add ipv6 bgp peer config

2022-12-06 23:06:44 +13:00 · 2022-12-06 23:06:44 +13:00 · 9fd4c6f001
commit 9fd4c6f001
parent 4ff4a3198e
4 changed files with 44 additions and 26 deletions
--- a/ansible/roles/k8s_control/tasks/main.yaml
+++ b/ansible/roles/k8s_control/tasks/main.yaml
@ -66,18 +66,17 @@
    ansible.builtin.shell:
      cmd: |
        kubeadm init \
-        --control-plane-endpoint {{ k8s_v4_address }} \
+        --control-plane-endpoint="{{ k8s_endpoint }}" \
-        --cri-socket /run/containerd/containerd.sock \
+        --cri-socket="/run/containerd/containerd.sock" \
-        --pod-network-cidr {{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }} \
+        --pod-network-cidr="{{ k8s_v4_pod_cidr }},{{ k8s_v6_pod_cidr }}" \
-        --service-cidr {{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}} \
+        --service-cidr="{{ k8s_v4_service_cidr }},{{ k8s_v6_service_cidr}}" \
-        --apiserver-bind-port {{ k8s_api_port }} \
+        --apiserver-advertise-address="{{ ansible_default_ipv4.address }}" \
-        --apiserver-cert-extra-sans {{ k8s_endpoint }} \
+        --apiserver-bind-port={{ k8s_api_port }} \
-        --apiserver-cert-extra-sans {{ k8s_v4_address }} \
+        --apiserver-cert-extra-sans="{{ k8s_endpoint }}" \
-        --apiserver-cert-extra-sans {{ k8s_v6_address }} \
+        --apiserver-cert-extra-sans="{{ k8s_v4_address }}" \
-        --node-name {{ ansible_hostname }} \
+        --apiserver-cert-extra-sans="{{ k8s_v6_address }}" \
-        --feature-gates IPv6DualStack=true \
+        --node-name="{{ ansible_hostname }}" \
-        --feature-gates PublicKeysECDSA=true \
+        --service-dns-domain="{{ k8s_service_domain }}" \
        --service-dns-domain {{ k8s_service_domain }} \
      creates: /etc/kubernetes/admin.conf
    register: k8s_init
--- a/ansible/roles/k8s_destroy/tasks/main.yaml
+++ b/ansible/roles/k8s_destroy/tasks/main.yaml
@ -35,7 +35,7 @@
    - nat
    - mangle
-# - name: restart the containerd service
+- name: restart the containerd service
-#   ansible.builtin.service:
+  ansible.builtin.service:
-#     name: containerd
+    name: containerd
-#     state: reloaded
+    state: restarted
--- a/ansible/roles/k8s_network/defaults/main.yaml
+++ b/ansible/roles/k8s_network/defaults/main.yaml
@ -17,8 +17,10 @@ k8s_network_nat: Disabled
 k8s_network_bgp: Enabled
 k8s_network_dataplane: Iptables # BPF or Iptables
 k8s_network_hostports: Enabled # Disabled when dataplne is BPF
-k8s_network_bgp_peer_name: opnsense
+k8s_network_bgp_v4_peer_name: opnsense-v4
-k8s_network_bgp_peer_address: 192.168.199.254
+k8s_network_bgp_v4_peer_address: 192.168.199.254
 k8s_network_bgp_v6_peer_name: opnsense-v6
 k8s_network_bgp_v6_peer_address: 2a01:4f8:13b:f201::254
 k8s_network_bgp_peer_as: 64612
 k8s_endpoint: k8s.balsillie.net
 k8s_api_port: "6443"
--- a/ansible/roles/k8s_network/tasks/main.yaml
+++ b/ansible/roles/k8s_network/tasks/main.yaml
@ -86,15 +86,26 @@
 #         KUBERNETES_SERVICE_HOST: "{{ k8s_address }}"
 #         KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
- name: add bgp peer for gateway/router
+- name: add bgp v4 peer for gateway/router
  ansible.builtin.set_fact:
-    calico_bgp_peer:
+    calico_bgp_v4_peer:
      apiVersion: crd.projectcalico.org/v1
      kind: BGPPeer
      metadata:
-        name: "{{ k8s_network_bgp_peer_name }}"
+        name: "{{ k8s_network_bgp_v4_peer_name }}"
      spec:
-        peerIP: "{{ k8s_network_bgp_peer_address }}"
+        peerIP: "{{ k8s_network_bgp_v4_peer_address }}"
        asNumber: "{{ k8s_network_bgp_peer_as }}"
 - name: add bgp v6 peer for gateway/router
  ansible.builtin.set_fact:
    calico_bgp_v6_peer:
      apiVersion: crd.projectcalico.org/v1
      kind: BGPPeer
      metadata:
        name: "{{ k8s_network_bgp_v6_peer_name }}"
      spec:
        peerIP: "{{ k8s_network_bgp_v6_peer_address }}"
        asNumber: "{{ k8s_network_bgp_peer_as }}"
 - name: write out calico namespace crd
@ -121,10 +132,15 @@
 # crd.projectcalico.org/v1
 # projectcalico.org/v3
- name: write out calico bgp peer definition
+- name: write out calico bgp v4 peer definition
  ansible.builtin.copy:
-    content: "{{ calico_bgp_peer | to_nice_yaml }}"
+    content: "{{ calico_bgp_v4_peer | to_nice_yaml }}"
-    dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
+    dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml"
 - name: write out calico bgp v6 peer definition
  ansible.builtin.copy:
    content: "{{ calico_bgp_v6_peer | to_nice_yaml }}"
    dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml"
 - name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation
  kubernetes.core.k8s:
@ -136,4 +152,5 @@
      - "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
      - "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
      - "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
-      - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
+      - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v4_peer.yaml"
      - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_v6_peer.yaml"