diff options
| -rw-r--r-- | inventory/group_vars/k8s-test-2019vm/main.yml | 31 | ||||
| -rw-r--r-- | inventory/group_vars/k8s-test-atlas/main.yml | 34 | ||||
| -rw-r--r-- | inventory/group_vars/k8s-test/main.yml | 42 | ||||
| -rw-r--r-- | inventory/host_vars/ch-atlas.yml | 3 | ||||
| -rw-r--r-- | inventory/host_vars/sk-2019vm.yml | 4 | ||||
| -rw-r--r-- | inventory/hosts.ini | 18 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/files/kubeguard-interfaces.service | 2 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/meta/main.yml | 4 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/templates/ifupdown.sh.j2 | 4 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/templates/k8s.json.j2 | 2 | ||||
| -rw-r--r-- | roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 | 8 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test.yml | 2 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test0.yml | 7 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test1.yml | 7 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test2.yml | 7 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test3.yml | 7 | ||||
| -rw-r--r-- | spreadspace/s2-k8s-test4.yml | 7 |
17 files changed, 176 insertions, 13 deletions
diff --git a/inventory/group_vars/k8s-test-2019vm/main.yml b/inventory/group_vars/k8s-test-2019vm/main.yml new file mode 100644 index 00000000..2cbe5be1 --- /dev/null +++ b/inventory/group_vars/k8s-test-2019vm/main.yml @@ -0,0 +1,31 @@ +--- +vm_host: sk-2019vm + +install: + host: "{{ vm_host }}" + mem: 1024 + numcpu: 1 + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + pool: storage + name: "{{ inventory_hostname }}" + size: 5g + interfaces: + - bridge: br-public + name: primary0 + autostart: False + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" +# overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" diff --git a/inventory/group_vars/k8s-test-atlas/main.yml b/inventory/group_vars/k8s-test-atlas/main.yml new file mode 100644 index 00000000..3f4fd2fa --- /dev/null +++ b/inventory/group_vars/k8s-test-atlas/main.yml @@ -0,0 +1,34 @@ +--- +apt_repo_provider: ffgraz + +vm_host: ch-atlas + +install: + host: "{{ vm_host }}" + mem: 1024 + numcpu: 1 + disks: + primary: /dev/sda + scsi: + sda: + type: lvm + vg: "{{ hostvars[vm_host].host_name }}" + lv: "{{ inventory_hostname }}" + size: 5g + interfaces: + - bridge: br-public + name: primary0 + - bridge: br-k8stest + name: direct0 + autostart: True + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: primary0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.gateway }}" diff --git a/inventory/group_vars/k8s-test/main.yml b/inventory/group_vars/k8s-test/main.yml index 7e5cbe2e..a28cba9c 100644 --- a/inventory/group_vars/k8s-test/main.yml +++ b/inventory/group_vars/k8s-test/main.yml @@ -1,2 +1,42 @@ --- -zsh_banner: chaos-at-home +kubernetes_version: 1.16.4 + +kubernetes: + cluster_name: k8s-test + version: "{{ kubernetes_version }}" + + container_runtime: containerd + network_plugin: kubeguard + + dedicated_master: True + api_advertise_ip: 144.76.160.141 + api_extra_sans: + - k8s-test.chaos-at-home.org + + pod_ip_range: 172.18.0.0/16 + pod_ip_range_size: 24 + service_ip_range: 172.18.192.0/18 + + + +kubeguard: + kube_router_version: 0.4.0-rc1 + + ## host_index must be in the range between 1 and 190 -> 189 hosts possible + ## + ## hardcoded hostnames are not nice but if we do this via host_vars + ## the info is spread over multiple files and this makes it more diffcult + ## to find mistakes, so it is nicer to keep it in one place... + host_index: + s2-k8s-test0: 1 + s2-k8s-test1: 2 + s2-k8s-test2: 3 + s2-k8s-test3: 4 + s2-k8s-test4: 5 + + direct_net_zones: + atlas: + transfer_net: 172.18.191.0/24 + node_interface: + s2-k8s-test0: direct0 + s2-k8s-test1: direct0 diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml index e4acf4da..e9771732 100644 --- a/inventory/host_vars/ch-atlas.yml +++ b/inventory/host_vars/ch-atlas.yml @@ -15,4 +15,7 @@ vm_host: offsets: ch-keyserver: 3 ch-testvm: 4 + s2-k8s-test0: 7 + s2-k8s-test1: 8 r3-vex2: 11 + k8stest: {} diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml index b2061380..37f9c97d 100644 --- a/inventory/host_vars/sk-2019vm.yml +++ b/inventory/host_vars/sk-2019vm.yml @@ -21,6 +21,9 @@ vm_host: public: prefix: 192.168.250.254/24 offsets: + s2-k8s-test2: 1 + s2-k8s-test3: 2 + s2-k8s-test4: 3 sk-torrent: 136 ch-mimas: 143 sk-testvm: 253 @@ -29,6 +32,7 @@ vm_host: prefix: 178.63.180.136/29 offsets: sk-torrent: 0 + s2-k8s-test4: 3 ch-mimas: 6 sk-testvm: 7 diff --git a/inventory/hosts.ini b/inventory/hosts.ini index f6b39010..88a2d2b1 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -92,6 +92,23 @@ s2-thetys host_name=thetys s2-dione host_name=dione s2-helene host_name=helene +[spreadspace:children] +k8s-test + + +[k8s-test-atlas] +s2-k8s-test0 host_name=k8s-test0 +s2-k8s-test1 host_name=k8s-test1 + +[k8s-test-2019vm] +s2-k8s-test2 host_name=k8s-test2 +s2-k8s-test3 host_name=k8s-test3 +s2-k8s-test4 host_name=k8s-test4 + +[k8s-test:children] +k8s-test-atlas +k8s-test-2019vm + [emc:vars] host_domain=elev8.at @@ -215,6 +232,7 @@ r3-cccamp19-av sk-testvm sk-torrent ch-mimas +s2-k8s-test[0:4] [hroot] diff --git a/roles/kubernetes/net/kubeguard/files/kubeguard-interfaces.service b/roles/kubernetes/net/kubeguard/files/kubeguard-interfaces.service index f45df88a..35fc8f90 100644 --- a/roles/kubernetes/net/kubeguard/files/kubeguard-interfaces.service +++ b/roles/kubernetes/net/kubeguard/files/kubeguard-interfaces.service @@ -1,5 +1,5 @@ [Unit] -Description=Kubernetes Network Interfaces +Description=Kubeguard Network Setup After=network.target [Service] diff --git a/roles/kubernetes/net/kubeguard/meta/main.yml b/roles/kubernetes/net/kubeguard/meta/main.yml deleted file mode 100644 index 39c7d694..00000000 --- a/roles/kubernetes/net/kubeguard/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -dependencies: -- role: wireguard/base - when: kubeguard_remove_node is not defined diff --git a/roles/kubernetes/net/kubeguard/templates/ifupdown.sh.j2 b/roles/kubernetes/net/kubeguard/templates/ifupdown.sh.j2 index 87849ee9..9c2d8a63 100644 --- a/roles/kubernetes/net/kubeguard/templates/ifupdown.sh.j2 +++ b/roles/kubernetes/net/kubeguard/templates/ifupdown.sh.j2 @@ -8,14 +8,14 @@ INET_IF="{{ ansible_default_ipv4.interface }}" POD_NET_CIDR="{{ kubernetes.pod_ip_range }}" -{% set br_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[inventory_hostname]) -%} +{% set br_net = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.host_index[inventory_hostname]) -%} BR_IF="kube-br0" BR_IP="{{ br_net | ipaddr(1) | ipaddr('address') }}" BR_IP_CIDR="{{ br_net | ipaddr(1) }}" BR_NET_CIDR="{{ br_net }}" TUN_IF="kube-wg0" -TUN_IP_CIDR="{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[inventory_hostname]) }}" +TUN_IP_CIDR="{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubeguard.host_index[inventory_hostname]) }}" case "$1" in diff --git a/roles/kubernetes/net/kubeguard/templates/k8s.json.j2 b/roles/kubernetes/net/kubeguard/templates/k8s.json.j2 index f457ed1c..62900c6a 100644 --- a/roles/kubernetes/net/kubeguard/templates/k8s.json.j2 +++ b/roles/kubernetes/net/kubeguard/templates/k8s.json.j2 @@ -7,6 +7,6 @@ "hairpinMode": true, "ipam": { "type": "host-local", - "subnet": "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[inventory_hostname]) }}" + "subnet": "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.host_index[inventory_hostname]) }}" } } diff --git a/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 b/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 index 54251caf..1bbb3b72 100644 --- a/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 +++ b/roles/kubernetes/net/kubeguard/templates/kubeguard-peer.service.j2 @@ -4,14 +4,14 @@ After=network.target Requires=kubeguard-interfaces.service After=kubeguard-interfaces.service -{% set pod_net_peer = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubernetes.net_index[peer]) -%} +{% set pod_net_peer = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.host_index[peer]) -%} {% set direct_zone = kubernetes.direct_net_zones | direct_net_zone(inventory_hostname, peer) -%} {% if direct_zone %} -{% set direct_ip = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubernetes.net_index[inventory_hostname]) %} +{% set direct_ip = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.host_index[inventory_hostname]) %} {% set direct_interface = kubernetes.direct_net_zones[direct_zone].node_interface[inventory_hostname] %} -{% set direct_ip_peer = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubernetes.net_index[peer]) %} +{% set direct_ip_peer = kubernetes.direct_net_zones[direct_zone].transfer_net | ipaddr(kubeguard.host_index[peer]) %} {% else %} -{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubernetes.net_index[peer]) -%} +{% set tun_ip = kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, 0) | ipaddr(kubeguard.host_index[peer]) -%} {% set wg_pubkey = hostvars[peer].kubeguard_wireguard_pubkey.stdout -%} {% set wg_host = hostvars[peer].external_ip | default(hostvars[peer].ansible_default_ipv4.address) -%} {% set wg_port = hostvars[peer].kubeguard_wireguard_port -%} diff --git a/spreadspace/s2-k8s-test.yml b/spreadspace/s2-k8s-test.yml new file mode 100644 index 00000000..aa80d40b --- /dev/null +++ b/spreadspace/s2-k8s-test.yml @@ -0,0 +1,2 @@ +--- +## TODO: implement me! diff --git a/spreadspace/s2-k8s-test0.yml b/spreadspace/s2-k8s-test0.yml new file mode 100644 index 00000000..50b75938 --- /dev/null +++ b/spreadspace/s2-k8s-test0.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: s2-k8s-test0 + roles: + - role: base + - role: sshd + - role: zsh diff --git a/spreadspace/s2-k8s-test1.yml b/spreadspace/s2-k8s-test1.yml new file mode 100644 index 00000000..6050d269 --- /dev/null +++ b/spreadspace/s2-k8s-test1.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: s2-k8s-test1 + roles: + - role: base + - role: sshd + - role: zsh diff --git a/spreadspace/s2-k8s-test2.yml b/spreadspace/s2-k8s-test2.yml new file mode 100644 index 00000000..87440a81 --- /dev/null +++ b/spreadspace/s2-k8s-test2.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: s2-k8s-test2 + roles: + - role: base + - role: sshd + - role: zsh diff --git a/spreadspace/s2-k8s-test3.yml b/spreadspace/s2-k8s-test3.yml new file mode 100644 index 00000000..5c94db94 --- /dev/null +++ b/spreadspace/s2-k8s-test3.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: s2-k8s-test3 + roles: + - role: base + - role: sshd + - role: zsh diff --git a/spreadspace/s2-k8s-test4.yml b/spreadspace/s2-k8s-test4.yml new file mode 100644 index 00000000..5cf93983 --- /dev/null +++ b/spreadspace/s2-k8s-test4.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: s2-k8s-test4 + roles: + - role: base + - role: sshd + - role: zsh |