feat: manage rancher, purelb, cert-manager (#395)

This change will install rancher, purelb and cert-manager, then
configure a dmz and common ip pool to be used by loadbalancers. The
nginx ingres controller is configured to use 198.18.200.0 (common) and
announce the ip from all nodes so that it becomes an anycast ip in ospf.

- manage the install of rancher, purelb and cert-manager
- add rancher ingress routes
- add nginx externalip/loadBalancer

Reviewed-on: #395
This commit was merged in pull request #395.
This commit is contained in:
2025-09-14 20:59:39 +10:00
parent 6e4bc9fbc7
commit 4e77fb7ee7
10 changed files with 14089 additions and 3 deletions
-1
View File
@@ -23,7 +23,6 @@ rke2::config_hash:
- "country=%{facts.country}"
- "asset=%{facts.dmi.product.serial_number}"
- "zone=%{zone}"
- "environment=%{environment}"
# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package
python::manage_dev_package: false
+11 -1
View File
@@ -5,8 +5,17 @@ rke2::helm_install: true
rke2::helm_repos:
metallb: https://metallb.github.io/metallb
rancher-stable: https://releases.rancher.com/server-charts/stable
purelb: https://gitlab.com/api/v4/projects/20400619/packages/helm/stable
jetstack: https://charts.jetstack.io
rke2::extra_config_files:
- rke2-canal-config
- 000_namespaces
- 010_rke2-canal-config
- 010_cert-manager
- 010_purelb
- 010_rancher
- 100_purelb_config
- 200_ingres_lb_nginx
- 201_ingres_route_rancher
rke2::config_hash:
advertise-address: "%{hiera('networking_loopback0_ip')}"
cluster-domain: "svc.k8s.unkin.net"
@@ -28,6 +37,7 @@ rke2::config_hash:
kube-controller-manager-arg:
- '--node-monitor-period=4s'
protect-kernel-defaults: true
disable-kube-proxy: false
# configure consul service
consul::services: