onedr0p · onedr0p · Jan 11, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -47,6 +47,7 @@ tasks:
     desc: Configure repository from Ansible vars
     prompt: Any conflicting config in the root kubernetes and ansible directories will be overwritten... continue?
     dir: "{{.BOOTSTRAP_DIR}}"
-    cmd: ansible-playbook configure.yaml
+    cmds:
+      - ../.venv/bin/ansible-playbook configure.yaml
     env:
       ANSIBLE_DISPLAY_SKIPPED_HOSTS: "false"
diff --git a/bootstrap/configure.yaml b/bootstrap/configure.yaml
@@ -17,11 +17,11 @@
       ansible.builtin.set_fact:
         repository_path: "{{ repository.stdout }}"
 
-    - name: Override kube-vip address when there is a single master node and no address is defined
-      when: bootstrap_nodes.master | length == 1 and not bootstrap_kube_vip_addr
+    - name: Override kubeapi address when there is a single master node and no address is defined
+      when: bootstrap_nodes.master | length == 1 and not bootstrap_kubeapi_addr
       ansible.builtin.set_fact:
         bootstrap_kube_vip_enabled: false
-        bootstrap_kube_vip_addr: "{{ bootstrap_nodes.master[0].address }}"
+        bootstrap_kubeapi_addr: "{{ bootstrap_nodes.master[0].address }}"
 
     - name: Verify configuration
       ansible.builtin.include_tasks: tasks/validation/main.yaml

diff --git a/bootstrap/tasks/validation/net.yaml b/bootstrap/tasks/validation/net.yaml
@@ -98,17 +98,17 @@
     success_msg: external ingress address {{ bootstrap_external_ingress_addr }} is within {{ bootstrap_node_cidr }}.
     fail_msg: external ingress address {{ bootstrap_external_ingress_addr }} is not within {{ bootstrap_node_cidr }}.
 
-- name: Verify kube-vip
+- name: Verify kubeapi address
   ansible.builtin.assert:
-    that: bootstrap_kube_vip_addr is ansible.utils.ipv4
-    success_msg: kube-vip address {{ bootstrap_kube_vip_addr }} is valid.
-    fail_msg: kube-vip address {{ bootstrap_kube_vip_addr }} is invalid.
+    that: bootstrap_kubeapi_addr is ansible.utils.ipv4
+    success_msg: kubeapi address {{ bootstrap_kubeapi_addr }} is valid.
+    fail_msg: kubeapi address {{ bootstrap_kubeapi_addr }} is invalid.
 
-- name: Verify kube-vip in node CIDR
+- name: Verify kubeapi address in node CIDR
   ansible.builtin.assert:
-    that: bootstrap_node_cidr | ansible.utils.network_in_usable(bootstrap_kube_vip_addr)
-    success_msg: kube-vip address {{ bootstrap_kube_vip_addr }} is within {{ bootstrap_node_cidr }}.
-    fail_msg: kube-vip address {{ bootstrap_kube_vip_addr }} is not within {{ bootstrap_node_cidr }}.
+    that: bootstrap_node_cidr | ansible.utils.network_in_usable(bootstrap_kubeapi_addr)
+    success_msg: kubeapi address {{ bootstrap_kubeapi_addr }} is within {{ bootstrap_node_cidr }}.
+    fail_msg: kubeapi address {{ bootstrap_kubeapi_addr }} is not within {{ bootstrap_node_cidr }}.
 
 - name: Verify all IP addresses are unique
   ansible.builtin.assert:
@@ -117,7 +117,7 @@
         bootstrap_k8s_gateway_addr,
         bootstrap_external_ingress_addr,
         bootstrap_internal_ingress_addr,
-        bootstrap_kube_vip_addr
+        bootstrap_kubeapi_addr
       ] | unique | length == 4
     success_msg: All IP addresses are unique.
     fail_msg: All IP addresses are not unique.
@@ -133,10 +133,10 @@
   loop_control:
     label: "{{ item.address }}"
 
-- name: Verify nodes are not the same IPs as k8s_gateway, ingress external/internal or kube-vip
+- name: Verify nodes are not the same IPs as k8s_gateway, ingress external/internal or kubeapi address
   when: bootstrap_kube_vip_enabled | default(true)
   ansible.builtin.assert:
-    that: item.address not in (bootstrap_k8s_gateway_addr, bootstrap_external_ingress_addr, bootstrap_internal_ingress_addr, bootstrap_kube_vip_addr)
+    that: item.address not in (bootstrap_k8s_gateway_addr, bootstrap_external_ingress_addr, bootstrap_internal_ingress_addr, bootstrap_kubeapi_addr)
     success_msg: Node address {{ item.address }} is different than k8s_gateway, ingress-nginx or kube-vip.
     fail_msg: Node address {{ item.address }} is not different than k8s_gateway, ingress-nginx or kube-vip.
     quiet: true

diff --git a/bootstrap/tasks/validation/vars.yaml b/bootstrap/tasks/validation/vars.yaml
@@ -25,7 +25,7 @@
     - bootstrap_internal_ingress_addr
     - bootstrap_ipv6_enabled
     - bootstrap_k8s_gateway_addr
-    - bootstrap_kube_vip_addr
+    - bootstrap_kubeapi_addr
     - bootstrap_local_storage_path
     - bootstrap_node_cidr
     - bootstrap_service_cidr

diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/main.yaml.j2
@@ -14,7 +14,7 @@ k3s_etcd_datastore: true
 {% else %}
 k3s_etcd_datastore: false
 {% endif %}
-k3s_registration_address: "{% raw %}{{ kube_vip_addr }}{% endraw %}"
+k3s_registration_address: "{% raw %}{{ kubeapi_addr }}{% endraw %}"
 # /var/lib/rancher/k3s/server/manifests
 k3s_server_manifests_templates:
   - custom-cilium-helmchart.yaml.j2

diff --git a/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/kubernetes/supplemental.yaml.j2
@@ -3,7 +3,7 @@
 timezone: "{{ bootstrap_timezone }}"
 github_username: "{{ bootstrap_github_username }}"
 coredns_addr: "{{ bootstrap_service_cidr.split(',')[0] | ansible.utils.nthhost(10) }}"
-kube_vip_addr: "{{ bootstrap_kube_vip_addr }}"
+kubeapi_addr: "{{ bootstrap_kubeapi_addr }}"
 cluster_cidr: "{{ bootstrap_cluster_cidr.split(',')[0] }}"
 service_cidr: "{{ bootstrap_service_cidr.split(',')[0] }}"
 node_cidr: "{{ bootstrap_node_cidr }}"

diff --git a/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2 b/bootstrap/templates/ansible/inventory/group_vars/master/main.yaml.j2
@@ -11,7 +11,7 @@ k3s_server:
   node-ip: "{% raw %}{{ ansible_host }}{% endraw %}"
 {% endif %}
   tls-san:
-    - "{% raw %}{{ kube_vip_addr }}{% endraw %}"
+    - "{% raw %}{{ kubeapi_addr }}{% endraw %}"
   docker: false
   flannel-backend: "none"             # This needs to be in quotes
   disable:

diff --git a/bootstrap/templates/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2.j2 b/bootstrap/templates/ansible/playbooks/templates/custom-cilium-helmchart.yaml.j2.j2
@@ -37,7 +37,7 @@ spec:
     ipv6:
       enabled: true
     {% endif %}
-    k8sServiceHost: "{% raw %}{{ kube_vip_addr }}{% endraw %}"
+    k8sServiceHost: "{% raw %}{{ kubeapi_addr }}{% endraw %}"
     k8sServicePort: 6443
     kubeProxyReplacement: true
     kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256

diff --git a/bootstrap/templates/ansible/playbooks/templates/kube-vip-static-pod.yaml.j2.j2 b/bootstrap/templates/ansible/playbooks/templates/kube-vip-static-pod.yaml.j2.j2
@@ -15,7 +15,7 @@ spec:
       args: ["manager"]
       env:
         - name: address
-          value: "{% raw %}{{ kube_vip_addr }}{% endraw %}"
+          value: "{% raw %}{{ kubeapi_addr }}{% endraw %}"
         - name: vip_arp
           value: "true"
         - name: lb_enable

diff --git a/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmvalues.yaml.j2 b/bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmvalues.yaml.j2
@@ -67,7 +67,7 @@ data:
     ipv6:
       enabled: true
     {% endif %}
-    k8sServiceHost: "${KUBE_VIP_ADDR}"
+    k8sServiceHost: "${KUBEAPI_ADDR}"
     k8sServicePort: 6443
     kubeProxyReplacement: true
     kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256

diff --git a/bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2 b/bootstrap/templates/kubernetes/flux/vars/cluster-settings.yaml.j2
@@ -8,7 +8,7 @@ metadata:
 data:
   TIMEZONE: "{{ bootstrap_timezone }}"
   COREDNS_ADDR: "{{ bootstrap_service_cidr.split(',')[0] | ansible.utils.nthhost(10) }}"
-  KUBE_VIP_ADDR: "{{ bootstrap_kube_vip_addr }}"
+  KUBEAPI_ADDR: "{{ bootstrap_kubeapi_addr }}"
   CLUSTER_CIDR: "{{ bootstrap_cluster_cidr.split(',')[0] }}"
   SERVICE_CIDR: "{{ bootstrap_service_cidr.split(',')[0] }}"
   NODE_CIDR: "{{ bootstrap_node_cidr }}"

diff --git a/bootstrap/vars/config.sample.yaml b/bootstrap/vars/config.sample.yaml
@@ -42,9 +42,10 @@ bootstrap_cloudflare_tunnel_id:
 
 # CIDR your nodes are on (e.g. 192.168.1.0/24)
 bootstrap_node_cidr:
-# The IP address to use with kube-vip, choose an available IP in your nodes network that is not being used
-# (Optional) Leave this blank if you are deploying a single master node, this will disable kube-vip and use the master node IP instead
-bootstrap_kube_vip_addr:
+# The IP address of the kubeapi, choose an available IP in your nodes network that is not being used
+# (Optional) Leave this blank if you are deploying a single master node, this will disable kube-vip in k3s
+# or keepalived in k0s and use the master node IP instead
+bootstrap_kubeapi_addr:
 # The Load balancer IP for k8s_gateway, choose an available IP in your nodes network that is not being used
 bootstrap_k8s_gateway_addr:
 # The Load balancer IP for external ingress, choose an available IP in your nodes network that is not being used