pods with global ipv6

2025-10-29 09:32:39 +00:00 · 2024-07-01 16:38:32 +03:00
parent dadcb60981
commit be81778aa1
4 changed files with 105 additions and 7 deletions
--- a/proxmox/Makefile
+++ b/proxmox/Makefile
@@ -24,8 +24,8 @@ create-config: ## Genereate talos configs
 	talosctl --talosconfig _cfgs/talosconfig config endpoint ${ENDPOINT}

 create-templates:
-	@echo 'podSubnets: "10.32.0.0/12,fd00:10:32::/102"'        >  _cfgs/tfstate.vars
-	@echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/112"'  >> _cfgs/tfstate.vars
+	@echo 'podSubnets: "10.32.0.0/12,fd00:10:32::/64"'         >  _cfgs/tfstate.vars
+	@echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/108"'  >> _cfgs/tfstate.vars
 	@echo 'apiDomain: api.cluster.local'                       >> _cfgs/tfstate.vars
 	@yq eval '.cluster.network.dnsDomain' _cfgs/controlplane.yaml | awk '{ print "domain: "$$1}'       >> _cfgs/tfstate.vars
 	@yq eval '.cluster.clusterName' _cfgs/controlplane.yaml       | awk '{ print "clusterName: "$$1}'  >> _cfgs/tfstate.vars
@@ -42,7 +42,7 @@ create-templates:
 	@sops --encrypt --input-type=yaml --output-type=yaml _cfgs/talosconfig > _cfgs/talosconfig.sops.yaml
 	@git add -f _cfgs/talosconfig.sops.yaml _cfgs/ca.crt terraform.tfvars.sops.json

-create-controlplane-bootstrap: ## Bootstrap controlplane
+bootstrap: ## Bootstrap controlplane
 	talosctl --talosconfig _cfgs/talosconfig config endpoint ${ENDPOINT}
 	talosctl --talosconfig _cfgs/talosconfig --nodes ${CPFIRST} bootstrap

@@ -60,7 +60,7 @@ nodes: ## Show kubernetes nodes
 	@kubectl get nodes -owide --sort-by '{.metadata.name}' --label-columns topology.kubernetes.io/region,topology.kubernetes.io/zone,node.kubernetes.io/instance-type

 system:
-	helm --kubeconfig=kubeconfig upgrade -i --namespace=kube-system --version=1.15.6 -f ../_deployments/vars/cilium.yaml \
+	helm --kubeconfig=kubeconfig upgrade -i --namespace=kube-system --version=1.15.6 -f deployments/cilium.yaml \
 		cilium cilium/cilium

 	kubectl --kubeconfig=kubeconfig -n kube-system delete svc cilium-agent
@@ -71,7 +71,6 @@ system:
 		metrics-server metrics-server/metrics-server

 	helm --kubeconfig=kubeconfig upgrade -i --namespace=kube-system -f deployments/talos-ccm.yaml \
-		--set-string image.tag=edge \
 		--set useDaemonSet=true \
 		talos-cloud-controller-manager \
 		oci://ghcr.io/siderolabs/charts/talos-cloud-controller-manager
--- a/proxmox/deployments/cilium.yaml
+++ b/proxmox/deployments/cilium.yaml
@@ -0,0 +1,80 @@
+---
+
+k8sServiceHost: "api.cluster.local"
+k8sServicePort: "6443"
+
+operator:
+  enabled: true
+  rollOutPods: true
+  replicas: 1
+  prometheus:
+    enabled: false
+  nodeSelector:
+    node-role.kubernetes.io/control-plane: ""
+  tolerations:
+    - operator: Exists
+      effect: NoSchedule
+
+identityAllocationMode: crd
+kubeProxyReplacement: strict
+enableK8sEndpointSlice: true
+localRedirectPolicy: true
+
+tunnel: "vxlan"
+autoDirectNodeRoutes: false
+devices: [eth+]
+
+healthChecking: true
+
+cni:
+  install: true
+
+ipam:
+  mode: "kubernetes"
+k8s:
+  requireIPv4PodCIDR: true
+  requireIPv6PodCIDR: true
+
+enableIPv6Masquerade: false
+enableIPv4Masquerade: true
+
+bpf:
+  masquerade: true
+ipv4:
+  enabled: true
+ipv6:
+  enabled: true
+hostServices:
+  enabled: true
+hostPort:
+  enabled: true
+nodePort:
+  enabled: true
+externalIPs:
+  enabled: true
+hostFirewall:
+  enabled: true
+ingressController:
+  enabled: false
+
+securityContext:
+  privileged: true
+
+hubble:
+  enabled: false
+
+prometheus:
+  enabled: true
+
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+
+resources:
+  limits:
+    cpu: 2
+    memory: 2Gi
+  requests:
+    cpu: 100m
+    memory: 128Mi
--- a/proxmox/deployments/talos-ccm.yaml
+++ b/proxmox/deployments/talos-ccm.yaml
@@ -1,4 +1,8 @@

+image:
+  repository: ghcr.io/sergelogvinov/talos-cloud-controller-manager
+  tag: nodeipam
+
 service:
  containerPort: 50258
  annotations:
@@ -8,6 +12,20 @@ service:

 logVerbosityLevel: 4

+enabledControllers:
+  - cloud-node
+  - node-ipam-controller
+
+extraArgs:
+  - --allocate-node-cidrs
+  - --cidr-allocator-type=CloudAllocator
+  - --node-cidr-mask-size-ipv4=24
+  - --node-cidr-mask-size-ipv6=80
+
+# tolerations:
+#   - effect: NoSchedule
+#     operator: Exists
+
 transformations:
  - name: web
    nodeSelector:
--- a/proxmox/templates/controlplane.yaml.tpl
+++ b/proxmox/templates/controlplane.yaml.tpl
@@ -72,8 +72,9 @@ cluster:
  controllerManager:
    image: registry.k8s.io/kube-controller-manager:${version}
    extraArgs:
-        node-cidr-mask-size-ipv4: 24
-        node-cidr-mask-size-ipv6: 112
+        controllers: "*,tokencleaner,-node-ipam-controller"
+        node-cidr-mask-size-ipv4: "24"
+        node-cidr-mask-size-ipv6: "80"
  scheduler:
    image: registry.k8s.io/kube-scheduler:${version}
  etcd: