s5b-public/k8s

Go to file

Marcel Straub 5c2e53d66b Merge branch 'main' into feature/fix-cilium-network

2025-09-28 18:22:37 +02:00

00-infrastructure

IPv4 service subnet to 10.96.0.0/16

2025-09-13 23:14:55 +02:00

Configure BGP advertisement to export all routes

2025-09-13 22:35:11 +02:00

fixed LB-IPAM example application

2025-09-13 23:08:27 +02:00

reorg and restart of configuration build-up

2025-09-01 10:15:09 +02:00

.gitignore

Rebuild ArgoCD deployment by example on sealed-secrets

2025-09-07 11:08:10 +02:00

.yamllint.yaml

first edition that installs the cluster but cluster does not get healthy

2025-09-03 16:42:08 +02:00

install_clis.sh

Rebuild ArgoCD deployment by example on sealed-secrets

2025-09-07 11:08:10 +02:00

README.md

documented Pod network setup

2025-09-13 20:35:41 +02:00

README.md

Talos Cluster

Repository Structure

Infrastructure

Architecture

Network

Node Network

IPv4 configuration uses DHCP with static MAC binding for easy bring-up
IPv6 addresses are manually assigned
DNS Zone: prod.k8.eis-mk8.de.s5b.org

VLAN	IPv4	IPv6
210	10.51.10.0/23	2a13:fc80:1:a::/64

Pod Network

IPv4 only
IPv4 prefix: 10.244.0.0/16
Potential IPv6 prefix: 2a13:fc80:0001:d200::/64

Important side-notes

DNS resolver (Vyos) these networks must be whitelisted to allow recursive DNS

Service Network

Dual-Stack
IPv6 Prefix: 2a13:fc80:0001:d201::/64
IPv4 Prefix: 185.83.87.48/28

BGP

ASN	Who
65000	Upstream Router
65001	Cluster

How to use

Prerequisites

Secrets handling

Use direnv package to automatically load the environment variables for a directory and keep the secrets in .envrc files. For ZSH, add

eval "$(direnv hook zsh)"
``

to your ``.zshrc`` for automatic loading on directory change.