a01:4f8:13b:f201::0240"
 k8s_api_port: "6443"
 k8s_cri_socket: /run/containerd/containerd.sock
 k8s_service_domain: cluster.internal
-k8s_pod_cidr: 10.128.0.0/16
-k8s_service_cidr: 10.96.0.0/16
+k8s_v4_pod_cidr: 10.128.0.0/16
+k8s_v6_pod_cidr: 2a01:4f8:13b:f202::00/64
+k8s_v4_service_cidr: 10.96.0.0/16
+k8s_v6_service_cidr: 2a01:4f8:13b:f203::00/64
 local_user: michael
--- a/ansible/roles/k8s_control/tasks/main.yaml
+++ b/ansible/roles/k8s_control/tasks/main.yaml
@ -1,9 +1,12 @@
 ---
 - name: write cluster api address to hosts file
  ansible.builtin.lineinfile:
-    line: "{{ k8s_address }} {{ k8s_endpoint }}"
+    line: "{{ item }}"
    insertafter: EOF
    path: /etc/hosts
+  with_items:
+    - "{{ k8s_v4_address }} {{ k8s_endpoint }}"
+    - "{{ k8s_v6_address }} {{ k8s_endpoint }}"

 - name: create containerd config dir
  ansible.builtin.file:
@ -42,6 +45,19 @@
    state: started
    enabled: true

+- name: ensure ip forwarding is active
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_set: true
+    reload: true
+  with_items:
+    - key: net.ipv6.conf.all.forwarding
+      value: '1'
+    - key: net.ipv4.conf.all.forwarding
+      value: '1'
+
 - name: kubeadm init master node
  when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
  block:
@ -50,15 +66,16 @@
    ansible.builtin.shell:
      cmd: |
        kubeadm init \
-        --control-plane-endpoint {{ k8s_address }} \
+        --control-plane-endpoint {{ k8s_endpoint }} \
        --cri-socket /run/containerd/containerd.sock \
-        --pod-network-cidr {{ k8s_pod_cidr }} \
-        --service-cidr {{ k8s_service_cidr }} \
+        --pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \
+        --service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \
        --apiserver-bind-port {{ k8s_api_port }} \
        --apiserver-cert-extra-sans {{ k8s_endpoint }} \
-        --apiserver-cert-extra-sans {{ k8s_address }} \
+        --apiserver-cert-extra-sans {{ k8s_v4_ddress }} \
+        --apiserver-cert-extra-sans {{ k8s_v6_ddress }} \
        --node-name {{ ansible_hostname }} \
-        --feature-gates IPv6DualStack=false \
+        --feature-gates IPv6DualStack=true \
        --feature-gates PublicKeysECDSA=true \
        --service-dns-domain {{ k8s_service_domain }} \
      creates: /etc/kubernetes/admin.conf
--- a/ansible/roles/k8s_network/defaults/main.yaml
+++ b/ansible/roles/k8s_network/defaults/main.yaml
@ -6,8 +6,12 @@ k8s_network_packages:
  - python-kubernetes
  - python-yaml
  - python-jsonpatch
-k8s_pod_cidr: 10.128.0.0/16
-k8s_network_blocksize: 20
+k8s_v4_pod_cidr: 10.128.0.0/16
+k8s_v6_pod_cidr: 2a01:4f8:13b:f202::00/64
+k8s_v4_service_cidr: 10.96.0.0/16
+k8s_v6_service_cidr: 2a01:4f8:13b:f203::00/64
+k8s_v4_network_blocksize: 20
+k8s_v6_network_blocksize: 120
 k8s_network_encapsulation: None
 k8s_network_nat: Disabled
 k8s_network_bgp: Enabled
--- a/ansible/roles/k8s_network/tasks/main.yaml
+++ b/ansible/roles/k8s_network/tasks/main.yaml
@ -41,13 +41,25 @@
  ansible.utils.update_fact:
    updates:
      - path: calico_default_installation.spec.calicoNetwork.ipPools[0].blockSize
-        value: "{{ k8s_network_blocksize }}"
+        value: "{{ k8s_v4_network_blocksize }}"
      - path: calico_default_installation.spec.calicoNetwork.ipPools[0].cidr
-        value: "{{ k8s_pod_cidr }}"
+        value: "{{ k8s_v4_pod_cidr }}"
      - path: calico_default_installation.spec.calicoNetwork.ipPools[0].encapsulation
        value: "{{ k8s_network_encapsulation }}"
      - path: calico_default_installation.spec.calicoNetwork.ipPools[0].natOutgoing
        value: "{{ k8s_network_nat }}"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[0].nodeSelector
+        value: "all()"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[1].blockSize
+        value: "{{ k8s_v6_network_blocksize }}"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[1].cidr
+        value: "{{ k8s_v6_pod_cidr }}"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[1].encapsulation
+        value: "{{ k8s_network_encapsulation }}"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[1].natOutgoing
+        value: "{{ k8s_network_nat }}"
+      - path: calico_default_installation.spec.calicoNetwork.ipPools[1].nodeSelector
+        value: "all()"
      - path: calico_default_installation.spec.calicoNetwork.bgp
        value: "{{ k8s_network_bgp }}"
      - path: calico_default_installation.spec.calicoNetwork.linuxDataplane
--- a/ansible/roles/k8s_storage_ebs_deploy/tasks/disks.yaml
+++ b/ansible/roles/k8s_storage_ebs_deploy/tasks/disks.yaml
@ -0,0 +1,53 @@
+---
+- name: setup disks on storage nodes
+  delegate_to: "{{ node }}"
+  delegate_facts: true
+  block:
+
+    - name: ensure parted is installed
+      community.general.pacman:
+        name: parted
+        state: latest
+        update_cache: false
+      when:
+        - ansible_os_family == 'Archlinux'
+
+    - name: create containerd image partition
+      community.general.parted:
+        device: "{{ item.disk }}"
+        align: optimal
+        name: "{{ item.part }}"
+        label: gpt
+        number: 1
+        part_start: 0%
+        part_end: 100%
+        state: present
+        fs_type: ext4
+      with_items:
+        - disk: /dev/vdc
+          part: ebs-ssd
+        - disk: /dev/vdd
+          part: ebs-hdd
+
+    - name: create containerd partition filesystem
+      community.general.filesystem:
+        dev: "{{ item }}"
+        fstype: ext4
+        resizefs: true
+        state: present
+      with_items:
+        - /dev/disk/by-partlabel/ebs-ssd
+        - /dev/disk/by-partlabel/ebs-hdd
+
+    - name: mount ebs disks
+      ansible.posix.mount:
+        state: mounted
+        src: "{{ item.src }}"
+        path: "{{ item.path }}"
+        fstype: ext4
+        boot: true
+      with_items:
+        - src: /dev/disk/by-partlabel/ebs-ssd
+          path: /ebs/ssd
+        - src: /dev/disk/by-partlabel/ebs-hdd
+          path: /ebs/hdd
--- a/ansible/roles/k8s_storage_ebs_deploy/tasks/main.yaml
+++ b/ansible/roles/k8s_storage_ebs_deploy/tasks/main.yaml
@ -1,4 +1,12 @@
 ---
+- name: setup disks for ebs
+  ansible.builtin.include_tasks:
+    file: disks.yaml
+  with_items:
+    - "{{ groups['k8s_storage'] }}"
+  loop_control:
+    loop_var: node
+
 - name: create target directory for open-ebs files
  become: false
  ansible.builtin.file:
--- a/ansible/roles/k8s_storage_ebs_deploy/tasks/nodes.yaml
+++ b/ansible/roles/k8s_storage_ebs_deploy/tasks/nodes.yaml
@ -1,60 +0,0 @@
---
-# - name: create mount directories for ebs drives
-#   ansible.builtin.file:
-#     path: "{{ item }}"
-#     state: directory
-#     owner: root
-#     group: root
-#     mode: 0775
-#   with_items:
-#     - /ebs
-#     - /ebs/ssd
-#     - /ebs/hdd
-
- name: ensure parted is installed
-  community.general.pacman:
-    name: parted
-    state: latest
-    update_cache: true
-  when:
-    - ansible_os_family == 'Archlinux'
-
- name: create containerd image partition
-  community.general.parted:
-    device: "{{ item.disk }}"
-    align: optimal
-    name: "{{ item.part }}"
-    label: gpt
-    number: 1
-    part_start: 0%
-    part_end: 100%
-    state: present
-    fs_type: ext4
-  with_items:
-    - disk: /dev/vdc
-      part: ebs-ssd
-    - disk: /dev/vdd
-      part: ebs-hdd
-
- name: create containerd partition filesystem
-  community.general.filesystem:
-    dev: "{{ item }}"
-    fstype: ext4
-    resizefs: true
-    state: present
-  with_items:
-    - /dev/disk/by-partlabel/ebs-ssd
-    - /dev/disk/by-partlabel/ebs-hdd
-
- name: mount ebs disks
-  ansible.posix.mount:
-    state: mounted
-    src: "{{ item.src }}"
-    path: "{{ item.path }}"
-    fstype: ext4
-    boot: true
-  with_items:
-    - src: /dev/disk/by-partlabel/ebs-ssd
-      path: /ebs/ssd
-    - src: /dev/disk/by-partlabel/ebs-hdd
-      path: /ebs/hdd