configure kube-vip daemonset

create manifest at /capi/manifests so it's applied after bootstrap
canonical · Jul 15, 2024 · f43d86d · f43d86d
1 parent 3159998
commit f43d86d
Showing 1 changed file with 87 additions and 72 deletions.
diff --git a/templates/vsphere/cluster-template.yaml b/templates/vsphere/cluster-template.yaml
@@ -110,81 +110,99 @@ spec:
         path: /etc/systemd/system/snap.k8s.containerd.service.d/http-proxy.conf
         permissions: "0644"
       - content: |
-          apiVersion: v1
-          kind: Pod
+          apiVersion: apps/v1
+          kind: DaemonSet
           metadata:
             creationTimestamp: null
             name: kube-vip
             namespace: kube-system
           spec:
-            tolerations:
-              - key: "node.cloudprovider.kubernetes.io/uninitialized"
-                operator: "Exists"
-                effect: "NoSchedule"
-            containers:
-            - args:
-              - manager
-              env:
-              - name: vip_arp
-                value: "true"
-              - name: port
-                value: "6443"
-              - name: vip_interface
-                value: "${VIP_NETWORK_INTERFACE}"
-              - name: vip_cidr
-                value: "32"
-              - name: cp_enable
-                value: "true"
-              - name: cp_namespace
-                value: kube-system
-              - name: vip_ddns
-                value: "false"
-              - name: svc_enable
-                value: "true"
-              - name: svc_leasename
-                value: plndr-svcs-lock
-              - name: svc_election
-                value: "true"
-              - name: vip_leaderelection
-                value: "true"
-              - name: vip_leasename
-                value: plndr-cp-lock
-              - name: vip_leaseduration
-                value: "15"
-              - name: vip_renewdeadline
-                value: "10"
-              - name: vip_retryperiod
-                value: "2"
-              - name: vip_address
-                value: "${CONTROL_PLANE_ENDPOINT_IP}"
-              - name: prometheus_server
-                value: :2112
-              image: ghcr.io/kube-vip/kube-vip:v0.6.4
-              imagePullPolicy: IfNotPresent
-              name: kube-vip
-              resources: {}
-              securityContext:
-                capabilities:
-                  add:
-                  - NET_ADMIN
-                  - NET_RAW
-              volumeMounts:
-              - mountPath: /etc/kubernetes/admin.conf
-                name: kubeconfig
-              - mountPath: /etc/hosts
-                name: etchosts
-            hostNetwork: true
-            volumes:
-            - hostPath:
-                path: /etc/kubernetes/admin.conf
-              name: kubeconfig
-            - hostPath:
-                path: /etc/kube-vip.hosts
-                type: File
-              name: etchosts
+            selector:
+              matchLabels:
+                name: kube-vip-ds
+            template:
+              metadata:
+                creationTimestamp: null
+                labels:
+                  name: kube-vip-ds
+              spec:
+                affinity:
+                  nodeAffinity:
+                    requiredDuringSchedulingIgnoredDuringExecution:
+                      nodeSelectorTerms:
+                      - matchExpressions:
+                        - key: node-role.kubernetes.io/control-plane
+                          operator: Exists
+                containers:
+                - args:
+                  - manager
+                  env:
+                  - name: vip_arp
+                    value: "true"
+                  - name: port
+                    value: "6443"
+                  - name: vip_interface
+                    value: "${VIP_NETWORK_INTERFACE}"
+                  - name: vip_cidr
+                    value: "32"
+                  - name: cp_enable
+                    value: "true"
+                  - name: cp_namespace
+                    value: kube-system
+                  - name: vip_ddns
+                    value: "false"
+                  - name: svc_enable
+                    value: "true"
+                  - name: svc_leasename
+                    value: plndr-svcs-lock
+                  - name: svc_election
+                    value: "true"
+                  - name: vip_leaderelection
+                    value: "true"
+                  - name: vip_leasename
+                    value: plndr-cp-lock
+                  - name: vip_leaseduration
+                    value: "15"
+                  - name: vip_renewdeadline
+                    value: "10"
+                  - name: vip_retryperiod
+                    value: "2"
+                  - name: vip_address
+                    value: "${CONTROL_PLANE_ENDPOINT_IP}"
+                  - name: prometheus_server
+                    value: :2112
+                  image: ghcr.io/kube-vip/kube-vip:v0.6.4
+                  imagePullPolicy: IfNotPresent
+                  name: kube-vip
+                  resources: {}
+                  securityContext:
+                    capabilities:
+                      add:
+                      - NET_ADMIN
+                      - NET_RAW
+                  volumeMounts:
+                  - mountPath: /etc/kubernetes/admin.conf
+                    name: kubeconfig
+                  - mountPath: /etc/hosts
+                    name: etchosts
+                hostNetwork: true
+                volumes:
+                - hostPath:
+                    path: /etc/kubernetes/admin.conf
+                  name: kubeconfig
+                - hostPath:
+                    path: /etc/kube-vip.hosts
+                    type: File
+                  name: etchosts
+                tolerations:
+                  - effect: NoSchedule
+                    operator: Exists
+                  - effect: NoExecute
+                    operator: Exists
+            updateStrategy: {}
           status: {}
         owner: root:root
-        path: /etc/kubernetes/manifests/kube-vip.yaml
+        path: /capi/manifests/kube-vip.yaml
         permissions: "0644"
       - content: 127.0.0.1 localhost kubernetes
         owner: root:root
@@ -200,10 +218,7 @@ spec:
       - chmod 700 /root/.ssh
       - chmod 600 /root/.ssh/authorized_keys
       - mkdir -p /etc/systemd/system/snap.k8s.containerd.service.d
-      - snap install k8s --classic --edge # todo why not installed automatically?
-    postRunCommands:
-      - k8s kubectl apply -f /etc/kubernetes/manifests/kube-vip.yaml # todo how to apply this properly
-
+      - sudo snap install k8s --classic --edge
   machineTemplate:
     infrastructureTemplate:
       apiVersion: infrastructure.cluster.x-k8s.io/v1beta1