From 27339b7d54c78a9dcfc23f08282311f6437626c6 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 May 2021 18:18:38 +0200 Subject: [PATCH 1/5] bgp: switch asn for place7 --- v3-calico/bgp-place7.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3-calico/bgp-place7.yaml b/v3-calico/bgp-place7.yaml index 2b089e0..8c9d05a 100644 --- a/v3-calico/bgp-place7.yaml +++ b/v3-calico/bgp-place7.yaml @@ -6,7 +6,7 @@ metadata: spec: logSeverityScreen: Info nodeToNodeMeshEnabled: true - asNumber: 213081 + asNumber: 65534 serviceClusterIPs: - cidr: 2a0a:e5c0:13:aaa::/108 serviceExternalIPs: From e67093bf8a46fb671ccefbb0c2d45a2ce0201b81 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 May 2021 19:28:39 +0200 Subject: [PATCH 2/5] ++nginx test deployment --- v3-calico/README.md | 18 ++++++++++++++++++ v3-calico/nginx-test-deployment.yaml | 19 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 v3-calico/nginx-test-deployment.yaml diff --git a/v3-calico/README.md b/v3-calico/README.md index 78b6278..6fce4c6 100644 --- a/v3-calico/README.md +++ b/v3-calico/README.md @@ -66,3 +66,21 @@ alias calicoctl="kubectl exec -i -n kube-system calicoctl -- /calicoctl" ``` calicoctl create -f - < bgp....yaml ``` + +## Setup a test deployment + +Do *NOT* use https://k8s.io/examples/application/deployment.yaml. It +contains an outdated nginx container that has no IPv6 listener. You +will get results such as + +``` +[19:03] server47.place7:~/ungleich-k8s/v3-calico# curl http://[2a0a:e5c0:13:bbb:176b:eaa6:6d47:1c41] +curl: (7) Failed to connect to 2a0a:e5c0:13:bbb:176b:eaa6:6d47:1c41 port 80: Connection refused +``` + +if you use that deployment. Instead use something on the line of the +included **nginx-test-deployment.yaml**: + +``` +kubectl appply -f nginx-test-deployment.yaml +``` diff --git a/v3-calico/nginx-test-deployment.yaml b/v3-calico/nginx-test-deployment.yaml new file mode 100644 index 0000000..af12278 --- /dev/null +++ b/v3-calico/nginx-test-deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment +spec: + selector: + matchLabels: + app: nginx + replicas: 2 # tells deployment to run 2 pods matching the template + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.20.0-alpine + ports: + - containerPort: 80 From 67ae418a4f85efa7d83e1cbe6adb678f7ea5d7cb Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 May 2021 19:32:50 +0200 Subject: [PATCH 3/5] ++ docs --- v3-calico/README.md | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/v3-calico/README.md b/v3-calico/README.md index 6fce4c6..2b3aedc 100644 --- a/v3-calico/README.md +++ b/v3-calico/README.md @@ -1,14 +1,39 @@ +## Introduction + +The following guide shows how to setup an IPv6 only cluster at ungleich. + ## Steps - Boot Alpine -- Configure with cdist +- Configure with cdist to get cri-o configured ## Control plane +Initialise with all components: + +``` +kubeadm init -service-cidr 2a0a:e5c0:13:aaa::/108 --pod-network-cidr 2a0a:e5c0:13:bbb::/64 +``` + +We cannot yet skip kube-proxy, because calico does not support eBPF +for IPv6. Cilium supports IPv6 eBPF, but on the other hand does not +support automatic BGP peering. So the following **does not** work: + ``` kubeadm init --skip-phases=addon/kube-proxy --service-cidr 2a0a:e5c0:13:aaa::/108 --pod-network-cidr 2a0a:e5c0:13:bbb::/64 ``` +## Alpine / kubelet hack + +Due to some misconfiguration on alpine, **DURING** the **kubeadm +init** we need to modify the **generated** +/var/lib/kubelet/config.yaml to replace "cgroupDriver: systemd" with +"cgroupDriver: cgroupfs". + +The same is necessary on the worker nodes, however that can be done +anytime before you plan to schedule containers on them, after the +**kubeadm join** request. + ## Worker nodes ``` From 9f5a19535f95b6a7af24d5c04f8d086b517e8367 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 May 2021 19:34:12 +0200 Subject: [PATCH 4/5] --typo --- v3-calico/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3-calico/README.md b/v3-calico/README.md index 2b3aedc..2654459 100644 --- a/v3-calico/README.md +++ b/v3-calico/README.md @@ -107,5 +107,5 @@ if you use that deployment. Instead use something on the line of the included **nginx-test-deployment.yaml**: ``` -kubectl appply -f nginx-test-deployment.yaml +kubectl apply -f nginx-test-deployment.yaml ``` From 9377000ba6a9bc795af08980bddafe0fb93808a0 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 20 May 2021 19:35:51 +0200 Subject: [PATCH 5/5] yet another typo --- v3-calico/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3-calico/README.md b/v3-calico/README.md index 2654459..a85a42f 100644 --- a/v3-calico/README.md +++ b/v3-calico/README.md @@ -12,7 +12,7 @@ The following guide shows how to setup an IPv6 only cluster at ungleich. Initialise with all components: ``` -kubeadm init -service-cidr 2a0a:e5c0:13:aaa::/108 --pod-network-cidr 2a0a:e5c0:13:bbb::/64 +kubeadm init --service-cidr 2a0a:e5c0:13:aaa::/108 --pod-network-cidr 2a0a:e5c0:13:bbb::/64 ``` We cannot yet skip kube-proxy, because calico does not support eBPF