jahanson/vyos-config
Archived
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity

Compare commits

base: jahanson:49d6ed1a1e2ced5680a1aafbdd8719c2f7a9c0f0
Branches Tags
jahanson:main
jahanson:renovate/quay.io-prometheus-node-exporter-1.x
..
compare: jahanson:56126baab4b377dad4750d2f914ae8eb1bdacd96
Branches Tags
jahanson:renovate/quay.io-prometheus-node-exporter-1.x
jahanson:main

3 commits
49d6ed1a1e ... 56126baab4

Author SHA1 Message Date
smeagol-help
56126baab4 fix(container): update image docker.io/library/haproxy ( 2.9.0 → 2.9.2 ) 
| datasource | package                   | from  | to    |
| ---------- | ------------------------- | ----- | ----- |
| docker     | docker.io/library/haproxy | 2.9.0 | 2.9.2 |
 2024-01-13 02:02:35 +00:00
Joseph Hanson
51100a76cc enable dns from containers --> local 2024-01-12 13:16:37 -06:00
Joseph Hanson
417bdccf18 Talos --> k3s 2024-01-11 14:46:50 -06:00
7 changed files with 9 additions and 81 deletions
Show stats Expand all files Collapse all files

4
config-parts/container.sh
View file

@ -4,7 +4,7 @@
set container network containers prefix '10.5.0.0/24' set container network containers prefix '10.5.0.0/24'
# haproxy-k8s-api # haproxy-k8s-api
set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.1' set container name haproxy-k8s-api image 'docker.io/library/haproxy:2.9.2'
set container name haproxy-k8s-api memory '0' set container name haproxy-k8s-api memory '0'
set container name haproxy-k8s-api network containers address '10.5.0.2' set container name haproxy-k8s-api network containers address '10.5.0.2'
set container name haproxy-k8s-api restart 'on-failure' set container name haproxy-k8s-api restart 'on-failure'
@ -14,7 +14,7 @@ set container name haproxy-k8s-api volume config destination '/usr/local/etc/hap
set container name haproxy-k8s-api volume config mode 'ro' set container name haproxy-k8s-api volume config mode 'ro'
# haproxy-k3s-api # haproxy-k3s-api
set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.1' set container name haproxy-k3s-api image 'docker.io/library/haproxy:2.9.2'
set container name haproxy-k3s-api memory '0' set container name haproxy-k3s-api memory '0'
set container name haproxy-k3s-api network containers address '10.5.0.3' set container name haproxy-k3s-api network containers address '10.5.0.3'
set container name haproxy-k3s-api restart 'on-failure' set container name haproxy-k3s-api restart 'on-failure'

4
config-parts/firewall-ipv4.sh
View file

@ -413,6 +413,10 @@ set firewall ipv4 name containers-lan rule 999 log
set firewall ipv4 name containers-local default-action 'drop' set firewall ipv4 name containers-local default-action 'drop'
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL' set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
set firewall ipv4 name containers-local default-log set firewall ipv4 name containers-local default-log
set firewall ipv4 name containers-local rule 40 action 'accept'
set firewall ipv4 name containers-local rule 40 description 'Rule: accept_dns'
set firewall ipv4 name containers-local rule 40 destination port 'domain,domain-s'
set firewall ipv4 name containers-local rule 40 protocol 'tcp_udp'
set firewall ipv4 name containers-local rule 50 action 'accept' set firewall ipv4 name containers-local rule 50 action 'accept'
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp' set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
set firewall ipv4 name containers-local rule 50 destination port '67,68' set firewall ipv4 name containers-local rule 50 destination port '67,68'

4
config-parts/service-dhcp_server.sh
View file

@ -45,7 +45,7 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# k8s prod workers # k8s prod workers
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya ip-address '10.1.1.41'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address 'c8:1f:66:10:4d:b9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping nenya mac-address '00:a0:98:1a:5e:ed'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya ip-address '10.1.1.42'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping vilya mac-address 'c8:1f:66:10:51:d9'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping gollum ip-address '10.1.1.43'
@ -65,8 +65,6 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-ma
# VMs # VMs
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas ip-address '10.1.1.53'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36' set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping tulkas mac-address '26:82:2F:16:7A:36'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee ip-address '10.1.1.55'
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping qbee mac-address '00:a0:98:00:a6:72'
# k8s prod masters # k8s prod masters

1
containers/.gitignore vendored
View file

@ -7,6 +7,5 @@
!/bind/ !/bind/
!/dnsdist/ !/dnsdist/
!/haproxy/ !/haproxy/
!/haproxy-k3s/
!/unifi/ !/unifi/
!/vector-agent/ !/vector-agent/

9
containers/haproxy-k3s/.gitignore vendored
View file

@ -1,9 +0,0 @@
# Ignore everything
/*
# Track certain files and directories
!.gitignore
!/config/
/config/*
!/config/haproxy.cfg

48
containers/haproxy-k3s/config/haproxy.cfg
View file

@ -1,48 +0,0 @@
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 20s
timeout connect 10s
timeout client 1h
timeout server 1h
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend k8s_apiserver
bind *:6443
mode tcp
option tcplog
default_backend k8s_controlplane
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend k8s_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker2 10.1.1.55:6443 check

20
containers/haproxy/config/haproxy.cfg
View file

@ -34,13 +34,7 @@ frontend k8s_apiserver
bind *:6443 bind *:6443
mode tcp mode tcp
option tcplog option tcplog
default_backend k8s_controlplane default_backend k8s_controlplane
frontend talos_apiserver
bind *:50000
mode tcp
option tcplog
default_backend talos_controlplane
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# round robin balancing for apiserver # round robin balancing for apiserver
@ -53,14 +47,4 @@ backend k8s_controlplane
balance roundrobin balance roundrobin
server worker1 10.1.1.61:6443 check server worker1 10.1.1.61:6443 check
server worker2 10.1.1.62:6443 check server worker2 10.1.1.62:6443 check
server worker3 10.1.1.63:6443 check server worker3 10.1.1.63:6443 check
backend talos_controlplane
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server worker1 10.1.1.61:50000 check
server worker2 10.1.1.62:50000 check
server worker3 10.1.1.63:50000 check