jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 6 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:fb9ca1f9b0713a009b616dec46e4af1633dd96cb
Branches Tags
jahanson:main
jahanson:renovate/ghcr.io-taxel-plextraktsync-0.x
jahanson:renovate/ghcr.io-coder-code-server-4.x
jahanson:renovate/kyverno-3.x
jahanson:renovate/ghcr.io-onedr0p-qbittorrent-beta-5.x
jahanson:renovate/siderolabs-talos-1.x
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs
..
compare: jahanson:0c6deac2c60067f78ff529f7287f527c8c807e66
Branches Tags
jahanson:renovate/ghcr.io-taxel-plextraktsync-0.x
jahanson:renovate/ghcr.io-coder-code-server-4.x
jahanson:renovate/kyverno-3.x
jahanson:main
jahanson:renovate/ghcr.io-onedr0p-qbittorrent-beta-5.x
jahanson:renovate/siderolabs-talos-1.x
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs

No commits in common. "fb9ca1f9b0713a009b616dec46e4af1633dd96cb" and "0c6deac2c60067f78ff529f7287f527c8c807e66" have entirely different histories.
fb9ca1f9b0 ... 0c6deac2c6

5 changed files with 46 additions and 83 deletions
Show stats Expand all files Collapse all files

2
.envrc
View file

@ -3,7 +3,5 @@ export KUBECONFIG="$(expand_path ./kubeconfig)"
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)" export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
export TALOSCONFIG="$(expand_path ./kubernetes/bootstrap/talos/clusterconfig/talosconfig)" export TALOSCONFIG="$(expand_path ./kubernetes/bootstrap/talos/clusterconfig/talosconfig)"
export KREW_ROOT="$(expand_path ~/.krew/bin)"; export KREW_ROOT="$(expand_path ~/.krew/bin)";
export CLUSTER="theshire"
export KUBERNETES_DIR="$(expand_path ./kubernetes)"
PATH_add $KREW_ROOT PATH_add $KREW_ROOT
use nix use nix

82
.taskfiles/talos/Taskfile.yaml
View file

@ -2,12 +2,6 @@
# yaml-language-server: $schema=https://taskfile.dev/schema.json # yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3" version: "3"
vars:
RESOURCES_DIR: "{{.ROOT_DIR}}/.taskfiles/talos/resources"
CONTROLLER:
sh: talosctl --context {{.cluster}} config info --output json | jq --raw-output '.endpoints[]' | shuf -n 1
cluster: theshire
tasks: tasks:
bootstrap: bootstrap:
desc: Bootstrap Talos desc: Bootstrap Talos
@ -15,11 +9,11 @@ tasks:
Args: Args:
cluster: Cluster to run command against (default: theshire) cluster: Cluster to run command against (default: theshire)
controller: Controller node to run command against (required) (IP/DNS) controller: Controller node to run command against (required) (IP/DNS)
dotenv: ["{{.RESOURCES_DIR}}/.env"]
prompt: Bootstrap Talos on the cluster... continue? prompt: Bootstrap Talos on the cluster... continue?
cmds: cmds:
- task: bootstrap-etcd - task: bootstrap-etcd
vars: &vars vars: &vars
cluster: '{{.cluster | default "theshire"}}'
controller: "{{.controller}}" controller: "{{.controller}}"
- task: fetch-kubeconfig - task: fetch-kubeconfig
vars: *vars vars: *vars
@ -31,44 +25,56 @@ tasks:
bootstrap-etcd: bootstrap-etcd:
desc: Bootstrap Etcd desc: Bootstrap Etcd
dotenv: ["{{.RESOURCES_DIR}}/.env"] cmd: until talosctl --context {{.cluster}} --nodes {{.controller}} bootstrap; do sleep 10; done
cmd: until talosctl --context $CLUSTER --nodes {{.controller}} bootstrap; do sleep 10; done
requires: requires:
vars: vars:
- cluster
- controller - controller
bootstrap-integrations: bootstrap-integrations:
desc: Bootstrap core integrations needed for Talos desc: Bootstrap core integrations needed for Talos
dotenv: ["{{.RESOURCES_DIR}}/.env"]
cmds: cmds:
- until kubectl --context $CLUSTER wait --for=condition=Ready=False nodes --all --timeout=600s; do sleep 10; done - until kubectl --context {{.cluster}} wait --for=condition=Ready=False nodes --all --timeout=600s; do sleep 10; done
- helmfile --kube-context $CLUSTER --file {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml apply --skip-diff-on-install --suppress-diff - helmfile --kube-context {{.cluster}} --file {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml apply --skip-diff-on-install --suppress-diff
- until kubectl --context $CLUSTER wait --for=condition=Ready nodes --all --timeout=600s; do sleep 10; done - until kubectl --context {{.cluster}} wait --for=condition=Ready nodes --all --timeout=600s; do sleep 10; done
requires:
vars:
- cluster
preconditions: preconditions:
- which helmfile - which helmfile
- sh: kubectl config get-contexts $CLUSTER - sh: kubectl config get-contexts {{.cluster}}
msg: "Kubectl context $CLUSTER not found" msg: "Kubectl context {{.cluster}} not found"
- test -f {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml
fetch-kubeconfig: fetch-kubeconfig:
desc: Fetch kubeconfig from Talos controllers desc: Fetch kubeconfig from Talos controllers
dotenv: ["{{.RESOURCES_DIR}}/.env"] vars:
env: *vars CONTROLPLANE_NODE:
sh: |
talosctl --context {{.cluster}} config info \
| grep Endpoints: \
| awk '{split($0,u," "); print u[2]}' \
| sed -E 's/,//'
cmd: | cmd: |
talosctl --context $CLUSTER kubeconfig --nodes {{ .CONTROLLER }} \ talosctl --context {{.cluster}} kubeconfig --nodes {{.CONTROLPLANE_NODE}} \
--force --force-context-name $CLUSTER {{.ROOT_DIR}}/kubeconfig --force --force-context-name {{.cluster}} {{.ROOT_DIR}}/kubeconfig
requires:
vars:
- cluster
preconditions: preconditions:
- talosctl config get-contexts | grep $CLUSTER - talosctl config get-contexts | grep {{.cluster}}
generate-clusterconfig: generate-clusterconfig:
desc: Generate clusterconfig for Talos desc: Generate clusterconfig for Talos
dotenv: ["{{.RESOURCES_DIR}}/.env"]
cmds: cmds:
- talhelper genconfig - talhelper genconfig
--env-file {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml --env-file {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml
--secret-file {{.KUBERNETES_DIR}}/bootstrap/talos/talsecret.sops.yaml --secret-file {{.KUBERNETES_DIR}}/bootstrap/talos/talsecret.sops.yaml
--config-file {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml --config-file {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml
--out-dir {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig --out-dir {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig
requires:
vars:
- cluster
preconditions: preconditions:
- which talhelper - which talhelper
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml
@ -77,7 +83,6 @@ tasks:
upgrade: upgrade:
desc: Upgrade Talos version for a node desc: Upgrade Talos version for a node
dotenv: ["{{.RESOURCES_DIR}}/.env"]
vars: vars:
TALOS_VERSION: TALOS_VERSION:
sh: | sh: |
@ -88,13 +93,14 @@ tasks:
--env-file {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml \ --env-file {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml \
--config-file {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml --config-file {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml
cmds: cmds:
- talosctl --context $CLUSTER upgrade -n {{.node}} --image {{.TALOS_IMAGE }} - talosctl --context {{.cluster}} upgrade -n {{.node}} --image {{.TALOS_IMAGE }}
requires: requires:
vars: vars:
- cluster
- node - node
preconditions: preconditions:
- which talhelper - which talhelper
- talosctl config get-contexts | grep $CLUSTER - talosctl config get-contexts | grep {{.cluster}}
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml
- msg: "Talos image could not be determined for {{.node}}" - msg: "Talos image could not be determined for {{.node}}"
@ -102,32 +108,33 @@ tasks:
upgrade-k8s: upgrade-k8s:
desc: Upgrade Kubernetes version for a Talos cluster desc: Upgrade Kubernetes version for a Talos cluster
dotenv: ["{{.RESOURCES_DIR}}/.env"]
vars: vars:
KUBERNETES_VERSION: KUBERNETES_VERSION:
sh: | sh: |
yq -r ".kubernetesVersion" {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml yq -r ".kubernetesVersion" {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml
CONTROLPLANE_NODE: CONTROLPLANE_NODE:
sh: | sh: |
talosctl --context $CLUSTER config info \ talosctl --context theshire config info \
| grep Endpoints: \ | grep Endpoints: \
| awk '{split($0,u," "); print u[2]}' \ | awk '{split($0,u," "); print u[2]}' \
| sed -E 's/,//' | sed -E 's/,//'
cmds: cmds:
- talosctl upgrade-k8s -n {{.CONTROLPLANE_NODE}} --to {{.KUBERNETES_VERSION}} - talosctl upgrade-k8s -n {{.CONTROLPLANE_NODE}} --to {{.KUBERNETES_VERSION}}
requires:
vars:
- cluster
preconditions: preconditions:
- which talhelper - which talhelper
- talosctl config get-contexts | grep $CLUSTER - talosctl config get-contexts | grep {{.cluster}}
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talenv.sops.yaml
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/talconfig.yaml
- msg: "Kubernetes version could not be determined for cluster $CLUSTER" - msg: "Kubernetes version could not be determined for cluster {{.cluster}}"
sh: 'test -n "{{.KUBERNETES_VERSION}}"' sh: 'test -n "{{.KUBERNETES_VERSION}}"'
- msg: "Control plane node could not be determined for cluster $CLUSTER" - msg: "Control plane node could not be determined for cluster {{.cluster}}"
sh: 'test -n "{{.CONTROLPLANE_NODE}}"' sh: 'test -n "{{.CONTROLPLANE_NODE}}"'
apply-clusterconfig: apply-clusterconfig:
desc: Apply clusterconfig for a Talos cluster desc: Apply clusterconfig for a Talos cluster
dotenv: ["{{.RESOURCES_DIR}}/.env"]
vars: vars:
CLUSTERCONFIG_FILES: CLUSTERCONFIG_FILES:
sh: find {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig -type f -name '*.yaml' -printf '%f\n' sh: find {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig -type f -name '*.yaml' -printf '%f\n'
@ -136,31 +143,32 @@ tasks:
var: CLUSTERCONFIG_FILES var: CLUSTERCONFIG_FILES
task: _apply-machineconfig task: _apply-machineconfig
vars: vars:
cluster: "{{ .cluster }}"
filename: "{{.ITEM}}" filename: "{{.ITEM}}"
hostname: |- hostname: |-
{{ trimPrefix (printf "%s-" .cluster) .ITEM | trimSuffix ".yaml" }} {{ trimPrefix (printf "%s-" .cluster) .ITEM | trimSuffix ".yaml" }}
dry_run: "{{ .dry_run }}" dry_run: "{{ .dry_run }}"
requires:
vars:
- cluster
preconditions: preconditions:
- talosctl config get-contexts | grep $CLUSTER - talosctl config get-contexts | grep {{.cluster}}
- test -d {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig - test -d {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig
_apply-machineconfig: _apply-machineconfig:
internal: true internal: true
desc: Apply a single Talos machineConfig to a Talos node desc: Apply a single Talos machineConfig to a Talos node
dotenv: ["{{.RESOURCES_DIR}}/.env"]
cmds: cmds:
- talosctl --context theshire apply-config - talosctl --context {{.cluster}} apply-config
--nodes "{{.hostname}}" --nodes "{{.hostname}}"
--file "{{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig/{{.filename}}" --file "{{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig/{{.filename}}"
{{ if eq "true" .dry_run }}--dry-run{{ end }} {{ if eq "true" .dry_run }}--dry-run{{ end }}
#--insecure #--insecure
requires: requires:
vars: vars:
- cluster
- hostname - hostname
- filename - filename
preconditions: preconditions:
- talosctl config get-contexts | grep $CLUSTER - talosctl config get-contexts | grep {{.cluster}}
- test -f {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig/{{.filename}} - test -f {{.KUBERNETES_DIR}}/bootstrap/talos/clusterconfig/{{.filename}}
version:
desc: Show Talos version
cmd: talosctl version

1
.taskfiles/talos/resources/.env
View file

@ -1 +0,0 @@
CLUSTER=theshire

1
kubernetes/bootstrap/talos/clusterconfig/.gitignore vendored
View file

@ -6,4 +6,3 @@ theshire-merry.yaml
theshire-rosie.yaml theshire-rosie.yaml
talosconfig talosconfig
theshire-gandalf-01.yaml theshire-gandalf-01.yaml
theshire-shadowfax-01.yaml

41
kubernetes/bootstrap/talos/talconfig.yaml
View file

@ -116,47 +116,6 @@ nodes:
machine: machine:
sysctls: sysctls:
vm.nr_hugepages: "1024" vm.nr_hugepages: "1024"
- &kubelet_extra_mounts |-
machine:
kubelet:
extraMounts:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
- hostname: shadowfax-01
disableSearchDomain: true
ipAddress: 10.1.1.69
controlPlane: false
installDiskSelector:
busPath: /pci0000:00/0000:00:01.1/0000:02:00.0/virtio6/host0/target0:0:0/0:0:0:1/
networkInterfaces:
- interface: enp5s0
dhcp: true
patches:
- |-
machine:
sysctls:
net.core.bpf_jit_harden: 1
vm.nr_hugepages: "1024"
- *kubelet_extra_mounts
kernelModules:
- name: nvidia
- name: nvidia_uvm
- name: nvidia_drm
- name: nvidia_modeset
schematic:
customization:
systemExtensions:
officialExtensions:
- siderolabs/amd-ucode
- siderolabs/nonfree-kmod-nvidia
- siderolabs/nvidia-container-toolkit
worker: worker:
schematic: schematic:
customization: customization: