From bbf93870ac3ecf971578cee15fe4b786ae18efdf Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 10 Dec 2023 16:36:38 -0600 Subject: [PATCH] updating to use different ips --- talos/talconfig-pips.yaml | 214 ++++++++++++++++++++++++++++++++++++++ talos/talconfig.yaml | 70 ++----------- talos/talenv.sops.yaml | 13 ++- 3 files changed, 230 insertions(+), 67 deletions(-) create mode 100644 talos/talconfig-pips.yaml diff --git a/talos/talconfig-pips.yaml b/talos/talconfig-pips.yaml new file mode 100644 index 0000000..7e49fdf --- /dev/null +++ b/talos/talconfig-pips.yaml @@ -0,0 +1,214 @@ +--- +clusterName: valinor + +talosVersion: v1.5.5 +kubernetesVersion: 1.28.4 +endpoint: "https://10.2.0.3:6443" + +cniConfig: + name: none + +additionalApiServerCertSans: + - 10.2.0.3 + +additionalMachineCertSans: + - 10.2.0.3 + +nodes: + # cloud CAX21 Arm64 + - hostname: aule + disableSearchDomain: true + ipAddress: 10.2.0.4 + controlPlane: true + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + # cloud CAX21 Arm64 + - hostname: arlen + disableSearchDomain: true + ipAddress: 10.2.0.5 + controlPlane: true + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + # cloud CAX21 Arm64 + - hostname: eonwe + disableSearchDomain: true + ipAddress: 10.2.0.6 + controlPlane: true + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + # Bare-metal AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM + - hostname: nienna + disableSearchDomain: true + ipAddress: 10.2.1.2 + controlPlane: false + # customization: + # extraKernelArgs: + # - net.ifnames=0 + # systemExtensions: + # officialExtensions: + # - siderolabs/amd-ucode + # - siderolabs/qemu-guest-agent + talosImageURL: factory.talos.dev/installer/696bb48d9c48e567596f393a4ff9bfd26d4dda5d92c16beb580e96fa68d6324c + # https://factory.talos.dev/image/696bb48d9c48e567596f393a4ff9bfd26d4dda5d92c16beb580e96fa68d6324c/v1.5.5/metal-amd64.iso + # no guest agent in the raw.xz image + # https://factory.talos.dev/image/6c789e7a3eec37617fd9d239a7f696ba48e75bc4780f5cb30bf8882686d79a22/v1.5.5/metal-amd64.raw.xz + installDiskSelector: + busPath: /pci0000:00/0000:00:0a.0/virtio2/ + # Ceph Disk Fast: /pci0000:00/0000:00:11.0/nvme/nvme0/nvme0n1 + # Ceph Disk Large: /pci0000:00/0000:00:10.0/ata1/host0/target0:0:0/0:0:0:0/ + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: false + vlans: + - vlanId: 4010 + mtu: 1400 + addresses: + - 10.2.1.2/24 + dhcp: false + routes: + - network: 10.2.0.0/16 + gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + # VM on EX44 - Intel Gen 13 (Raptor Lake) - 64GB RAM + - hostname: orome + disableSearchDomain: true + ipAddress: 10.2.1.3 + controlPlane: false + # customization: + # extraKernelArgs: + # - net.ifnames=0 + # systemExtensions: + # officialExtensions: + # - siderolabs/i915-ucode + # - siderolabs/intel-ucode + # - siderolabs/qemu-guest-agent + talosImageURL: factory.talos.dev/installer/f2f665587318c2d79e7b315cc333fff276ed59c8de831f16e28b4db107496ac2 + # https://factory.talos.dev/image/f2f665587318c2d79e7b315cc333fff276ed59c8de831f16e28b4db107496ac2/metal-amd64.iso + installDiskSelector: + busPath: /pci0000:00/0000:00:0a.0/virtio2/ + # Ceph Disk: /dev/disk/by-id/nvme-SAMSUNG_MZVL2512HCJQ-00B00_S675NU0TB36132 + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: false + vlans: + - vlanId: 4010 + mtu: 1400 + addresses: + - 10.2.1.3/24 + dhcp: false + routes: + - network: 10.2.0.0/16 + gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 +worker: + patches: + - |- + cluster: + externalCloudProvider: + enabled: true + manifests: + - https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm.yaml + machine: + sysctls: + fs.inotify.max_user_watches: "1048576" + fs.inotify.max_user_instances: "8192" + time: + disabled: false + servers: + - ntp.hetzner.com + kubelet: + extraArgs: + feature-gates: CronJobTimeZone=true,GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false + rotate-server-certificates: "true" + extraConfig: + maxPods: 150 + nodeIP: + validSubnets: + - 10.2.0.0/16 +controlPlane: + patches: + - |- + cluster: + allowSchedulingOnMasters: true + externalCloudProvider: + enabled: true + manifests: + - https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm.yaml + network: + cni: + name: none + proxy: + disabled: true + etcd: + advertisedSubnets: + - 10.2.0.0/24 + + - |- + - op: remove + path: /cluster/apiServer/admissionControl + + - |- + machine: + features: + kubePrism: + enabled: true + port: 7445 + + files: + - op: create + path: /etc/cri/conf.d/20-customization.part + content: | + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + kubelet: + extraArgs: + feature-gates: CronJobTimeZone=true,GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false + rotate-server-certificates: "true" + extraConfig: + maxPods: 150 + nodeIP: + validSubnets: + - 10.2.0.0/16 + network: + extraHostEntries: + - ip: 10.2.0.3 + sysctls: + fs.inotify.max_user_watches: "1048576" + fs.inotify.max_user_instances: "8192" + time: + disabled: false + servers: + - ntp.hetzner.com diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml index 7e49fdf..f7e9b27 100644 --- a/talos/talconfig.yaml +++ b/talos/talconfig.yaml @@ -3,70 +3,52 @@ clusterName: valinor talosVersion: v1.5.5 kubernetesVersion: 1.28.4 -endpoint: "https://10.2.0.3:6443" +endpoint: "https://${clusterEndpointIP}:6443" cniConfig: name: none additionalApiServerCertSans: - - 10.2.0.3 + - ${clusterEndpointIP} additionalMachineCertSans: - - 10.2.0.3 + - ${clusterEndpointIP} nodes: # cloud CAX21 Arm64 - hostname: aule disableSearchDomain: true - ipAddress: 10.2.0.4 + ipAddress: ${auleIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - - interface: eth1 - dhcp: true - routes: - - network: 10.2.0.0/16 - gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). - metric: 2048 # cloud CAX21 Arm64 - hostname: arlen disableSearchDomain: true - ipAddress: 10.2.0.5 + ipAddress: ${arlenIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - - interface: eth1 - dhcp: true - routes: - - network: 10.2.0.0/16 - gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). - metric: 2048 # cloud CAX21 Arm64 - hostname: eonwe disableSearchDomain: true - ipAddress: 10.2.0.6 + ipAddress: ${eonweIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - - interface: eth1 - dhcp: true - routes: - - network: 10.2.0.0/16 - gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). - metric: 2048 # Bare-metal AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM - hostname: nienna disableSearchDomain: true - ipAddress: 10.2.1.2 + ipAddress: ${niennaIP} controlPlane: false # customization: # extraKernelArgs: @@ -86,22 +68,10 @@ nodes: networkInterfaces: - interface: eth0 dhcp: true - - interface: eth1 - dhcp: false - vlans: - - vlanId: 4010 - mtu: 1400 - addresses: - - 10.2.1.2/24 - dhcp: false - routes: - - network: 10.2.0.0/16 - gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). - metric: 2048 # VM on EX44 - Intel Gen 13 (Raptor Lake) - 64GB RAM - hostname: orome disableSearchDomain: true - ipAddress: 10.2.1.3 + ipAddress: ${oromeIP} controlPlane: false # customization: # extraKernelArgs: @@ -119,18 +89,6 @@ nodes: networkInterfaces: - interface: eth0 dhcp: true - - interface: eth1 - dhcp: false - vlans: - - vlanId: 4010 - mtu: 1400 - addresses: - - 10.2.1.3/24 - dhcp: false - routes: - - network: 10.2.0.0/16 - gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). - metric: 2048 worker: patches: - |- @@ -153,9 +111,6 @@ worker: rotate-server-certificates: "true" extraConfig: maxPods: 150 - nodeIP: - validSubnets: - - 10.2.0.0/16 controlPlane: patches: - |- @@ -170,9 +125,6 @@ controlPlane: name: none proxy: disabled: true - etcd: - advertisedSubnets: - - 10.2.0.0/24 - |- - op: remove @@ -199,12 +151,6 @@ controlPlane: rotate-server-certificates: "true" extraConfig: maxPods: 150 - nodeIP: - validSubnets: - - 10.2.0.0/16 - network: - extraHostEntries: - - ip: 10.2.0.3 sysctls: fs.inotify.max_user_watches: "1048576" fs.inotify.max_user_instances: "8192" diff --git a/talos/talenv.sops.yaml b/talos/talenv.sops.yaml index 645be49..294aee2 100644 --- a/talos/talenv.sops.yaml +++ b/talos/talenv.sops.yaml @@ -1,7 +1,10 @@ clusterName: ENC[AES256_GCM,data:iT5CwpMddw==,iv:st1ajjpRXQiHozpIJqUUwmRe542IiR2aWLEdqkk4W9k=,tag:KOCQ8x28kwNNDUXwOTpulg==,type:str] -clusterEndpointIP: ENC[AES256_GCM,data:5VXivET/uV4=,iv:SRhLmDfbSlhnb9DsaFXCqiP/Bx4Khi4GdXseyuhuYAw=,tag:BrP3OL/1FwrUyCMWRFB0BQ==,type:str] -oromeIP: ENC[AES256_GCM,data:SQyZ1Lpe8HipAbpOdGWRMQ==,iv:1u1eM3N90BvX9tob0c+hKXUFlrFWDh+oKM+sSRrmSyY=,tag:oWjt80hHImn0s1r0CM+1eA==,type:str] -oromeGateway: ENC[AES256_GCM,data:Ic8WKbNl9SsdfYT1,iv:HlKGNuBrvHjwrydybAD7cQEKYXL/JLzs/1m+G2bznYA=,tag:NGt1IacjxuX1XqP7mHB5ww==,type:str] +clusterEndpointIP: ENC[AES256_GCM,data:nQcNkmmaLuOxz5tTKlY=,iv:IAnSXk667TSWcE2QDmE/xk56R6dCsNK5hMIY96BPN08=,tag:G1ebt6kfJ2V1WMfJ9zNBhA==,type:str] +auleIP: ENC[AES256_GCM,data:fowDru5uo1tx36Y3vQ==,iv:wSPdnE+eQ+er2pCOvS2DoynCxA+4oNbJacQhvQR6KJk=,tag:Fb+D9nA3U/QbgqmQhDMDDw==,type:str] +arlenIP: ENC[AES256_GCM,data:O3z2uYFNjS9iMng=,iv:b6T1AbWdIoFrH3hV1zop1C2x652sweKhgKPzUVNoDUY=,tag:d6edGxWSXtq9cpbcjIbtQw==,type:str] +eonweIP: ENC[AES256_GCM,data:WdN3OPeVD0ppPax856w=,iv:QVhxp1Q3JPbHZAyZbwoBfmIu+qazvAQPKJR10RdtfFI=,tag:raJ2APpfNTyXLSH9SjzoGA==,type:str] +niennaIP: ENC[AES256_GCM,data:XQCs/IoSGQIzBKe2Kw==,iv:P72qBaIHY8oLpfR+t5ZZ31XJE1kytCvav0I25nQKSWI=,tag:ZVbQHHzct2Y/fvHxAXROXQ==,type:str] +oromeIP: ENC[AES256_GCM,data:nCeVxdK8Q1+E9nMoeNM=,iv:lqM72ewe+nwJUiJGOsLmGBtUU9JcxxmbEUZJNdFroWI=,tag:cpXvK0HW22mpy4nxWCgRmw==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +20,8 @@ sops: MTFUZEplYVN5RGhhMGNEcDlGbTVQcjQKktwztZAHGUqoxbGHuAg0dX5Vap+wFVfx ku6Hzg1ZU8Lvd8ODe+4p+RvHSKVll1akgpPVuymCUxl+I6EvH7gEDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-02T02:23:49Z" - mac: ENC[AES256_GCM,data:vut8v85tPP1DoJCvdqa0Da3z+78qadjuq5PTmqP/DB8fXy8S7qY5QiDZBv4kKhb5j6lmzYUD1USZZYLzDJN5n4Vw9qdstMr6WuCTqimt5MsZEefn621/p0Q2hdH7rC75gGiLHTFLc53HnrESg+opZRkmknrNuKKcZH8GI0H4MeQ=,iv:OakKTwA24IlwIU3gXP53CN7bdO8iDoKpoGLy+EcVGIg=,tag:82RBOg4ebBk9QEtSRAMymw==,type:str] + lastmodified: "2023-12-10T16:40:14Z" + mac: ENC[AES256_GCM,data:P0rbT2U+Ga29qR7hewngNrmfqA0ShNnCjaYGQLyHTsowqJ3ZY4HX7UQzwtXaZZTfz0SSIAK9yUHStmOoQ0p6c5t6uhww5565MAi23J5vQSkg3iIZ9MLuHkfAYwt4mOXVxvlhGMM0sEkE3nsurHVyEB3TOBgXKziz7Wi+pH1knXw=,iv:QBs7SV667gbiWbTNOcmzHc2eygJSLmK2aiLF4b4qvWU=,tag:/LjNKYD+XooTRLr/gcJQvg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1