talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Enable ipv4 and tunnel routing.

Browse Source
This commit is contained in:
Tom Alexander 2025-12-29 17:00:23 -05:00 committed by Tom Alexander
parent 6d38265412
commit f62e36b5af
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
5 changed files with 37 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nix/kubernetes/README.org
View File

@ -23,14 +23,16 @@
--set k8sServiceHost="2620:11f:7001:7:ffff:ffff:ad7:1dd" \ --set k8sServiceHost="2620:11f:7001:7:ffff:ffff:ad7:1dd" \
--set k8sServicePort=6443 \ --set k8sServicePort=6443 \
--set ipv6.enabled=true \ --set ipv6.enabled=true \
--set ipv4.enabled=false \ --set ipv4.enabled=true
--set enableIPv4BIGTCP=false \ # --set enableIPv6Masquerade=false
--set enableIPv6BIGTCP=true \ # --set enableIPv4BIGTCP=true \
--set routingMode=native \ # --set enableIPv6BIGTCP=true
--set ipv4NativeRoutingCIDR=10.0.0.0/8 \ # --set routingMode=native \
--set ipv6NativeRoutingCIDR=fd00::/100 # --set ipv4NativeRoutingCIDR=10.0.0.0/8 \
# --set ipv6NativeRoutingCIDR=fd00::/100
kubectl -n kube-system exec ds/cilium -- cilium-dbg status --verbose kubec
tl -n kube-system exec ds/cilium -- cilium-dbg status --verbose
kubectl -n kube-system exec ds/cilium -- cilium-dbg status | grep KubeProxyReplacement kubectl -n kube-system exec ds/cilium -- cilium-dbg status | grep KubeProxyReplacement
# --set hostFirewall.enabled=true # --set hostFirewall.enabled=true
@ -40,6 +42,11 @@
# --set ipv6-native-routing-cidr=fd00::/100 # --set ipv6-native-routing-cidr=fd00::/100
# --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \ # --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \
# --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \ # --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \
# --set encryption.enabled=true \
# --set encryption.type=wireguard
# --set encryption.nodeEncryption=true
#+end_src #+end_src
** Install flux ** Install flux
#+begin_src bash #+begin_src bash

39
nix/kubernetes/keys/package/bootstrap-script/files/manifests/cilium.yaml
View File

File diff suppressed because one or more lines are too long

2
nix/kubernetes/roles/kube_apiserver/default.nix
View File

@ -84,7 +84,7 @@ in
"--tls-cert-file=/.persist/keys/kube/kube-api-server.crt" "--tls-cert-file=/.persist/keys/kube/kube-api-server.crt"
"--tls-private-key-file=/.persist/keys/kube/kube-api-server.key" "--tls-private-key-file=/.persist/keys/kube/kube-api-server.key"
"--tls-min-version=VersionTLS13" "--tls-min-version=VersionTLS13"
"--service-cluster-ip-range=fd00:3e42:e349::/112" "--service-cluster-ip-range=fd00:3e42:e349::/112,10.197.0.0/16"
"--v=2" "--v=2"
# OLD: # OLD:

4
nix/kubernetes/roles/kube_controller_manager/default.nix
View File

@ -40,7 +40,7 @@ in
# "--cluster-cidr=10.200.0.0/16" # "--cluster-cidr=10.200.0.0/16"
# "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/16" # "--cluster-cidr=2620:11f:7001:7:ffff:ffff:0ac8:0000/16"
"--allocate-node-cidrs=true" "--allocate-node-cidrs=true"
"--cluster-cidr=fd49:0595:2bba::/48" "--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
"--cluster-name=kubernetes" "--cluster-name=kubernetes"
"--cluster-signing-cert-file=/.persist/keys/kube/ca.crt" "--cluster-signing-cert-file=/.persist/keys/kube/ca.crt"
"--cluster-signing-key-file=/.persist/keys/kube/ca.key" "--cluster-signing-key-file=/.persist/keys/kube/ca.key"
@ -49,7 +49,7 @@ in
"--service-account-private-key-file=/.persist/keys/kube/service-accounts.key" "--service-account-private-key-file=/.persist/keys/kube/service-accounts.key"
# "--service-cluster-ip-range=10.197.0.0/16" # "--service-cluster-ip-range=10.197.0.0/16"
# "--service-cluster-ip-range=2620:11f:7001:7:ffff:ffff:0ac5:0000/16" # "--service-cluster-ip-range=2620:11f:7001:7:ffff:ffff:0ac5:0000/16"
"--service-cluster-ip-range=fd00:3e42:e349::/112" "--service-cluster-ip-range=10.197.0.0/16,fd00:3e42:e349::/112"
"--use-service-account-credentials=true" "--use-service-account-credentials=true"
"--v=2" "--v=2"
] ]

4
nix/kubernetes/roles/kube_proxy/default.nix
View File

@ -33,7 +33,7 @@ in
mode = "iptables"; mode = "iptables";
# clusterCIDR = "10.200.0.0/16"; # clusterCIDR = "10.200.0.0/16";
# clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16"; # clusterCIDR = "2620:11f:7001:7:ffff:ffff:0ac8:0000/16";
clusterCIDR = "fd49:0595:2bba::/48"; clusterCIDR = "10.200.0.0/16,fd49:0595:2bba::/48";
}; };
description = '' description = ''
kubelet-config.yaml kubelet-config.yaml
@ -57,7 +57,7 @@ in
"${pkgs.kubernetes}/bin/kube-proxy" "${pkgs.kubernetes}/bin/kube-proxy"
"--config=${config_file}" "--config=${config_file}"
"--nodeport-addresses=primary" "--nodeport-addresses=primary"
"--cluster-cidr=fd49:0595:2bba::/48" "--cluster-cidr=10.200.0.0/16,fd49:0595:2bba::/48"
] ]
); );
Restart = "on-failure"; Restart = "on-failure";