From 9cdce4dd85551b74ba6e6028c7538b1e78e8a9bf Mon Sep 17 00:00:00 2001 From: cftechwiz Date: Thu, 4 Apr 2024 18:39:16 -0500 Subject: [PATCH] Update Network for Opnsense --- .taskfiles/Kubernetes/Tasks.yml | 83 +++++++++---------- .../inventory/group_vars/all/k3s-calico.yml | 5 +- .../inventory/group_vars/all/k3s.yml | 4 +- ansible/kubernetes/inventory/hosts.yml | 19 ++--- ansible/kubernetes/inventory/metal.yml | 13 ++- .../kubernetes/playbooks/metal-prepare.yml | 4 +- docs/src/notes/nas.md | 6 +- docs/src/notes/opnsense.md | 6 +- .../tigera-operator/app/configmap.yaml | 2 +- kubernetes/flux/vars/cluster-settings.yml | 3 +- 10 files changed, 70 insertions(+), 75 deletions(-) diff --git a/.taskfiles/Kubernetes/Tasks.yml b/.taskfiles/Kubernetes/Tasks.yml index 12d9a67a4f..e3610460c8 100644 --- a/.taskfiles/Kubernetes/Tasks.yml +++ b/.taskfiles/Kubernetes/Tasks.yml @@ -1,4 +1,3 @@ ---- version: "3" tasks: @@ -7,20 +6,20 @@ tasks: desc: Download kubeconfig from a remote k3s master node vars: MASTER_USERNAME: '{{.MASTER_USERNAME | default "cftechwiz"}}' - MASTER_HOST: '{{.MASTER_HOST | default "172.16.70.30"}}' + MASTER_HOST: '{{.MASTER_HOST | default "10.41.0.30"}}' KUBERNETES_API: '{{.KUBERNETES_API | default "172.16.0.254"}}' cmds: - - rsync --verbose --progress --partial --rsync-path="sudo rsync" {{.MASTER_USERNAME}}@{{.MASTER_HOST}}:/etc/rancher/k3s/k3s.yaml "${KUBECONFIG}" - - sed -i '' 's/127.0.0.1/{{.KUBERNETES_API}}/g' "${KUBECONFIG}" - - chmod go-r "${KUBECONFIG}" + - rsync --verbose --progress --partial --rsync-path="sudo rsync" {{.MASTER_USERNAME}}@{{.MASTER_HOST}}:/etc/rancher/k3s/k3s.yaml "${KUBECONFIG}" + - sed -i '' 's/127.0.0.1/{{.KUBERNETES_API}}/g' "${KUBECONFIG}" + - chmod go-r "${KUBECONFIG}" schemas: desc: Pull the latest CRD schemas for this cluster cmds: - - | - mkdir -p {{.CLUSTER_DIR}}/schemas - flux pull artifact oci://ghcr.io/cftechwiz/kubernetes-schemas-oci:latest \ - --output={{.CLUSTER_DIR}}/schemas + - | + mkdir -p {{.CLUSTER_DIR}}/schemas + flux pull artifact oci://ghcr.io/cftechwiz/kubernetes-schemas-oci:latest \ + --output={{.CLUSTER_DIR}}/schemas mount: desc: Mount a PersistentVolumeClaim to a pod temporarily @@ -29,39 +28,39 @@ tasks: claim: '{{ or .claim (fail "PersistentVolumeClaim `claim` is required") }}' namespace: '{{.namespace | default "default"}}' cmds: - - | - kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides=' - { - "apiVersion": "v1", - "spec": { - "containers": [ - { - "name": "debug", - "image": "ghcr.io/cftechwiz/alpine:rolling", - "command": [ - "/bin/bash" - ], - "stdin": true, - "stdinOnce": true, - "tty": true, - "volumeMounts": [ - { - "name": "config", - "mountPath": "/data/config" - } - ] - } - ], - "volumes": [ - { - "name": "config", - "persistentVolumeClaim": { - "claimName": "{{.claim}}" + - | + kubectl run -n {{.namespace}} debug-{{.claim}} -i --tty --rm --image=null --privileged --overrides=' + { + "apiVersion": "v1", + "spec": { + "containers": [ + { + "name": "debug", + "image": "ghcr.io/cftechwiz/alpine:rolling", + "command": [ + "/bin/bash" + ], + "stdin": true, + "stdinOnce": true, + "tty": true, + "volumeMounts": [ + { + "name": "config", + "mountPath": "/data/config" } + ] + } + ], + "volumes": [ + { + "name": "config", + "persistentVolumeClaim": { + "claimName": "{{.claim}}" } - ], - "restartPolicy": "Never" - } - }' + } + ], + "restartPolicy": "Never" + } + }' preconditions: - - kubectl -n {{.namespace}} get pvc {{.claim}} + - kubectl -n {{.namespace}} get pvc {{.claim}} diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml b/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml index 592cfc8935..fd7ef37625 100644 --- a/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml +++ b/ansible/kubernetes/inventory/group_vars/all/k3s-calico.yml @@ -1,6 +1,5 @@ ---- calico_encapsulation: "None" -calico_bgp_peer_ip: 172.16.70.1 +calico_bgp_peer_ip: 10.41.0.2 calico_bgp_as_number: 64512 calico_bgp_external_ips: 192.168.69.0/24 -calico_node_cidr: 172.16.70.0/24 +calico_node_cidr: 10.41.0.0/24 diff --git a/ansible/kubernetes/inventory/group_vars/all/k3s.yml b/ansible/kubernetes/inventory/group_vars/all/k3s.yml index 08a88e54c3..5dcb780174 100644 --- a/ansible/kubernetes/inventory/group_vars/all/k3s.yml +++ b/ansible/kubernetes/inventory/group_vars/all/k3s.yml @@ -1,5 +1,5 @@ # Calico configuration -calico_bgp_peer_ip: 172.16.70.1 +calico_bgp_peer_ip: 10.41.0.1 calico_bgp_as_number: 64512 calico_bgp_external_ips: 192.168.69.0/24 k3s_release_version: "v1.29.2+k3s1" @@ -10,7 +10,7 @@ k3s_become: true k3s_debug: false # (bool) Enable etcd embedded datastore k3s_etcd_datastore: true -k3s_registration_address: 172.16.70.30 +k3s_registration_address: 10.41.0.30 k3s_use_unsupported_config: true k3s_server_manifests_templates: - calico-installation.yaml.j2 diff --git a/ansible/kubernetes/inventory/hosts.yml b/ansible/kubernetes/inventory/hosts.yml index 1cb109770c..4747c380ee 100644 --- a/ansible/kubernetes/inventory/hosts.yml +++ b/ansible/kubernetes/inventory/hosts.yml @@ -1,22 +1,21 @@ ---- kubernetes: children: master: hosts: server1: - ansible_host: 172.16.70.30 + ansible_host: 10.41.0.30 rook_block_devices: - - /dev/sda - - /dev/nvme0n1 + - /dev/sda + - /dev/nvme0n1 worker: hosts: server2: - ansible_host: 172.16.70.31 + ansible_host: 10.41.0.31 rook_block_devices: - - /dev/sda - - /dev/nvme0n1 + - /dev/sda + - /dev/nvme0n1 server3: - ansible_host: 172.16.70.32 + ansible_host: 10.41.0.32 rook_block_devices: - - /dev/sda - - /dev/nvme0n1 + - /dev/sda + - /dev/nvme0n1 diff --git a/ansible/kubernetes/inventory/metal.yml b/ansible/kubernetes/inventory/metal.yml index e3c1348069..8a54e7d512 100644 --- a/ansible/kubernetes/inventory/metal.yml +++ b/ansible/kubernetes/inventory/metal.yml @@ -1,17 +1,16 @@ ---- kubernetes: children: metal: hosts: server1: - ansible_host: 172.16.70.30 + ansible_host: 10.41.0.30 server2: - ansible_host: 172.16.70.31 + ansible_host: 10.41.0.31 server3: - ansible_host: 172.16.70.32 + ansible_host: 10.41.0.32 # k8s-3: - # ansible_host: 172.16.70.33 + # ansible_host: 10.41.0.33 # k8s-4: - # ansible_host: 172.16.70.34 + # ansible_host: 10.41.0.34 # k8s-5: - # ansible_host: 172.16.70.35 \ No newline at end of file + # ansible_host: 10.41.0.35 diff --git a/ansible/kubernetes/playbooks/metal-prepare.yml b/ansible/kubernetes/playbooks/metal-prepare.yml index 7bf1f07ca8..548d30a96f 100644 --- a/ansible/kubernetes/playbooks/metal-prepare.yml +++ b/ansible/kubernetes/playbooks/metal-prepare.yml @@ -266,11 +266,11 @@ access_time: preserve # - name: finalize configuration with storage configuration # block: - # - name: Perform a discovery on 172.16.70.155 and show available target nodes + # - name: Perform a discovery on 10.41.0.155 and show available target nodes # community.general.open_iscsi: # show_nodes: true # discover: true - # ip: 172.16.70.155 + # ip: 10.41.0.155 # - name: Connect to the named target, after updating the local persistent database (cache) # community.general.open_iscsi: diff --git a/docs/src/notes/nas.md b/docs/src/notes/nas.md index 35fbd08f2f..014b5867bd 100644 --- a/docs/src/notes/nas.md +++ b/docs/src/notes/nas.md @@ -40,10 +40,10 @@ Outside of using [Ansible](https://github.com/ansible/ansible) for configuring t 2. Share dataset over NFS ```sh sudo zfs set \ - sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@172.16.70.0/24,rw=@192.168.1.0/24,ro=192.168.150.21,ro=192.168.150.28" \ + sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@10.41.0.0/24,rw=@192.168.1.0/24,ro=192.168.150.21,ro=192.168.150.28" \ nfs/Media sudo zfs set \ - sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@172.16.70.0/24,rw=@192.168.1.0/24" \ + sharenfs="no_subtree_check,all_squash,anonuid=568,anongid=100,rw=@10.41.0.0/24,rw=@192.168.1.0/24" \ nfs/Apps/MinIO ``` @@ -87,7 +87,7 @@ Outside of using [Ansible](https://github.com/ansible/ansible) for configuring t 1. Add or replace file `/etc/exports.d/local.exports` ```text /share/PVCs 192.168.1.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100) - /share/PVCs 172.16.70.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100) + /share/PVCs 10.41.0.0/24(sec=sys,rw,no_subtree_check,all_squash,anonuid=568,anongid=100) ``` 2. Dataset Permissions diff --git a/docs/src/notes/opnsense.md b/docs/src/notes/opnsense.md index c9e071f71a..5383783267 100644 --- a/docs/src/notes/opnsense.md +++ b/docs/src/notes/opnsense.md @@ -7,12 +7,12 @@ Instead of using Metallb for L2/L3 load balancer IPs I am using the Kubernetes C 1. Routing > BPG | General 1. `enable` = `true` 2. `BGP AS Number` = `64512` - 3. `Network` = `172.16.70.0/24` (Subnet your Kubernetes nodes are on) + 3. `Network` = `10.41.0.0/24` (Subnet your Kubernetes nodes are on) 4. Save 2. Routing > BGP | Neighbors - Add a neighbor for each Kubernetes node 1. `Enabled` = `true` - 2. `Peer-IP` = `172.16.70.x` (Kubernetes Node IP) + 2. `Peer-IP` = `10.41.0.x` (Kubernetes Node IP) 3. `Remote AS` = `64512` 4. `Update-Source Interface` = `HOME_SERVER` (VLAN of Kubernetes nodes) 5. Save @@ -39,7 +39,7 @@ While kube-vip is very nice for having a API server ready to go and running in y - Add a server for each **master node** in your Kubernetes cluster 1. `Enabled` = `true` 2. `Name or Prefix` = `k8s-apiserver-x` - 3. `FQDN or IP` = `172.16.70.x` + 3. `FQDN or IP` = `10.41.0.x` 4. `Port` = `6443` 5. `Verify SSL Certificate` = `false` 6. Apply/Save diff --git a/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml b/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml index 11550d9059..7a14387b94 100644 --- a/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml +++ b/kubernetes/apps/tigera-operator/tigera-operator/app/configmap.yaml @@ -5,5 +5,5 @@ metadata: name: kubernetes-services-endpoint namespace: tigera-operator data: - KUBERNETES_SERVICE_HOST: "172.16.70.30" + KUBERNETES_SERVICE_HOST: "10.41.0.30" KUBERNETES_SERVICE_PORT: "6443" diff --git a/kubernetes/flux/vars/cluster-settings.yml b/kubernetes/flux/vars/cluster-settings.yml index 18b26d5ff6..4bef0e20b9 100644 --- a/kubernetes/flux/vars/cluster-settings.yml +++ b/kubernetes/flux/vars/cluster-settings.yml @@ -1,11 +1,10 @@ ---- apiVersion: v1 kind: ConfigMap metadata: namespace: flux-system name: cluster-settings data: - NET_NODE_CIDR: "172.16.70.0/24" + NET_NODE_CIDR: "10.41.0.0/24" NET_POD_CIDR: "10.42.0.0/16" NET_SVC_CIDR: "10.43.0.0/16" NET_EIP_CIDR: "192.168.69.0/24"