infrastructure/k8s.tjo.cloud/modules/cluster/components.tf

data "helm_template" "cilium" {
  provider = helm.template

  name       = "cilium"
  chart      = "cilium"
  repository = "https://helm.cilium.io/"
  version    = "1.16.4"
  namespace  = "kube-system"

  kube_version = var.talos.kubernetes

  values = [<<-EOF
    ipam:
      mode: "kubernetes"

    operator:
      priorityClassName: "system-cluster-critical"

    routingMode: "native"
    autoDirectNodeRoutes: true
    directRoutingSkipUnreachable: true

    bgpControlPlane:
      enabled: true

    bpf:
      masquerade: true

    ipv4:
      enabled: true
    ipv4NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv4}"

    ipv6:
      enabled: false
    ipv6NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv6}"

    kubeProxyReplacement: true

    # This breaks it??
    #k8s:
    #  requireIPv4PodCIDR: true
    #  requireIPv6PodCIDR: true

    securityContext:
      capabilities:
        ciliumAgent:
          - "CHOWN"
          - "KILL"
          - "NET_ADMIN"
          - "NET_RAW"
          - "IPC_LOCK"
          - "SYS_ADMIN"
          - "SYS_RESOURCE"
          - "DAC_OVERRIDE"
          - "FOWNER"
          - "SETGID"
          - "SETUID"
        cleanCiliumState:
          - "NET_ADMIN"
          - "SYS_ADMIN"
          - "SYS_RESOURCE"
    cgroup:
      hostRoot: "/sys/fs/cgroup"
      autoMount:
        enabled: false

    k8sServiceHost: localhost
    k8sServicePort: 7445

    hubble:
      ui:
        enabled: false
      relay:
        enabled: false
    gatewayAPI:
      enabled: false
    envoy:
      enabled: false
    EOF
  ]
}

data "helm_template" "proxmox-csi" {
  provider = helm.template

  name       = "proxmox-csi-plugin"
  chart      = "proxmox-csi-plugin"
  repository = "oci://ghcr.io/sergelogvinov/charts"
  version    = "0.2.14"
  namespace  = "kube-system"

  kube_version = var.talos.kubernetes

  values = [<<-EOF
    config:
      clusters:
        - url: ${var.proxmox.url}
          insecure: ${var.proxmox.insecure}
          token_id: "${proxmox_virtual_environment_user_token.csi.id}"
          token_secret: "${split("=", proxmox_virtual_environment_user_token.csi.value)[1]}"
          region: "${var.proxmox.name}"

    storageClass:
      - name: proxmox-local-nvme
        storage: local-nvme
        reclaimPolicy: Delete
        fstype: ext4
        cache: none
      - name: proxmox-local
        storage: local
        reclaimPolicy: Delete
        fstype: ext4
        cache: none
      - name: proxmox-local-nvme-lvm
        storage: local-nvme-lvm
        reclaimPolicy: Delete
        fstype: ext4
        cache: none

    nodeSelector:
      node-role.kubernetes.io/control-plane: ""
      node.cloudprovider.kubernetes.io/platform: nocloud
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        effect: NoSchedule

    node:
      nodeSelector:
        node.cloudprovider.kubernetes.io/platform: nocloud
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          effect: NoSchedule
  EOF
  ]
}

data "helm_template" "proxmox-ccm" {
  provider   = helm.template
  name       = "proxmox-cloud-controller-manager"
  chart      = "proxmox-cloud-controller-manager"
  repository = "oci://ghcr.io/sergelogvinov/charts"
  version    = "0.2.8"
  namespace  = "kube-system"

  kube_version = var.talos.kubernetes

  values = [<<-EOF
    # Deploy CCM only on control-plane nodes
    affinity:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
          - matchExpressions:
            - key: node-role.kubernetes.io/control-plane
              operator: Exists
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        effect: NoSchedule
      - key: node.cloudprovider.kubernetes.io/uninitialized
        effect: NoSchedule

    enabledControllers:
      - cloud-node-lifecycle

    config:
      clusters:
        - url: ${var.proxmox.url}
          insecure: ${var.proxmox.insecure}
          token_id: ${proxmox_virtual_environment_user_token.ccm.id}
          token_secret: ${split("=", proxmox_virtual_environment_user_token.ccm.value)[1]}
          region: ${var.proxmox.name}
  EOF
  ]
}

data "helm_template" "talos-ccm" {
  provider   = helm.template
  name       = "talos-cloud-controller-manager"
  chart      = "talos-cloud-controller-manager"
  repository = "oci://ghcr.io/siderolabs/charts"
  version    = "0.4.3"
  namespace  = "kube-system"

  kube_version = var.talos.kubernetes

  values = [<<-EOF
    enabledControllers:
      - cloud-node
      - node-csr-approval
  EOF
  ]
}
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`data "helm_template" "cilium" {`
			`provider = helm.template`

			`name = "cilium"`
			`chart = "cilium"`
			`repository = "https://helm.cilium.io/"`
feat(kubernetes): wip 2024-12-05 18:13:22 +00:00			`version = "1.16.4"`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`namespace = "kube-system"`

			`kube_version = var.talos.kubernetes`

feat: better? 2024-07-22 20:31:48 +00:00			`values = [<<-EOF`
			`ipam:`
			`mode: "kubernetes"`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00
			`operator:`
			`priorityClassName: "system-cluster-critical"`

			`routingMode: "native"`
			`autoDirectNodeRoutes: true`
			`directRoutingSkipUnreachable: true`

			`bgpControlPlane:`
feat: update 2024-07-23 18:42:22 +00:00			`enabled: true`

			`bpf:`
			`masquerade: true`
feat: better? 2024-07-22 20:31:48 +00:00
			`ipv4:`
			`enabled: true`
feat: working bgp 2024-12-15 17:35:26 +00:00			`ipv4NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv4}"`
feat: better? 2024-07-22 20:31:48 +00:00
feat: lint 2024-07-25 15:42:08 +00:00			`ipv6:`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00			`enabled: false`
feat: working bgp 2024-12-15 17:35:26 +00:00			`ipv6NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv6}"`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00
			`kubeProxyReplacement: true`
feat: better? 2024-07-22 20:31:48 +00:00
wip: kubernetes cilum service dns issue 2024-12-16 20:19:55 +00:00			`# This breaks it??`
			`#k8s:`
			`# requireIPv4PodCIDR: true`
			`# requireIPv6PodCIDR: true`

feat: better? 2024-07-22 20:31:48 +00:00			`securityContext:`
			`capabilities:`
			`ciliumAgent:`
			`- "CHOWN"`
			`- "KILL"`
			`- "NET_ADMIN"`
			`- "NET_RAW"`
			`- "IPC_LOCK"`
			`- "SYS_ADMIN"`
			`- "SYS_RESOURCE"`
			`- "DAC_OVERRIDE"`
			`- "FOWNER"`
			`- "SETGID"`
			`- "SETUID"`
			`cleanCiliumState:`
			`- "NET_ADMIN"`
			`- "SYS_ADMIN"`
			`- "SYS_RESOURCE"`
			`cgroup:`
			`hostRoot: "/sys/fs/cgroup"`
			`autoMount:`
			`enabled: false`

feat(kubernetes): wip 2024-12-05 18:13:22 +00:00			`k8sServiceHost: localhost`
			`k8sServicePort: 7445`
feat: better? 2024-07-22 20:31:48 +00:00
			`hubble:`
			`ui:`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00			`enabled: false`
feat: better? 2024-07-22 20:31:48 +00:00			`relay:`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00			`enabled: false`
feat: better? 2024-07-22 20:31:48 +00:00			`gatewayAPI:`
			`enabled: false`
			`envoy:`
			`enabled: false`
			`EOF`
			`]`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`}`

			`data "helm_template" "proxmox-csi" {`
			`provider = helm.template`

			`name = "proxmox-csi-plugin"`
			`chart = "proxmox-csi-plugin"`
			`repository = "oci://ghcr.io/sergelogvinov/charts"`
feat(kubernetes): wip 2024-12-05 18:13:22 +00:00			`version = "0.2.14"`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`namespace = "kube-system"`

			`kube_version = var.talos.kubernetes`

			`values = [<<-EOF`
			`config:`
			`clusters:`
			`- url: ${var.proxmox.url}`
			`insecure: ${var.proxmox.insecure}`
			`token_id: "${proxmox_virtual_environment_user_token.csi.id}"`
			`token_secret: "${split("=", proxmox_virtual_environment_user_token.csi.value)[1]}"`
			`region: "${var.proxmox.name}"`

			`storageClass:`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00			`- name: proxmox-local-nvme`
			`storage: local-nvme`
			`reclaimPolicy: Delete`
			`fstype: ext4`
			`cache: none`
			`- name: proxmox-local`
			`storage: local`
			`reclaimPolicy: Delete`
			`fstype: ext4`
			`cache: none`
			`- name: proxmox-local-nvme-lvm`
			`storage: local-nvme-lvm`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`reclaimPolicy: Delete`
			`fstype: ext4`
			`cache: none`

			`nodeSelector:`
			`node-role.kubernetes.io/control-plane: ""`
			`node.cloudprovider.kubernetes.io/platform: nocloud`
			`tolerations:`
			`- key: node-role.kubernetes.io/control-plane`
			`effect: NoSchedule`
feat: better? 2024-07-21 10:27:40 +00:00
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`node:`
			`nodeSelector:`
			`node.cloudprovider.kubernetes.io/platform: nocloud`
			`tolerations:`
feat: better? 2024-07-21 10:27:40 +00:00			`- key: node-role.kubernetes.io/control-plane`
			`effect: NoSchedule`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`EOF`
			`]`
			`}`

			`data "helm_template" "proxmox-ccm" {`
			`provider = helm.template`
			`name = "proxmox-cloud-controller-manager"`
			`chart = "proxmox-cloud-controller-manager"`
			`repository = "oci://ghcr.io/sergelogvinov/charts"`
feat(kubernetes): wip 2024-12-05 18:13:22 +00:00			`version = "0.2.8"`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`namespace = "kube-system"`

			`kube_version = var.talos.kubernetes`

			`values = [<<-EOF`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00			`# Deploy CCM only on control-plane nodes`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: node-role.kubernetes.io/control-plane`
			`operator: Exists`
			`tolerations:`
			`- key: node-role.kubernetes.io/control-plane`
			`effect: NoSchedule`
			`- key: node.cloudprovider.kubernetes.io/uninitialized`
			`effect: NoSchedule`

feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`enabledControllers:`
			`- cloud-node-lifecycle`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`config:`
			`clusters:`
			`- url: ${var.proxmox.url}`
			`insecure: ${var.proxmox.insecure}`
			`token_id: ${proxmox_virtual_environment_user_token.ccm.id}`
			`token_secret: ${split("=", proxmox_virtual_environment_user_token.ccm.value)[1]}`
			`region: ${var.proxmox.name}`
			`EOF`
			`]`
			`}`

			`data "helm_template" "talos-ccm" {`
			`provider = helm.template`
			`name = "talos-cloud-controller-manager"`
			`chart = "talos-cloud-controller-manager"`
			`repository = "oci://ghcr.io/siderolabs/charts"`
feat(kubernetes): wip 2024-12-05 18:13:22 +00:00			`version = "0.4.3"`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`namespace = "kube-system"`

			`kube_version = var.talos.kubernetes`
feat(kubernetes): wip 2024-12-14 19:15:07 +00:00
			`values = [<<-EOF`
			`enabledControllers:`
			`- cloud-node`
			`- node-csr-approval`
			`EOF`
			`]`
feat: finaly working with proxmox-ccm 2024-07-20 11:09:30 +00:00			`}`