chore: improvements in docs

README.md

@@ -12,6 +12,13 @@ Ensure you have the following installed on your system:
 
 NOTE: You must have `libvirt` daemon running
 
+### Generate SSH keypair
+
+```bash
+mkdir .ssh
+ssh-keygen -f .ssh/id_rsa
+```
+
 ### Goto Terraform directory
 
 ```bash
@@ -24,17 +31,6 @@ cd terraform
 cp .env.template .env
 ```
 
-### Add following records to hypervisor `/etc/hosts`
-
-```bash
-# ...
-10.6.6.10 control-plane
-2001:db8:ca2:2::10 control-plane
-
-10.6.6.20 worker-1
-2001:db8:ca2:2::20 worker-1
-```
-
 ### Init Terraform
 
 ```bash
@@ -46,3 +42,23 @@ terraform init
 ```bash
 terraform apply
 ```
+
+## Provisioning Kubernetes
+
+### Run provision script
+
+```bash
+./scripts/provision
+```
+
+## Testing dualstack
+
+### Apply manifest.yaml (on node)
+
+```bash
+sudo kubectl apply -f manifest.yaml
+```
+
+### Check access via IPv{4,6}
+
+You should access service via `10.6.6.10` and `2001:db8:ca2:2::10` inside cluster and on hypervisor.

configs/hosts

@@ -1,2 +1,7 @@
+10.6.6.1  _gateway
+
+10.6.6.10 control-plane
 2001:db8:ca2:2::10 control-plane
+
+10.6.6.20 worker-1
 2001:db8:ca2:2::20 worker-1

kubespray/group_vars/k8s_cluster/net.yaml

@@ -1,34 +0,0 @@
----
-
-# Old settings
-# ipv4_stack: false
-# ipv6_stack: true
-
-# kube_network_plugin: calico
-
-# kube_pods_subnet_ipv6: fd85:ee78:d8a6:8607::1:0000/112
-# kube_service_addresses_ipv6: fd85:ee78:d8a6:8607::1000/116
-# kube_network_node_prefix_ipv6: 119
-# calico_ipv6pool_cidr: "{{ kube_pods_subnet_ipv6 }}"
-# calico_pool_blocksize_ipv6: 116
-# nat_outgoing_ipv6: true
-
-
-# Settings for ipv6 only from Kubespray github tests
-
-cloud_image: ubuntu-2404
-
-ipv4_stack: false
-ipv6_stack: true
-kube_network_plugin: calico
-etcd_deployment_type: kubeadm
-kube_proxy_mode: iptables
-enable_nodelocaldns: false
-
-
-# Settings for dualstack from Kubespray github tests
-
-# cloud_image: ubuntu-2404
-
-# ipv4_stack: true
-# ipv6_stack: true

kubespray/group_vars/k8s_cluster/network.yaml

@@ -0,0 +1,7 @@
+---
+
+ipv4_stack: true
+ipv6_stack: true
+kube_network_plugin: calico
+etcd_deployment_type: kubeadm
+kube_proxy_mode: iptables

scripts/provision

@@ -1,15 +1,16 @@
 #!/bin/bash
 
 echo "Pulling kubespray image..."
-docker pull quay.io/kubespray/kubespray:v2.27.1  -q
+docker pull quay.io/kubespray/kubespray:v2.28.0  -q
 echo "Pulled"
 
 CONTAINER_ID=`docker run --rm --mount type=bind,source="$(pwd)"/kubespray,dst=/inventory \
   --mount type=bind,source="$(pwd)"/.ssh/id_rsa,dst=/root/.ssh/id_rsa \
   --mount type=bind,source=/etc/hosts,dst=/etc/hosts \
   --network host \
+  --name kubespray \
   --detach \
-  quay.io/kubespray/kubespray:v2.27.1 \
+  quay.io/kubespray/kubespray:v2.28.0 \
   sleep infinity`
 
 docker exec -i $CONTAINER_ID \
@@ -19,6 +20,6 @@ docker exec -i $CONTAINER_ID \
   bash -c " \
   ANSIBLE_STDOUT_CALLBACK=default \
   ANSIBLE_CALLBACK_WHITELIST= \
-  ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml -u ubuntu -b -v"
+  ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml -u ubuntu -b -vvv"
 
 docker rm --force $CONTAINER_ID

terraform/configs/cloud-init/control-plane.yaml.tpl

@@ -30,3 +30,8 @@ write_files:
     append: true
     encoding: b64
     content: ${hosts_file}
+  - path: /home/ubuntu/manifest.yaml
+    owner: ubuntu:ubuntu
+    encoding: b64
+    defer: true
+    content: ${manifest_file}

terraform/configs/cloud-init/network.yaml.tpl

@@ -3,6 +3,7 @@ network:
   version: 2
   ethernets:
     enp1s0:
+      accept-ra: false
       dhcp4: false
       dhcp6: false
       addresses:

terraform/configs/cloud-init/worker.yaml.tpl

@@ -30,3 +30,8 @@ write_files:
     append: true
     encoding: b64
     content: ${hosts_file}
+  - path: /home/ubuntu/manifest.yaml
+    owner: ubuntu:ubuntu
+    encoding: b64
+    defer: true
+    content: ${manifest_file}

terraform/configs/hosts

@@ -1,7 +0,0 @@
-10.6.6.1  _gateway
-
-10.6.6.10 control-plane
-2001:db8:ca2:2::10 control-plane
-
-10.6.6.20 worker-1
-2001:db8:ca2:2::20 worker-1

terraform/configs/k8s/manifest.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-dualstack
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-dualstack
+  template:
+    metadata:
+      labels:
+        app: nginx-dualstack
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:alpine
+          ports:
+            - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-dualstack-svc
+spec:
+  type: LoadBalancer
+  externalIPs:
+    - 10.6.6.10
+    - 2001:db8:ca2:2::10
+  selector:
+    app: nginx-dualstack
+  ports:
+    - port: 80
+      targetPort: 80
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+    - IPv4
+    - IPv6

terraform/main.tf

@@ -35,17 +35,18 @@ resource "libvirt_volume" "worker_images" {
 data "template_file" "user_data" {
   for_each = local.user_templates
 
-  template = file("${path.module}/configs/cloud-init/${each.value}")
+  template = file("${path.root}/configs/cloud-init/${each.value}")
   vars = {
-    hosts_file     = base64encode(file("${path.module}/configs/hosts"))
+    hosts_file     = base64encode(file("${path.root}/../configs/hosts"))
-    ssh_public_key = file("../.ssh/id_rsa.pub")
+    manifest_file  = base64encode(file("${path.root}/configs/k8s/manifest.yaml"))
+    ssh_public_key = file("${path.root}/../.ssh/id_rsa.pub")
   }
 }
 
 data "template_file" "network_config" {
   for_each = local.user_templates
 
-  template = file("${path.module}/configs/cloud-init/network.yaml.tpl")
+  template = file("${path.root}/configs/cloud-init/network.yaml.tpl")
   vars = {
     ipv4_address = local.node_addrs[each.key].ipv4
     ipv4_prefix  = local.ipv4_prefix