danneri

4 files changed, 120 insertions, 9 deletions

diff --git a/danneri/README.md b/danneri/README.md
index 62c5fc7..b674857 100644
--- a/danneri/README.md
+++ b/danneri/README.md
@@ -8,16 +8,30 @@ Copy /etc/rancher/k3s/k3s.yaml to ~/.kube/config. Adjust `server:` url.
 
 # Installing Cilium:
 
-    cilium install --set enable.ipv6=true  --set enable.ipv4=false --set k8sServiceHost=fdb1:4242:3538:2008:9422:d355:95b7:f170 --set k8sServicePort=6443
-
-NOTE: Should probably use something like this
-
-    --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16"
-
-with
-
-    fdb1:4242:3538:2008:aaaa:aaaa:aaaa:0/112
+    cilium install \
+        --set routingMode=native \
+        --set ipv4.enabled=true \
+        --set ipam.operator.clusterPoolIPv4PodCIDRList=10.0.0.0/8 \
+        --set ipv4NativeRoutingCIDR=10.0.0.0/8 \
+        --set ipv6.enabled=true \
+        --set enableIPv6Masquerade=false \
+        --set k8s.requireIPv6PodCIDR=true \
+        --set ipam.operator.clusterPoolIPv6PodCIDRList=fdb1:4242:3538:2008:aaaa:aaaa:aaaa::/96 \
+        --set ipam.operator.clusterPoolIPv6MaskSize=112 \
+        --set ipv6NativeRoutingCIDR=fdb1:4242:3538:2008::/64 \
+        --set k8sServiceHost=fdb1:4242:3538:2008:9422:d355:95b7:f170 \
+        --set k8sServicePort=6443
 
 # Uninstalling
 
 Run: `k3s-uninstall.sh`. Note that this will delete everything, including `/etc/rancher/k3s/config.yaml`.
+
+    rm -rf \
+        /var/lib/cni \
+        /etc/cni \
+        /var/lib/rancher \
+        /run/cilium \
+        /run/containerd \
+        /etc/sysctl.d/99-zzz-override_cilium.conf
+
+and then do a reboot to really stop Cilium from running.
diff --git a/danneri/cilium.yaml b/danneri/cilium.yaml
new file mode 100644
index 0000000..03f9c23
--- /dev/null
+++ b/danneri/cilium.yaml
@@ -0,0 +1,38 @@
+# https://yolops.net/k3s-at-home.html
+# https://yolops.net/k8s-dualstack-cilium.html
+---
+k8sServiceHost: fdb1:4242:3538:2010::ffff
+k8sServicePort: 6443
+ipv4:
+  enabled: false
+ipv6:
+  enabled: true
+ipam:
+  mode: cluster-pool
+  operator:
+    # clusterPoolIPv4PodCIDRList: "10.96.0.0/16"
+    # clusterPoolIPv4MaskSize: 24
+    clusterPoolIPv6PodCIDRList: "fdb1:4242:3538:2009::/112"
+    clusterPoolIPv6MaskSize: 112
+bpf:
+  masquerade: false
+
+enableIPv6Masquerade: false
+kubeProxyReplacement: true
+extraConfig:
+  enable-ipv6-ndp: "true"
+  ipv6-mcast-device: "enp1s0"
+  ipv6-service-range: "fdb1:4242:3538:2010::/112"
+  routing-mode: "native"
+operator:
+  replicas: 1
+
+# enable-bpf-masquerade                             true
+# enable-endpoint-health-checking                   true
+# enable-health-check-loadbalancer-ip               false
+# enable-health-check-nodeport                      true
+# enable-health-checking                            true
+# enable-hubble                                     true
+# enable-ipv4                                       false
+# enable-ipv4-big-tcp                               false
+# enable-ipv4-masquerade
diff --git a/danneri/config.yaml b/danneri/config.yaml
new file mode 100644
index 0000000..5e7528d
--- /dev/null
+++ b/danneri/config.yaml
@@ -0,0 +1,17 @@
+tls-san:
+  - "danneri.dn42.trygvis.io"
+  - "fdb1:4242:3538:2008:9422:d355:95b7:f170"
+  - "2a06:2240:f00d:b500:9422:d355:95b7:f170"
+
+node-ip: "fdb1:4242:3538:2008:9422:d355:95b7:f170"
+cluster-cidr: "fdb1:4242:3538:2008:aaaa:aaaa:aaaa::/96"
+service-cidr: "fdb1:4242:3538:2008:bbbb:bbbb:bbbb::/112"
+kube-controller-manager-arg: node-cidr-mask-size-ipv6=112
+flannel-backend: none
+disable:
+#  - traefik
+  - servicelb
+disable-network-policy: true
+disable-kube-proxy: true
+
+# default-local-storage-path: /srv/k3s-local-storage
diff --git a/danneri/futar-deployment.yml b/danneri/futar-deployment.yml
new file mode 100644
index 0000000..b7e759a
--- /dev/null
+++ b/danneri/futar-deployment.yml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: futar-deployment
+  labels:
+    app: futar
+spec:
+  selector:
+    matchLabels:
+      app: futar
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: futar
+    spec:
+      containers:
+        - name: futar
+          image: ghcr.io/trygvis/futar:main
+          ports:
+            - containerPort: 8080
+#            resources:
+#              limits:
+#                memory: 256Mi
+#                cpu: "250m"
+#              requests:
+#                memory: 128Mi
+#                cpu: "80m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: futar
+spec:
+  selector:
+    app: futar
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+      nodePort: 30000
+  type: NodePort