Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / c4e512fc30b4c2067fd4bacae882d9171936d2c8^! / .
commitc4e512fc30b4c2067fd4bacae882d9171936d2c8[log] [tgz]
authorgiolekva <giolekva@gmail.com>Sun Oct 24 10:38:35 2021 +0400
committergiolekva <giolekva@gmail.com>Sun Oct 24 10:38:35 2021 +0400
tree32da17e28ce737e87743de130ecb151c8cd952bb
parent304e714d718817e11333d380704878ef9118f5c3 [diff]
Infra: add rpi114 to vpn mesh

diff --git a/scripts/homelab/installer/ingress-nginx.sh b/scripts/homelab/installer/ingress-nginx.sh
index b3cc4eb..3270b98 100644
--- a/scripts/homelab/installer/ingress-nginx.sh
+++ b/scripts/homelab/installer/ingress-nginx.sh

@@ -24,10 +24,10 @@
 # 	-n ingress-nginx-private \
 # 	lighthouse-config \
 # 	--from-file ../../core/nebula/lighthouse.yaml
-kubectl create configmap \
-	-n ingress-nginx-private \
-	nodes-lighthouse-config \
-	--from-file installer/nodes-lighthouse.yaml
+# kubectl create configmap \
+# 	-n ingress-nginx-private \
+# 	nodes-lighthouse-config \
+# 	--from-file installer/nodes-lighthouse.yaml
 
 kubectl apply -f installer/nodes-infrastructure.yaml
 

diff --git a/scripts/homelab/installer/nodes-infrastructure.yaml b/scripts/homelab/installer/nodes-infrastructure.yaml
index d40eb87..f10392e 100644
--- a/scripts/homelab/installer/nodes-infrastructure.yaml
+++ b/scripts/homelab/installer/nodes-infrastructure.yaml

@@ -31,6 +31,17 @@
   ipCidr: "111.0.0.113/24"
   secretName: node-rpi113-cert
 ---
+apiVersion: lekva.me/v1
+kind: NebulaNode
+metadata:
+  name: rpi114
+  namespace: ingress-nginx-private
+spec:
+  caName: pcloud
+  caNamespace: ingress-nginx-private
+  ipCidr: "111.0.0.114/24"
+  secretName: node-rpi114-cert
+---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -204,3 +215,61 @@
         operator: "Equal"
         value: "role"
         effect: "NoSchedule"
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: lighthouse-rpi114
+  namespace: ingress-nginx-private
+spec:
+  selector:
+    matchLabels:
+      app: lighthouse-rpi114
+  template:
+    metadata:
+      labels:
+        app: lighthouse-rpi114
+    spec:
+      restartPolicy: Always
+      hostNetwork: true
+      volumes:
+      - name: cert
+        secret:
+          secretName: node-rpi114-cert
+      - name: config
+        configMap:
+          name: nodes-lighthouse-config
+      containers:
+      - name: lighthouse
+        image: giolekva/nebula:latest
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          capabilities:
+            add: ["NET_ADMIN"]
+          privileged: true
+        ports:
+        - name: lighthouse
+          containerPort: 4242
+          protocol: UDP
+        command: ["nebula", "--config=/etc/nebula/config/nodes-lighthouse.yaml"]
+        volumeMounts:
+        - name: cert
+          mountPath: /etc/nebula/lighthouse
+          readOnly: true
+        - name: config
+          mountPath: /etc/nebula/config
+          readOnly: true
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                - key: kubernetes.io/hostname
+                  operator: In
+                  values:
+                  - rpi114
+      tolerations:
+      - key: "pcloud"
+        operator: "Equal"
+        value: "role"
+        effect: "NoSchedule"