Remove deprecated Argo CD application configurations and related files for noble cluster, including root-application.yaml, kustomization.yaml, and individual application manifests for argocd, cilium, longhorn, kube-vip, and monitoring components. Update kube-vip daemonset.yaml to enhance deployment strategy and environment variables for improved configuration.

2026-03-27 23:02:17 -04:00
parent 4263da65d8
commit d2c53fc553
37 changed files with 778 additions and 1042 deletions
--- a/clusters/noble/apps/kube-vip/application.yaml
+++ b/clusters/noble/apps/kube-vip/application.yaml
@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-vip
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-wave: "-1"
-spec:
-  project: default
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kube-system
-  source:
-    repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-    targetRevision: HEAD
-    path: clusters/noble/apps/kube-vip
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-
--- a/clusters/noble/apps/kube-vip/kustomization.yaml
+++ b/clusters/noble/apps/kube-vip/kustomization.yaml
@@ -3,4 +3,3 @@ kind: Kustomization
 resources:
  - vip-rbac.yaml
  - vip-daemonset.yaml
-
--- a/clusters/noble/apps/kube-vip/vip-daemonset.yaml
+++ b/clusters/noble/apps/kube-vip/vip-daemonset.yaml
@@ -4,6 +4,11 @@ metadata:
  name: kube-vip-ds
  namespace: kube-system
 spec:
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 0
  selector:
    matchLabels:
      app.kubernetes.io/name: kube-vip-ds
@@ -13,6 +18,9 @@ spec:
        app.kubernetes.io/name: kube-vip-ds
    spec:
      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      priorityClassName: system-node-critical
+      terminationGracePeriodSeconds: 90
      serviceAccountName: kube-vip
      nodeSelector:
        node-role.kubernetes.io/control-plane: ""
@@ -32,6 +40,12 @@ spec:
          args:
            - manager
          env:
+            # Leader election identity must be the Kubernetes node name (hostNetwork
+            # hostname is not always the same; without this, no leader → no VIP).
+            - name: vip_nodename
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
            - name: vip_arp
              value: "true"
            - name: address
@@ -41,29 +55,29 @@ spec:
            # Physical uplink from `talosctl -n <cp-ip> get links` (this cluster: ens18).
            - name: vip_interface
              value: "ens18"
+            # Must include "/" — kube-vip does netlink.ParseAddr(address + subnet); "32" breaks (192.168.50.x32).
            - name: vip_subnet
-              value: "32"
+              value: "/32"
            - name: vip_leaderelection
              value: "true"
            - name: cp_enable
              value: "true"
            - name: cp_namespace
              value: "kube-system"
+            # Control-plane VIP only until stable: with svc_enable=true the services leader-election
+            # path calls log.Fatal on many failures / leadership moves → CrashLoopBackOff on all CP nodes.
+            # Re-enable "true" after pods are 1/1; if they loop again, capture: kubectl logs -n kube-system -l app.kubernetes.io/name=kube-vip-ds --previous --tail=100
            - name: svc_enable
-              value: "true"
-            # Env is svc_election (not servicesElection); see pkg/kubevip/config_envvar.go
-            - name: svc_election
-              value: "true"
+              value: "false"
            - name: vip_leaseduration
-              value: "5"
+              value: "15"
            - name: vip_renewdeadline
-              value: "3"
+              value: "10"
            - name: vip_retryperiod
-              value: "1"
+              value: "2"
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - NET_RAW
                - SYS_TIME
-
--- a/clusters/noble/apps/kube-vip/vip-rbac.yaml
+++ b/clusters/noble/apps/kube-vip/vip-rbac.yaml
@@ -10,14 +10,20 @@ metadata:
  name: kube-vip-role
 rules:
  - apiGroups: [""]
-    resources: ["services", "services/status", "nodes", "endpoints"]
+    resources: ["services", "services/status", "endpoints"]
    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch", "update"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: ["discovery.k8s.io"]
+    resources: ["endpointslices"]
+    verbs: ["get", "list", "watch", "update"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -31,4 +37,3 @@ subjects:
  - kind: ServiceAccount
    name: kube-vip
    namespace: kube-system
-