diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-05-17 01:04:29 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-05-17 01:04:29 +0200 |
| commit | 85b327699a3ed9f8c7891c352aa1d6eaae5a75b7 (patch) | |
| tree | 1a7c666f1bd4e6c5eecd818ef216a47a045584b5 /inventory/group_vars | |
| parent | set spf records for main domains (diff) | |
kubernetes/kubeadm: add support for node-local dns combined with cilium
Diffstat (limited to 'inventory/group_vars')
| -rw-r--r-- | inventory/group_vars/k8s-chtest/vars.yml | 59 |
1 files changed, 30 insertions, 29 deletions
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 3ab3fe7a..709a6cdc 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -33,38 +33,39 @@ kubernetes_secrets: ### kubeguard # -kubernetes_network_plugin: kubeguard -kubernetes_network_plugin_replaces_kube_proxy: no -kubernetes_kube_proxy_mode: ipvs -kubernetes_enable_nodelocal_dnscache: yes -kubeguard: - ## Mind that pod_ip_range and service_ip_range overlap and kubeguard - ## needs a /24 for addresses assigned to tunnel devices. This means that - ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible - ## - ## hardcoded hostnames are not nice but if we do this via host_vars - ## the info is spread over multiple files and this makes it more diffcult - ## to find mistakes, so it is nicer to keep it in one place... - node_index: - ch-calypso: 125 - ch-thetys: 126 - ch-k8s-ctrl: 127 -kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}" +#kubernetes_network_plugin: kubeguard +#kubernetes_network_plugin_replaces_kube_proxy: no +#kubernetes_kube_proxy_mode: ipvs +#kubernetes_enable_nodelocal_dnscache: yes +#kubeguard: +# ## Mind that pod_ip_range and service_ip_range overlap and kubeguard +# ## needs a /24 for addresses assigned to tunnel devices. This means that +# ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible +# ## +# ## hardcoded hostnames are not nice but if we do this via host_vars +# ## the info is spread over multiple files and this makes it more diffcult +# ## to find mistakes, so it is nicer to keep it in one place... +# node_index: +# ch-calypso: 125 +# ch-thetys: 126 +# ch-k8s-ctrl: 127 +#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}" ### Cilium # -#kubernetes_network_plugin: cilium -#kubernetes_network_plugin_version: 1.13.2 -#kubernetes_network_plugin_replaces_kube_proxy: yes -#kubernetes_enable_nodelocal_dnscache: no -#kubernetes_cilium_config: -# ipam: kubernetes -# tunnel: disabled -# ipv4-native-routing-cidr: 192.168.28.0/24 -# auto-direct-node-routes: yes -#base_sysctl_config_user: -# net.ipv4.conf.all.rp_filter: 0 -# net.ipv4.conf.default.rp_filter: 0 +kubernetes_network_plugin: cilium +kubernetes_network_plugin_version: 1.13.2 +kubernetes_network_plugin_replaces_kube_proxy: yes +kubernetes_enable_nodelocal_dnscache: yes +kubernetes_cilium_config: + ipam: kubernetes + tunnel: disabled + ipv4-native-routing-cidr: 192.168.28.0/24 + auto-direct-node-routes: yes + enable-local-redirect-policy: yes +base_sysctl_config_user: + net.ipv4.conf.all.rp_filter: 0 + net.ipv4.conf.default.rp_filter: 0 ### None # |