From d6d4b90a7481a804ddfa899866822408e2dd8b15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20=C5=98ezn=C3=AD=C4=8Dek?= <246254@mail.muni.cz> Date: Mon, 1 Jul 2024 14:34:20 +0200 Subject: [PATCH] fix: add note on functional Calico networking modes --- ansible/group_vars/k8s_cluster/addons.yml | 37 ------------------- .../group_vars/k8s_cluster/k8s-cluster.yml | 3 -- .../k8s_cluster/k8s-net-calico.yaml | 23 ++++++++++-- 3 files changed, 20 insertions(+), 43 deletions(-) diff --git a/ansible/group_vars/k8s_cluster/addons.yml b/ansible/group_vars/k8s_cluster/addons.yml index e8dd6c4..b75fbbb 100644 --- a/ansible/group_vars/k8s_cluster/addons.yml +++ b/ansible/group_vars/k8s_cluster/addons.yml @@ -4,43 +4,6 @@ helm_enabled: true # Metrics Server deployment metrics_server_enabled: true -# metrics_server_container_port: 10250 -# metrics_server_kubelet_insecure_tls: true -# metrics_server_metric_resolution: 15s -# metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname" -# metrics_server_host_network: false -# metrics_server_replicas: 1 # Nginx ingress controller deployment ingress_nginx_enabled: false -#ingress_nginx_host_network: true -# ingress_nginx_service_type: LoadBalancer -# ingress_nginx_host_network: false -#ingress_publish_status_address: "" -# ingress_nginx_nodeselector: -# kubernetes.io/os: "linux" -# ingress_nginx_tolerations: -# - key: "node-role.kubernetes.io/master" -# operator: "Equal" -# value: "" -# effect: "NoSchedule" -# - key: "node-role.kubernetes.io/control-plane" -# operator: "Equal" -# value: "" -# effect: "NoSchedule" -# ingress_nginx_namespace: "ingress-nginx" -# ingress_nginx_insecure_port: 80 -# ingress_nginx_secure_port: 443 -# ingress_nginx_configmap: -# map-hash-bucket-size: "128" -# ssl-protocols: "TLSv1.2 TLSv1.3" -# ingress_nginx_configmap_tcp_services: -# 9000: "default/example-go:8080" -# ingress_nginx_configmap_udp_services: -# 53: "kube-system/coredns:53" -# ingress_nginx_extra_args: -# - --default-ssl-certificate=default/foo-tls -# ingress_nginx_termination_grace_period_seconds: 300 -# ingress_nginx_class: nginx -# ingress_nginx_without_class: true -# ingress_nginx_default: false diff --git a/ansible/group_vars/k8s_cluster/k8s-cluster.yml b/ansible/group_vars/k8s_cluster/k8s-cluster.yml index 166ee4e..2717dff 100644 --- a/ansible/group_vars/k8s_cluster/k8s-cluster.yml +++ b/ansible/group_vars/k8s_cluster/k8s-cluster.yml @@ -5,6 +5,3 @@ kube_version: v1.24.17 # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface # must be set to true for MetalLB, kube-vip(ARP enabled) to work kube_proxy_strict_arp: true - -# pod security policy (RBAC must be enabled either by having 'RBAC' in authorization_modes or kubeadm enabled) -#podsecuritypolicy_enabled: false \ No newline at end of file diff --git a/ansible/group_vars/k8s_cluster/k8s-net-calico.yaml b/ansible/group_vars/k8s_cluster/k8s-net-calico.yaml index 94f33df..d864407 100644 --- a/ansible/group_vars/k8s_cluster/k8s-net-calico.yaml +++ b/ansible/group_vars/k8s_cluster/k8s-net-calico.yaml @@ -12,17 +12,34 @@ calico_pool_blocksize: 26 # - Otherwise, if VXLAN or BPF mode is enabled, subtract 50 from your network MTU (i.e. 1500-50=1450) # - Otherwise, if IPIP is enabled, subtract 20 from your network MTU (i.e. 1500-20=1480) # - Otherwise, if not using any encapsulation, set to your network MTU (i.e. 1500) -calico_veth_mtu: 1450 +#calico_veth_mtu: 1450 +calico_veth_mtu: 8900 # Choose Calico iptables backend: "Legacy", "Auto" or "NFT" calico_iptables_backend: "NFT" +# Option 1: VxLAN Always, slowest but found functional well +# --------------------------------------------------------- # Set calico network backend: "bird", "vxlan" or "none" # bird enable BGP routing, required for ipip and no encapsulation modes calico_network_backend: vxlan - # set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never" -calico_vxlan_mode: 'CrossSubnet' +calico_vxlan_mode: 'Always' + +# Option 2: No overlay, to be tested +# ------------------------------------------------------------------- +## Set calico network backend: "bird", "vxlan" or "none" +## bird enable BGP routing, required for ipip and no encapsulation modes +#calico_network_backend: none + +# Option 3: VxLAN CrossSubnet, does not work at all in 3.25.1 version +# ------------------------------------------------------------------- +## Set calico network backend: "bird", "vxlan" or "none" +## bird enable BGP routing, required for ipip and no encapsulation modes +#calico_network_backend: vxlan +## set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never" +#calico_vxlan_mode: 'CrossSubnet' + # set VXLAN port and VNI # calico_vxlan_vni: 4096 -- GitLab