forked from k-space/kube
update readme about network
This commit is contained in:
@@ -24,6 +24,12 @@ Tip: Search the repo for `kind: xyz` for examples.
|
||||
[^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns`](bind/README.md) out of the box.
|
||||
[^authz]: Applications should use OpenID Connect (`kind: OIDCClient`) for authentication, whereever possible. If not possible, use `kind: OIDCMiddlewareClient` client, which will provide authentication via a Traefik middleware (`traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd`). Sometimes you might use both for extra security.
|
||||
|
||||
### Network
|
||||
|
||||
All nodes are in Infra VLAN 21. Routing is implemented with BGP, all nodes and the router make a full-mesh. Both Serice LB IPs and Pod IPs are advertised to the router. Router does NAT for outbound pod traffic.
|
||||
See the [Calico installation](tigera-operator/application.yml) for Kube side and Routing / BGP in the router.
|
||||
Static routes for 193.40.103.36/30 have been added in pve nodes to make them communicating with Passmower via Traefik more stable - otherwise packets coming back to the PVE are routed directly via VLAN 21 internal IPs by the worker nodes, breaking TCP.
|
||||
|
||||
<!-- Linked to by https://wiki.k-space.ee/e/en/hosting/storage -->
|
||||
### Databases / -stores:
|
||||
- KeyDB: `kind: KeydbClaim` (replaces Redis[^redisdead])
|
||||
|
||||
Reference in New Issue
Block a user