From a6fa98315ac7e12a4e87459f1f2917b6990915d2 Mon Sep 17 00:00:00 2001 From: Smeagol Date: Wed, 27 Sep 2023 09:00:17 +0000 Subject: [PATCH 1/9] Update Helm release cert-manager to v1.13.1 --- kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml index e436f61..7888e2b 100644 --- a/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: cert-manager - version: v1.12.3 + version: v1.13.1 sourceRef: kind: HelmRepository name: jetstack From 05e3d47245c38c4ddbf78cd08083d6df7c5e35a5 Mon Sep 17 00:00:00 2001 From: Smeagol Date: Sat, 30 Sep 2023 16:00:16 +0000 Subject: [PATCH 2/9] Update dependency ansible-lint to v6.20.2 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3b58068..0449c53 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ ansible==8.4.0 -ansible-lint==6.20.0 +ansible-lint==6.20.2 bcrypt==4.0.1 jmespath==1.0.1 netaddr==0.9.0 From 27a400ce3d4d33f67d9f2a50163bd14d66583925 Mon Sep 17 00:00:00 2001 From: Smeagol Date: Mon, 2 Oct 2023 09:01:20 +0000 Subject: [PATCH 3/9] Update Thanos group --- .../monitoring/kube-prometheus-stack/app/helmrelease.yaml | 2 +- kubernetes/apps/monitoring/thanos/app/helmrelease.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml index 4163148..85baa4f 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml @@ -201,7 +201,7 @@ spec: enableAdminAPI: true walCompression: true thanos: - image: quay.io/thanos/thanos:v0.32.3 + image: quay.io/thanos/thanos:v0.32.4 objectStorageConfig: name: thanos-s3-secret key: objstore.yml diff --git a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml index d3fa3ea..c7cc918 100644 --- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml @@ -11,7 +11,7 @@ spec: chart: spec: chart: thanos - version: 12.13.5 + version: 12.13.6 sourceRef: kind: HelmRepository name: bitnami @@ -34,7 +34,7 @@ spec: image: registry: quay.io repository: thanos/thanos - tag: v0.32.3 + tag: v0.32.4 existingObjstoreSecret: thanos-s3-secret queryFrontend: enabled: true From 0ae24aaf0366fc50fae125fc9ee42f8240386c6d Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 17:26:34 +0000 Subject: [PATCH 4/9] Fixes metrics server not serving stats from worker nodes. --- .../apps/kube-system/metrics-server/app/helmrelease.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml index f7dc4bf..8b2f500 100644 --- a/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/metrics-server/app/helmrelease.yaml @@ -18,3 +18,8 @@ spec: values: metrics: enabled: true + args: + - --kubelet-insecure-tls + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s From 745d9c64c6796fe7ae2f7a6bfa4ccc0a98d36f81 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 17:27:07 +0000 Subject: [PATCH 5/9] Added 3 worker nodes. --- talos/clusterconfig/.gitignore | 3 +++ talos/talconfig.yaml | 45 ++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/talos/clusterconfig/.gitignore b/talos/clusterconfig/.gitignore index 7568faf..41f8760 100644 --- a/talos/clusterconfig/.gitignore +++ b/talos/clusterconfig/.gitignore @@ -2,3 +2,6 @@ valinor-aule.hsn.dev.yaml valinor-eonwe.hsn.dev.yaml valinor-arlen.hsn.dev.yaml talosconfig +valinor-vaire.hsn.dev.yaml +valinor-nienna.hsn.dev.yaml +valinor-orome.hsn.dev.yaml diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml index 3947df4..a842645 100644 --- a/talos/talconfig.yaml +++ b/talos/talconfig.yaml @@ -63,6 +63,51 @@ nodes: - network: 10.2.0.0/16 gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). metric: 2048 + - hostname: vaire.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.8 + controlPlane: false + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + - hostname: nienna.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.9 + controlPlane: false + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 + - hostname: orome.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.10 + controlPlane: false + installDiskSelector: + busPath: /dev/sda + networkInterfaces: + - interface: eth0 + dhcp: true + - interface: eth1 + dhcp: true + routes: + - network: 10.2.0.0/16 + gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). + metric: 2048 controlPlane: patches: From d792494249434c4ab899a64a83c4715b15bb64a3 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 18:41:45 +0000 Subject: [PATCH 6/9] Adding cilium to flux. --- .../kube-system/cilium/app/helmrelease.yaml | 60 +++++++++++++++++++ kubernetes/apps/kube-system/cilium/ks.yaml | 17 ++++++ 2 files changed, 77 insertions(+) create mode 100644 kubernetes/apps/kube-system/cilium/app/helmrelease.yaml create mode 100644 kubernetes/apps/kube-system/cilium/ks.yaml diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml new file mode 100644 index 0000000..996604f --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -0,0 +1,60 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cilium + namespace: kube-system +spec: + interval: 30m + chart: + spec: + chart: cilium + version: 1.14.2 + sourceRef: + kind: HelmRepository + name: cilium + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + cluster: + name: valinor + id: 1 + ipam: + mode: kubernetes + kubeProxyReplacement: true + securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE + cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup + # Talos Kubeprism + k8sServiceHost: localhost + k8sServicePort: 7445 + rollOutCiliumPods: true diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml new file mode 100644 index 0000000..e2eadc5 --- /dev/null +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -0,0 +1,17 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-cilium + namespace: flux-system +spec: + interval: 30m + retryInterval: 1m + timeout: 5m + path: "./kubernetes/apps/kube-system/cilium/app" + prune: true + sourceRef: + kind: GitRepository + name: valinor + wait: false From c6508f9e665233b560d3d494bc6be1584bee0466 Mon Sep 17 00:00:00 2001 From: Smeagol Date: Mon, 2 Oct 2023 19:00:17 +0000 Subject: [PATCH 7/9] Update Helm release cert-manager-webhook-dnsimple to v0.0.8 --- .../apps/cert-manager/cert-manager/issuers/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml index a62c0a5..04a547a 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: cert-manager-webhook-dnsimple - version: 0.0.7 + version: 0.0.8 interval: 30m sourceRef: kind: HelmRepository From b3d0634a0960dcebc4bcff710645dc81bdd6455c Mon Sep 17 00:00:00 2001 From: Smeagol Date: Mon, 2 Oct 2023 19:00:25 +0000 Subject: [PATCH 8/9] Update prometheus-node-exporter Docker tag to v4.23.2 --- kubernetes/apps/monitoring/node-exporter/app/helmrelease.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/apps/monitoring/node-exporter/app/helmrelease.yaml b/kubernetes/apps/monitoring/node-exporter/app/helmrelease.yaml index 69ed9ef..b6017b8 100644 --- a/kubernetes/apps/monitoring/node-exporter/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/node-exporter/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: prometheus-node-exporter - version: 4.23.1 + version: 4.23.2 sourceRef: kind: HelmRepository name: prometheus-community From 26d159a4ccc2938b23ac5efb28f0d54fa1d665a8 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 2 Oct 2023 19:41:03 +0000 Subject: [PATCH 9/9] Default value for container port. --- .../apps/cert-manager/cert-manager/issuers/helmrelease.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml index 04a547a..a3cae95 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml @@ -33,3 +33,4 @@ spec: secretKeyRef: name: dnsimple-api-token key: letsencrypt-email + containerPort: 8443