diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml new file mode 100644 index 0000000..92451d3 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yaml @@ -0,0 +1,3 @@ +--- +providerRegex: ^shadowfax$ +bypassDnsResolution: true diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml new file mode 100644 index 0000000..b1eafc5 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helmrelease.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: kubelet-csr-approver +spec: + interval: 30m + chart: + spec: + chart: kubelet-csr-approver + version: 1.1.0 + sourceRef: + kind: HelmRepository + name: postfinance + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + valuesFrom: + - kind: ConfigMap + name: kubelet-csr-approver-helm-values + values: + metrics: + enable: true + serviceMonitor: + enabled: true diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml new file mode 100644 index 0000000..9f1c424 --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomization.yaml @@ -0,0 +1,12 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml +configMapGenerator: + - name: kubelet-csr-approver-helm-values + files: + - values.yaml=./helm-values.yaml +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml new file mode 100644 index 0000000..58f92ba --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml new file mode 100644 index 0000000..8e7c1da --- /dev/null +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kubelet-csr-approver + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/kube-system/kubelet-csr-approver/app + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml index 439a259..5f6a0e5 100644 --- a/kubernetes/apps/kube-system/kustomization.yaml +++ b/kubernetes/apps/kube-system/kustomization.yaml @@ -10,6 +10,7 @@ resources: - ./descheduler/ks.yaml - ./dnsimple-webhook-rbac.yaml - ./fstrim/ks.yaml + - ./kubelet-csr-approver/ks.yaml - ./metrics-server/ks.yaml - ./multus/ks.yaml - ./intel-device-plugin/ks.yaml diff --git a/kubernetes/bootstrap/talos/apps/helmfile.yaml b/kubernetes/bootstrap/talos/apps/helmfile.yaml index 77ed058..e40d4e8 100644 --- a/kubernetes/bootstrap/talos/apps/helmfile.yaml +++ b/kubernetes/bootstrap/talos/apps/helmfile.yaml @@ -10,8 +10,8 @@ helmDefaults: repositories: - name: cilium url: https://helm.cilium.io - - name: nvdp - url: https://nvidia.github.io/k8s-device-plugin + - name: postfinance + url: https://postfinance.github.io/kubelet-csr-approver releases: - name: cilium @@ -20,15 +20,15 @@ releases: version: 1.15.4 values: ["../../../apps/kube-system/cilium/app/resources/values.yml"] wait: true - - name: nvidia-device-plugin + - name: kubelet-csr-approver namespace: kube-system - chart: nvdp/nvidia-device-plugin - version: 0.14.5 - values: ["../../../apps/kube-system/nvidia-device-plugin/app/resources/values.yml"] - wait: true + chart: postfinance/kubelet-csr-approver + version: 1.1.0 + values: ["../../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"] + needs: ["cilium"] - name: spegel namespace: kube-system chart: oci://ghcr.io/spegel-org/helm-charts/spegel version: v0.0.22 values: ["../../../apps/kube-system/spegel/app/resources/values.yml"] - wait: true \ No newline at end of file + wait: true diff --git a/kubernetes/bootstrap/talos/talconfig.yaml b/kubernetes/bootstrap/talos/talconfig.yaml index 3692023..654f386 100644 --- a/kubernetes/bootstrap/talos/talconfig.yaml +++ b/kubernetes/bootstrap/talos/talconfig.yaml @@ -6,9 +6,6 @@ talosVersion: v1.7.1 kubernetesVersion: 1.28.4 endpoint: "https://10.1.1.57:6443" -cniConfig: - name: none - additionalApiServerCertSans: - 10.1.1.57 @@ -21,10 +18,12 @@ nodes: ipAddress: 10.1.1.61 controlPlane: true installDiskSelector: - busPath: /dev/nvme0n1 + busPath: /pci0000:20/0000:20:01.2/0000:2d:00.0/nvme/nvme1/nvme1n1 networkInterfaces: - - interface: eth0 + - interface: enp37s0f1 dhcp: true + - interface: enp37s0f0 + dhcp: false kernelModules: - name: nvidia - name: nvidia_uvm @@ -55,7 +54,7 @@ controlPlane: machine: network: nameservers: - - 10.1.1.11 + - 10.1.1.1 # Configure NTP - |- @@ -79,6 +78,9 @@ controlPlane: allowSchedulingOnMasters: true proxy: disabled: true + network: + cni: + name: none # ETCD configuration - |-