calico coreswith peer

2025-08-10 13:22:53 +02:00
parent 6ebe9c67c6
commit c4ec4e3191
3 changed files with 118 additions and 0 deletions
--- a/argocd/service.yaml
+++ b/argocd/service.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-server
+  namespace: argocd
+spec:
+  type: ClusterIP
+  clusterIP: 10.0.91.81
+  clusterIPs:
+    - 10.0.91.81
+    - fd00:0:0:f:1::81
+  ipFamilies:
+    - IPv4
+    - IPv6
+  ipFamilyPolicy: RequireDualStack
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+    - name: https
+      port: 443
+      targetPort: 8080
+  selector:
+    app.kubernetes.io/name: argocd-server
--- a/calico-config/whisker.yaml
+++ b/calico-config/whisker.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: whisker
+  namespace: calico-system
+spec:
+  type: ClusterIP
+  clusterIP: 10.0.91.82
+  clusterIPs:
+    - 10.0.91.82
+    - fd00:0:0:f:1::82
+  ipFamilies:
+    - IPv4
+    - IPv6
+  ipFamilyPolicy: RequireDualStack
+  ports:
+    - name: http
+      port: 8081
+      targetPort: 8081
+  selector:
+    k8s-app: whisker
--- a/terraform/control-plane1.bu
+++ b/terraform/control-plane1.bu
@@ -151,6 +151,7 @@ storage:
            criSocket: unix:///run/containerd/containerd.sock
            kubeletExtraArgs:
              node-ip: "fd00:0:0:2::91"
+              cluster-dns: "10.0.91.53,fd00:0:0:f:1::53"
              volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
          localAPIEndpoint:
            advertiseAddress: "fd00:0:0:2::91"
@@ -176,6 +177,41 @@ storage:
          clusterDomain: "k8s.undercloud.local"
          volumePluginDir: /opt/libexec/kubernetes/kubelet-plugins/volume/exec
          cgroupDriver: "systemd"
+    - path: /etc/kubernetes/addons/kube-dns-fixed-svc.yaml
+      mode: 0644
+      contents:
+        inline: |
+          apiVersion: v1
+          kind: Service
+          metadata:
+            name: kube-dns
+            namespace: kube-system
+            labels:
+              k8s-app: kube-dns
+          spec:
+            type: ClusterIP
+            ipFamilyPolicy: RequireDualStack
+            ipFamilies: [IPv4, IPv6]
+            clusterIP: 10.0.91.53
+            clusterIPs:
+              - 10.0.91.53
+              - fd00:0:0:f:1::53
+            ports:
+              - name: dns
+                port: 53
+                protocol: UDP
+                targetPort: 53
+              - name: dns-tcp
+                port: 53
+                protocol: TCP
+                targetPort: 53
+              - name: metrics
+                port: 9153
+                protocol: TCP
+                targetPort: 9153
+            selector:
+              k8s-app: kube-dns
+

 systemd:
  units:
@@ -401,3 +437,40 @@ systemd:
        RestartSec=120s
        [Install]
        WantedBy=multi-user.target
+    - name: pin-service-ips.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Pin fixed dual-stack ClusterIPs for kube-dns, argocd-server and whisker
+        After=install-argocd.service install-calico.service kubeadm-init.service network-online.target
+        Wants=install-argocd.service install-calico.service kubeadm-init.service network-online.target
+
+        [Service]
+        Type=oneshot
+        StandardOutput=journal+console
+        StandardError=journal+console
+        Environment=KUBECONFIG=/etc/kubernetes/admin.conf
+        Environment=PATH=/usr/bin:/usr/sbin:/opt/bin
+        ExecStart=/bin/sh -eu -c '\
+          echo "[pin-service-ips] waiting for API..." ; \
+          for i in $(seq 1 120); do kubectl get --raw=/readyz >/dev/null 2>&1 && break; sleep 2; done ; \
+          echo "[pin-service-ips] ensure namespaces exist..." ; \
+          kubectl get ns kube-system >/dev/null ; \
+          kubectl get ns argocd >/dev/null 2>&1 || kubectl create ns argocd ; \
+          kubectl get ns calico-system >/dev/null ; \
+          echo "[pin-service-ips] wait for coredns/argocd readiness (best effort)..." ; \
+          kubectl -n kube-system wait deploy coredns --for=condition=Available=True --timeout=300s || true ; \
+          kubectl -n argocd wait deploy argocd-server --for=condition=Available=True --timeout=600s || true ; \
+          echo "[pin-service-ips] replace Services with fixed ClusterIPs..." ; \
+          kubectl -n kube-system delete svc kube-dns --ignore-not-found ; \
+          kubectl apply -f /etc/kubernetes/addons/kube-dns-fixed-svc.yaml ; \
+          kubectl -n argocd delete svc argocd-server --ignore-not-found ; \
+          kubectl apply -f http://gitea.gitea.svc.k8aux.undercloud.cf:3000/undercloud/k8aux-apps/raw/branch/main/argocd/service.yaml ; \
+          kubectl -n calico-system delete svc whisker --ignore-not-found || true ; \
+          kubectl apply -f http://gitea.gitea.svc.k8aux.undercloud.cf:3000/undercloud/k8aux-apps/raw/branch/main/calico-config/whisker.yaml || true ; \
+          echo "[pin-service-ips] done." \
+        '
+
+        [Install]
+        WantedBy=multi-user.target
+