Update Rook Ceph group to v1.13.0

2023-12-13 22:01:21 +00:00
16 changed files with 49 additions and 243 deletions
--- a/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
+++ b/.taskfiles/VolSync/ReplicationDestination.tmpl.yaml
@ -11,7 +11,7 @@ spec:
    repository: "${rsrc}-restic-secret"
    destinationPVC: "${claim}"
    copyMethod: Direct
-    storageClassName: ceph-block
+    storageClassName: local-hostpath
    # IMPORTANT NOTE:
    #   Set to the last X number of snapshots to restore from
    previous: ${previous}
--- a/kubernetes/apps/default/jellyfin/app/helmrelease.yaml
+++ b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml
@ -83,7 +83,7 @@ spec:
            - name: config
              accessMode: ReadWriteOnce
              size: 50Gi
-              storageClass: ceph-block
+              storageClass: local-hostpath
              globalMounts:
                - path: /config
    service:
--- a/kubernetes/apps/default/jellyfin/app/pvc.yaml
+++ b/kubernetes/apps/default/jellyfin/app/pvc.yaml
@ -12,4 +12,4 @@ spec:
    requests:
      storage: 20Gi

-  storageClassName: ceph-block
+  storageClassName: local-hostpath
--- a/kubernetes/apps/monitoring/alertmanager/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/alertmanager/app/helmrelease.yaml
@ -27,7 +27,7 @@ spec:
          main:
            image:
              repository: quay.io/prometheus/alertmanager
-              tag: main@sha256:9346cb845868c70d37c89f7d0ff66debb3bce166410ff5251281cf03a8c54d84
+              tag: main@sha256:cf3b474d32e1f66fd2d80750bf35529aa4b49dad724857f4c481ab9a53befd94
              pullPolicy: IfNotPresent
    podAnnotations:
      reloader.stakater.com/auto: "true"
--- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
@ -11,7 +11,7 @@ spec:
  chart:
    spec:
      chart: kube-prometheus-stack
-      version: 55.5.0
+      version: 55.3.1
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
@ -115,7 +115,7 @@ spec:
        storage:
          volumeClaimTemplate:
            spec:
-              storageClassName: ceph-block
+              storageClassName: local-hostpath
              resources:
                requests:
                  storage: 1Gi
@ -193,7 +193,7 @@ spec:
        enableAdminAPI: true
        walCompression: true
        thanos:
-          image: quay.io/thanos/thanos:v0.33.0
+          image: quay.io/thanos/thanos:v0.32.5
          objectStorageConfig:
            name: thanos-s3-secret
            key: objstore.yml
@ -202,7 +202,7 @@ spec:
        storageSpec:
          volumeClaimTemplate:
            spec:
-              storageClassName: ceph-block
+              storageClassName: local-hostpath
              resources:
                requests:
                  storage: 20Gi
--- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@ -11,7 +11,7 @@ spec:
  chart:
    spec:
      chart: thanos
-      version: 12.20.0
+      version: 12.16.1
      sourceRef:
        kind: HelmRepository
        name: bitnami
@ -31,7 +31,7 @@ spec:
    image:
      registry: quay.io
      repository: thanos/thanos
-      tag: v0.33.0
+      tag: v0.32.5
    existingObjstoreSecret: thanos-s3-secret
    queryFrontend:
      enabled: true
@ -66,14 +66,14 @@ spec:
      retentionResolution1h: 90d
      persistence:
        enabled: true
-        storageClass: ceph-block
+        storageClass: local-hostpath
        size: 20Gi
    storegateway:
      enabled: true
      replicaCount: 3
      persistence:
        enabled: true
-        storageClass: ceph-block
+        storageClass: local-hostpath
        size: 10Gi
    ruler:
      enabled: true
@ -94,7 +94,7 @@ spec:
                  severity: critical
      persistence:
        enabled: true
-        storageClass: ceph-block
+        storageClass: local-hostpath
        size: 5Gi
    metrics:
      enabled: true
--- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
+++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml
@ -58,12 +58,11 @@ spec:
          - name: "nienna"
            devices:
              - name: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HALR-00000_S3W6NA0M610693
+              - name: /dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR5E7NQR
          - name: "orome"
            devices:
              - name: /dev/disk/by-id/nvme-SAMSUNG_MZVLB1T0HBLR-00000_S4GJNX0R613503
-          - name: "nessa"
-            devices:
-              - name: /dev/disk/by-id/nvme-SAMSUNG_MZVL21T0HCLR-00B00_S676NU0W641201
+              - name: /dev/disk/by-id/ata-ST16000NM001J-2TW113_ZR6021Z3
      resources:
        mgr:
          limits:
@ -73,18 +72,16 @@ spec:
            cpu: "1000m"
            memory: "4Gi"

-    cephFileSystemVolumeSnapshotClass:
-      enabled: true
-      name: csi-ceph-filesystem
-      isDefault: false
-      deletionPolicy: Delete
+    cephBlockPoolsVolumeSnapshotClass:
+      enabled: false

    cephBlockPools:
      - name: ceph-blockpool
        spec:
          failureDomain: host
-          replicated:
-            size: 3
+          erasureCoded:
+            dataChunks: 2
+            codingChunks: 1
        storageClass:
          enabled: true
          name: ceph-block
--- a/kubernetes/apps/security/external-secrets/app/helmrelease.yaml
+++ b/kubernetes/apps/security/external-secrets/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: external-secrets
-      version: 0.9.10
+      version: 0.9.9
      interval: 30m
      sourceRef:
        kind: HelmRepository
--- a/kubernetes/apps/system/reloader/app/helmrelease.yaml
+++ b/kubernetes/apps/system/reloader/app/helmrelease.yaml
@ -10,7 +10,7 @@ spec:
  chart:
    spec:
      chart: reloader
-      version: 1.0.55
+      version: 1.0.52
      sourceRef:
        kind: HelmRepository
        name: stakater
--- a/kubernetes/bootstrap/flux/kustomization.yaml
+++ b/kubernetes/bootstrap/flux/kustomization.yaml
@ -3,7 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - github.com/fluxcd/flux2/manifests/install?ref=v2.2.2
+  - github.com/fluxcd/flux2/manifests/install?ref=v2.1.2
 patches:
  - patch: |-
      $patch: delete
--- a/kubernetes/flux/config/flux.yaml
+++ b/kubernetes/flux/config/flux.yaml
@ -9,7 +9,7 @@ spec:
  interval: 10m
  url: oci://ghcr.io/fluxcd/flux-manifests
  ref:
-    tag: v2.2.2
+    tag: v2.1.2@sha256:5502bbd944688e3a6e1804521be7bcfcb66cf72d130196fe2736e00c6016525f
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
--- a/kubernetes/tools/kbench.yaml
+++ b/kubernetes/tools/kbench.yaml
@ -1,48 +0,0 @@
---
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: kbench-pvc
-spec:
-  storageClassName: ceph-block
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 33Gi
---
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: kbench
-spec:
-  template:
-    metadata:
-      labels:
-        kbench: fio
-    spec:
-      containers:
-        - name: kbench
-          image: yasker/kbench:latest
-          imagePullPolicy: Always
-          env:
-          # - name: QUICK_MODE  # for debugging
-          #  value: "1"
-            - name: FILE_NAME
-              value: "/volume/test"
-            - name: SIZE
-              value: "30G" # must be 10% smaller than the PVC size due to filesystem also took space
-            - name: CPU_IDLE_PROF
-              value: "disabled" # must be "enabled" or "disabled"
-          volumeMounts:
-            - name: vol
-              mountPath: /volume/
-        # volumeDevices:
-        #   - name: vol
-        #     devicePath: /volume/test
-      restartPolicy: Never
-      volumes:
-        - name: vol
-          persistentVolumeClaim:
-            claimName: kbench-pvc
-  backoffLimit: 0
--- a/kubernetes/tools/wipe-rook-fast.yaml
+++ b/kubernetes/tools/wipe-rook-fast.yaml
@ -1,108 +0,0 @@
---
-apiVersion: v1
-kind: Pod
-metadata:
-  name: disk-wipe-nessa
-spec:
-  restartPolicy: Never
-  nodeName: nessa
-  containers:
-    - name: disk-wipe
-      image: ghcr.io/onedr0p/alpine:3.18.4@sha256:b0b6f6f42bf9649ccaf0e98cd74d5e123471e2c4a4db4a5ee417b18dde9973a9
-      securityContext:
-        privileged: true
-      resources: {}
-      env:
-        - name: CEPH_DISK
-          value: "/dev/nvme0n1"
-      command:
-        [
-          "/bin/sh",
-          "-c"
-        ]
-      args:
-        - apk add --no-cache sgdisk util-linux parted;
-          sgdisk --zap-all $CEPH_DISK;
-          blkdiscard $CEPH_DISK;
-          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
-          partprobe $CEPH_DISK;
-      volumeMounts:
-        - mountPath: /mnt/host_var
-          name: host-var
-  volumes:
-    - name: host-var
-      hostPath:
-        path: /var
-
---
-apiVersion: v1
-kind: Pod
-metadata:
-  name: disk-wipe-nienna
-spec:
-  restartPolicy: Never
-  nodeName: nienna
-  containers:
-    - name: disk-wipe
-      image: ghcr.io/onedr0p/alpine:3.18.4@sha256:b0b6f6f42bf9649ccaf0e98cd74d5e123471e2c4a4db4a5ee417b18dde9973a9
-      securityContext:
-        privileged: true
-      resources: {}
-      env:
-        - name: CEPH_DISK
-          value: "/dev/nvme0n1"
-      command:
-        [
-          "/bin/sh",
-          "-c"
-        ]
-      args:
-        - apk add --no-cache sgdisk util-linux parted;
-          sgdisk --zap-all $CEPH_DISK;
-          blkdiscard $CEPH_DISK;
-          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
-          partprobe $CEPH_DISK;
-      volumeMounts:
-        - mountPath: /mnt/host_var
-          name: host-var
-  volumes:
-    - name: host-var
-      hostPath:
-        path: /var
-
---
-apiVersion: v1
-kind: Pod
-metadata:
-  name: disk-wipe-orome
-spec:
-  restartPolicy: Never
-  nodeName: orome
-  containers:
-    - name: disk-wipe
-      image: ghcr.io/onedr0p/alpine:3.18.4@sha256:b0b6f6f42bf9649ccaf0e98cd74d5e123471e2c4a4db4a5ee417b18dde9973a9
-      securityContext:
-        privileged: true
-      resources: {}
-      env:
-        - name: CEPH_DISK
-          value: "/dev/nvme0n1"
-
-      command:
-        [
-          "/bin/sh",
-          "-c"
-        ]
-      args:
-        - apk add --no-cache sgdisk util-linux parted;
-          sgdisk --zap-all $CEPH_DISK;
-          blkdiscard $CEPH_DISK;
-          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
-          partprobe $CEPH_DISK;
-      volumeMounts:
-        - mountPath: /mnt/host_var
-          name: host-var
-  volumes:
-    - name: host-var
-      hostPath:
-        path: /var
--- a/talos/clusterconfig/.gitignore
+++ b/talos/clusterconfig/.gitignore
@ -4,4 +4,3 @@ valinor-arlen.yaml
 valinor-eonwe.yaml
 valinor-nienna.yaml
 valinor-orome.yaml
-valinor-nessa.yaml
--- a/talos/talconfig.yaml
+++ b/talos/talconfig.yaml
@ -1,7 +1,7 @@
 ---
 clusterName: valinor

-talosVersion: v1.6.0
+talosVersion: v1.5.5
 kubernetesVersion: 1.28.4
 endpoint: "https://${clusterEndpointIP}:6443"

@ -14,13 +14,6 @@ additionalApiServerCertSans:
 additionalMachineCertSans:
  - ${clusterEndpointIP}

-imageFactory:
-  registryURL: factory.talos.dev
-  schematicEndpoint: /schematics
-  protocol: https
-  installerURLTmpl: "{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}"
-  ISOURLTmpl: "{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso"
-
 nodes:
  # cloud CAX21 Arm64
  - hostname: arlen
@ -70,19 +63,22 @@ nodes:
          - network: 10.2.0.0/16
            gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route).
            metric: 2048
-  # VM AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM
+  # Bare-metal AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM
  - hostname: nienna
    disableSearchDomain: true
    ipAddress: ${niennaIP}
    controlPlane: false
-    schematic:
-      customization:
-        extraKernelArgs:
-          - net.ifnames=0
-        systemExtensions:
-          officialExtensions:
-            - siderolabs/amd-ucode
-            - siderolabs/qemu-guest-agent
+    # customization:
+    #   extraKernelArgs:
+    #     - net.ifnames=0
+    #   systemExtensions:
+    #     officialExtensions:
+    #       - siderolabs/amd-ucode
+    #       - siderolabs/qemu-guest-agent
+    talosImageURL: harbor.hsn.dev/factory.talos.dev/installer/696bb48d9c48e567596f393a4ff9bfd26d4dda5d92c16beb580e96fa68d6324c
+    # https://factory.talos.dev/image/696bb48d9c48e567596f393a4ff9bfd26d4dda5d92c16beb580e96fa68d6324c/v1.5.5/metal-amd64.iso
+    # no guest agent in the raw.xz image
+    # https://factory.talos.dev/image/6c789e7a3eec37617fd9d239a7f696ba48e75bc4780f5cb30bf8882686d79a22/v1.5.5/metal-amd64.raw.xz
    installDiskSelector:
      busPath: /pci0000:00/0000:00:0a.0/virtio2/
    networkInterfaces:
@ -100,50 +96,21 @@ nodes:
              - network: 10.2.0.0/16
                gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route).
                metric: 2048
-  # VM AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM
-  - hostname: nessa
-    disableSearchDomain: true
-    ipAddress: ${nessaIP}
-    controlPlane: false
-    schematic:
-      customization:
-        extraKernelArgs:
-          - net.ifnames=0
-        systemExtensions:
-          officialExtensions:
-            - siderolabs/amd-ucode
-            - siderolabs/qemu-guest-agent
-    installDiskSelector:
-      busPath: /pci0000:00/0000:00:0a.0/virtio2/
-    networkInterfaces:
-      - interface: eth0
-        dhcp: true
-      - interface: eth1
-        dhcp: false
-        vlans:
-          - vlanId: 4010
-            mtu: 1400
-            addresses:
-              - 10.2.1.4/24
-            dhcp: false
-            routes:
-              - network: 10.2.0.0/16
-                gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route).
-                metric: 2048
  # VM on EX44 - Intel Gen 13 (Raptor Lake) - 64GB RAM
  - hostname: orome
    disableSearchDomain: true
    ipAddress: ${oromeIP}
    controlPlane: false
-    schematic:
-      customization:
-        extraKernelArgs:
-          - net.ifnames=0
-        systemExtensions:
-          officialExtensions:
-            - siderolabs/i915-ucode
-            - siderolabs/intel-ucode
-            - siderolabs/qemu-guest-agent
+    # customization:
+    #     extraKernelArgs:
+    #         - net.ifnames=0
+    #     systemExtensions:
+    #         officialExtensions:
+    #             - siderolabs/i915-ucode
+    #             - siderolabs/intel-ucode
+    #             - siderolabs/qemu-guest-agent
+    talosImageURL: harbor.hsn.dev/factory.talos.dev/installer/f2f665587318c2d79e7b315cc333fff276ed59c8de831f16e28b4db107496ac2
+    # https://factory.talos.dev/image/f2f665587318c2d79e7b315cc333fff276ed59c8de831f16e28b4db107496ac2/metal-amd64.iso
    installDiskSelector:
      busPath: /pci0000:00/0000:00:0a.0/virtio2/
    networkInterfaces:
--- a/talos/talenv.sops.yaml
+++ b/talos/talenv.sops.yaml
@ -5,7 +5,6 @@ arlenIP: ENC[AES256_GCM,data:uXEM6zEuo40=,iv:eZMNksxYqpfYaY70yiJDOOnpOZ2cIfu4sE7
 eonweIP: ENC[AES256_GCM,data:zfIK5G67zEQ=,iv:xXPae345ybW9u6SX5eNHwEcBe+Y/7Gvzt6qWni3x+k4=,tag:hFO15lqDviJz+dnsa8IgMg==,type:str]
 niennaIP: ENC[AES256_GCM,data:3FRJBHRujl0=,iv:wd+Wp8DCXITYv4/Ys26+2GmeMXn0hvakxMUpDALqciE=,tag:P0Px35bWU0IzpH2H0i6dpA==,type:str]
 oromeIP: ENC[AES256_GCM,data:xSp35+pBlyk=,iv:Utk+kCiUKbSrx3kCsEtc90VRWEC9FSZJvJ1fvLZWc38=,tag:6uHW+BiOau9PUS2I2OnVGA==,type:str]
-nessaIP: ENC[AES256_GCM,data:iHaVLhItz0c=,iv:QBFH5xorX+WwPrSTQf0ZBBpJ9hg5itFkAnRlR4/vlm8=,tag:3i6iTRtXYMZ1uoYWvuthwQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -21,8 +20,8 @@ sops:
            MTFUZEplYVN5RGhhMGNEcDlGbTVQcjQKktwztZAHGUqoxbGHuAg0dX5Vap+wFVfx
            ku6Hzg1ZU8Lvd8ODe+4p+RvHSKVll1akgpPVuymCUxl+I6EvH7gEDA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-20T03:55:35Z"
-    mac: ENC[AES256_GCM,data:1jRrWtUMqsDz65bF7NBTi9UZxuEzpKgTEyUUItEk5aXEfqmE7yQpfKl6p1yGKD9BDQOlLVa4Sj9daYiTCsis8g1OxB9SIdC//LcMKhwgv/rlqRW03nvtXo9628XLyLoITBzMej0FufVM9m973h5rmFL2Lom5s+v2Bej1+bxxM3g=,iv:ZoJVYy8ImmeYHgG0SCi2KMXnPMY+Zq7KqS9D8mnZ69I=,tag:jnTi/AOfjGfhj86x964FrA==,type:str]
+    lastmodified: "2023-12-12T17:44:15Z"
+    mac: ENC[AES256_GCM,data:bXullHomsdG80EKIVrghmPIkcQMzWX/gvM8w0iqWRbunC4SlNTzFIgrHvs1qYdyPqy+rC2NhhhWGBVSDEfAA5wRQ/xmLPmFP/z9hKsUiQqHUwZflu2taB2SLuhjMMHS2sKwcP3uPA1anPkvEjhx+IpGv9X92RHqr8YF1r2LhOVk=,iv:OQwhjxw/FI/S9pXS9/HHTFdFxIetKUPcESscfJNjkao=,tag:AhoPRZifwQVPRO38fA/LSQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1