From 7201f7ed5c6b5032f4d75b1338552f113233ff5a Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 21 Jun 2024 22:11:27 -0500
Subject: [PATCH] vm-hosts: Expose storage VLAN to VMs

To improve the performance of persistent volumes accessed directly from
the Synology by Kubernetes pods, I've decided to expose the storage
network to the Kubernetes worker node VMs.  This way, iSCSI traffic does
not have to go through the firewall.

I chose not to use the physical interfaces that are already directly
connected to the storage network for this for two reasons: 1) I like
the physical separation of concerns and 2) it would add complexity to
the setup by introducing a bridge on top of the existing bond.
---
 group_vars/vm-hosts.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/group_vars/vm-hosts.yml b/group_vars/vm-hosts.yml
index 2dfad7b..a0e032a 100644
--- a/group_vars/vm-hosts.yml
+++ b/group_vars/vm-hosts.yml
@@ -14,6 +14,9 @@ libvirt_networks:
 - name: kube
   type: bridge
   bridge_iface: kube
+- name: storage
+  type: bridge
+  bridge_iface: storage
 storage_host: storage0.pyrocufflink.blue
 shared_volume_mount_packages:
 - nfs-utils
@@ -62,6 +65,13 @@ vmhost_netdevs:
     Kind: vlan
   VLAN:
     Id: 60
+- name: 51-vlan64
+  NetDev:
+    Description: Storage network (VLAN 64)
+    Name: vlan64
+    Kind: vlan
+  VLAN:
+    Id: 64
 - name: 52-vlan101
   NetDev:
     Description: pyrocufflink.red network (VLAN 101)
@@ -104,6 +114,11 @@ vmhost_netdevs:
     Description: Kubernetes VM network bridge
     Name: kube
     Kind: bridge
+- name: 60-storage
+  NetDev:
+    Description: Storage VM network bridge
+    Name: storage
+    Kind: bridge
 
 vmhost_networks:
 - name: 40-bond0
@@ -117,6 +132,7 @@ vmhost_networks:
     - vlan1  # pyrocufflink.blue
     - vlan10  # Management
     - vlan60  # Kubernetes
+    - vlan64  # Storage
     - vlan101  # pyrocufflink.red
     - vlan102  # Cameras
 - name: 40-bond1
@@ -155,6 +171,14 @@ vmhost_networks:
     DHCP: 'no'
     LinkLocalAddressing: 'no'
     Bridge: kube
+- name: 51-vlan64
+  Match:
+    Name: vlan64
+  Network:
+    Description: Storage network
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    Bridge: storage
 - name: 52-vlan101
   Match:
     Name: vlan101
@@ -186,6 +210,13 @@ vmhost_networks:
     Description: Kubernetes network bridge
     DHCP: 'no'
     LinkLocalAddressing: 'no'
+- name: 60-storage
+  Match:
+    Name: storage
+  Network:
+    Description: Storage network bridge
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
 - name: 60-mgmt
   Match:
     Name: mgmt