From 061b0c3a74acf8b64a1582ef3d0ffd7859251bf9 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 9 Oct 2021 23:01:42 +0200
Subject: [PATCH] Revert "calico: Remove from setup"
This reverts commit d11060140583b29615250d4aa31c1d39817fe0f1.
---
infrastructure/calico/kustomization.yaml | 6 +++++
infrastructure/calico/release.yaml | 29 ++++++++++++++++++++++++
infrastructure/calico/repository.yaml | 7 ++++++
infrastructure/kustomization.yaml | 1 +
terraform/firewall.tf | 21 +++++++++++++++++
5 files changed, 64 insertions(+)
create mode 100644 infrastructure/calico/kustomization.yaml
create mode 100644 infrastructure/calico/release.yaml
create mode 100644 infrastructure/calico/repository.yaml
diff --git a/infrastructure/calico/kustomization.yaml b/infrastructure/calico/kustomization.yaml
new file mode 100644
index 000000000..d9e0d9152
--- /dev/null
+++ b/infrastructure/calico/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+ - repository.yaml
+ - release.yaml
diff --git a/infrastructure/calico/release.yaml b/infrastructure/calico/release.yaml
new file mode 100644
index 000000000..f88de7db7
--- /dev/null
+++ b/infrastructure/calico/release.yaml
@@ -0,0 +1,29 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: calico
+ namespace: default
+spec:
+ releaseName: calico
+ chart:
+ spec:
+ chart: tigera-operator
+ sourceRef:
+ kind: HelmRepository
+ name: projectcalico
+ version: v3.20.2
+ interval: 15m
+ values:
+ installation:
+ enabled: true
+ kubernetesProvider: ""
+ calicoNetwork:
+ bgp: Disabled
+ hostPorts: Enabled
+ ipPools:
+ - blockSize: 26
+ cidr: 192.168.0.0/16
+ encapsulation: VXLAN
+ natOutgoing: Enabled
+ nodeSelector: all()
+
diff --git a/infrastructure/calico/repository.yaml b/infrastructure/calico/repository.yaml
new file mode 100644
index 000000000..65fde274e
--- /dev/null
+++ b/infrastructure/calico/repository.yaml
@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: projectcalico
+spec:
+ interval: 30m
+ url: https://docs.projectcalico.org/charts
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 8d3320ce6..cd68e04ae 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
+ - calico
# kyverno
- hcloud-csi
- rook
diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 39e8b028e..667e9a447 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -38,6 +38,27 @@ resource "hcloud_firewall" "k8s-node" {
port = "30000-32767"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
+ rule {
+ description = "Calico BGP"
+ direction = "in"
+ protocol = "tcp"
+ port = "179"
+ source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+ }
+ rule {
+ description = "Calico VXLAN"
+ direction = "in"
+ protocol = "udp"
+ port = "4789"
+ source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+ }
+ rule {
+ description = "Calico Typha"
+ direction = "in"
+ protocol = "tcp"
+ port = "5473"
+ source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+ }
# Host level services, including the node exporter on ports 9100-9101.
rule {
description = "Host level services"
--
GitLab