theshire/kubernetes/bootstrap
2024-04-21 05:47:37 -05:00
..
flux Update Flux group to v2.2.3 2024-02-05 15:01:40 +00:00
kps-crds bootstrap kps crds 2024-02-16 09:52:29 -06:00
talos/apps adding helm defaults 2024-04-21 05:46:54 -05:00
readme.md Update to disable cni-exclusive for cilium bootstrap. 2024-04-17 12:02:57 -05:00

Bootstrap

Talos

Bootstrap talos cluster

omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml

CNI

Install Cilium

cilium install \
    --helm-set=ipam.mode=kubernetes \
    --helm-set=kubeProxyReplacement=true \
    --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
    --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
    --helm-set=cgroup.autoMount.enabled=false \
    --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
    --helm-set=k8sServiceHost=127.0.0.1 \
    --helm-set=k8sServicePort=7445 \
    --helm-set=bgpControlPlane.enabled=true \
    --helm-set=bgp.enabled=false \
    --helm-set=bgp.announce.loadbalancerIP=true \
    --helm-set=bgp.announce.podCIDR=false \
    --helm-set=cni-exclusive=false

Flux Prep

Install Flux

kubectl apply --server-side --kustomize ./kubernetes/bootstrap/flux

Apply secrets, settings, and crds.

These cannot be applied with kubectl in the regular fashion due to be encrypted with sops

sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml

Wipe Rook Ceph

kubectl apply -f kubernetes/tools/wiperook.yaml

Kick off Flux applying this repository

kubectl apply --server-side --kustomize ./kubernetes/flux/config