configure for ipv6 dual stack

2022-12-06 01:56:55 +13:00
parent 5c72b57d9c
commit 678da5e314
9 changed files with 117 additions and 75 deletions
--- a/ansible/roles/k8s_control/defaults/main.yaml
+++ b/ansible/roles/k8s_control/defaults/main.yaml
@ -1,10 +1,13 @@
 ---
 k8s_control_master_node: kube01.balsillie.net
 k8s_endpoint: k8s.balsillie.net
-k8s_address: "192.168.199.240"
+k8s_v4_address: "192.168.199.240"
+k8s_v6_address: "2a01:4f8:13b:f201::0240"
 k8s_api_port: "6443"
 k8s_cri_socket: /run/containerd/containerd.sock
 k8s_service_domain: cluster.internal
-k8s_pod_cidr: 10.128.0.0/16
-k8s_service_cidr: 10.96.0.0/16
+k8s_v4_pod_cidr: 10.128.0.0/16
+k8s_v6_pod_cidr: 2a01:4f8:13b:f202::00/64
+k8s_v4_service_cidr: 10.96.0.0/16
+k8s_v6_service_cidr: 2a01:4f8:13b:f203::00/64
 local_user: michael
--- a/ansible/roles/k8s_control/tasks/main.yaml
+++ b/ansible/roles/k8s_control/tasks/main.yaml
@ -1,9 +1,12 @@
 ---
 - name: write cluster api address to hosts file
  ansible.builtin.lineinfile:
-    line: "{{ k8s_address }} {{ k8s_endpoint }}"
+    line: "{{ item }}"
    insertafter: EOF
    path: /etc/hosts
+  with_items:
+    - "{{ k8s_v4_address }} {{ k8s_endpoint }}"
+    - "{{ k8s_v6_address }} {{ k8s_endpoint }}"

 - name: create containerd config dir
  ansible.builtin.file:
@ -42,6 +45,19 @@
    state: started
    enabled: true

+- name: ensure ip forwarding is active
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_set: true
+    reload: true
+  with_items:
+    - key: net.ipv6.conf.all.forwarding
+      value: '1'
+    - key: net.ipv4.conf.all.forwarding
+      value: '1'
+
 - name: kubeadm init master node
  when: ansible_host == hostvars[groups['k8s_control'][0]]['ansible_host']
  block:
@ -50,15 +66,16 @@
    ansible.builtin.shell:
      cmd: |
        kubeadm init \
-        --control-plane-endpoint {{ k8s_address }} \
+        --control-plane-endpoint {{ k8s_endpoint }} \
        --cri-socket /run/containerd/containerd.sock \
-        --pod-network-cidr {{ k8s_pod_cidr }} \
-        --service-cidr {{ k8s_service_cidr }} \
+        --pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \
+        --service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \
        --apiserver-bind-port {{ k8s_api_port }} \
        --apiserver-cert-extra-sans {{ k8s_endpoint }} \
-        --apiserver-cert-extra-sans {{ k8s_address }} \
+        --apiserver-cert-extra-sans {{ k8s_v4_ddress }} \
+        --apiserver-cert-extra-sans {{ k8s_v6_ddress }} \
        --node-name {{ ansible_hostname }} \
-        --feature-gates IPv6DualStack=false \
+        --feature-gates IPv6DualStack=true \
        --feature-gates PublicKeysECDSA=true \
        --service-dns-domain {{ k8s_service_domain }} \
      creates: /etc/kubernetes/admin.conf