diff --git a/README.md b/README.md index 57dce42..d63af1f 100644 --- a/README.md +++ b/README.md @@ -231,6 +231,17 @@ While above is already a fully running k8s cluster, we do want to have support for **PersistentVolumeclaims**. See [the rook documentation](rook/README.md) on how to achieve the next step. +## High available control plan + +Above steps result in a single control plane node, however for +production setups, three nodes should be in the control plane. + +The [guide for creating HA +clusters](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) +referes to an external load balancer that + + + ## The IPv4 "problem" * Clusters are IPv6 only diff --git a/alpine-linux/README.md b/alpine-linux/README.md new file mode 100644 index 0000000..5b5f554 --- /dev/null +++ b/alpine-linux/README.md @@ -0,0 +1,3 @@ +* Alpine Linux does not mark /run or /sys as shared +* Deploy mount-shared in /etc/init.d +* Execute `rc-update add mount-shared` diff --git a/alpine-linux/mount-shared b/alpine-linux/mount-shared new file mode 100755 index 0000000..4807dd4 --- /dev/null +++ b/alpine-linux/mount-shared @@ -0,0 +1,12 @@ +#!/sbin/openrc-run + +depend() +{ + after sysfs +} + +start() +{ + mount --make-shared /run + mount --make-shared /sys +} diff --git a/k8s/c0/README.md b/k8s/c0/README.md new file mode 100644 index 0000000..7638275 --- /dev/null +++ b/k8s/c0/README.md @@ -0,0 +1,41 @@ +## c0.k8s.ooo + +Base cluster for managing other clusters. + +## Bootstrap Control Plane + +* apu1: `kubeadm init --config k8s/c0/kubeadm.yaml --upload-certs` +* apu2: `kubeadm join api.c0.k8s.ooo:6443 ...` +* apu3: `kubeadm join api.c0.k8s.ooo:6443 ...` + +Removing taints, self contained cluster: + +``` +kubectl taint nodes --all node-role.kubernetes.io/master- +``` + +## Bootstrapping networking + +``` +mount --make-shared /sys +mount --make-shared /run +kubectl apply -f v3-calico/calico.yaml +kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml + +alias calicoctl="kubectl exec -i -n kube-system calicoctl -- /calicoctl" +calicoctl create -f - < ./k8s/c0/calico-bgp.yaml +``` + +## Flux bootstrap + +On a client: + +``` +wget https://github.com/fluxcd/flux2/releases/download/v0.16.1/flux_0.16.1_linux_amd64.tar.gz +tar xvfz flux_0.16.1_linux_amd64.tar.gz +./flux bootstrap git --path=./cluster/c0 --cluster-domain c0.k8s.ooo --url ssh://git@code.ungleich.ch/ungleich-intern/k8s-config.git --branch=main +``` + +## rook bootstrap + +* via flux diff --git a/k8s/c0/calico-bgp.yaml b/k8s/c0/calico-bgp.yaml new file mode 100644 index 0000000..1637469 --- /dev/null +++ b/k8s/c0/calico-bgp.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: projectcalico.org/v3 +kind: BGPConfiguration +metadata: + name: default +spec: + logSeverityScreen: Info + nodeToNodeMeshEnabled: true + asNumber: 65534 + serviceClusterIPs: + - cidr: 2a0a:e5c0:13:b1::/108 + serviceExternalIPs: + - cidr: 2a0a:e5c0:13:b1::/108 +--- +apiVersion: projectcalico.org/v3 +kind: BGPPeer +metadata: + name: red-place7 +spec: + peerIP: 2a0a:e5c0:13::42 + asNumber: 213081 diff --git a/k8s/c0/kubeadm.yaml b/k8s/c0/kubeadm.yaml new file mode 100644 index 0000000..179654f --- /dev/null +++ b/k8s/c0/kubeadm.yaml @@ -0,0 +1,13 @@ +# kubeadm-config.yaml +kind: ClusterConfiguration +apiVersion: kubeadm.k8s.io/v1beta2 +kubernetesVersion: v1.21.2 +networking: + dnsDomain: "c0.k8s.ooo" + podSubnet: 2a0a:e5c0:13:b0::/64 + serviceSubnet: 2a0a:e5c0:13:b1::/108 +controlPlaneEndpoint: "api.c0.k8s.ooo:6443" +--- +kind: KubeletConfiguration +apiVersion: kubelet.config.k8s.io/v1beta1 +cgroupDriver: cgroupfs diff --git a/k8s/c2/kubeadm.yaml b/k8s/c2/kubeadm.yaml index 7dd8de2..21bcbbf 100644 --- a/k8s/c2/kubeadm.yaml +++ b/k8s/c2/kubeadm.yaml @@ -1,12 +1,12 @@ # kubeadm-config.yaml kind: ClusterConfiguration apiVersion: kubeadm.k8s.io/v1beta2 -kubernetesVersion: v1.21.1 +kubernetesVersion: v1.21.2 networking: dnsDomain: c2.k8s.ooo podSubnet: 2a0a:e5c0:13:e1::/64 serviceSubnet: 2a0a:e5c0:13:e2::/108 - +controlPlaneEndpoint: "api.c2.k8s.ooo:6443" --- kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 diff --git a/tests/secret-generation-test.yaml b/tests/secret-generation-test.yaml new file mode 100644 index 0000000..2eb80b9 --- /dev/null +++ b/tests/secret-generation-test.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: string-secret + annotations: + secret-generator.v1.mittwald.de/autogenerate: password