dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/group_vars
History
Dustin 381ffe7112 kubernetes: Configure keepalived on control plane 
Control plane nodes will now run _keepalived_, to provide a "floating"
IP address that is assigned to one of the nodes at a time.  This
address (172.30.0.169) is now the target of the DNS A record for
_kubernetes.pyrocufflink.blue_, so clients will always communicate with
the server that currently holds the floating address, whichever that may
be.

I was originally inspired by the official Kubernetes [High Availability
Considerations][0] document when designing this.  At first, I planned to
deploy _keepalived_ and HAProxy as DaemonSets on the control plane
nodes, but this ended up being somewhat problematic whenever all of the
control plane nodes would go down at once, as the _keepalived_ and
HAProxy pods would not get scheduled and thus no clients communicate
with the API servers.

[0]: 9d7cfab6fe/docs/ha-considerations.md
 		2025-07-22 16:21:49 -05:00
..
dch-gw Move dch_networks definition to all group 2018-10-13 12:43:35 -05:00
public-web r/webites: Add apps.du5t1n.xyz F-Droid repo 2024-11-05 06:47:02 -06:00
pxe hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
pyrocufflink all: Set root authorized keys 2025-02-08 15:29:57 -06:00
unifi unifi: Back up with Restic 2025-03-29 09:36:37 -05:00
Fedora.yml r/useproxy: Configure system-wide proxy 2024-08-12 18:47:04 -05:00
Fedora37.yml Fedora37: Set collectd SELinux domain permissive 2022-12-19 10:22:00 -06:00
all.yml all: Set root authorized keys 2025-02-08 15:29:57 -06:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
bitwarden_rs.yml r/bitwarden_rs: Redirect to canonical host name 2024-11-05 06:37:03 -06:00
burp-client.yml hosts: Add burp1.p.b 2020-01-25 13:57:04 -06:00
burp-server.yml burp-server: Keep more backups 2023-07-17 16:36:37 -05:00
chrony.yml chrony: Add role/PB for chrony 2025-03-16 16:37:19 -05:00
collectd.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
dch-proxy.yml Merge remote-tracking branch 'refs/remotes/origin/master' 2025-01-28 17:34:37 -06:00
dch-vpn.yml dch-vpn: Avoid configuring firewalld 2018-10-13 12:19:25 -05:00
docker-proxy.yml docker-proxy: Deploy a proxy/cache for Docker Hub 2025-07-12 16:45:47 -05:00
file-servers.yml hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
frigate-prod.yml frigate: Set logout URL 2025-04-21 08:28:49 -05:00
frigate.yml r/frigate-caddy: Deploy Caddy in front of Frigate 2024-08-12 18:47:04 -05:00
gitea.yml hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
home-assistant.yml home-assistant: Back up Zigbee/ZWave/Mosquitto 2022-12-23 06:56:52 -06:00
jenkins-slave.yml jenkins-slave: Allow Jenkins to connect to Docker 2019-09-19 19:50:35 -05:00
k8s-controller.yml kubernetes: Configure keepalived on control plane 2025-07-22 16:21:49 -05:00
k8s-iot-net-ctrl.yml hosts: Add k8s-iot-net-ctrl group 2025-01-31 19:49:51 -06:00
k8s-longhorn.yml kubernetes: Manage worker nodes 2024-11-24 10:33:21 -06:00
k8s-node.yml kubernetes: Manage worker nodes 2024-11-24 10:33:21 -06:00
k8s-test.yml Add k8s-test group 2025-07-22 16:21:49 -05:00
koji-hub.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
koji.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
kubelet.yml kubelet: Fix CA cert for Docker Hub proxy 2025-07-16 16:05:19 -05:00
loki.yml r/loki-caddy: Caddy reverse proxy for Loki 2024-11-05 06:54:27 -06:00
minio-backups.yml minio-backups: Disable nginx access logs entirely 2025-07-03 11:15:40 -05:00
needproxy.yml r/useproxy: Configure system-wide proxy 2024-08-12 18:47:04 -05:00
nextcloud.yml nextcloud: Scrape logs with Promtail 2024-10-13 18:05:50 -05:00
nut-monitor.yml nut-monitor: Require both UPS to be online 2024-01-25 21:22:04 -06:00
postgresql.yml postgresql: Add receipts/user DB 2025-03-16 14:47:30 -05:00
prometheus.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
pyrocufflink-dhcp.yml pyrocufflink-dhcp: DHCP reservations for VM hosts 2021-02-17 20:33:41 -06:00
radius.yml Move APs to Management network 2018-07-15 09:19:39 -05:00
remote-blackbox.yml remote-blackbox: Add group 2025-01-26 13:08:59 -06:00
repohost.yml r/repohost: Configure Yum package repo host 2023-11-07 20:51:10 -06:00
restic.yml restic: Add role+playbook for Restic backups 2024-09-04 09:40:29 -05:00
samba-dc.yml r/samba-cert: Obtain LDAP/TLS cert via ACME 2024-06-12 18:33:24 -05:00
smtp-relay.yml smtp-relay: Rewrite dustin@hatch.name 2024-08-22 16:17:00 -05:00
sudo.yml users: Configure sudo on some machines 2025-01-26 13:08:59 -06:00
taiga.yml taiga: Add playbook for Taiga 2019-09-19 19:51:45 -05:00
unifi-test.yml unifi: Switch from nginx to Caddy 2025-03-16 17:17:00 -05:00
victoria-logs-test.yml r/victoria-logs: Deploy VictoriaLogs 2025-05-30 21:19:05 -05:00
victoria-logs.yml v-l: Add data volume for logs storage 2025-07-12 16:08:40 -05:00
vm-hosts.yml Deploy new Kubernetes nodes 2024-11-24 10:33:21 -06:00
wildcard-cert.yml plugins: Add lookup cache plugin 2025-07-13 16:02:57 -05:00
zabbix-server.yml zabbix-server: Allow SMTP relay from any loopback 2019-04-15 10:05:04 -05:00
zabbix.yml hosts: Add hosts to zabbix group 2018-04-14 15:47:49 -05:00