infrastructure/k8s.tjo.cloud/modules/cluster/components.tf

204 lines
4.6 KiB
Terraform
Raw Normal View History

2024-07-20 11:09:30 +00:00
data "helm_template" "cilium" {
provider = helm.template
name = "cilium"
chart = "cilium"
repository = "https://helm.cilium.io/"
2024-12-05 18:13:22 +00:00
version = "1.16.4"
2024-07-20 11:09:30 +00:00
namespace = "kube-system"
kube_version = var.talos.kubernetes
2024-07-22 20:31:48 +00:00
values = [<<-EOF
ipam:
mode: "kubernetes"
2024-12-14 19:15:07 +00:00
operator:
priorityClassName: "system-cluster-critical"
2024-12-22 12:32:22 +00:00
prometheus:
enabled: true
2024-12-14 19:15:07 +00:00
routingMode: "native"
autoDirectNodeRoutes: true
directRoutingSkipUnreachable: true
bgpControlPlane:
2024-07-23 18:42:22 +00:00
enabled: true
2024-12-22 12:32:22 +00:00
bpf:
datapathMode: netkit
2024-07-22 20:31:48 +00:00
ipv4:
enabled: true
2024-12-19 21:15:46 +00:00
enableIPv4Masquerade: false
2024-07-22 20:31:48 +00:00
2024-07-25 15:42:08 +00:00
ipv6:
2024-12-14 19:15:07 +00:00
enabled: false
2024-12-19 21:15:46 +00:00
enableIPv6Masquerade: false
2024-12-14 19:15:07 +00:00
kubeProxyReplacement: true
2024-07-22 20:31:48 +00:00
2024-12-19 21:15:46 +00:00
k8s:
requireIPv4PodCIDR: true
requireIPv6PodCIDR: true
2024-07-22 20:31:48 +00:00
securityContext:
capabilities:
ciliumAgent:
- "CHOWN"
- "KILL"
- "NET_ADMIN"
- "NET_RAW"
- "IPC_LOCK"
- "SYS_ADMIN"
- "SYS_RESOURCE"
- "DAC_OVERRIDE"
- "FOWNER"
- "SETGID"
- "SETUID"
cleanCiliumState:
- "NET_ADMIN"
- "SYS_ADMIN"
- "SYS_RESOURCE"
cgroup:
hostRoot: "/sys/fs/cgroup"
autoMount:
enabled: false
2024-12-05 18:13:22 +00:00
k8sServiceHost: localhost
k8sServicePort: 7445
2024-07-22 20:31:48 +00:00
2024-12-22 12:32:22 +00:00
prometheus:
enabled: true
2024-07-22 20:31:48 +00:00
hubble:
ui:
2024-12-22 12:32:22 +00:00
enabled: true
2024-07-22 20:31:48 +00:00
relay:
2024-12-22 12:32:22 +00:00
enabled: true
tls:
auto:
enabled: true
method: cronJob
certValidityDuration: 1095
schedule: "0 0 1 */4 *"
2024-07-22 20:31:48 +00:00
gatewayAPI:
enabled: false
envoy:
enabled: false
EOF
]
2024-07-20 11:09:30 +00:00
}
data "helm_template" "proxmox-csi" {
provider = helm.template
name = "proxmox-csi-plugin"
chart = "proxmox-csi-plugin"
repository = "oci://ghcr.io/sergelogvinov/charts"
2024-12-05 18:13:22 +00:00
version = "0.2.14"
2024-07-20 11:09:30 +00:00
namespace = "kube-system"
kube_version = var.talos.kubernetes
values = [<<-EOF
config:
clusters:
- url: ${var.proxmox.url}
insecure: ${var.proxmox.insecure}
token_id: "${proxmox_virtual_environment_user_token.csi.id}"
token_secret: "${split("=", proxmox_virtual_environment_user_token.csi.value)[1]}"
region: "${var.proxmox.name}"
storageClass:
2024-12-14 19:15:07 +00:00
- name: proxmox-local-nvme
storage: local-nvme
reclaimPolicy: Delete
fstype: ext4
cache: none
- name: proxmox-local
storage: local
reclaimPolicy: Delete
fstype: ext4
cache: none
- name: proxmox-local-nvme-lvm
storage: local-nvme-lvm
2024-07-20 11:09:30 +00:00
reclaimPolicy: Delete
fstype: ext4
cache: none
nodeSelector:
node-role.kubernetes.io/control-plane: ""
node.cloudprovider.kubernetes.io/platform: nocloud
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
2024-07-21 10:27:40 +00:00
2024-07-20 11:09:30 +00:00
node:
nodeSelector:
node.cloudprovider.kubernetes.io/platform: nocloud
tolerations:
2024-07-21 10:27:40 +00:00
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
2024-07-20 11:09:30 +00:00
EOF
]
}
data "helm_template" "proxmox-ccm" {
provider = helm.template
name = "proxmox-cloud-controller-manager"
chart = "proxmox-cloud-controller-manager"
repository = "oci://ghcr.io/sergelogvinov/charts"
2024-12-05 18:13:22 +00:00
version = "0.2.8"
2024-07-20 11:09:30 +00:00
namespace = "kube-system"
kube_version = var.talos.kubernetes
values = [<<-EOF
2024-12-14 19:15:07 +00:00
# Deploy CCM only on control-plane nodes
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
- key: node.cloudprovider.kubernetes.io/uninitialized
effect: NoSchedule
2024-07-20 11:09:30 +00:00
enabledControllers:
- cloud-node-lifecycle
2024-12-14 19:15:07 +00:00
2024-07-20 11:09:30 +00:00
config:
clusters:
- url: ${var.proxmox.url}
insecure: ${var.proxmox.insecure}
token_id: ${proxmox_virtual_environment_user_token.ccm.id}
token_secret: ${split("=", proxmox_virtual_environment_user_token.ccm.value)[1]}
region: ${var.proxmox.name}
EOF
]
}
data "helm_template" "talos-ccm" {
provider = helm.template
name = "talos-cloud-controller-manager"
chart = "talos-cloud-controller-manager"
repository = "oci://ghcr.io/siderolabs/charts"
2024-12-05 18:13:22 +00:00
version = "0.4.3"
2024-07-20 11:09:30 +00:00
namespace = "kube-system"
kube_version = var.talos.kubernetes
2024-12-14 19:15:07 +00:00
values = [<<-EOF
enabledControllers:
- cloud-node
- node-csr-approval
EOF
]
2024-07-20 11:09:30 +00:00
}