talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable ipv4 and tunnel routing.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-29 17:00:23 -05:00 committed by Tom Alexander
parent 6d38265412
commit f62e36b5af
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
5 changed files with 37 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nix/kubernetes/README.org
View File

@ -23,14 +23,16 @@
--set k8sServiceHost="2620:11f:7001:7:ffff:ffff:ad7:1dd" \
--set k8sServicePort=6443 \
--set ipv6.enabled=true \
--set ipv4.enabled=false \
--set enableIPv4BIGTCP=false \
--set enableIPv6BIGTCP=true \
--set routingMode=native \
--set ipv4NativeRoutingCIDR=10.0.0.0/8 \
--set ipv6NativeRoutingCIDR=fd00::/100
--set ipv4.enabled=true
# --set enableIPv6Masquerade=false
# --set enableIPv4BIGTCP=true \
# --set enableIPv6BIGTCP=true
# --set routingMode=native \
# --set ipv4NativeRoutingCIDR=10.0.0.0/8 \
# --set ipv6NativeRoutingCIDR=fd00::/100
kubectl -n kube-system exec ds/cilium -- cilium-dbg status --verbose
kubec
tl -n kube-system exec ds/cilium -- cilium-dbg status --verbose
kubectl -n kube-system exec ds/cilium -- cilium-dbg status | grep KubeProxyReplacement
# --set hostFirewall.enabled=true
@ -40,6 +42,11 @@
# --set ipv6-native-routing-cidr=fd00::/100
# --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \
# --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \
# --set encryption.enabled=true \
# --set encryption.type=wireguard
# --set encryption.nodeEncryption=true
#+end_src
** Install flux
#+begin_src bash

39
nix/kubernetes/keys/package/bootstrap-script/files/manifests/cilium.yaml
View File

File diff suppressed because one or more lines are too long

2
nix/kubernetes/roles/kube_apiserver/default.nix
View File

@ -84,7 +84,7 @@ in
"--tls-cert-file=/.persist/keys/kube/kube-api-server.crt"
"--tls-private-key-file=/.persist/keys/kube/kube-api-server.key"
"--tls-min-version=VersionTLS13"
"--service-cluster-ip-range=fd00:3e42:e349::/112"
"--service-cluster-ip-range=fd00:3e42:e349::/112,10.197.0.0/16"
"--v=2"
# OLD:

4
nix/kubernetes/roles/kube_controller_manager/default.nix
View File

@ -40,7 +40,7 @@ in
# "--cluster-cidr=10.200.0.0/16"
# "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/16"
"--allocate-node-cidrs=true"
"--cluster-cidr=fd49:0595:2bba::/48"
"--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
"--cluster-name=kubernetes"
"--cluster-signing-cert-file=/.persist/keys/kube/ca.crt"
"--cluster-signing-key-file=/.persist/keys/kube/ca.key"
@ -49,7 +49,7 @@ in
"--service-account-private-key-file=/.persist/keys/kube/service-accounts.key"
# "--service-cluster-ip-range=10.197.0.0/16"
# "--service-cluster-ip-range=2620:11f:7001:7:ffff:ffff:0ac5:0000/16"
"--service-cluster-ip-range=fd00:3e42:e349::/112"
"--service-cluster-ip-range=10.197.0.0/16,fd00:3e42:e349::/112"
"--use-service-account-credentials=true"
"--v=2"
]

4
nix/kubernetes/roles/kube_proxy/default.nix
View File

@ -33,7 +33,7 @@ in
mode = "iptables";
# clusterCIDR = "10.200.0.0/16";
# clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16";
clusterCIDR = "fd49:0595:2bba::/48";
clusterCIDR = "10.200.0.0/16,fd49:0595:2bba::/48";
};
description = ''
kubelet-config.yaml
@ -57,7 +57,7 @@ in
"${pkgs.kubernetes}/bin/kube-proxy"
"--config=${config_file}"
"--nodeport-addresses=primary"
"--cluster-cidr=fd49:0595:2bba::/48"
"--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
]
);
Restart = "on-failure";