feat(HomeAssistant): Dual NAD VLANs

ArthurVardevanyan · Dec 26, 2024 · b163f6a · b163f6a
1 parent 6384d16
commit b163f6a
Show file tree

Hide file tree

Showing 8 changed files with 137 additions and 6 deletions.
diff --git a/kubernetes/ceph/base/ocs-rules.yaml b/kubernetes/ceph/base/ocs-rules.yaml
@@ -41,7 +41,7 @@ spec:
             severity_level: critical
             storage_type: ceph
           expr: |
-            label_replace((up{job="rook-ceph-mgr"} == 0 or absent(up{job="rook-ceph-mgr"})), "namespace", "openshift-storage", "", "")
+            label_replace((up{job="rook-ceph-mgr"} == 0 or absent(up{job="rook-ceph-mgr"})), "namespace", "rook-ceph", "", "")
           for: 5m
           labels:
             severity: critical

diff --git a/kubernetes/homeassistant/base/statefulset.yaml b/kubernetes/homeassistant/base/statefulset.yaml
@@ -25,11 +25,17 @@ spec:
         enable.version-checker.io/homeassistant: "true"
         k8s.v1.cni.cncf.io/networks: |
           [{
+            "name": "br1-vlan3",
+            "namespace": "default",
+            "mac": "10:01:01:00:30:02",
+            "ips": ["10.101.3.2/24"],
+            "default-route": ["10.101.3.1"]
+          },
+          {
             "name": "br1",
             "namespace": "default",
             "mac": "10:00:00:00:01:35",
-            "ips": ["10.0.0.135/24"],
-            "default-route": ["10.0.0.1"]
+            "ips": ["10.0.0.135/24"]
           }]
     spec:
       securityContext:

diff --git a/kubernetes/homeassistant/overlays/okd/egress-firewall.yaml b/kubernetes/homeassistant/overlays/okd/egress-firewall.yaml
@@ -12,6 +12,15 @@ spec:
         nodeSelector:
           matchLabels:
             node-role.kubernetes.io/control-plane: ""
+    - type: Allow
+      to:
+        dnsName: mobile-apps.home-assistant.io
+    - type: Deny
+      to:
+        cidrSelector: 151.101.1.195/32
+    - type: Deny
+      to:
+        cidrSelector: 151.101.65.195/32
     - type: Allow
       to:
         dnsName: truenas.arthurvardevanyan.com

diff --git a/kubernetes/kubevirt/base/vm/vm.yaml b/kubernetes/kubevirt/base/vm/vm.yaml
@@ -72,6 +72,10 @@ spec:
               macAddress: "10:00:00:00:01:33"
               model: virtio
               name: br1
+            - bridge: {}
+              macAddress: "10:01:01:00:30:03"
+              model: virtio
+              name: br1-vlan3
           networkInterfaceMultiqueue: true
           rng: {}
         features:
@@ -97,6 +101,9 @@ spec:
         - multus:
             networkName: default/br1
           name: br1
+        - multus:
+            networkName: default/br1-vlan3
+          name: br1-vlan3
       terminationGracePeriodSeconds: 180
       volumes:
         - dataVolume:

diff --git a/kubernetes/network-observability/base/object-bucket-claim.yaml b/kubernetes/network-observability/base/object-bucket-claim.yaml
@@ -11,4 +11,4 @@ spec:
   generateBucketName: netobserv
   storageClassName: rook-ceph-bucket
   additionalConfig:
-    maxSize: "150Gi"
+    maxSize: "200Gi"
diff --git a/kubernetes/nmstate/overlays/okd/network/networkAttachmentDefinition.yaml b/kubernetes/nmstate/overlays/okd/network/networkAttachmentDefinition.yaml
@@ -4,7 +4,7 @@ metadata:
   name: br1
   namespace: default
   annotations:
-    k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/br1
+    #k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/br1
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: "4"
 spec:
@@ -15,3 +15,21 @@ spec:
     "topology":"localnet",
     "netAttachDefName": "default/br1"
     }'
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: br1-vlan3
+  namespace: default
+  annotations:
+    #k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/br1-vlan3
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "4"
+spec:
+  config: '{
+    "cniVersion": "0.3.1",
+    "name": "br1.3",
+    "type": "ovn-k8s-cni-overlay",
+    "topology":"localnet",
+    "netAttachDefName": "default/br1-vlan3"
+    }'
diff --git a/kubernetes/nmstate/overlays/okd/network/nodeNetworkConfigurationPolicy.yaml b/kubernetes/nmstate/overlays/okd/network/nodeNetworkConfigurationPolicy.yaml
@@ -18,6 +18,7 @@ spec:
           dhcp: true
           enabled: true
         bridge:
+          allow-extra-patch-ports: true
           options:
             stp:
               enabled: false
@@ -50,6 +51,7 @@ spec:
           dhcp: true
           enabled: true
         bridge:
+          allow-extra-patch-ports: true
           options:
             stp:
               enabled: false
@@ -103,3 +105,89 @@ spec:
           dhcp: false
           enabled: false
         mtu: 9000
+---
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: vlan3-enp5s0
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  nodeSelector:
+    nic: enp5s0
+  desiredState:
+    interfaces:
+      - name: enp5s0.3
+        description: VLAN using enp5s0
+        type: vlan
+        state: up
+        ipv4:
+          dhcp: false
+          enabled: false
+        vlan:
+          base-iface: enp5s0
+          id: 3
+        mtu: 9000
+      - name: br1.3
+        description: OVS bridge with enp5s0.3 as a port
+        type: ovs-bridge
+        state: up
+        ipv4:
+          dhcp: true
+          enabled: true
+        bridge:
+          allow-extra-patch-ports: true
+          options:
+            stp:
+              enabled: false
+          port:
+            - name: enp5s0.3
+        mtu: 9000
+    ovn:
+      bridge-mappings:
+        - localnet: br1.3
+          bridge: br1.3
+          state: present
+---
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: vlan3-enp7s0
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  nodeSelector:
+    nic: enp7s0
+  desiredState:
+    interfaces:
+      - name: enp7s0.3
+        description: VLAN using enp7s0
+        type: vlan
+        state: up
+        ipv4:
+          dhcp: false
+          enabled: false
+        vlan:
+          base-iface: enp7s0
+          id: 3
+        mtu: 9000
+      - name: br1.3
+        description: OVS bridge with enp7s0.3 as a port
+        type: ovs-bridge
+        state: up
+        ipv4:
+          dhcp: true
+          enabled: true
+        bridge:
+          allow-extra-patch-ports: true
+          options:
+            stp:
+              enabled: false
+          port:
+            - name: enp7s0.3
+        mtu: 9000
+    ovn:
+      bridge-mappings:
+        - localnet: br1.3
+          bridge: br1.3
+          state: present
diff --git a/kubernetes/unifi-network-application/base/dns.yaml b/kubernetes/unifi-network-application/base/dns.yaml
@@ -12,9 +12,12 @@ spec:
       recordTTL: 60
       recordType: A
       targets:
-        - 10.0.0.1 #10.0.0.136
+        - 10.101.1.1
     - dnsName: unifi.arthurvardevanyan.com
       recordTTL: 60
       recordType: A
       targets:
         - 10.0.0.1
+        # - 10.101.1.1
+        # - 10.101.2.1
+        # - 10.101.3.1