kubernetes/apps/kube-system/cilium/app/resources/values.yml

@@ -17,7 +17,7 @@ cni:
   exclusive: false
 containerRuntime:
   integration: containerd
-devices: bond+
+devices: enp+
 socketLB:
   enabled: false # supposed to be default off, but it's enabled anyway, and looks fun lol # TODO: 2024-06-02: temporarily turned off to attempt fixing endpoint creation timeout
   hostNamespaceOnly: true # KubeVirt compatibility

kubernetes/apps/kube-system/multus/app/helmrelease.yaml

@@ -24,7 +24,7 @@ spec:
             {
               "cniVersion": "0.3.1",
               "logToStderr": true,
-              "logLevel": "info",
+              "logLevel": "verbose",
               "binDir": "/opt/cni/bin",
               "chrootDir": "/hostroot",
               "cniConfigDir": "/host/etc/cni/net.d",

kubernetes/apps/kube-system/multus/config/net-attach-iot.yaml

@@ -12,21 +12,14 @@ spec:
       "plugins": [
         {
           "type": "macvlan",
-          "master": "bond0.30",
+          "master": "bond0",
           "mode": "bridge",
-          "capabilities": {
-            "ips": true
-          },
           "ipam": {
             "type": "static",
             "routes": [
               { "dst": "10.1.2.0/24", "gw": "10.1.3.1" }
             ]
           }
-        },
-        {
-          "capabilities": { "mac": true },
-          "type": "tuning"
         }
       ]
-    }
+    }

kubernetes/bootstrap/helmfile.yaml

@@ -26,9 +26,9 @@ releases:
     version: 1.2.2
     values: ["../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
     needs: ["cilium"]
-  # - name: spegel
+  - name: spegel
-  #   namespace: kube-system
+    namespace: kube-system
-  #   chart: oci://ghcr.io/spegel-org/helm-charts/spegel
+    chart: oci://ghcr.io/spegel-org/helm-charts/spegel
-  #   version: v0.0.23
+    version: v0.0.23
-  #   values: ["../apps/kube-system/spegel/app/resources/values.yml"]
+    values: ["../apps/kube-system/spegel/app/resources/values.yml"]
-  #   wait: true
+    wait: true

kubernetes/bootstrap/readme.md

@@ -18,7 +18,7 @@ talosctl bootstrap --nodes=10.1.1.61
 
 ### Install Cilium & Spegel
 ```sh
-helmfile apply -f kubernetes/bootstrap/helmfile.yaml
+helmfile apply -f kubernetes/bootstrap/talos/apps/helmfile.yaml
 ```
 
 ## Flux Prep

kubernetes/bootstrap/talos/talconfig.yaml

@@ -4,13 +4,13 @@ clusterName: homelab
 
 talosVersion: v1.8.0-alpha.1
 kubernetesVersion: 1.30.2
-endpoint: "https://${clusterEndpointIP}:6443"
+endpoint: "https://10.1.1.57:6443"
 
-additionalApiServerCertSans: &san
+additionalApiServerCertSans:
-  - ${clusterEndpointIP}
+  - 10.1.1.57
-  - "127.0.0.1" # KubePrism
 
-additionalMachineCertSans: *san
+additionalMachineCertSans:
+  - 10.1.1.57
 
 nodes:
   - hostname: shadowfax
@@ -24,25 +24,10 @@ nodes:
         partitions:
           - mountpoint: /var/mnt/nvme1
     networkInterfaces:
-      - interface: bond0
+      - interface: enp37s0f1
         dhcp: true
-        bond:
+      - interface: enp37s0f0
-          mode: 802.3ad
+        dhcp: false
-          xmitHashPolicy: layer3+4
-          lacpRate: fast
-          miimon: 100
-          deviceSelectors:
-            - hardwareAddr: 04:42:1a:ef:35:74
-              driver: ixgbe
-            - hardwareAddr: 04:42:1a:ef:35:75
-              driver: ixgbe
-        vlans:
-          - &vlan-iot
-            vlanId: 30
-            mtu: 1500
-            dhcp: true
-            dhcpOptions:
-              routeMetric: 4096
     kernelModules:
       - name: nvidia
       - name: nvidia_uvm

kubernetes/bootstrap/talos/talenv.sops.yaml

@@ -1,5 +1,4 @@
 CLUSTER: ENC[AES256_GCM,data:2U1tPNOF/w==,iv:BE6ZEuh9SJirZ48ICFuf7RqnJhfOOu6PjEXwLDPG6vU=,tag:zk5eyFqcOmui6d70LQ7WtA==,type:str]
-clusterEndpointIP: ENC[AES256_GCM,data:1gDw0FqQQZ9/,iv:OQ64In7KPn0nqWran1U2/oEHkHSyQsZNM8/beAN1C1M=,tag:diqiZHPcGZ7DVgZGFKJyJw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +14,8 @@ sops:
             WUlNeVV1T2YxbjJCRU9ubVJheHNBTnMKzgZCLTz1Qo/91EFcHXxdKGosdRKKN/tB
             VsfaNH/b5S2N8FN1wQ03Dn2nqwCqwiPAoNo8La/7ZHjzvNiXTCOFmQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-08T13:48:53Z"
+    lastmodified: "2024-06-18T16:49:44Z"
-    mac: ENC[AES256_GCM,data:SA9jJSCbgApT4qJfFNU/RVHhOX7ZdipQ6OmvBa4YqKEriUPD00ddp0musyQobdM3jrTK6P231FzwxYuAOQ+Y+xgWf+ylLyy/zcsVvdJbIzNPTsKwtC5J5zfhyvQK8fnRNP/3sP16X+jJ41iWF3yrPQ7nG7fGidsUPmpGDnGXKZg=,iv:dpHPBXm0OBeDGxbyMAu0qufoCahJb6u7d5KuHoP2d58=,tag:Mrnb8kGacrRvac5HF/BSvg==,type:str]
+    mac: ENC[AES256_GCM,data:OCyq3X7UvExLRAib1mTY1wPC0nvz4+ZQEdzzQ3NkI47aF/YB01clKZTUu4CfsE6px1V0DlmJCtTLP4HZM+BDIGOCF2SyeyzeKwEgc02avlkdjLgvYjRJF21m8yONipXeiyjh8x8AzE83MSvs9n3zzJkwCHNIwz9zpdEKQWsv2Hk=,iv:uB7Lgrv2ujS893c0KgbQW0jh5YOy0rTV99hvdDzJ1N0=,tag:wZLSEQRtRNuIQ6NPV+SH/g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1