tuning

ansible/roles/k8s_network/defaults/main.yaml

@@ -11,10 +11,11 @@ k8s_network_blocksize: 20
 k8s_network_encapsulation: None
 k8s_network_nat: Disabled
 k8s_network_bgp: Enabled
-k8s_network_dataplane: BPF
-k8s_network_hostports: Disabled
+k8s_network_dataplane: Iptables # BPF or Iptables
+k8s_network_hostports: Enabled # Disabled when dataplne is BPF
 k8s_network_bgp_peer_name: opnsense
 k8s_network_bgp_peer_address: 192.168.199.254
 k8s_network_bgp_peer_as: 64612
 k8s_endpoint: k8s.balsillie.net
-k8s_api_port: "6443"
+k8s_api_port: "6443"
+k8s_address: "192.168.199.240"

ansible/roles/k8s_network/tasks/main.yaml

@@ -56,17 +56,27 @@
         value: "{{ k8s_network_hostports }}"        
   register: calico_updated_installation      
 
-- name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install
+- name: create tigera operator namespace
   ansible.builtin.set_fact:
-    calico_configmap_ebpf:
-      kind: ConfigMap
+    calico_namespace:
       apiVersion: v1
+      kind: Namespace
       metadata:
-        name: kubernetes-services-endpoint
-        namespace: tigera-operator
-      data:
-        KUBERNETES_SERVICE_HOST: "{{ k8s_endpoint }}"
-        KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
+        name: tigera-operator
+        labels:
+          name: tigera-operator
+
+# - name: add config map for ebpf mode # https://projectcalico.docs.tigera.io/maintenance/ebpf/install
+#   ansible.builtin.set_fact:
+#     calico_configmap_ebpf:
+#       kind: ConfigMap
+#       apiVersion: v1
+#       metadata:
+#         name: kubernetes-services-endpoint
+#         namespace: tigera-operator
+#       data:
+#         KUBERNETES_SERVICE_HOST: "{{ k8s_address }}"
+#         KUBERNETES_SERVICE_PORT: "{{ k8s_api_port }}"
 
 - name: add bgp peer for gateway/router
   ansible.builtin.set_fact:
@@ -79,10 +89,15 @@
         peerIP: "{{ k8s_network_bgp_peer_address }}"
         asNumber: "{{ k8s_network_bgp_peer_as }}"
 
-- name: write out calico configmap for ebpf mode
+- name: write out calico namespace crd
   ansible.builtin.copy:
-    content: "{{ calico_configmap_ebpf | to_nice_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
-    dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
+    content: "{{ calico_namespace | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
+    dest: "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
+
+# - name: write out calico configmap for ebpf mode
+#   ansible.builtin.copy:
+#     content: "{{ calico_configmap_ebpf | to_yaml }}" # Ansible registers the original fact name (with new vaule) inside the updated fact, hence the sub element
+#     dest: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
 
 - name: write out calico installation definition
   ansible.builtin.copy:
@@ -97,26 +112,20 @@
 # TODO two api versions exist for BGP, one only becomes available after calico is online. Do they both work??
 # crd.projectcalico.org/v1
 # projectcalico.org/v3
+
 - name: write out calico bgp peer definition
   ansible.builtin.copy:
     content: "{{ calico_bgp_peer | to_nice_yaml }}"
     dest: "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"
 
-- name: install configmap for ebpf mode to cluster
-  kubernetes.core.k8s:
-    src: "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
-    state: present
-
-- name: install calico operator to cluster
-  kubernetes.core.k8s:
-    src: "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
-    state: present
-
-- name: install calico definitions to cluster
+- name: install calico definitions to cluster # The order here matters. namespace > config map > operator > installation
   kubernetes.core.k8s:
     state: present
     src: "{{ item }}"
   with_items:
+      # - "{{ ansible_search_path[0] }}/files/calico/calico_namespace.yaml"
+      # - "{{ ansible_search_path[0] }}/files/calico/calico_configmap_ebpf.yaml"
+      - "{{ ansible_search_path[0] }}/files/calico/calico_operator_{{ calico_version }}.yaml"
       - "{{ ansible_search_path[0] }}/files/calico/calico_installation.yaml"
       - "{{ ansible_search_path[0] }}/files/calico/calico_apiserver.yaml"
       - "{{ ansible_search_path[0] }}/files/calico/calico_bgp_peer.yaml"