From 85b327699a3ed9f8c7891c352aa1d6eaae5a75b7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 17 May 2023 01:04:29 +0200
Subject: kubernetes/kubeadm: add support for node-local dns combined with
 cilium

---
 inventory/group_vars/k8s-chtest/vars.yml | 59 ++++++++++++++++----------------
 1 file changed, 30 insertions(+), 29 deletions(-)

(limited to 'inventory/group_vars/k8s-chtest')

diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml
index 3ab3fe7a..709a6cdc 100644
--- a/inventory/group_vars/k8s-chtest/vars.yml
+++ b/inventory/group_vars/k8s-chtest/vars.yml
@@ -33,38 +33,39 @@ kubernetes_secrets:
 
 ### kubeguard
 #
-kubernetes_network_plugin: kubeguard
-kubernetes_network_plugin_replaces_kube_proxy: no
-kubernetes_kube_proxy_mode: ipvs
-kubernetes_enable_nodelocal_dnscache: yes
-kubeguard:
-  ## Mind that pod_ip_range and service_ip_range overlap and kubeguard
-  ## needs a /24 for addresses assigned to tunnel devices. This means that
-  ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible
-  ##
-  ## hardcoded hostnames are not nice but if we do this via host_vars
-  ## the info is spread over multiple files and this makes it more diffcult
-  ## to find mistakes, so it is nicer to keep it in one place...
-  node_index:
-    ch-calypso: 125
-    ch-thetys: 126
-    ch-k8s-ctrl: 127
-kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
+#kubernetes_network_plugin: kubeguard
+#kubernetes_network_plugin_replaces_kube_proxy: no
+#kubernetes_kube_proxy_mode: ipvs
+#kubernetes_enable_nodelocal_dnscache: yes
+#kubeguard:
+#  ## Mind that pod_ip_range and service_ip_range overlap and kubeguard
+#  ## needs a /24 for addresses assigned to tunnel devices. This means that
+#  ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible
+#  ##
+#  ## hardcoded hostnames are not nice but if we do this via host_vars
+#  ## the info is spread over multiple files and this makes it more diffcult
+#  ## to find mistakes, so it is nicer to keep it in one place...
+#  node_index:
+#    ch-calypso: 125
+#    ch-thetys: 126
+#    ch-k8s-ctrl: 127
+#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
 
 ### Cilium
 #
-#kubernetes_network_plugin: cilium
-#kubernetes_network_plugin_version: 1.13.2
-#kubernetes_network_plugin_replaces_kube_proxy: yes
-#kubernetes_enable_nodelocal_dnscache: no
-#kubernetes_cilium_config:
-#  ipam: kubernetes
-#  tunnel: disabled
-#  ipv4-native-routing-cidr: 192.168.28.0/24
-#  auto-direct-node-routes: yes
-#base_sysctl_config_user:
-#  net.ipv4.conf.all.rp_filter: 0
-#  net.ipv4.conf.default.rp_filter: 0
+kubernetes_network_plugin: cilium
+kubernetes_network_plugin_version: 1.13.2
+kubernetes_network_plugin_replaces_kube_proxy: yes
+kubernetes_enable_nodelocal_dnscache: yes
+kubernetes_cilium_config:
+  ipam: kubernetes
+  tunnel: disabled
+  ipv4-native-routing-cidr: 192.168.28.0/24
+  auto-direct-node-routes: yes
+  enable-local-redirect-policy: yes
+base_sysctl_config_user:
+  net.ipv4.conf.all.rp_filter: 0
+  net.ipv4.conf.default.rp_filter: 0
 
 ### None
 #
-- 
cgit v1.2.3