From 4339d0104352d1e15cbd15372e7df733b736f25a Mon Sep 17 00:00:00 2001 From: Denis Patrakeev Date: Sat, 11 Jan 2025 02:16:15 +0300 Subject: [PATCH] =?UTF-8?q?[DO-1431]=20=D0=A1onfigure=20kube-vip=20(!4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DO-1431 Co-authored-by: denis.patrakeev Reviewed-on: https://git.avroid.tech/K8s/k8s-deploy/pulls/4 --- .../k8s-avroid-office.prod.local/README.md | 4 ++++ .../group_vars/k8s_cluster/addons.yml | 18 +++++++++--------- .../group_vars/k8s_cluster/k8s-cluster.yml | 2 +- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/env/avroid_prod/k8s-avroid-office.prod.local/README.md b/env/avroid_prod/k8s-avroid-office.prod.local/README.md index 90bb536..93d4862 100644 --- a/env/avroid_prod/k8s-avroid-office.prod.local/README.md +++ b/env/avroid_prod/k8s-avroid-office.prod.local/README.md @@ -27,6 +27,7 @@ | Диски | k8s-control-0X: /data вынесен на отдельные блочное устройства с ext4 | | Диски | k8s-worker/build-0X: /var/lib/kubelet/pods вынесен на отдельные блочное устройства с XFS | | HA | API Server | +| HA | kube-vip c VIP 10.2.20.30 (k8s-avroid-office-prod.avroid.tech) | | Ingress | Nginx ingress controller 80 --> 30080 (k8s-worker-0X), 443 --> 30081 (k8s-worker-0X) | | Ingress | Работает только на нодах с кастомной меткой `node-role.kubernetes.io/ingress-nginx:true` | | Дополнительные сервисы | Helm, Metrics Server, Cert manager, netchecker | @@ -49,6 +50,9 @@ http://:31081/api/v1/connectivity_check http://:31081/metrics +### kube-vip +Поднят VIP 10.2.20.30 между управляющими нодами, для того чтобы обеспечить отказоустойчивый доступ до API кластера + ## Подготовка окружения для развёртывания и развёртывание diff --git a/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/addons.yml b/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/addons.yml index 108285d..02ab22c 100644 --- a/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/addons.yml +++ b/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/addons.yml @@ -260,15 +260,15 @@ krew_enabled: true krew_root_dir: "/usr/local/krew" # Kube VIP -kube_vip_enabled: false -# kube_vip_arp_enabled: true -# kube_vip_controlplane_enabled: true -# kube_vip_address: 192.168.56.120 -# loadbalancer_apiserver: -# address: "{{ kube_vip_address }}" -# port: 6443 -# kube_vip_interface: eth0 -# kube_vip_services_enabled: false +kube_vip_enabled: true +kube_vip_arp_enabled: true +kube_vip_controlplane_enabled: true +kube_vip_address: 10.2.20.30 +loadbalancer_apiserver: + address: "{{ kube_vip_address }}" + port: 6443 +kube_vip_interface: eth0 +kube_vip_services_enabled: false # kube_vip_dns_mode: first # kube_vip_cp_detect: false # kube_vip_leasename: plndr-cp-lock diff --git a/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/k8s-cluster.yml b/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/k8s-cluster.yml index 68872a1..77fb23f 100644 --- a/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/k8s-cluster.yml +++ b/env/avroid_prod/k8s-avroid-office.prod.local/inventory/group_vars/k8s_cluster/k8s-cluster.yml @@ -126,7 +126,7 @@ kube_proxy_mode: ipvs # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface # must be set to true for MetalLB, kube-vip(ARP enabled) to work -kube_proxy_strict_arp: false +kube_proxy_strict_arp: true # A string slice of values which specify the addresses to use for NodePorts. # Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).