From fb2a32ade0bef7c55a572cc0c668c3873a219ffb Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Thu, 7 Oct 2021 22:53:00 +0200 Subject: [PATCH] switched to geneve tunneling --- README.md | 10 +++++++++- manifests/helm/cilium/values.yaml | 4 ++-- manifests/helm/nginx/values.yaml | 11 ++++------- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c97b25b..f9539f0 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Here's what is working at the moment: - Lightweight and resource-efficient Kubernetes with [k3s](https://github.com/k3s-io/k3s), and Fedora nodes to take advantage of the latest Linux kernels. -- Optimal [Cilium](https://github.com/cilium/cilium) CNI with full BPF support, native routing, and Kube-proxy replacement. It uses the Hetzner private subnet underneath to communicate between the nodes, so no encryption is needed. +- Optimal [Cilium](https://github.com/cilium/cilium) CNI with full BPF support, geneve tunneling (more stable than native routing), and Kube-proxy replacement. It uses the Hetzner private subnet underneath to communicate between the nodes, so no encryption is needed. - Automatic OS upgrades, supported by [kured](https://github.com/weaveworks/kured) that initiate a reboot of the node only when necessary and after having drained it properly. - Automatic HA by setting the required number of servers and agents nodes. - Automatic k3s upgrade by using Rancher's [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller) and tracking the latest 1.x stable branch. @@ -222,6 +222,14 @@ Then you can proceed to taking down the rest of the cluster with: terraform destroy -auto-approve ``` +Sometimes, the Hetzner network is still in use and refused to be deleted via terraform, in that case you can force delete it with: + +```sh +hcloud network delete k3s-net +``` + +Also, if you had a full blown cluster in use, it's best do delete the whole project in your Hetzner account directly, as there may be other ressources created via operators that are not part of this project. + ## Roadmap diff --git a/manifests/helm/cilium/values.yaml b/manifests/helm/cilium/values.yaml index 62ee63f..4ca92a7 100644 --- a/manifests/helm/cilium/values.yaml +++ b/manifests/helm/cilium/values.yaml @@ -15,10 +15,10 @@ ipam: # -- Configure the encapsulation configuration for communication between nodes. # Possible values: -# - disabled (native routing on the hetzner network) +# - disabled (native routing works, however I feel that geneve is more stable, but I may be wrong) # - vxlan # - geneve -tunnel: disabled +tunnel: geneve # -- Specify the IPv4 CIDR for native routing (ie to avoid IP masquerade for). # This value corresponds to the configured cluster-cidr. diff --git a/manifests/helm/nginx/values.yaml b/manifests/helm/nginx/values.yaml index 514c042..b83fa93 100644 --- a/manifests/helm/nginx/values.yaml +++ b/manifests/helm/nginx/values.yaml @@ -1,11 +1,8 @@ controller: - kind: DaemonSet service: type: LoadBalancer annotations: - load-balancer.hetzner.cloud/use-private-ip: "true" - # Adjust the location if you have customized it in terraform.tfvars - # For more info on Hetzner Cloud locations, see https://docs.hetzner.com/general/others/data-centers-and-connection/ - load-balancer.hetzner.cloud/location: "fsn1" - # For details about, load balancer instances, see https://www.hetzner.com/cloud/load-balancer - load-balancer.hetzner.cloud/type: "lb11" \ No newline at end of file + load-balancer.hetzner.cloud/name: nginx-ingress + load-balancer.hetzner.cloud/use-private-ip: true + load-balancer.hetzner.cloud/location: fsn1 + load-balancer.hetzner.cloud/type: lb11