Compare commits
3 commits
49d6ed1a1e
...
56126baab4
Author | SHA1 | Date | |
---|---|---|---|
|
56126baab4 | ||
51100a76cc | |||
417bdccf18 |
7 changed files with 9 additions and 81 deletions
|
@ -4,7 +4,7 @@
|
||||||
set container network containers prefix '10.5.0.0/24'
|
set container network containers prefix '10.5.0.0/24'
|
||||||
|
|
||||||
# haproxy-k8s-api
|
# haproxy-k8s-api
|
||||||
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.1'
|
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.2'
|
||||||
set container name haproxy-k8s-api memory '0'
|
set container name haproxy-k8s-api memory '0'
|
||||||
set container name haproxy-k8s-api network containers address '10.5.0.2'
|
set container name haproxy-k8s-api network containers address '10.5.0.2'
|
||||||
set container name haproxy-k8s-api restart 'on-failure'
|
set container name haproxy-k8s-api restart 'on-failure'
|
||||||
|
@ -14,7 +14,7 @@ set container name haproxy-k8s-api volume config destination '/usr/local/etc/hap
|
||||||
set container name haproxy-k8s-api volume config mode 'ro'
|
set container name haproxy-k8s-api volume config mode 'ro'
|
||||||
|
|
||||||
# haproxy-k3s-api
|
# haproxy-k3s-api
|
||||||
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.1'
|
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.2'
|
||||||
set container name haproxy-k3s-api memory '0'
|
set container name haproxy-k3s-api memory '0'
|
||||||
set container name haproxy-k3s-api network containers address '10.5.0.3'
|
set container name haproxy-k3s-api network containers address '10.5.0.3'
|
||||||
set container name haproxy-k3s-api restart 'on-failure'
|
set container name haproxy-k3s-api restart 'on-failure'
|
||||||
|
|
|
@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
|
||||||
set firewall ipv4 name containers-local default-action 'drop'
|
set firewall ipv4 name containers-local default-action 'drop'
|
||||||
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
|
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
|
||||||
set firewall ipv4 name containers-local default-log
|
set firewall ipv4 name containers-local default-log
|
||||||
|
set firewall ipv4 name containers-local rule 40 action 'accept'
|
||||||
|
set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
|
||||||
|
set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
|
||||||
|
set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
|
||||||
set firewall ipv4 name containers-local rule 50 action 'accept'
|
set firewall ipv4 name containers-local rule 50 action 'accept'
|
||||||
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
|
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
|
||||||
set firewall ipv4 name containers-local rule 50 destination port '67,68'
|
set firewall ipv4 name containers-local rule 50 destination port '67,68'
|
||||||
|
|
|
@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
||||||
|
|
||||||
# k8s prod workers
|
# k8s prod workers
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
|
||||||
|
@ -65,8 +65,6 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
|
||||||
# VMs
|
# VMs
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
|
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
|
|
||||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
|
|
||||||
|
|
||||||
|
|
||||||
# k8s prod masters
|
# k8s prod masters
|
||||||
|
|
1
containers/.gitignore
vendored
1
containers/.gitignore
vendored
|
@ -7,6 +7,5 @@
|
||||||
!/bind/
|
!/bind/
|
||||||
!/dnsdist/
|
!/dnsdist/
|
||||||
!/haproxy/
|
!/haproxy/
|
||||||
!/haproxy-k3s/
|
|
||||||
!/unifi/
|
!/unifi/
|
||||||
!/vector-agent/
|
!/vector-agent/
|
||||||
|
|
9
containers/haproxy-k3s/.gitignore
vendored
9
containers/haproxy-k3s/.gitignore
vendored
|
@ -1,9 +0,0 @@
|
||||||
# Ignore everything
|
|
||||||
/*
|
|
||||||
|
|
||||||
# Track certain files and directories
|
|
||||||
!.gitignore
|
|
||||||
|
|
||||||
!/config/
|
|
||||||
/config/*
|
|
||||||
!/config/haproxy.cfg
|
|
|
@ -1,48 +0,0 @@
|
||||||
#---------------------------------------------------------------------
|
|
||||||
# Global settings
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
global
|
|
||||||
log /dev/log local0
|
|
||||||
log /dev/log local1 notice
|
|
||||||
daemon
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
# common defaults that all the 'listen' and 'backend' sections will
|
|
||||||
# use if not designated in their block
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
defaults
|
|
||||||
mode http
|
|
||||||
log global
|
|
||||||
option httplog
|
|
||||||
option dontlognull
|
|
||||||
option http-server-close
|
|
||||||
option forwardfor except 127.0.0.0/8
|
|
||||||
option redispatch
|
|
||||||
retries 3
|
|
||||||
timeout http-request 10s
|
|
||||||
timeout queue 20s
|
|
||||||
timeout connect 10s
|
|
||||||
timeout client 1h
|
|
||||||
timeout server 1h
|
|
||||||
timeout http-keep-alive 10s
|
|
||||||
timeout check 10s
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
# apiserver frontend which proxys to the control plane nodes
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
frontend k8s_apiserver
|
|
||||||
bind *:6443
|
|
||||||
mode tcp
|
|
||||||
option tcplog
|
|
||||||
default_backend k8s_controlplane
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
# round robin balancing for apiserver
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
backend k8s_controlplane
|
|
||||||
option httpchk GET /healthz
|
|
||||||
http-check expect status 200
|
|
||||||
mode tcp
|
|
||||||
option ssl-hello-chk
|
|
||||||
balance roundrobin
|
|
||||||
server worker2 10.1.1.55:6443 check
|
|
|
@ -34,13 +34,7 @@ frontend k8s_apiserver
|
||||||
bind *:6443
|
bind *:6443
|
||||||
mode tcp
|
mode tcp
|
||||||
option tcplog
|
option tcplog
|
||||||
default_backend k8s_controlplane
|
default_backend k8s_controlplane
|
||||||
|
|
||||||
frontend talos_apiserver
|
|
||||||
bind *:50000
|
|
||||||
mode tcp
|
|
||||||
option tcplog
|
|
||||||
default_backend talos_controlplane
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
#---------------------------------------------------------------------
|
||||||
# round robin balancing for apiserver
|
# round robin balancing for apiserver
|
||||||
|
@ -53,14 +47,4 @@ backend k8s_controlplane
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
server worker1 10.1.1.61:6443 check
|
server worker1 10.1.1.61:6443 check
|
||||||
server worker2 10.1.1.62:6443 check
|
server worker2 10.1.1.62:6443 check
|
||||||
server worker3 10.1.1.63:6443 check
|
server worker3 10.1.1.63:6443 check
|
||||||
|
|
||||||
backend talos_controlplane
|
|
||||||
option httpchk GET /healthz
|
|
||||||
http-check expect status 200
|
|
||||||
mode tcp
|
|
||||||
option ssl-hello-chk
|
|
||||||
balance roundrobin
|
|
||||||
server worker1 10.1.1.61:50000 check
|
|
||||||
server worker2 10.1.1.62:50000 check
|
|
||||||
server worker3 10.1.1.63:50000 check
|
|
||||||
|
|
Reference in a new issue