From daa10b10e1445c78b081515c4f5251e18b3b30ec Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Thu, 12 Sep 2024 17:52:21 -0400 Subject: [PATCH] fix: change load balancer subnet, make certs valid for '*.internal' domains --- .../common/apps/cert-manager/certs/files/wildcard-cert.yaml | 3 ++- kubernetes/thin/apps/cilium/bgp.yaml | 4 +--- kubernetes/thin/apps/cilium/main-ip-pool.yaml | 4 ++-- kubernetes/thin/apps/traefik/app/files/helm-release.yaml | 2 +- kubernetes/thin/apps/traefik/app/files/internal-hr.yaml | 2 +- kubernetes/thin/secrets/cluster-settings.yaml | 2 +- 6 files changed, 8 insertions(+), 9 deletions(-) diff --git a/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml b/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml index 2a8f2a9..dba312e 100644 --- a/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml +++ b/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml @@ -15,4 +15,5 @@ spec: dnsNames: - "${SECRET_NEW_DOMAIN}" - - "*.${SECRET_NEW_DOMAIN}" \ No newline at end of file + - "*.${SECRET_NEW_DOMAIN}" + - "*.internal.${SECRET_NEW_DOMAIN}" \ No newline at end of file diff --git a/kubernetes/thin/apps/cilium/bgp.yaml b/kubernetes/thin/apps/cilium/bgp.yaml index 7f1a736..4bc9b5c 100644 --- a/kubernetes/thin/apps/cilium/bgp.yaml +++ b/kubernetes/thin/apps/cilium/bgp.yaml @@ -2,7 +2,6 @@ apiVersion: cilium.io/v2alpha1 kind: CiliumBGPClusterConfig metadata: name: cilium-bgp - namespace: kube-system spec: nodeSelector: matchExpressions: @@ -22,7 +21,6 @@ apiVersion: cilium.io/v2alpha1 kind: CiliumBGPPeerConfig metadata: name: cilium-peer-router - namespace: kube-system spec: timers: holdTimeSeconds: 9 @@ -41,7 +39,6 @@ apiVersion: cilium.io/v2alpha1 kind: CiliumBGPAdvertisement metadata: name: bgp-public-ad - namespace: kube-system labels: advertise: "bgp-public" spec: @@ -49,6 +46,7 @@ spec: - advertisementType: "Service" service: addresses: + #- ClusterIP - ExternalIP - LoadBalancerIP selector: diff --git a/kubernetes/thin/apps/cilium/main-ip-pool.yaml b/kubernetes/thin/apps/cilium/main-ip-pool.yaml index bccf201..2b9ae95 100644 --- a/kubernetes/thin/apps/cilium/main-ip-pool.yaml +++ b/kubernetes/thin/apps/cilium/main-ip-pool.yaml @@ -4,5 +4,5 @@ metadata: name: "main-pool" spec: blocks: - - start: "192.168.1.50" - stop: "192.168.1.59" \ No newline at end of file + - start: "192.168.2.50" + stop: "192.168.2.59" \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/app/files/helm-release.yaml b/kubernetes/thin/apps/traefik/app/files/helm-release.yaml index 636e80f..005ebee 100644 --- a/kubernetes/thin/apps/traefik/app/files/helm-release.yaml +++ b/kubernetes/thin/apps/traefik/app/files/helm-release.yaml @@ -17,7 +17,7 @@ spec: values: service: annotations: - io.cilium/lb-ipam-ips: 192.168.1.50 + io.cilium/lb-ipam-ips: 192.168.2.50 labels: bgp/service-type: public diff --git a/kubernetes/thin/apps/traefik/app/files/internal-hr.yaml b/kubernetes/thin/apps/traefik/app/files/internal-hr.yaml index 8772581..796e449 100644 --- a/kubernetes/thin/apps/traefik/app/files/internal-hr.yaml +++ b/kubernetes/thin/apps/traefik/app/files/internal-hr.yaml @@ -17,7 +17,7 @@ spec: values: service: annotations: - io.cilium/lb-ipam-ips: 192.168.1.51 + io.cilium/lb-ipam-ips: 192.168.2.51 labels: bgp/service-type: public diff --git a/kubernetes/thin/secrets/cluster-settings.yaml b/kubernetes/thin/secrets/cluster-settings.yaml index a7a4291..f256e0f 100644 --- a/kubernetes/thin/secrets/cluster-settings.yaml +++ b/kubernetes/thin/secrets/cluster-settings.yaml @@ -6,5 +6,5 @@ metadata: namespace: flux-system data: # MetalLB - METALLB_LB_RANGE: 192.168.1.50-192.168.1.60 + METALLB_LB_RANGE: 192.168.2.50-192.168.2.59 SERVER_TIMEZONE: America/New_York \ No newline at end of file