From 9fd4c6f0019bcab23ee2ec47a746683a06c7362a Mon Sep 17 00:00:00 2001 From: michael Date: Tue, 6 Dec 2022 23:06:44 +1300 Subject: [PATCH] add ipv6 bgp peer config --- ansible/roles/k8s_control/tasks/main.yaml | 23 +++++++------- ansible/roles/k8s_destroy/tasks/main.yaml | 8 ++--- ansible/roles/k8s_network/defaults/main.yaml | 6 ++-- ansible/roles/k8s_network/tasks/main.yaml | 33 +++++++++++++++----- 4 files changed, 44 insertions(+), 26 deletions(-) diff --git a/ansible/roles/k8s_control/tasks/main.yaml b/ansible/roles/k8s_control/tasks/main.yaml index 65fe362..6dde35d 100644 --- a/ansible/roles/k8s_control/tasks/main.yaml +++ b/ansible/roles/k8s_control/tasks/main.yaml @@ -66,18 +66,17 @@ ansible.builtin.shell: cmd: | kubeadm init \ - --control-plane-endpoint {{ k8s_v4_address }} \ - --cri-socket /run/containerd/containerd.sock \ - --pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \ - --service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \ - --apiserver-bind-port {{ k8s_api_port }} \ - --apiserver-cert-extra-sans {{ k8s_endpoint }} \ - --apiserver-cert-extra-sans {{ k8s_v4_address }} \ - --apiserver-cert-extra-sans {{ k8s_v6_address }} \ - --node-name {{ ansible_hostname }} \ - --feature-gates IPv6DualStack=true \ - --feature-gates PublicKeysECDSA=true \ - --service-dns-domain {{ k8s_service_domain }} \ + --control-plane-endpoint="{{ k8s_endpoint }}" \ + --cri-socket="/run/containerd/containerd.sock" \ + --pod-network-cidr="{{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }}" \ + --service-cidr="{{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}}" \ + --apiserver-advertise-address="{{ ansible_default_ipv4.address }}" \ + --apiserver-bind-port={{ k8s_api_port }} \ + --apiserver-cert-extra-sans="{{ k8s_endpoint }}" \ + --apiserver-cert-extra-sans="{{ k8s_v4_address }}" \ + --apiserver-cert-extra-sans="{{ k8s_v6_address }}" \ + --node-name="{{ ansible_hostname }}" \ + --service-dns-domain="{{ k8s_service_domain }}" \ creates: /etc/kubernetes/admin.conf register: k8s_init diff --git a/ansible/roles/k8s_destroy/tasks/main.yaml b/ansible/roles/k8s_destroy/tasks/main.yaml index dad3385..f474439 100644 --- a/ansible/roles/k8s_destroy/tasks/main.yaml +++ b/ansible/roles/k8s_destroy/tasks/main.yaml @@ -35,7 +35,7 @@ - nat - mangle -# - name: restart the containerd service -# ansible.builtin.service: -# name: containerd -# state: reloaded \ No newline at end of file +- name: restart the containerd service + ansible.builtin.service: + name: containerd + state: restarted \ No newline at end of file diff --git a/ansible/roles/k8s_network/defaults/main.yaml b/ansible/roles/k8s_network/defaults/main.yaml index c695406..c47cb69 100644 --- a/ansible/roles/k8s_network/defaults/main.yaml +++ b/ansible/roles/k8s_network/defaults/main.yaml @@ -17,8 +17,10 @@ k8s_network_nat: Disabled k8s_network_bgp: Enabled k8s_network_dataplane: Iptables # BPF or Iptables k8s_network_hostports: Enabled # Disabled when dataplne is BPF -k8s_network_bgp_peer_name: opnsense -k8s_network_bgp_peer_address: 192.168.199.254 +k8s_network_bgp_v4_peer_name: opnsense-v4 +k8s_network_bgp_v4_peer_address: 192.168.199.254 +k8s_network_bgp_v6_peer_name: opnsense-v6 +k8s_network_bgp_v6_peer_address: 2a01:4f8:13b:f201::254 k8s_network_bgp_peer_as: 64612 k8s_endpoint: k8s.balsillie.net k8s_api_port: "6443" diff --git a/ansible/roles/k8s_network/tasks/main.yaml b/ansible/roles/k8s_network/tasks/main.yaml index ddaf84b..11461fc 100644 --- a/ansible/roles/k8s_network/tasks/main.yaml +++ b/ansible/roles/k8s_network/tasks/main.yaml @@ -86,15 +86,26 @@ # KUBERNETES_SERVICE_HOST: "{{ k8s_address }}" # KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}" -- name: add bgp peer for gateway/router +- name: add bgp v4 peer for gateway/router ansible.builtin.set_fact: - calico_bgp_peer: + calico_bgp_v4_peer: apiVersion: crd.projectcalico.org/v1 kind: BGPPeer metadata: - name: "{{ k8s_network_bgp_peer_name }}" + name: "{{ k8s_network_bgp_v4_peer_name }}" spec: - peerIP: "{{ k8s_network_bgp_peer_address }}" + peerIP: "{{ k8s_network_bgp_v4_peer_address }}" + asNumber: "{{ k8s_network_bgp_peer_as }}" + +- name: add bgp v6 peer for gateway/router + ansible.builtin.set_fact: + calico_bgp_v6_peer: + apiVersion: crd.projectcalico.org/v1 + kind: BGPPeer + metadata: + name: "{{ k8s_network_bgp_v6_peer_name }}" + spec: + peerIP: "{{ k8s_network_bgp_v6_peer_address }}" asNumber: "{{ k8s_network_bgp_peer_as }}" - name: write out calico namespace crd @@ -121,10 +132,15 @@ # crd.projectcalico.org/v1 # projectcalico.org/v3 -- name: write out calico bgp peer definition +- name: write out calico bgp v4 peer definition ansible.builtin.copy: - content: "{{ calico_bgp_peer | to_nice_yaml }}" - dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml" + content: "{{ calico_bgp_v4_peer | to_nice_yaml }}" + dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml" + +- name: write out calico bgp v6 peer definition + ansible.builtin.copy: + content: "{{ calico_bgp_v6_peer | to_nice_yaml }}" + dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml" - name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation kubernetes.core.k8s: @@ -136,4 +152,5 @@ - "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml" - "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml" - - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml" + - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml" + - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml"