tooling and bootstrap updates

kubernetes/apps/kube-system/coredns/app/helm-values.yml

@@ -6,7 +6,7 @@ serviceAccount:
   create: true
 service:
   name: kube-dns
-  clusterIP: 10.96.0.10
+  clusterIP: 10.4.0.10
 servers:
   - zones:
       - zone: .

kubernetes/bootstrap/readme.md

@@ -2,7 +2,7 @@
 
 ## Prerequisites
 ```sh
-brew install helmfile
+mise use helm helmfile
 helm plugin install https://github.com/databus23/helm-diff
 ```
 
@@ -11,14 +11,19 @@ helm plugin install https://github.com/databus23/helm-diff
 ### Bootstrap talos cluster
 
 ```sh
-talosctl apply-config --nodes=10.1.1.61 --file=./kubernetes/bootstrap/talos/clusterconfig/homelab-shadowfax.yaml --insecure
+talosctl apply-config --nodes=frodo --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-frodo.yaml --insecure
-talosctl bootstrap --nodes=10.1.1.61
+talosctl apply-config --nodes=bilbo --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-bilbo.yaml --insecure
+talosctl apply-config --nodes=sam --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-sam.yaml --insecure
+talosctl apply-config --nodes=merry --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-merry.yaml --insecure
+talosctl apply-config --nodes=pippin --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-pippin.yaml --insecure
+talosctl apply-config --nodes=rosie --file=./kubernetes/bootstrap/talos/clusterconfig/theshire-rosie.yaml --insecure
+talosctl bootstrap --nodes=frodo
 ```
 ## CNI & Container Proxy
 
-### Install Cilium & Spegel
+### Install Cilium, csr-approver, coredns, and Prometheus CRDs.
 ```sh
-helmfile apply -f kubernetes/bootstrap/talos/apps/helmfile.yaml
+helmfile apply -f kubernetes/bootstrap/helmfile.yaml
 ```
 
 ## Flux Prep
@@ -35,7 +40,6 @@ _These cannot be applied with `kubectl` in the regular fashion due to be encrypt
 
 ```sh
 sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
-sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
 sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
 kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml
 ```

kubernetes/bootstrap/talos/talconfig.yaml

@@ -12,10 +12,8 @@ additionalApiServerCertSans: &sans
   - 10.1.1.57 # haproxy loadbalancer
 additionalMachineCertSans: *sans
 clusterPodNets:
-  # - "10.244.0.0/16"
   - "10.3.0.0/16"
 clusterSvcNets:
-  # - "10.96.0.0/12"
   - "10.4.0.0/16"
 ## Cilium LBPool CIDR 10.1.1.30-49 --> 10.5.0.0/16
 

kubernetes/tools/wiperook.yaml

@@ -2,11 +2,11 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-sam
+  name: disk-wipe-pippin
   namespace: kube-system
 spec:
   restartPolicy: Never
-  nodeName: sam
+  nodeName: pippin
   containers:
     - name: disk-wipe
       image: docker.io/library/alpine:latest
@@ -16,11 +16,7 @@ spec:
       env:
         - name: CEPH_DISK
           value: "/dev/nvme0n1"
-      command:
+      command: ["/bin/sh", "-c"]
-        [
-          "/bin/sh",
-          "-c"
-        ]
       args:
         - apk add --no-cache sgdisk util-linux parted;
           sgdisk --zap-all $CEPH_DISK;
@@ -39,11 +35,11 @@ spec:
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-frodo
+  name: disk-wipe-merry
   namespace: kube-system
 spec:
   restartPolicy: Never
-  nodeName: frodo
+  nodeName: merry
   containers:
     - name: disk-wipe
       image: docker.io/library/alpine:latest
@@ -52,12 +48,8 @@ spec:
       resources: {}
       env:
         - name: CEPH_DISK
-          value: "/dev/nvme0n1"
+          value: "/dev/nvme1n1"
-      command:
+      command: ["/bin/sh", "-c"]
-        [
-          "/bin/sh",
-          "-c"
-        ]
       args:
         - apk add --no-cache sgdisk util-linux parted;
           sgdisk --zap-all $CEPH_DISK;
@@ -76,11 +68,11 @@ spec:
 apiVersion: v1
 kind: Pod
 metadata:
-  name: disk-wipe-bilbo
+  name: disk-wipe-rosie
   namespace: kube-system
 spec:
   restartPolicy: Never
-  nodeName: bilbo
+  nodeName: rosie
   containers:
     - name: disk-wipe
       image: docker.io/library/alpine:latest
@@ -91,11 +83,7 @@ spec:
         - name: CEPH_DISK
           value: "/dev/nvme0n1"
 
-      command:
+      command: ["/bin/sh", "-c"]
-        [
-          "/bin/sh",
-          "-c"
-        ]
       args:
         - apk add --no-cache sgdisk util-linux parted;
           sgdisk --zap-all $CEPH_DISK;

mise.toml

@@ -1,11 +1,18 @@
 [tools]
+helm = "latest"
+helmfile = "latest"
 task = "latest"
 
 [env]
 KUBECONFIG="{{config_root}}/kubeconfig"
 SOPS_AGE_KEY_FILE="{{config_root}}/age.key"
-TALOSCONFIG="{{config_root}}/kubernetes/bootstrap/talos/clusterconfig/talosconfig"
+TALOSDIR="{{config_root}}/kubernetes/bootstrap/talos"
+TALOSCONFIG="{{env['TALOSDIR']}}/clusterconfig/talosconfig"
 
 [tasks.aider]
 description = "My Aider workflow."
 run = "aider --no-auto-commits --cache-prompts --cache-keepalive-pings 12 --no-suggest-shell-commands --watch-files"
+
+[tasks.talhelper-gen]
+description = "Generate talhelper configuration for Talos"
+run = "talhelper genconfig --env-file {{env['TALOSDIR']}}/talenv.sops.yaml --secret-file {{env['TALOSDIR']}}/talsecret.sops.yaml --config-file {{env['TALOSDIR']}}/talconfig.yaml --out-dir {{env['TALOSDIR']}}/clusterconfig"