OpenNebula · sk4zuzu · Mar 14, 2025 · Mar 4, 2025 · Mar 13, 2025
diff --git a/appliances/OneKE/config.rb b/appliances/OneKE/config.rb
@@ -60,6 +60,10 @@
 ONEAPP_K8S_CONTROL_PLANE_EP = env :ONEAPP_K8S_CONTROL_PLANE_EP, "#{ONEAPP_VROUTER_ETH0_VIP0}:#{ONEAPP_VNF_HAPROXY_LB1_PORT}"
 ONEAPP_K8S_EXTRA_SANS       = env :ONEAPP_K8S_EXTRA_SANS, 'localhost,127.0.0.1'
 
+# IPv4/IPv6 network CIDRs to use for cluster and service IPs: https://docs.rke2.io/reference/server_config#networking
+ONEAPP_K8S_CLUSTER_CIDR = env :ONEAPP_K8S_CLUSTER_CIDR, '10.42.0.0/16'
+ONEAPP_K8S_SERVICE_CIDR = env :ONEAPP_K8S_SERVICE_CIDR, '10.43.0.0/16'
+
 # Proxy config for RKE2: https://docs.rke2.io/advanced#configuring-an-http-proxy
 ONEAPP_K8S_HTTP_PROXY  = env :ONEAPP_K8S_HTTP_PROXY, nil
 ONEAPP_K8S_HTTPS_PROXY = env :ONEAPP_K8S_HTTPS_PROXY, nil

diff --git a/appliances/OneKE/kubernetes.rb b/appliances/OneKE/kubernetes.rb
@@ -13,15 +13,11 @@
 def install_kubernetes(airgap_dir = ONE_AIRGAP_DIR)
     rke2_release_url = "https://github.com/rancher/rke2/releases/download/#{ONE_SERVICE_RKE2_VERSION}"
 
-    amap= {
-      "x86_64" => "amd64",
-      "aarch64" => "arm64"
-    }
     begin
-      arch = amap[`arch`.strip]
+        arch = {'x86_64' => 'amd64', 'aarch64' => 'arm64'}[`arch`.strip]
     rescue KeyError
-      msg :error, "Unknown architecture"
-      exit 1
+        msg :error, 'Unknown architecture'
+        exit 1
     end
 
     msg :info, "Install RKE2 runtime: #{ONE_SERVICE_RKE2_VERSION}"
@@ -203,6 +199,8 @@ def init_master
         'node-taint'               => ['CriticalAddonsOnly=true:NoExecute'],
         'disable'                  => ['rke2-ingress-nginx'],
         'cni'                      => cni,
+        'cluster-cidr'             => ONEAPP_K8S_CLUSTER_CIDR,
+        'service-cidr'             => ONEAPP_K8S_SERVICE_CIDR,
         'disable-kube-proxy'       => ONEAPP_K8S_CNI_PLUGIN == 'cilium',
         'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false
     }
@@ -260,6 +258,8 @@ def join_master(token, retries = RETRIES, seconds = SECONDS)
         'node-taint'               => ['CriticalAddonsOnly=true:NoExecute'],
         'disable'                  => ['rke2-ingress-nginx'],
         'cni'                      => cni,
+        'cluster-cidr'             => ONEAPP_K8S_CLUSTER_CIDR,
+        'service-cidr'             => ONEAPP_K8S_SERVICE_CIDR,
         'disable-kube-proxy'       => ONEAPP_K8S_CNI_PLUGIN == 'cilium',
         'disable-cloud-controller' => ONEAPP_RKE2_CLOUD_CONTROLLER_ENABLED == false
     }
@@ -392,10 +392,13 @@ def configure_rke2_proxy(current_role)
     proxy_config = []
     proxy_config << "HTTP_PROXY=#{ONEAPP_K8S_HTTP_PROXY}" unless ONEAPP_K8S_HTTP_PROXY.nil?
     proxy_config << "HTTPS_PROXY=#{ONEAPP_K8S_HTTPS_PROXY}" unless ONEAPP_K8S_HTTPS_PROXY.nil?
+
     if ONEAPP_K8S_NO_PROXY.to_s.empty?
-        no_proxy = ['127.0.0.1/32', 'localhost']
+        no_proxy = ['127.0.0.0/8', 'localhost']
         no_proxy << retrieve_endpoint_host(ONEAPP_K8S_CONTROL_PLANE_EP) if ONEAPP_K8S_CONTROL_PLANE_EP
         no_proxy << retrieve_endpoint_host(ONEAPP_RKE2_SUPERVISOR_EP) if ONEAPP_RKE2_SUPERVISOR_EP
+        no_proxy << ONEAPP_K8S_CLUSTER_CIDR
+        no_proxy << ONEAPP_K8S_SERVICE_CIDR
         proxy_config << "NO_PROXY=#{no_proxy.uniq.join(',')}"
     else
         proxy_config << "NO_PROXY=#{ONEAPP_K8S_NO_PROXY}"