Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-k8s

2021-07-14 12:41:02 +02:00 · 2021-07-14 12:41:02 +02:00 · b95c021c98
commit b95c021c98
parent 3e3dd72cec 5e4d84816b
8 changed files with 109 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -231,6 +231,17 @@ While above is already a fully running k8s cluster, we do want to have
 support for **PersistentVolumeclaims**. See [the rook
 documentation](rook/README.md) on how to achieve the next step.
 ## High available control plan
 Above steps result in a single control plane node, however for
 production setups, three nodes should be in the control plane.
 The [guide for creating HA
 clusters](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/)
 referes to an external load balancer that
 ## The IPv4 "problem"
 * Clusters are IPv6 only
--- a/alpine-linux/README.md
+++ b/alpine-linux/README.md
@ -0,0 +1,3 @@
 * Alpine Linux does not mark /run or /sys as shared
 * Deploy mount-shared in /etc/init.d
 * Execute `rc-update add mount-shared`
--- a/alpine-linux/mount-shared
+++ b/alpine-linux/mount-shared
@ -0,0 +1,12 @@
 #!/sbin/openrc-run
 depend()
 {
 	after sysfs
 }
 start()
 {
 	mount --make-shared /run
 	mount --make-shared /sys
 }
--- a/k8s/c0/README.md
+++ b/k8s/c0/README.md
@ -0,0 +1,41 @@
 ## c0.k8s.ooo
 Base cluster for managing other clusters.
 ## Bootstrap Control Plane
 * apu1: `kubeadm init --config k8s/c0/kubeadm.yaml  --upload-certs`
 * apu2: `kubeadm join api.c0.k8s.ooo:6443 ...`
 * apu3: `kubeadm join api.c0.k8s.ooo:6443 ...`
 Removing taints, self contained cluster:
 ```
 kubectl taint nodes --all node-role.kubernetes.io/master-
 ```
 ## Bootstrapping networking
 ```
 mount --make-shared /sys
 mount --make-shared /run
 kubectl apply -f v3-calico/calico.yaml
 kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml
 alias calicoctl="kubectl exec -i -n kube-system calicoctl -- /calicoctl"
 calicoctl create -f - < ./k8s/c0/calico-bgp.yaml
 ```
 ## Flux bootstrap
 On a client:
 ```
 wget https://github.com/fluxcd/flux2/releases/download/v0.16.1/flux_0.16.1_linux_amd64.tar.gz
 tar xvfz flux_0.16.1_linux_amd64.tar.gz
 ./flux bootstrap git --path=./cluster/c0 --cluster-domain c0.k8s.ooo --url ssh://git@code.ungleich.ch/ungleich-intern/k8s-config.git --branch=main
 ```
 ## rook bootstrap
 * via flux
--- a/k8s/c0/calico-bgp.yaml
+++ b/k8s/c0/calico-bgp.yaml
@ -0,0 +1,21 @@
 ---
 apiVersion: projectcalico.org/v3
 kind: BGPConfiguration
 metadata:
  name: default
 spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: true
  asNumber: 65534
  serviceClusterIPs:
  - cidr: 2a0a:e5c0:13:b1::/108
  serviceExternalIPs:
  - cidr: 2a0a:e5c0:13:b1::/108
 ---
 apiVersion: projectcalico.org/v3
 kind: BGPPeer
 metadata:
  name: red-place7
 spec:
  peerIP: 2a0a:e5c0:13::42
  asNumber: 213081
--- a/k8s/c0/kubeadm.yaml
+++ b/k8s/c0/kubeadm.yaml
@ -0,0 +1,13 @@
 # kubeadm-config.yaml
 kind: ClusterConfiguration
 apiVersion: kubeadm.k8s.io/v1beta2
 kubernetesVersion: v1.21.2
 networking:
  dnsDomain: "c0.k8s.ooo"
  podSubnet: 2a0a:e5c0:13:b0::/64
  serviceSubnet: 2a0a:e5c0:13:b1::/108
 controlPlaneEndpoint: "api.c0.k8s.ooo:6443"
 ---
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
 cgroupDriver: cgroupfs
--- a/k8s/c2/kubeadm.yaml
+++ b/k8s/c2/kubeadm.yaml
@ -1,12 +1,12 @@
 # kubeadm-config.yaml
 kind: ClusterConfiguration
 apiVersion: kubeadm.k8s.io/v1beta2
-kubernetesVersion: v1.21.1
+kubernetesVersion: v1.21.2
 networking:
  dnsDomain: c2.k8s.ooo
  podSubnet: 2a0a:e5c0:13:e1::/64
  serviceSubnet: 2a0a:e5c0:13:e2::/108
-
+controlPlaneEndpoint: "api.c2.k8s.ooo:6443"
 ---
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
--- a/tests/secret-generation-test.yaml
+++ b/tests/secret-generation-test.yaml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: string-secret
  annotations:
    secret-generator.v1.mittwald.de/autogenerate: password