diff --git a/kubernetes/apps/kube-system/coredns/app/helm-values.yml b/kubernetes/apps/kube-system/coredns/app/helm-values.yml index e7722b33..9ab75e18 100644 --- a/kubernetes/apps/kube-system/coredns/app/helm-values.yml +++ b/kubernetes/apps/kube-system/coredns/app/helm-values.yml @@ -6,7 +6,7 @@ serviceAccount: create: true service: name: kube-dns - clusterIP: 10.96.0.10 + clusterIP: 10.4.0.10 servers: - zones: - zone: . diff --git a/kubernetes/bootstrap/readme.md b/kubernetes/bootstrap/readme.md index 3d8b73f0..c9eac661 100644 --- a/kubernetes/bootstrap/readme.md +++ b/kubernetes/bootstrap/readme.md @@ -2,7 +2,7 @@ ## Prerequisites ```sh -brew install helmfile +mise use helm helmfile helm plugin install https://github.com/databus23/helm-diff ``` @@ -11,14 +11,19 @@ helm plugin install https://github.com/databus23/helm-diff ### Bootstrap talos cluster ```sh -talosctl apply-config --nodes=10.1.1.61 --file=./kubernetes/bootstrap/talos/clusterconfig/homelab-shadowfax.yaml --insecure -talosctl bootstrap --nodes=10.1.1.61 +talosctl apply-config --nodes=frodo --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-frodo.yaml --insecure +talosctl apply-config --nodes=bilbo --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-bilbo.yaml --insecure +talosctl apply-config --nodes=sam --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-sam.yaml --insecure +talosctl apply-config --nodes=merry --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-merry.yaml --insecure +talosctl apply-config --nodes=pippin --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-pippin.yaml --insecure +talosctl apply-config --nodes=rosie --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-rosie.yaml --insecure +talosctl bootstrap --nodes=frodo ``` ## CNI & Container Proxy -### Install Cilium & Spegel +### Install Cilium, csr-approver, coredns, and Prometheus CRDs. ```sh -helmfile apply -f kubernetes/bootstrap/talos/apps/helmfile.yaml +helmfile apply -f kubernetes/bootstrap/helmfile.yaml ``` ## Flux Prep @@ -35,7 +40,6 @@ _These cannot be applied with `kubectl` in the regular fashion due to be encrypt ```sh sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f - -sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f - sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f - kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml ``` diff --git a/kubernetes/bootstrap/talos/talconfig.yaml b/kubernetes/bootstrap/talos/talconfig.yaml index e05ec34d..992c29c4 100644 --- a/kubernetes/bootstrap/talos/talconfig.yaml +++ b/kubernetes/bootstrap/talos/talconfig.yaml @@ -12,10 +12,8 @@ additionalApiServerCertSans: &sans - 10.1.1.57 # haproxy loadbalancer additionalMachineCertSans: *sans clusterPodNets: - # - "10.244.0.0/16" - "10.3.0.0/16" clusterSvcNets: - # - "10.96.0.0/12" - "10.4.0.0/16" ## Cilium LBPool CIDR 10.1.1.30-49 --> 10.5.0.0/16 diff --git a/kubernetes/tools/wiperook.yaml b/kubernetes/tools/wiperook.yaml index 6c7367e8..7f824ee8 100644 --- a/kubernetes/tools/wiperook.yaml +++ b/kubernetes/tools/wiperook.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: Pod metadata: - name: disk-wipe-sam + name: disk-wipe-pippin namespace: kube-system spec: restartPolicy: Never - nodeName: sam + nodeName: pippin containers: - name: disk-wipe image: docker.io/library/alpine:latest @@ -16,11 +16,7 @@ spec: env: - name: CEPH_DISK value: "/dev/nvme0n1" - command: - [ - "/bin/sh", - "-c" - ] + command: ["/bin/sh", "-c"] args: - apk add --no-cache sgdisk util-linux parted; sgdisk --zap-all $CEPH_DISK; @@ -39,11 +35,11 @@ spec: apiVersion: v1 kind: Pod metadata: - name: disk-wipe-frodo + name: disk-wipe-merry namespace: kube-system spec: restartPolicy: Never - nodeName: frodo + nodeName: merry containers: - name: disk-wipe image: docker.io/library/alpine:latest @@ -52,12 +48,8 @@ spec: resources: {} env: - name: CEPH_DISK - value: "/dev/nvme0n1" - command: - [ - "/bin/sh", - "-c" - ] + value: "/dev/nvme1n1" + command: ["/bin/sh", "-c"] args: - apk add --no-cache sgdisk util-linux parted; sgdisk --zap-all $CEPH_DISK; @@ -76,11 +68,11 @@ spec: apiVersion: v1 kind: Pod metadata: - name: disk-wipe-bilbo + name: disk-wipe-rosie namespace: kube-system spec: restartPolicy: Never - nodeName: bilbo + nodeName: rosie containers: - name: disk-wipe image: docker.io/library/alpine:latest @@ -91,11 +83,7 @@ spec: - name: CEPH_DISK value: "/dev/nvme0n1" - command: - [ - "/bin/sh", - "-c" - ] + command: ["/bin/sh", "-c"] args: - apk add --no-cache sgdisk util-linux parted; sgdisk --zap-all $CEPH_DISK; diff --git a/mise.toml b/mise.toml index 65009ee9..4d156126 100644 --- a/mise.toml +++ b/mise.toml @@ -1,11 +1,18 @@ [tools] +helm = "latest" +helmfile = "latest" task = "latest" [env] KUBECONFIG="{{config_root}}/kubeconfig" SOPS_AGE_KEY_FILE="{{config_root}}/age.key" -TALOSCONFIG="{{config_root}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig" +TALOSDIR="{{config_root}}/kubernetes/bootstrap/talos" +TALOSCONFIG="{{env['TALOSDIR']}}/clusterconfig/talosconfig" [tasks.aider] description = "My Aider workflow." run = "aider --no-auto-commits --cache-prompts --cache-keepalive-pings 12 --no-suggest-shell-commands --watch-files" + +[tasks.talhelper-gen] +description = "Generate talhelper configuration for Talos" +run = "talhelper genconfig --env-file {{env['TALOSDIR']}}/talenv.sops.yaml --secret-file {{env['TALOSDIR']}}/talsecret.sops.yaml --config-file {{env['TALOSDIR']}}/talconfig.yaml --out-dir {{env['TALOSDIR']}}/clusterconfig"