talos #61
22 changed files with 173 additions and 97 deletions
|
@ -50,9 +50,13 @@ spec:
|
|||
extraConfig:
|
||||
allow-localhost: policy # enable policies for localhost
|
||||
kubeProxyReplacement: true
|
||||
k8sServiceHost: ${K8S_SERVICE_ENDPOINT}
|
||||
k8sServicePort: 6443
|
||||
k8sServiceHost: 127.0.0.1
|
||||
k8sServicePort: 7445
|
||||
rollOutCiliumPods: true
|
||||
cgroup:
|
||||
automount:
|
||||
enabled: false
|
||||
hostRoot: /sys/fs/cgroup
|
||||
bgp:
|
||||
enabled: false
|
||||
announce:
|
||||
|
@ -60,3 +64,21 @@ spec:
|
|||
podCIDR: false
|
||||
bgpControlPlane:
|
||||
enabled: true
|
||||
securityContext:
|
||||
capabilities:
|
||||
ciliumAgent:
|
||||
- CHOWN
|
||||
- KILL
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- IPC_LOCK
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- SETGID
|
||||
- SETUID
|
||||
cleanCiliumState:
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
|
|
34
kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
Normal file
34
kubernetes/apps/kube-system/spegel/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: spegel
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: spegel
|
||||
version: v0.0.18
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: xenitab
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
retries: 3
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
spegel:
|
||||
containerdSock: /run/containerd/containerd.sock
|
||||
containerdRegistryConfigPath: /etc/cri/conf.d/hosts
|
||||
service:
|
||||
registry:
|
||||
hostPort: 29999
|
||||
serviceMonitor:
|
||||
enabled: true
|
|
@ -3,4 +3,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./helmrelease.yaml
|
||||
- ./helmrelease.yaml
|
|
@ -1,16 +1,16 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app local-path-provisioner
|
||||
name: &app spegel
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: storage
|
||||
targetNamespace: kube-system
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./kubernetes/apps/storage/local-path-provisioner/app
|
||||
path: ./kubernetes/apps/kube-system/spegel/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
|
@ -18,4 +18,4 @@ spec:
|
|||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
timeout: 5m
|
9
kubernetes/apps/openebs-system/kustomization.yaml
Normal file
9
kubernetes/apps/openebs-system/kustomization.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
# Pre Flux-Kustomizations
|
||||
- ./namespace.yaml
|
||||
# Flux-Kustomizations
|
||||
- ./openebs/ks.yaml
|
8
kubernetes/apps/openebs-system/namespace.yaml
Normal file
8
kubernetes/apps/openebs-system/namespace.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: openebs-system
|
||||
annotations:
|
||||
kustomize.toolkit.fluxcd.io/prune: disabled
|
||||
volsync.backube/privileged-movers: "true"
|
32
kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml
Normal file
32
kubernetes/apps/openebs-system/openebs/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: openebs
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: openebs
|
||||
version: 3.10.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: openebs
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
retries: 3
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
localprovisioner:
|
||||
hostpathClass:
|
||||
enabled: true
|
||||
name: openebs-hostpath
|
||||
isDefaultClass: false
|
||||
basePath: /var/openebs/local
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./helmrelease.yaml
|
21
kubernetes/apps/openebs-system/openebs/ks.yaml
Normal file
21
kubernetes/apps/openebs-system/openebs/ks.yaml
Normal file
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app openebs
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: openebs-system
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./kubernetes/apps/openebs-system/openebs/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: homelab
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
|
@ -1,77 +0,0 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: local-path-provisioner
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: democratic-csi
|
||||
version: 0.14.5
|
||||
sourceRef:
|
||||
name: democratic-csi
|
||||
kind: HelmRepository
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
retries: 3
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
fullnameOverride: local-path-provisioner
|
||||
controller:
|
||||
strategy: node
|
||||
externalProvisioner:
|
||||
image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
|
||||
extraArgs:
|
||||
- --leader-election=false
|
||||
- --node-deployment=true
|
||||
- --node-deployment-immediate-binding=false
|
||||
- --feature-gates=Topology=true
|
||||
- --strict-topology=true
|
||||
- --enable-capacity=true
|
||||
- --capacity-ownerref-level=1
|
||||
externalResizer:
|
||||
enabled: false
|
||||
externalAttacher:
|
||||
enabled: false
|
||||
externalSnapshotter:
|
||||
enabled: false
|
||||
csiDriver:
|
||||
name: local-hostpath.cluster.local
|
||||
storageCapacity: true
|
||||
attachRequired: false
|
||||
fsGroupPolicy: File
|
||||
storageClasses:
|
||||
- name: local-hostpath
|
||||
defaultClass: false
|
||||
reclaimPolicy: Delete
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
allowVolumeExpansion: true
|
||||
driver:
|
||||
config:
|
||||
driver: local-hostpath
|
||||
local-hostpath:
|
||||
shareBasePath: &storagePath /var/lib/rancher/k3s/local-hostpath
|
||||
controllerBasePath: *storagePath
|
||||
dirPermissionsMode: "0770"
|
||||
dirPermissionsUser: 0
|
||||
dirPermissionsGroup: 0
|
||||
node:
|
||||
driver:
|
||||
image: ghcr.io/democratic-csi/democratic-csi:v1.8.4
|
||||
extraVolumeMounts:
|
||||
- name: local-hostpath
|
||||
mountPath: *storagePath
|
||||
mountPropagation: Bidirectional
|
||||
extraVolumes:
|
||||
- name: local-hostpath
|
||||
hostPath:
|
||||
path: *storagePath
|
||||
type: DirectoryOrCreate
|
|
@ -6,6 +6,5 @@ resources:
|
|||
# Pre Flux-Kustomizations
|
||||
- ./namespace.yaml
|
||||
# Flux-Kustomizations
|
||||
- ./local-path-provisioner/ks.yaml
|
||||
- ./snapshot-controller/ks.yaml
|
||||
- ./volsync/ks.yaml
|
|
@ -2,6 +2,6 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: storage
|
||||
name: volsync-system
|
||||
labels:
|
||||
kustomize.toolkit.fluxcd.io/prune: disabled
|
|
@ -10,7 +10,7 @@ spec:
|
|||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./kubernetes/apps/storage/snapshot-controller/app
|
||||
path: ./kubernetes/apps/volsync-system/snapshot-controller/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
|
@ -11,7 +11,7 @@ spec:
|
|||
labels:
|
||||
app.kubernetes.io/name: *appname
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/storage/volsync/app"
|
||||
path: "./kubernetes/apps/volsync-system/volsync/app"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
|
@ -11,7 +11,7 @@ resources:
|
|||
- cloudnative-pg.yaml
|
||||
- crowdsec.yaml
|
||||
- crunchydata.yaml
|
||||
- democratic-csi.yaml
|
||||
# - democratic-csi.yaml
|
||||
- dragonflydb.yaml
|
||||
- elastic.yaml
|
||||
- external-secrets.yaml
|
||||
|
@ -28,9 +28,10 @@ resources:
|
|||
- kubernetes-sigs-metrics-server.yaml
|
||||
- kubernetes-sigs-external-dns.yaml
|
||||
- nvidia.yaml
|
||||
- openebs.yaml
|
||||
- piraeus.yaml
|
||||
- postfinance.yaml
|
||||
- prometheus-community.yaml
|
||||
- rook-ceph.yaml
|
||||
- stakater.yaml
|
||||
# - weave-gitops.yaml
|
||||
- xenitab.yaml
|
10
kubernetes/flux/repositories/helm/openebs.yaml
Normal file
10
kubernetes/flux/repositories/helm/openebs.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: openebs
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 2h
|
||||
url: https://openebs.github.io/charts
|
11
kubernetes/flux/repositories/helm/xenitab.yaml
Normal file
11
kubernetes/flux/repositories/helm/xenitab.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: xenitab
|
||||
namespace: flux-system
|
||||
spec:
|
||||
type: oci
|
||||
interval: 5m
|
||||
url: oci://ghcr.io/xenitab/helm-charts
|
|
@ -37,8 +37,8 @@ spec:
|
|||
pruneIntervalDays: 7
|
||||
repository: "${APP}-volsync-secret"
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
|
@ -63,9 +63,9 @@ spec:
|
|||
repository: "${APP}-volsync-secret"
|
||||
copyMethod: Snapshot # must be Snapshot
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
capacity: "${VOLSYNC_CAPACITY}"
|
||||
|
|
|
@ -37,8 +37,8 @@ spec:
|
|||
pruneIntervalDays: 7
|
||||
repository: "${APP}-volsync-r2-secret"
|
||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-csi-ceph-blockpool}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-local-hostpath}"
|
||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-openebs-hostpath}"
|
||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
||||
storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}"
|
||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
||||
|
|
Loading…
Reference in a new issue