init: copy from lawndale-infra

2022-05-27 02:51:52 +02:00
commit 6a60d271bf
18 changed files with 1126 additions and 0 deletions
--- a/lawndale-flannel-hack.tf
+++ b/lawndale-flannel-hack.tf
@@ -0,0 +1,81 @@
+/*
+THIS IS A HACK!
+
+Currently, flannel offers no option for static configuration without etcd or kubernetes api
+so in order to make pods accessible from the host, I have to create this phantom node.
+
+This will be picked up by a flannel daemon running on the host, 
+and will create the necessary interfaces and routing entries on the host
+to reach other pods.
+
+This is ugly, yes.
+I have no other option currently, no
+
+Maybe a go program can be written to only use the node discovery of flannel 
+without any need for this phantom node. But it's not a viable option for now, so...
+*/
+
+resource "time_static" "lawndale_node_registered" {}
+
+resource "kubernetes_manifest" "lawndale" {
+  computed_fields = ["spec.taints", "metadata.annotations"]
+  manifest = {
+    apiVersion = "v1"
+    kind       = "Node"
+    metadata = {
+      annotations = {
+        "flannel.alpha.coreos.com/backend-data"        = jsonencode({ "VNI" = 8000, "VtepMAC" : "86:87:0d:78:6d:58" })
+        "flannel.alpha.coreos.com/backend-type"        = "vxlan"
+        "flannel.alpha.coreos.com/kube-subnet-manager" = "true"
+        "flannel.alpha.coreos.com/public-ip"           = "192.168.253.254"
+        "node.alpha.kubernetes.io/ttl"                 = "0"
+      }
+      labels = {
+        "beta.kubernetes.io/arch" = "amd64"
+        "beta.kubernetes.io/os"   = "linux"
+        "kubernetes.io/arch"      = "amd64"
+        "kubernetes.io/hostname"  = "lawndale"
+        "kubernetes.io/os"        = "linux"
+      }
+      name = "lawndale"
+    }
+
+    spec = {
+      unschedulable = "true"
+      podCIDR       = "192.168.15.128/30"
+      podCIDRs      = ["192.168.15.128/30"]
+      taints = [
+        {
+          effect    = "NoSchedule"
+          key       = "node.kubernetes.io/unschedulable"
+          timeAdded = time_static.lawndale_node_registered.rfc3339
+          value     = null
+        },
+        {
+          effect    = "NoSchedule"
+          key       = "node.kubernetes.io/unreachable"
+          timeAdded = time_static.lawndale_node_registered.rfc3339
+          value     = null
+        },
+        {
+          effect    = "NoExecute"
+          key       = "node.kubernetes.io/unreachable"
+          timeAdded = time_static.lawndale_node_registered.rfc3339
+          value     = null
+        },
+        # {
+        #   effect = "NoSchedule"
+        #   key    = "node.kubernetes.io/not-ready"
+        #   timeAdded = time_static.lawndale_node_registered.rfc3339
+        #   value = null
+        # },
+        {
+          effect    = "NoExecute"
+          key       = "k8s.thomasklein.me/lawndale-hack"
+          timeAdded = time_static.lawndale_node_registered.rfc3339
+          value     = null
+        },
+      ]
+    }
+  }
+}