From cd19a7687c141c578a9a439626d3576f3e612276 Mon Sep 17 00:00:00 2001 From: michael Date: Mon, 27 Nov 2023 03:31:14 +1300 Subject: [PATCH] house cluster wip --- .../files/kube00.balsillie.house_init | 1 + .../calico_installation.yaml | 52 +++++++++++++++++++ .../calico_ip_reservation.yaml | 23 ++++++++ .../files/cluster.balsillie.house/ippool.yaml | 13 +++++ 4 files changed, 89 insertions(+) create mode 100644 ansible/roles/k8s_control/files/kube00.balsillie.house_init create mode 100644 ansible/roles/k8s_network/files/cluster.balsillie.house/calico_installation.yaml create mode 100644 ansible/roles/k8s_network/files/cluster.balsillie.house/calico_ip_reservation.yaml create mode 100644 ansible/roles/k8s_network/files/cluster.balsillie.house/ippool.yaml diff --git a/ansible/roles/k8s_control/files/kube00.balsillie.house_init b/ansible/roles/k8s_control/files/kube00.balsillie.house_init new file mode 100644 index 0000000..a86a41d --- /dev/null +++ b/ansible/roles/k8s_control/files/kube00.balsillie.house_init @@ -0,0 +1 @@ +sudo kubeadm init --control-plane-endpoint=api.cluster.balsillie.house --cri-socket=unix:///run/containerd/containerd.sock --pod-network-cidr="10.208.0.0/16,2400:8907:e002:7c10::/64" --service-cidr="10.224.0.0/16,2400:8907:e002:7c11::/108" --apiserver-advertise-address="10.192.110.91" --apiserver-advertise-address="2400:8907:e002:7c02::91" --apiserver-bind-port=6443 --apiserver-cert-extra-sans="api.cluster.balsillie.house" --apiserver-cert-extra-sans="10.192.110.90" --apiserver-cert-extra-sans="10.192.110.91" --apiserver-cert-extra-sans="2400:8907:e002:7c02::90" --apiserver-cert-extra-sans="2400:8907:e002:7c02::91" --node-name="kube00" --service-dns-domain="cluster.balsillie.house" diff --git a/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_installation.yaml b/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_installation.yaml new file mode 100644 index 0000000..b88ec79 --- /dev/null +++ b/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_installation.yaml @@ -0,0 +1,52 @@ +apiVersion: operator.tigera.io/v1 +kind: Installation +metadata: + name: default +spec: + calicoNetwork: + bgp: Enabled + hostPorts: Enabled + ipPools: + - blockSize: 20 + cidr: 10.208.0.0/16 + encapsulation: None + natOutgoing: Disabled + nodeSelector: all() + - blockSize: 116 + cidr: 2400:8907:e002:7c10::/64 + encapsulation: None + natOutgoing: Disabled + nodeSelector: all() + linuxDataplane: Iptables + +--- + +apiVersion: projectcalico.org/v3 +kind: BGPConfiguration +metadata: + name: default +spec: + asNumber: 64622 + serviceClusterIPs: + - cidr: 10.224.0.0/16 + - cidr: 2400:8907:e002:7c11::/108 + +--- + +apiVersion: crd.projectcalico.org/v1 +kind: BGPPeer +metadata: + name: opnsense-v4 +spec: + asNumber: 64623 + peerIP: 10.192.110.254 + +--- + +apiVersion: crd.projectcalico.org/v1 +kind: BGPPeer +metadata: + name: opnsense-v6 +spec: + asNumber: 64623 + peerIP: 2400:8907:e002:7c02::0254 diff --git a/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_ip_reservation.yaml b/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_ip_reservation.yaml new file mode 100644 index 0000000..f1bd4dc --- /dev/null +++ b/ansible/roles/k8s_network/files/cluster.balsillie.house/calico_ip_reservation.yaml @@ -0,0 +1,23 @@ +apiVersion: projectcalico.org/v3 +kind: IPReservation +metadata: + name: default-ipreservation +spec: + reservedCIDRs: + - 10.208.240.0/20 + - 2400:8907:e002:7c10:ffff:ffff:ffff:f000/116 + +# Static IPs: +# +# DNS (Bind9): +# 10.208.240.1 +# 2400:8907:e002:7c10:ffff:ffff:ffff:f001 +# +# Nginx: +# +# Mail: +# +# Matrix: +# +# Turn: +# \ No newline at end of file diff --git a/ansible/roles/k8s_network/files/cluster.balsillie.house/ippool.yaml b/ansible/roles/k8s_network/files/cluster.balsillie.house/ippool.yaml new file mode 100644 index 0000000..95c20cf --- /dev/null +++ b/ansible/roles/k8s_network/files/cluster.balsillie.house/ippool.yaml @@ -0,0 +1,13 @@ +apiVersion: projectcalico.org/v3 +kind: IPPool +metadata: + name: default-ipv6-ippool +spec: + allowedUses: + - Workload + - Tunnel + blockSize: 116 + cidr: 2400:8907:e002:7c10::/64 + ipipMode: Never + nodeSelector: all() + vxlanMode: Never