gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f259285f6e9748f14c1a222d05c9e56c8fc8396d
home-server/clusters/noble/bootstrap/kube-vip/vip-daemonset.yaml

84 lines
2.8 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-vip-ds
namespace: kube-system
spec:
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
selector:
matchLabels:
app.kubernetes.io/name: kube-vip-ds
template:
metadata:
labels:
app.kubernetes.io/name: kube-vip-ds
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
priorityClassName: system-node-critical
terminationGracePeriodSeconds: 90
serviceAccountName: kube-vip
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- operator: Exists
effect: NoExecute
containers:
- name: kube-vip
image: ghcr.io/kube-vip/kube-vip:v0.8.3
imagePullPolicy: IfNotPresent
args:
- manager
env:
# Leader election identity must be the Kubernetes node name (hostNetwork
# hostname is not always the same; without this, no leader → no VIP).
- name: vip_nodename
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: vip_arp
value: "true"
- name: address
value: "192.168.50.230"
- name: port
value: "6443"
# Physical uplink from `talosctl -n <cp-ip> get links` (this cluster: ens18).
- name: vip_interface
value: "ens18"
# Must include "/" — kube-vip does netlink.ParseAddr(address + subnet); "32" breaks (192.168.50.x32).
- name: vip_subnet
value: "/32"
- name: vip_leaderelection
value: "true"
- name: cp_enable
value: "true"
- name: cp_namespace
value: "kube-system"
# Control-plane VIP only until stable: with svc_enable=true the services leader-election
# path calls log.Fatal on many failures / leadership moves → CrashLoopBackOff on all CP nodes.
# Re-enable "true" after pods are 1/1; if they loop again, capture: kubectl logs -n kube-system -l app.kubernetes.io/name=kube-vip-ds --previous --tail=100
- name: svc_enable
value: "false"
- name: vip_leaseduration
value: "15"
- name: vip_renewdeadline
value: "10"
- name: vip_retryperiod
value: "2"
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_TIME
Reference in New Issue View Git Blame Copy Permalink