Update Network for Opnsense

cftechwiz · Apr 4, 2024 · 9cdce4d · 9cdce4d
1 parent c536cee
commit 9cdce4d
Show file tree

Hide file tree

Showing 10 changed files with 70 additions and 75 deletions.
diff --git a/.taskfiles/Kubernetes/Tasks.yml b/.taskfiles/Kubernetes/Tasks.yml
@@ -1,4 +1,3 @@
----
 version: "3"
 
 tasks:
@@ -7,20 +6,20 @@ tasks:
     desc: Download kubeconfig from a remote k3s master node
     vars:
       MASTER_USERNAME: '{{.MASTER_USERNAME | default "cftechwiz"}}'
-      MASTER_HOST: '{{.MASTER_HOST | default "172.16.70.30"}}'
+      MASTER_HOST: '{{.MASTER_HOST | default "10.41.0.30"}}'
       KUBERNETES_API: '{{.KUBERNETES_API | default "172.16.0.254"}}'
     cmds:
-      - rsync --verbose --progress --partial --rsync-path="sudo rsync" {{.MASTER_USERNAME}}@{{.MASTER_HOST}}:/etc/rancher/k3s/k3s.yaml "${KUBECONFIG}"
-      - sed -i '' 's/127.0.0.1/{{.KUBERNETES_API}}/g' "${KUBECONFIG}"
-      - chmod go-r "${KUBECONFIG}"
+    - rsync --verbose --progress --partial --rsync-path="sudo rsync" {{.MASTER_USERNAME}}@{{.MASTER_HOST}}:/etc/rancher/k3s/k3s.yaml "${KUBECONFIG}"
+    - sed -i '' 's/127.0.0.1/{{.KUBERNETES_API}}/g' "${KUBECONFIG}"
+    - chmod go-r "${KUBECONFIG}"
 
   schemas:
     desc: Pull the latest CRD schemas for this cluster
     cmds:
-      - |
-        mkdir -p {{.CLUSTER_DIR}}/schemas
-        flux pull artifact oci://ghcr.io/cftechwiz/kubernetes-schemas-oci:latest \
-            --output={{.CLUSTER_DIR}}/schemas
+    - |
+      mkdir -p {{.CLUSTER_DIR}}/schemas
+      flux pull artifact oci://ghcr.io/cftechwiz/kubernetes-schemas-oci:latest \
+          --output={{.CLUSTER_DIR}}/schemas
 
   mount:
     desc: Mount a PersistentVolumeClaim to a pod temporarily
@@ -29,39 +28,39 @@ tasks:
       claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}'
       namespace: '{{.namespace | default "default"}}'
     cmds:
-      - |
-        kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
-          {
-            "apiVersion": "v1",
-            "spec": {
-              "containers": [
-                {
-                  "name": "debug",
-                  "image": "ghcr.io/cftechwiz/alpine:rolling",
-                  "command": [
-                    "/bin/bash"
-                  ],
-                  "stdin": true,
-                  "stdinOnce": true,
-                  "tty": true,
-                  "volumeMounts": [
-                    {
-                      "name": "config",
-                      "mountPath": "/data/config"
-                    }
-                  ]
-                }
-              ],
-              "volumes": [
-                {
-                  "name": "config",
-                  "persistentVolumeClaim": {
-                    "claimName": "{{.claim}}"
+    - |
+      kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides='
+        {
+          "apiVersion": "v1",
+          "spec": {
+            "containers": [
+              {
+                "name": "debug",
+                "image": "ghcr.io/cftechwiz/alpine:rolling",
+                "command": [
+                  "/bin/bash"
+                ],
+                "stdin": true,
+                "stdinOnce": true,
+                "tty": true,
+                "volumeMounts": [
+                  {
+                    "name": "config",
+                    "mountPath": "/data/config"
                   }
+                ]
+              }
+            ],
+            "volumes": [
+              {
+                "name": "config",
+                "persistentVolumeClaim": {
+                  "claimName": "{{.claim}}"
                 }
-              ],
-              "restartPolicy": "Never"
-            }
-          }'
+              }
+            ],
+            "restartPolicy": "Never"
+          }
+        }'
     preconditions:
-      - kubectl -n {{.namespace}} get pvc {{.claim}}
+    - kubectl -n {{.namespace}} get pvc {{.claim}}
diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml b/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml
@@ -1,6 +1,5 @@
----
 calico_encapsulation: "None"
-calico_bgp_peer_ip: 172.16.70.1
+calico_bgp_peer_ip: 10.41.0.2
 calico_bgp_as_number: 64512
 calico_bgp_external_ips: 192.168.69.0/24
-calico_node_cidr: 172.16.70.0/24
+calico_node_cidr: 10.41.0.0/24
diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s.yml b/ansible/kubernetes/inventory/group_vars/all/k3s.yml
@@ -1,5 +1,5 @@
 # Calico configuration
-calico_bgp_peer_ip: 172.16.70.1
+calico_bgp_peer_ip: 10.41.0.1
 calico_bgp_as_number: 64512
 calico_bgp_external_ips: 192.168.69.0/24
 k3s_release_version: "v1.29.2+k3s1"
@@ -10,7 +10,7 @@ k3s_become: true
 k3s_debug: false
 # (bool) Enable etcd embedded datastore
 k3s_etcd_datastore: true
-k3s_registration_address: 172.16.70.30
+k3s_registration_address: 10.41.0.30
 k3s_use_unsupported_config: true
 k3s_server_manifests_templates:
 - calico-installation.yaml.j2

diff --git a/ansible/kubernetes/inventory/hosts.yml b/ansible/kubernetes/inventory/hosts.yml
@@ -1,22 +1,21 @@
----
 kubernetes:
   children:
     master:
       hosts:
         server1:
-          ansible_host: 172.16.70.30
+          ansible_host: 10.41.0.30
           rook_block_devices:
-            - /dev/sda
-            - /dev/nvme0n1
+          - /dev/sda
+          - /dev/nvme0n1
     worker:
       hosts:
         server2:
-          ansible_host: 172.16.70.31
+          ansible_host: 10.41.0.31
           rook_block_devices:
-            - /dev/sda
-            - /dev/nvme0n1
+          - /dev/sda
+          - /dev/nvme0n1
         server3:
-          ansible_host: 172.16.70.32
+          ansible_host: 10.41.0.32
           rook_block_devices:
-            - /dev/sda
-            - /dev/nvme0n1
+          - /dev/sda
+          - /dev/nvme0n1
diff --git a/ansible/kubernetes/inventory/metal.yml b/ansible/kubernetes/inventory/metal.yml
@@ -1,17 +1,16 @@
----
 kubernetes:
   children:
     metal:
       hosts:
         server1:
-          ansible_host: 172.16.70.30
+          ansible_host: 10.41.0.30
         server2:
-          ansible_host: 172.16.70.31
+          ansible_host: 10.41.0.31
         server3:
-          ansible_host: 172.16.70.32
+          ansible_host: 10.41.0.32
         # k8s-3:
-        #   ansible_host: 172.16.70.33
+        #   ansible_host: 10.41.0.33
         # k8s-4:
-        #   ansible_host: 172.16.70.34
+        #   ansible_host: 10.41.0.34
         # k8s-5:
-        #   ansible_host: 172.16.70.35
+        #   ansible_host: 10.41.0.35
diff --git a/ansible/kubernetes/playbooks/metal-prepare.yml b/ansible/kubernetes/playbooks/metal-prepare.yml
@@ -266,11 +266,11 @@
             access_time: preserve
       # - name: finalize configuration with storage configuration
       #   block:
-      #     - name: Perform a discovery on 172.16.70.155 and show available target nodes
+      #     - name: Perform a discovery on 10.41.0.155 and show available target nodes
       #       community.general.open_iscsi:
       #         show_nodes: true
       #         discover: true
-      #         ip: 172.16.70.155
+      #         ip: 10.41.0.155
 
       #     - name: Connect to the named target, after updating the local persistent database (cache)
       #       community.general.open_iscsi:

diff --git a/docs/src/notes/nas.md b/docs/src/notes/nas.md
@@ -40,10 +40,10 @@ Outside of using [Ansible](https://github.com/ansible/ansible) for configuring t
 2. Share dataset over NFS
     ```sh
     sudo zfs set \
-        sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@172.16.70.0/24,[email protected]/24,ro=192.168.150.21,ro=192.168.150.28" \
+        sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@10.41.0.0/24,[email protected]/24,ro=192.168.150.21,ro=192.168.150.28" \
         nfs/Media
     sudo zfs set \
-        sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@172.16.70.0/24,[email protected]/24" \
+        sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@10.41.0.0/24,[email protected]/24" \
         nfs/Apps/MinIO
     ```
 
@@ -87,7 +87,7 @@ Outside of using [Ansible](https://github.com/ansible/ansible) for configuring t
 1. Add or replace file `/etc/exports.d/local.exports`
     ```text
     /share/PVCs 192.168.1.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100)
-    /share/PVCs 172.16.70.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100)
+    /share/PVCs 10.41.0.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100)
     ```
 
 2. Dataset Permissions

diff --git a/docs/src/notes/opnsense.md b/docs/src/notes/opnsense.md
@@ -7,12 +7,12 @@ Instead of using Metallb for L2/L3 load balancer IPs I am using the Kubernetes C
 1. Routing > BPG | General
     1. `enable` = `true`
     2. `BGP AS Number` = `64512`
-    3. `Network` = `172.16.70.0/24` (Subnet your Kubernetes nodes are on)
+    3. `Network` = `10.41.0.0/24` (Subnet your Kubernetes nodes are on)
     4. Save
 2. Routing > BGP | Neighbors
     - Add a neighbor for each Kubernetes node
       1. `Enabled` = `true`
-      2. `Peer-IP` = `172.16.70.x` (Kubernetes Node IP)
+      2. `Peer-IP` = `10.41.0.x` (Kubernetes Node IP)
       3. `Remote AS` = `64512`
       4. `Update-Source Interface` = `HOME_SERVER` (VLAN of Kubernetes nodes)
       5. Save
@@ -39,7 +39,7 @@ While kube-vip is very nice for having a API server ready to go and running in y
     - Add a server for each **master node** in your Kubernetes cluster
       1. `Enabled` = `true`
       2. `Name or Prefix` = `k8s-apiserver-x`
-      3. `FQDN or IP` = `172.16.70.x`
+      3. `FQDN or IP` = `10.41.0.x`
       4. `Port` = `6443`
       5. `Verify SSL Certificate` = `false`
       6. Apply/Save

diff --git a/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml b/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml
@@ -5,5 +5,5 @@ metadata:
   name: kubernetes-services-endpoint
   namespace: tigera-operator
 data:
-  KUBERNETES_SERVICE_HOST: "172.16.70.30"
+  KUBERNETES_SERVICE_HOST: "10.41.0.30"
   KUBERNETES_SERVICE_PORT: "6443"
diff --git a/kubernetes/flux/vars/cluster-settings.yml b/kubernetes/flux/vars/cluster-settings.yml
@@ -1,11 +1,10 @@
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
   namespace: flux-system
   name: cluster-settings
 data:
-  NET_NODE_CIDR: "172.16.70.0/24"
+  NET_NODE_CIDR: "10.41.0.0/24"
   NET_POD_CIDR: "10.42.0.0/16"
   NET_SVC_CIDR: "10.43.0.0/16"
   NET_EIP_CIDR: "192.168.69.0/24"