From d2c5dc5e47a95115a5edd31e154c2699912d9c14 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 16 May 2023 09:00:25 +0200
Subject: cosmetic fixes

---
 inventory/group_vars/k8s-chtest/vars.yml | 73 ++++++++++++++++----------------
 1 file changed, 37 insertions(+), 36 deletions(-)

(limited to 'inventory/group_vars')

diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml
index 8ffa66b8..edc7e232 100644
--- a/inventory/group_vars/k8s-chtest/vars.yml
+++ b/inventory/group_vars/k8s-chtest/vars.yml
@@ -7,29 +7,48 @@ kubernetes_container_runtime: containerd
 containerd_pkg_provider: docker-com
 
 
+kubernetes:
+  cluster_name: chtest
+
+  dedicated_controlplane_nodes: no
+  api_extra_sans:
+  - 192.168.28.21
+  - 192.168.28.22
+  - 192.168.28.29
+
+  pod_ip_range: 172.18.0.0/16
+  pod_ip_range_size: 24
+  service_ip_range: 172.18.192.0/18
+
+kubernetes_secrets:
+  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"
+
+
 ### Kube-Router
 #
-kubernetes_network_plugin: kube-router
-kubernetes_network_plugin_version: 1.5.1
-kubernetes_network_plugin_replaces_kube_proxy: yes
-kubernetes_enable_nodelocal_dnscache: yes
+#kubernetes_network_plugin: kube-router
+#kubernetes_network_plugin_version: 1.5.1
+#kubernetes_network_plugin_replaces_kube_proxy: yes
+#kubernetes_enable_nodelocal_dnscache: yes
 
 ### kubeguard
 #
-#kubernetes_network_plugin: kubeguard
-#kubernetes_network_plugin_replaces_kube_proxy: no
-#kubernetes_enable_nodelocal_dnscache: yes
-#kubeguard:
-#  ## node_index must be in the range between 1 and 190 -> 189 hosts possible
-#  ##
-#  ## hardcoded hostnames are not nice but if we do this via host_vars
-#  ## the info is spread over multiple files and this makes it more diffcult
-#  ## to find mistakes, so it is nicer to keep it in one place...
-#  node_index:
-#    ch-calypso: 125
-#    ch-thetys: 126
-#    ch-k8s-ctrl: 127
-#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
+kubernetes_network_plugin: kubeguard
+kubernetes_network_plugin_replaces_kube_proxy: no
+kubernetes_enable_nodelocal_dnscache: yes
+kubeguard:
+  ## Mind that pod_ip_range and service_ip_range overlap and kubeguard
+  ## needs a /24 for addresses assigned to tunnel devices. This means that
+  ## node_indeces must be in the range between 1 and 191 -> 189 hosts possible
+  ##
+  ## hardcoded hostnames are not nice but if we do this via host_vars
+  ## the info is spread over multiple files and this makes it more diffcult
+  ## to find mistakes, so it is nicer to keep it in one place...
+  node_index:
+    ch-calypso: 125
+    ch-thetys: 126
+    ch-k8s-ctrl: 127
+kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
 
 ### Cilium
 #
@@ -52,22 +71,4 @@ kubernetes_enable_nodelocal_dnscache: yes
 #kubernetes_network_plugin_replaces_kube_proxy: yes
 #kubernetes_enable_nodelocal_dnscache: no
 
-
-kubernetes:
-  cluster_name: chtest
-
-  dedicated_controlplane_nodes: no
-  api_extra_sans:
-  - 192.168.28.21
-  - 192.168.28.22
-  - 192.168.28.29
-
-  pod_ip_range: 172.18.0.0/16
-  pod_ip_range_size: 24
-  service_ip_range: 172.18.192.0/18
-
-
-kubernetes_secrets:
-  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"
-
 kubernetes_metrics_server_version: 0.6.3
-- 
cgit v1.2.3