From d11060140583b29615250d4aa31c1d39817fe0f1 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 6 Oct 2021 02:22:59 +0200
Subject: [PATCH] calico: Remove from setup
I spend way too much time on debugging calico in various areas. It seems
like something is borken with the firewall and only when I disable it
completely, it'll work. This is not practical and also not acceptable.
---
infrastructure/calico/kustomization.yaml | 6 -----
infrastructure/calico/release.yaml | 29 ------------------------
infrastructure/calico/repository.yaml | 7 ------
infrastructure/kustomization.yaml | 1 -
terraform/firewall.tf | 21 -----------------
5 files changed, 64 deletions(-)
delete mode 100644 infrastructure/calico/kustomization.yaml
delete mode 100644 infrastructure/calico/release.yaml
delete mode 100644 infrastructure/calico/repository.yaml
diff --git a/infrastructure/calico/kustomization.yaml b/infrastructure/calico/kustomization.yaml
deleted file mode 100644
index d9e0d9152..000000000
--- a/infrastructure/calico/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: default
-resources:
- - repository.yaml
- - release.yaml
diff --git a/infrastructure/calico/release.yaml b/infrastructure/calico/release.yaml
deleted file mode 100644
index f88de7db7..000000000
--- a/infrastructure/calico/release.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
- name: calico
- namespace: default
-spec:
- releaseName: calico
- chart:
- spec:
- chart: tigera-operator
- sourceRef:
- kind: HelmRepository
- name: projectcalico
- version: v3.20.2
- interval: 15m
- values:
- installation:
- enabled: true
- kubernetesProvider: ""
- calicoNetwork:
- bgp: Disabled
- hostPorts: Enabled
- ipPools:
- - blockSize: 26
- cidr: 192.168.0.0/16
- encapsulation: VXLAN
- natOutgoing: Enabled
- nodeSelector: all()
-
diff --git a/infrastructure/calico/repository.yaml b/infrastructure/calico/repository.yaml
deleted file mode 100644
index 65fde274e..000000000
--- a/infrastructure/calico/repository.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
- name: projectcalico
-spec:
- interval: 30m
- url: https://docs.projectcalico.org/charts
diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index cd68e04ae..8d3320ce6 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -1,7 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - calico
# kyverno
- hcloud-csi
- rook
diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index 77e9100ad..4bc524580 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -37,27 +37,6 @@ resource "hcloud_firewall" "k8s-node" {
port = "30000-32767"
source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
}
- rule {
- description = "Calico BGP"
- direction = "in"
- protocol = "tcp"
- port = "179"
- source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
- }
- rule {
- description = "Calico VXLAN"
- direction = "in"
- protocol = "udp"
- port = "4789"
- source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
- }
- rule {
- description = "Calico Typha"
- direction = "in"
- protocol = "tcp"
- port = "5473"
- source_ips = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
- }
# Host level services, including the node exporter on ports 9100-9101.
rule {
description = "Host level services"
--
GitLab