diff --git a/README.md b/README.md index ee6922a..d960d1a 100644 --- a/README.md +++ b/README.md @@ -92,14 +92,19 @@ Validate install cilium status ``` -## MetalLB +## Cilium LB IPAM -For load balancing - -https://metallb.universe.tf/installation/ +For [Cilium to act as a load balancer](https://docs.cilium.io/en/stable/network/lb-ipam/) and start assigning IPs +to `LoadBalancer` services create a viable IP pool, e.g. `192.168.1.128/5`, by creating a `CiliumLoadBalancerIPPool` ```shell -kubectl apply -k infra/metallb +kubectl apply infra/cilium/ip-pool.yaml +``` + +and announce using a `CiliumL2AnnouncementPolicy` + +```shell +kubectl apply infra/cilium/announce.yaml ``` # Sealed Secrets @@ -111,6 +116,7 @@ kubectl apply -k infra/sealed-secrets ``` Be sure to store the generated sealed secret key in a safa place! + ```shell kubectl -n kube-system get secrets ``` @@ -166,6 +172,7 @@ kubectl apply -k infra/argocd ``` Get ArgoCD initial secret + ```shell kubectl -n argocd get secrets argocd-initial-admin-secret -o json | jq -r .data.password | base64 -d ``` @@ -181,6 +188,7 @@ kubectl apply -k infra/dashboard ``` Create a token + ```shell kubectl -n kubernetes-dashboard create token admin-user ``` @@ -209,7 +217,7 @@ version `v1alpha2` ([link](https://kubernetes.io/blog/2022/11/18/upcoming-change Make sure that `runc` is properly configured in containerd. -NB: Make sure the correct `containerd` daemon is running. +NB: Make sure the correct `containerd` daemon is running. (Check the loaded `containerd` service definition as reported by `systemctl status containerd`) Follow https://github.com/containerd/containerd/blob/main/docs/getting-started.md for further instructions. diff --git a/apps/plex/service.yaml b/apps/plex/service.yaml index 81831d8..6177f7e 100644 --- a/apps/plex/service.yaml +++ b/apps/plex/service.yaml @@ -5,7 +5,6 @@ metadata: spec: selector: app: plex - type: LoadBalancer ports: - name: web port: 32400 \ No newline at end of file diff --git a/infra/cilium/announce.yaml b/infra/cilium/announce.yaml new file mode 100644 index 0000000..3a5dbda --- /dev/null +++ b/infra/cilium/announce.yaml @@ -0,0 +1,9 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumL2AnnouncementPolicy +metadata: + name: default-l2-announcement-policy +spec: + interfaces: + - enp0s25 + externalIPs: true + loadBalancerIPs: true diff --git a/infra/cilium/ip-pool.yaml b/infra/cilium/ip-pool.yaml new file mode 100644 index 0000000..5515b8e --- /dev/null +++ b/infra/cilium/ip-pool.yaml @@ -0,0 +1,7 @@ +apiVersion: cilium.io/v2alpha1 +kind: CiliumLoadBalancerIPPool +metadata: + name: default-pool +spec: + cidrs: + - cidr: 192.168.1.128/25 \ No newline at end of file diff --git a/infra/cilium/kustomization.yaml b/infra/cilium/kustomization.yaml index 8f4130e..ca2d9be 100644 --- a/infra/cilium/kustomization.yaml +++ b/infra/cilium/kustomization.yaml @@ -5,10 +5,12 @@ namespace: kube-system resources: - traefik-forward-auth - ingress-route.yaml + - ip-pool.yaml + - announce.yaml -patchesStrategicMerge: - # peer-service: "hubble-peer.default.svc.cluster.local:443" - - patches/hubble-relay-config-peer-service-patch.yaml +#patchesStrategicMerge: +# # peer-service: "hubble-peer.default.svc.cluster.local:443" +# - patches/hubble-relay-config-peer-service-patch.yaml helmCharts: - name: cilium diff --git a/infra/cilium/values.yaml b/infra/cilium/values.yaml index a351cdc..9bf3e82 100644 --- a/infra/cilium/values.yaml +++ b/infra/cilium/values.yaml @@ -13,6 +13,14 @@ k8sServicePort: 6443 kubeProxyReplacement: strict +bgpControlPlane: + enabled: false + +l2announcements: + enabled: true +externalIPs: + enabled: true + # -- Roll out cilium agent pods automatically when configmap is updated. rollOutCiliumPods: false diff --git a/infra/cloudflared/deployment.yaml b/infra/cloudflared/deployment.yaml index 26c3b3d..c30cbf3 100644 --- a/infra/cloudflared/deployment.yaml +++ b/infra/cloudflared/deployment.yaml @@ -17,7 +17,7 @@ spec: dnsConfig: # Use Pi-Hole DNS nameservers: - - 192.168.1.131 + - 192.168.1.154 containers: - name: cloudflared image: cloudflare/cloudflared:2023.10.0 diff --git a/infra/metallb/configuration.yaml b/infra/metallb/configuration.yaml deleted file mode 100644 index 5088dd4..0000000 --- a/infra/metallb/configuration.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Configure IP-pool -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: first-pool - namespace: metallb-system -spec: - addresses: - - 192.168.1.128/25 - ---- -# Advertise -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: example - namespace: metallb-system \ No newline at end of file diff --git a/infra/metallb/kustomization.yaml b/infra/metallb/kustomization.yaml deleted file mode 100644 index 7e8a147..0000000 --- a/infra/metallb/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: metallb-system - -resources: - - github.com/metallb/metallb/config/native?ref=v0.13.9 - - configuration.yaml \ No newline at end of file diff --git a/infra/net-aux/config/pi-hole/02-custom.conf b/infra/net-aux/config/pi-hole/02-custom.conf index c2ac91b..c1f1be2 100644 --- a/infra/net-aux/config/pi-hole/02-custom.conf +++ b/infra/net-aux/config/pi-hole/02-custom.conf @@ -1,2 +1,2 @@ -address=/stonegarden.dev/192.168.1.128 +address=/stonegarden.dev/192.168.1.142 edns-packet-max=1232 diff --git a/infra/net-aux/service.yaml b/infra/net-aux/service.yaml index 8f13ca7..3b6f2df 100644 --- a/infra/net-aux/service.yaml +++ b/infra/net-aux/service.yaml @@ -4,8 +4,8 @@ metadata: name: net-aux namespace: net-aux annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.1.153 - metallb.universe.tf/allow-shared-ip: net-aux + io.cilium/lb-ipam-ips: 192.168.1.153 + io.cilium/lb-ipam-sharing-key: net-aux spec: selector: app: net-aux @@ -28,9 +28,9 @@ apiVersion: v1 metadata: name: net-aux-udp namespace: net-aux - annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.1.153 - metallb.universe.tf/allow-shared-ip: net-aux +# annotations: +# io.cilium/lb-ipam-ips: 192.168.1.153 +# io.cilium/lb-ipam-sharing-key: net-aux spec: selector: app: net-aux diff --git a/infra/pi-hole/config/02-custom.conf b/infra/pi-hole/config/02-custom.conf index c2ac91b..c1f1be2 100644 --- a/infra/pi-hole/config/02-custom.conf +++ b/infra/pi-hole/config/02-custom.conf @@ -1,2 +1,2 @@ -address=/stonegarden.dev/192.168.1.128 +address=/stonegarden.dev/192.168.1.142 edns-packet-max=1232 diff --git a/infra/pi-hole/service.yaml b/infra/pi-hole/service.yaml index b45350c..cd0a1cd 100644 --- a/infra/pi-hole/service.yaml +++ b/infra/pi-hole/service.yaml @@ -4,8 +4,8 @@ metadata: name: pi-hole namespace: pi-hole annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.1.154 - metallb.universe.tf/allow-shared-ip: pi-hole + io.cilium/lb-ipam-ips: 192.168.1.154 + io.cilium/lb-ipam-sharing-key: pi-hole spec: selector: app: pi-hole @@ -24,9 +24,9 @@ apiVersion: v1 metadata: name: pi-hole-udp namespace: pi-hole - annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.1.154 - metallb.universe.tf/allow-shared-ip: pi-hole +# annotations: +# io.cilium/lb-ipam-ips: 192.168.1.154 +# io.cilium/lb-ipam-sharing-key: pi-hole spec: selector: app: pi-hole diff --git a/infra/traefik/values.yaml b/infra/traefik/values.yaml index 8b8c2eb..4c9836c 100644 --- a/infra/traefik/values.yaml +++ b/infra/traefik/values.yaml @@ -9,9 +9,9 @@ deployment: - name: data mountPath: /data -services: +service: annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.1.128 + io.cilium/lb-ipam-ips: 192.168.1.142 providers: kubernetesCRD: