From e5920b3ddf145c55778de3704739f1ae51864050 Mon Sep 17 00:00:00 2001 From: Ruakij Date: Fri, 17 Mar 2023 15:57:48 +0100 Subject: [PATCH] Add network-plugin option --- kubernetes/defaults/main.yml | 4 ++ .../tasks/install/server/install_k3s.yml | 4 ++ .../server/network-plugin/deploy_calico.yml | 20 +++++++++ .../network-plugin/deploy_calico_helper.yml | 6 +++ .../templates/k3s/server/config.yaml.jinja2 | 5 +++ .../calico/custom-ressource.yml.jinja2 | 32 ++++++++++++++ .../calico/routingtabletowg.yml.jinja2 | 43 +++++++++++++++++++ 7 files changed, 114 insertions(+) create mode 100644 kubernetes/tasks/install/server/network-plugin/deploy_calico.yml create mode 100644 kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml create mode 100644 kubernetes/templates/k3s/server/network-plugin/calico/custom-ressource.yml.jinja2 create mode 100644 kubernetes/templates/k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2 diff --git a/kubernetes/defaults/main.yml b/kubernetes/defaults/main.yml index 57e82a4..378fb96 100644 --- a/kubernetes/defaults/main.yml +++ b/kubernetes/defaults/main.yml @@ -15,3 +15,7 @@ kubernetes: dns_name: token: + + # One of [flannel, calico] + network_plugin: calico + diff --git a/kubernetes/tasks/install/server/install_k3s.yml b/kubernetes/tasks/install/server/install_k3s.yml index e060725..262fb93 100644 --- a/kubernetes/tasks/install/server/install_k3s.yml +++ b/kubernetes/tasks/install/server/install_k3s.yml @@ -34,3 +34,7 @@ # block: | # export KUBECONFIG="/etc/rancher/k3s/k3s.yaml" # create: true + +- name: Deploy calico + import_tasks: ./roles/kubernetes/tasks/install/server/network-plugin/deploy_calico.yml + when: "kubernetes.network_plugin == 'calico'" diff --git a/kubernetes/tasks/install/server/network-plugin/deploy_calico.yml b/kubernetes/tasks/install/server/network-plugin/deploy_calico.yml new file mode 100644 index 0000000..3491142 --- /dev/null +++ b/kubernetes/tasks/install/server/network-plugin/deploy_calico.yml @@ -0,0 +1,20 @@ +- name: Deploy calico operator + command: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.3/manifests/tigera-operator.yaml + register: command + changed_when: "'created' in command.stdout" + run_once: true + +- name: Deploy calico ressource template + ansible.builtin.template: + src: ./k3s/server/network-plugin/calico/custom-ressource.yml.jinja2 + dest: /root/calico-ressource.yml + run_once: true + +- name: Deploy calico ressource + command: kubectl apply -f /root/calico-ressource.yml + register: command + changed_when: "'created' in command.stdout" + run_once: true + +- name: Deploy calico-helpers + import_tasks: ./roles/kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml diff --git a/kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml b/kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml new file mode 100644 index 0000000..ec8a684 --- /dev/null +++ b/kubernetes/tasks/install/server/network-plugin/deploy_calico_helper.yml @@ -0,0 +1,6 @@ +- name: Deploy service-file for routing-table to wireguard-translation + ansible.builtin.template: + src: ./k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2 + dest: /var/lib/rancher/k3s/server/manifests/routingtabletowg.yml + mode: u=rw,g=r,o=r + run_once: true diff --git a/kubernetes/templates/k3s/server/config.yaml.jinja2 b/kubernetes/templates/k3s/server/config.yaml.jinja2 index 134ac05..a6c05a6 100644 --- a/kubernetes/templates/k3s/server/config.yaml.jinja2 +++ b/kubernetes/templates/k3s/server/config.yaml.jinja2 @@ -17,7 +17,12 @@ service-cidr: {{ kubernetes.ipPool.ipv4.service_cidr }},{{ kubernetes.ipPool.ipv egress-selector-mode: disabled # Network-plugin +{% if kubernetes.network_plugin == "flannel" %} flannel-backend: vxlan +{% else %} +disable-network-policy: true +flannel-backend: none +{% endif %} # FIXME: Workaround for bug in Kubernetes 1.24/1.25 ignoring node IPv6 addresses kubelet-arg: "--node-ip=0.0.0.0" diff --git a/kubernetes/templates/k3s/server/network-plugin/calico/custom-ressource.yml.jinja2 b/kubernetes/templates/k3s/server/network-plugin/calico/custom-ressource.yml.jinja2 new file mode 100644 index 0000000..fbe7473 --- /dev/null +++ b/kubernetes/templates/k3s/server/network-plugin/calico/custom-ressource.yml.jinja2 @@ -0,0 +1,32 @@ +# This section includes base Calico installation configuration. +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation +apiVersion: operator.tigera.io/v1 +kind: Installation +metadata: + name: default +spec: + # Configures Calico networking. + calicoNetwork: + # Note: The ipPools section cannot be modified post-install. + ipPools: + - blockSize: 26 + cidr: {{ kubernetes.ipPool.ipv4.cluster_cidr }} + encapsulation: None + natOutgoing: Enabled + nodeSelector: all() + + - blockSize: 122 + cidr: {{ kubernetes.ipPool.ipv6.cluster_cidr }} + encapsulation: None + natOutgoing: Enabled + nodeSelector: all() + +--- + +# This section configures the Calico API server. +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer +apiVersion: operator.tigera.io/v1 +kind: APIServer +metadata: + name: default +spec: {} diff --git a/kubernetes/templates/k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2 b/kubernetes/templates/k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2 new file mode 100644 index 0000000..93bc420 --- /dev/null +++ b/kubernetes/templates/k3s/server/network-plugin/calico/routingtabletowg.yml.jinja2 @@ -0,0 +1,43 @@ +# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: routingtabletowg + namespace: calico-system + labels: + app: routingtabletowg +spec: + selector: + matchLabels: + app: routingtabletowg + template: + metadata: + labels: + app: routingtabletowg + spec: + tolerations: + # this toleration is to have the daemonset runnable on master nodes + # remove it if your masters can't run pods + - key: node-role.kubernetes.io/master + effect: NoSchedule + hostNetwork: true + containers: + - name: routingtabletowg + image: "ruakij/routingtabletowg:0.1.2" + env: + - name: INTERFACE + value: {{ kubernetes.ipPool.nodeIp_interface }} + - name: FILTER_PROTOCOL + value: bird + securityContext: + capabilities: + add: + - NET_ADMIN + resources: + requests: + cpu: 10m + memory: 10Mi + limits: + cpu: 20m + memory: 20Mi +---