From 0ed38aca0eae2f2136f205ed584540350675a865 Mon Sep 17 00:00:00 2001 From: Bjoern Teipel Date: Tue, 23 Jan 2024 15:56:56 +0000 Subject: [PATCH] Adding cert-manager for openstack-enterprise - Also adding nfs-client for nfs-provisioner tests --- .../group_vars/k8s_cluster/addons.yml | 69 ++++++++++--------- .../group_vars/k8s_cluster/k8s-cluster.yml | 2 +- roles/host_setup/vars/ubuntu.yml | 1 + 3 files changed, 37 insertions(+), 35 deletions(-) diff --git a/openstack-enterprise/group_vars/k8s_cluster/addons.yml b/openstack-enterprise/group_vars/k8s_cluster/addons.yml index f531406a..37c96df5 100644 --- a/openstack-enterprise/group_vars/k8s_cluster/addons.yml +++ b/openstack-enterprise/group_vars/k8s_cluster/addons.yml @@ -7,11 +7,12 @@ helm_enabled: true # Registry deployment -registry_enabled: true -registry_port: 5010 #Don't overlap with keystone on port 5000 +registry_enabled: false +registry_port: 5050 #Don't overlap with keystone on port 5000 registry_namespace: kube-system -# registry_storage_class: "" +registry_storage_class: "general" registry_disk_size: "50Gi" +registry_service_type: "LoadBalancer" # Metrics Server deployment metrics_server_enabled: true @@ -134,8 +135,8 @@ ingress_alb_enabled: false # alb_ingress_aws_debug: "false" # Cert manager deployment -cert_manager_enabled: false -# cert_manager_namespace: "cert-manager" +cert_manager_enabled: true +cert_manager_namespace: "cert-manager" # cert_manager_tolerations: # - key: node-role.kubernetes.io/control-plane # effect: NoSchedule @@ -158,45 +159,45 @@ cert_manager_enabled: false # -----END CERTIFICATE----- # cert_manager_leader_election_namespace: kube-system -# cert_manager_dns_policy: "ClusterFirst" -# cert_manager_dns_config: -# nameservers: -# - "1.1.1.1" -# - "8.8.8.8" +cert_manager_dns_policy: "ClusterFirst" +cert_manager_dns_config: + nameservers: + - "1.1.1.1" + - "1.0.0.1" # cert_manager_controller_extra_args: # - "--dns01-recursive-nameservers-only=true" # - "--dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53" # MetalLB deployment -metallb_enabled: false +metallb_enabled: true metallb_speaker_enabled: "{{ metallb_enabled }}" # metallb_version: v0.13.9 -# metallb_protocol: "layer2" +metallb_protocol: "layer2" # metallb_port: "7472" # metallb_memberlist_port: "7946" -# metallb_config: -# speaker: -# nodeselector: -# kubernetes.io/os: "linux" -# tollerations: -# - key: "node-role.kubernetes.io/control-plane" -# operator: "Equal" -# value: "" -# effect: "NoSchedule" -# controller: -# nodeselector: -# kubernetes.io/os: "linux" -# tolerations: -# - key: "node-role.kubernetes.io/control-plane" -# operator: "Equal" -# value: "" -# effect: "NoSchedule" -# address_pools: -# primary: -# ip_range: -# - 10.5.0.0/16 -# auto_assign: true + metallb_config: + speaker: + nodeselector: + kubernetes.io/os: "linux" + tollerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + controller: + nodeselector: + kubernetes.io/os: "linux" + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + address_pools: + primary: + ip_range: + - 10.240.3.0/24 + auto_assign: true # pool1: # ip_range: # - 10.6.0.0/16 diff --git a/openstack-enterprise/group_vars/k8s_cluster/k8s-cluster.yml b/openstack-enterprise/group_vars/k8s_cluster/k8s-cluster.yml index 1b0069dd..44ae486d 100644 --- a/openstack-enterprise/group_vars/k8s_cluster/k8s-cluster.yml +++ b/openstack-enterprise/group_vars/k8s_cluster/k8s-cluster.yml @@ -126,7 +126,7 @@ kube_proxy_mode: ipvs # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface # must be set to true for MetalLB, kube-vip(ARP enabled) to work -kube_proxy_strict_arp: false +kube_proxy_strict_arp: true #MetalLB is deployed # A string slice of values which specify the addresses to use for NodePorts. # Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). diff --git a/roles/host_setup/vars/ubuntu.yml b/roles/host_setup/vars/ubuntu.yml index df3b0715..39c3b0bb 100644 --- a/roles/host_setup/vars/ubuntu.yml +++ b/roles/host_setup/vars/ubuntu.yml @@ -54,6 +54,7 @@ _host_distro_packages: - time - vlan - wget + - nfs-client _hosts_package_list: - name: ubuntu-cloud-keyring