2024-07-20 11:09:30 +00:00
|
|
|
data "helm_template" "cilium" {
|
|
|
|
provider = helm.template
|
|
|
|
|
|
|
|
name = "cilium"
|
|
|
|
chart = "cilium"
|
|
|
|
repository = "https://helm.cilium.io/"
|
|
|
|
version = "1.15.6"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
|
|
|
|
values = [yamlencode({
|
|
|
|
ipam : {
|
|
|
|
mode : "kubernetes"
|
|
|
|
},
|
|
|
|
nodeIPAM : {
|
|
|
|
enabled : true
|
|
|
|
},
|
|
|
|
kubeProxyReplacement : "true"
|
|
|
|
securityContext : {
|
|
|
|
capabilities : {
|
|
|
|
ciliumAgent : [
|
|
|
|
"CHOWN",
|
|
|
|
"KILL",
|
|
|
|
"NET_ADMIN",
|
|
|
|
"NET_RAW",
|
|
|
|
"IPC_LOCK",
|
|
|
|
"SYS_ADMIN",
|
|
|
|
"SYS_RESOURCE",
|
|
|
|
"DAC_OVERRIDE",
|
|
|
|
"FOWNER",
|
|
|
|
"SETGID",
|
|
|
|
"SETUID"
|
|
|
|
],
|
|
|
|
cleanCiliumState : [
|
|
|
|
"NET_ADMIN",
|
|
|
|
"SYS_ADMIN",
|
|
|
|
"SYS_RESOURCE"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
},
|
|
|
|
cgroup : {
|
|
|
|
autoMount : {
|
|
|
|
enabled : false
|
|
|
|
},
|
|
|
|
hostRoot : "/sys/fs/cgroup"
|
|
|
|
},
|
|
|
|
k8sServiceHost : local.cluster_api_domain
|
|
|
|
k8sServicePort : var.cluster.api.port
|
|
|
|
ipv4 : {
|
|
|
|
enabled : true
|
|
|
|
},
|
|
|
|
#ipv6 : {
|
|
|
|
# enabled : true
|
|
|
|
#},
|
|
|
|
hubble : {
|
|
|
|
tls : {
|
|
|
|
auto : {
|
|
|
|
enabled : true
|
|
|
|
method : "cronJob"
|
|
|
|
schedule : "0 0 1 */4 *"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ui : {
|
|
|
|
enabled : true
|
|
|
|
}
|
|
|
|
relay : {
|
|
|
|
enabled : true
|
|
|
|
}
|
|
|
|
},
|
|
|
|
gatewayAPI : {
|
|
|
|
enabled : false
|
|
|
|
}
|
|
|
|
envoy : {
|
|
|
|
enabled : false
|
|
|
|
}
|
|
|
|
})]
|
|
|
|
}
|
|
|
|
|
|
|
|
data "helm_template" "proxmox-csi" {
|
|
|
|
provider = helm.template
|
|
|
|
|
|
|
|
name = "proxmox-csi-plugin"
|
|
|
|
chart = "proxmox-csi-plugin"
|
|
|
|
repository = "oci://ghcr.io/sergelogvinov/charts"
|
|
|
|
version = "0.2.5"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
|
|
|
|
values = [<<-EOF
|
|
|
|
config:
|
|
|
|
clusters:
|
|
|
|
- url: ${var.proxmox.url}
|
|
|
|
insecure: ${var.proxmox.insecure}
|
|
|
|
token_id: "${proxmox_virtual_environment_user_token.csi.id}"
|
|
|
|
token_secret: "${split("=", proxmox_virtual_environment_user_token.csi.value)[1]}"
|
|
|
|
region: "${var.proxmox.name}"
|
|
|
|
|
|
|
|
storageClass:
|
2024-07-21 10:27:40 +00:00
|
|
|
- name: proxmox-main
|
|
|
|
storage: main
|
2024-07-20 11:09:30 +00:00
|
|
|
reclaimPolicy: Delete
|
|
|
|
fstype: ext4
|
|
|
|
cache: none
|
|
|
|
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
node.cloudprovider.kubernetes.io/platform: nocloud
|
|
|
|
tolerations:
|
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2024-07-21 10:27:40 +00:00
|
|
|
|
2024-07-20 11:09:30 +00:00
|
|
|
node:
|
|
|
|
nodeSelector:
|
|
|
|
node.cloudprovider.kubernetes.io/platform: nocloud
|
|
|
|
tolerations:
|
2024-07-21 10:27:40 +00:00
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2024-07-20 11:09:30 +00:00
|
|
|
EOF
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
data "helm_template" "proxmox-ccm" {
|
|
|
|
provider = helm.template
|
|
|
|
name = "proxmox-cloud-controller-manager"
|
|
|
|
chart = "proxmox-cloud-controller-manager"
|
|
|
|
repository = "oci://ghcr.io/sergelogvinov/charts"
|
|
|
|
version = "0.2.3"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
|
|
|
|
values = [<<-EOF
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
enabledControllers:
|
|
|
|
- cloud-node-lifecycle
|
|
|
|
config:
|
|
|
|
clusters:
|
|
|
|
- url: ${var.proxmox.url}
|
|
|
|
insecure: ${var.proxmox.insecure}
|
|
|
|
token_id: ${proxmox_virtual_environment_user_token.ccm.id}
|
|
|
|
token_secret: ${split("=", proxmox_virtual_environment_user_token.ccm.value)[1]}
|
|
|
|
region: ${var.proxmox.name}
|
|
|
|
EOF
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
data "helm_template" "talos-ccm" {
|
|
|
|
provider = helm.template
|
|
|
|
name = "talos-cloud-controller-manager"
|
|
|
|
chart = "talos-cloud-controller-manager"
|
|
|
|
repository = "oci://ghcr.io/siderolabs/charts"
|
|
|
|
version = "0.3.1"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
}
|
|
|
|
|
|
|
|
data "helm_template" "cert-manager" {
|
|
|
|
provider = helm.template
|
|
|
|
name = "cert-manager"
|
|
|
|
chart = "cert-manager"
|
|
|
|
repository = "https://charts.jetstack.io"
|
|
|
|
version = "v1.15.1"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
api_versions = [
|
|
|
|
"gateway.networking.k8s.io/v1/GatewayClass",
|
|
|
|
]
|
|
|
|
|
|
|
|
include_crds = true
|
|
|
|
|
|
|
|
set {
|
|
|
|
name = "crds.enabled"
|
|
|
|
value = true
|
|
|
|
}
|
|
|
|
|
|
|
|
set_list {
|
|
|
|
name = "extraArgs"
|
|
|
|
value = ["--enable-gateway-api"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
data "helm_template" "envoy" {
|
|
|
|
provider = helm.template
|
|
|
|
name = "envoy"
|
|
|
|
chart = "gateway-helm"
|
|
|
|
repository = "oci://docker.io/envoyproxy"
|
|
|
|
version = "v1.1.0-rc.1"
|
|
|
|
namespace = "kube-system"
|
|
|
|
|
|
|
|
kube_version = var.talos.kubernetes
|
|
|
|
api_versions = [
|
|
|
|
"gateway.networking.k8s.io/v1/GatewayClass",
|
|
|
|
]
|
|
|
|
|
|
|
|
include_crds = true
|
|
|
|
}
|