tjo-cloud/infrastructure
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat: update versions and cilum fixes
Some checks failed
/ lint (push) Has been cancelled
Details

Browse source
This commit is contained in:
Tine 2024-12-19 22:15:46 +01:00
parent 059934a7c0
commit 840c9c1429
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
10 changed files with 111 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
k8s.tjo.cloud/.terraform.lock.hcl
View file

@ -2,49 +2,49 @@
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/bpg/proxmox" {
version = "0.61.1"
constraints = "0.61.1"
version = "0.69.0"
constraints = "0.69.0"
hashes = [
"h1:6kz2Rdjc8+TVq2aUxEQXLOwbb9OdhJJei0L1fC4K2R4=",
"zh:27d8b589a2dc1e0a5b0f8ab299b9f3704a2f0b69799d1d4d8845c68056986d1f",
"zh:46dfa6b33ddd7007a2144f38090457604eb56a59a303b37bb0ad1be5c84ddaca",
"zh:47a1b14a759393c5ecc76f2feb950677c418c910b8c677fde0dd3e4675c41579",
"zh:582e49d109d1c2b1f3b1268a7cbc43548f3c6d96a87c92a5428767097a5e383e",
"zh:5e98ad6afae5969a4c3ffb14c0484936550c66c8313d7686551c29b633ff32f2",
"zh:7b9e24b76f947ab8f1e571cf61beefc983b7d2aa1b85df35c4f015728fe37a38",
"zh:8255ca210f279a0f7b8ca2762df26d2ea1a01704298c5e3d5cf601bd39a743f0",
"zh:85d7655fdc95dedced9cf8105a0beeb0d7bc8f668c55f62019a7215a76d60300",
"zh:8aeea5a1d001b06baaf923b754e1a14d06c75eb8c8b87a7f65a3c8205fc8b079",
"zh:a9cfab6c06f613658c5fdd83742cd22c0eb7563778924b1407965ef8c36c1ce0",
"zh:ceaab67801d49a92eb5858b1ddae6df2569462e5ffbe31f9dbd79dcb684ea142",
"zh:dc25b506d5c55d1d78a335d3ebd03213c99b4b2a5859812349a955c2f746ff7e",
"zh:e04b477fd77a0d37a0bdb76a7cf69184dad9e7fbba9b4f3a378a8901b82b75e5",
"zh:f1e6838d9141557f73340df9b21fce5a82b41cc16ae36f063a920ccc36bc0758",
"h1:ULUO3AUJfhLxDU02ktVgVS24MH1XyvKkHAujs/KYI1I=",
"zh:046713ab723f4aecc2886263b3e2fc79f2391c821a81a5346f7ff185edd17f68",
"zh:05c19166978a8a81031e502d3934bae5daac17fe44d8f397bb6a67f9bade337b",
"zh:12327ed39e85680cfd086bcb0d7ebefd15d352c1cd857e5164d4729122821489",
"zh:4f833932192a136dbafc54ee98dcfeb612dc7b679ba5bcb59f7d430721b58f80",
"zh:6c5547ee42a6ed6ae40a707c97fd1bf22b082feed8d31f34bcc9447018b7a2c5",
"zh:6ee9fe5d73fe283cc4c6cb551b7a5ccd857be65f91872446b772f75f75a2a272",
"zh:8a4d23aa38298286bee221db01a8f02492679e5ab877eaa793df4f16af4ed714",
"zh:982011abf6ce4499d6b8e00aa7d7ba92229ae641fa8e631b14ced37343f443cc",
"zh:a46683898b8d193f40de3837c6ea2bbf8a68ac59e6d4463c307a9931cccb5e42",
"zh:ce3ea79bd1b4f3d881e7de8d2e9e0bf86f0c48ad1b71ff4ce48f0ba09b732106",
"zh:d20d861810452ee57670d0389e8409644f7b61888c8c9cc67f65cdb06fc3456d",
"zh:d6169bdacfc2f88decf2c8f3af47bbf411de914120e128cd53af639a707b6d13",
"zh:e8690a35444bfdd3899fef16afcce1ccf4ab9b7140f53e23ba96aa623f84e6c5",
"zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
"zh:f9c0df46f852e241eb6342d684466dd9de4b8a1058f1453fbe1ec0ffb6d1fe1a",
]
}
provider "registry.opentofu.org/digitalocean/digitalocean" {
version = "2.44.1"
version = "2.46.1"
constraints = "~> 2.0"
hashes = [
"h1:wIccPAQ8HhEOg/Eo7ZLLiADITIfDRBv3ncRtnuwwkKc=",
"zh:02e0bd7320167fed3b9ceea492ab218c2568abd619e816c14542c0d185eb969a",
"zh:309452ac92ddfe6402613a5a7dcaf780e1b648e8737da3fef068e587eb932d88",
"zh:32433f540e9feb9a22a015e83dc299d46f08adec3880f72bd6af89ac1032b13c",
"zh:347664ab9c218f26eac168c10c52f6d72d1ff084fd6e24418d8e4982ec2f880e",
"zh:3a917158aa57372fa2254e4578905211338b0452135b47f00c9444202bb53311",
"zh:593b7ec19653558bbb75d202b8ecdf9580545b24ba20584c4abe2497b232fd60",
"zh:64506619588bc381471183dca0d5bf457df697699b08a42d1ae2a5cdb261c58c",
"zh:6b0c6dfdb5b685e25d1505445a0dd26d93a515c86ace1187767f7fadc6c69206",
"zh:9a4595e36ae6fb3341724dd08a476234cdb28c0b12615792a5cf73d5d2cccd26",
"zh:9e88880489f3162440f166cf083adbe876a022a7558c1cb7e35b759778c0439e",
"zh:a48c72a7e0b67a13c054c6dc1024124e8637cbecb45c684985a6037f3abd51a2",
"zh:d21f16e85cd02e4e1a147aa7dc65e149723bd2c6844236608278a4433ee56f62",
"zh:dee7a153f4201831607749c5f02b1433589c1e39db8b1d19da16836e0f3eb6cf",
"zh:df40d88ef94fd98c5c9eeabd82ed5178da4618735eaff06b83817b2ef5717e47",
"zh:f7bcc22d9ff38b98bf48c02834f4861f5b7a37c0144f2e7464d17751e01cea32",
"zh:fbf47dc012166d6545cc33a6c00b5dbdb789f7fef5b4f59935a3763f2d74e670",
"h1:R4hRmY/txPFZWzBhc8NRa40rymtrxhuFfb6TlGjNVPw=",
"zh:3526081f8a54f40cc15deedc451e1fd6e816af1d64910e5db5c4feb344efb2aa",
"zh:448140c8a9cbc3c0f98cafc77eeefb67216f8a508ba2d7519a95a1f35b985f14",
"zh:4a751404e28d81fd3665b7d3771e3e56ffa577f8da5568da6c81d486bf8debe1",
"zh:5106ed89005f49e7125ab6939a78a05c36db4a55e0d8ac0c77c0a8df8f36e054",
"zh:53f455e0ab52a2f99d42ca3e8154153be387ae375d616f61fea9aca94529a03f",
"zh:7360d2c1aa2840de001803f0d553898fc0278b6c86cd32bf74118a336dc810d7",
"zh:83a7a62c60ccac1cd88827c679175ab7197941820bacb0c1dd109519ac8389d4",
"zh:9771d84362d27e11e16002841ab5375f8f66984de84cc975a2d0650c42b7f81f",
"zh:a7271363d571aab0056886b00fdf336cc8d5ab780c56ce2abd4a409f3a77b25b",
"zh:b2067cdac25b2f21d5b13f381a1178a7a4cb164e24d248c22216738ae84d0a67",
"zh:b3189cc0989e858f8473f18a57f0f69cd99916ec5e55eba5031159f8fe6f7f56",
"zh:c0324136a3fbff814d82660b21225fd45bb7d04350cf669cc8651e9ae4fb467f",
"zh:c6f4be572b3d008cb67e31f5588ff2d1a3807e2e4dc880bfec08e217d2fa09df",
"zh:ddeee2f45a510ecb0ef0cfe5981e7f4f8286baab171b13ac87c46f269ced2dab",
"zh:f13d58ec144f19d6520df799c9915cec4b911dd7cb347732645504818b2b9f20",
"zh:f984d88e4fccf533adf0b73f32c23aca503596b6872fde5f08dcb76134130175",
]
}
@ -116,24 +116,24 @@ provider "registry.opentofu.org/hashicorp/random" {
}
provider "registry.opentofu.org/siderolabs/talos" {
version = "0.6.1"
constraints = "0.6.1"
version = "0.7.0"
constraints = "0.7.0"
hashes = [
"h1:eFw5nEpptkVQ+SNXFEaYa8o++5Q3WVznDgrxJ78ROLA=",
"h1:1yCF9ScXtXPZFU7dDhwFvgJuvA68yz9VLTmVLnd5HAA=",
"zh:010555eadc96ea5bfd60813d9b248b8da6a6cb8c90fdfb7ed59580e35db73392",
"zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d",
"zh:14f377dd6c3786583e1e8e10d74c762fd7767f84ab048d02cd418920f42686e7",
"zh:2bff386f61360f306e0c7cd8d4e67048b7e38bfcb974dd7f70b1f385477fa08d",
"zh:3601a3e133867abacc5836392db329dc6dfe52116263e2931837c8dfdf5d0bde",
"zh:54b47cfd80a939ccfdc4ebb693796e930be98e2ca1b3676c3fe61b114ca12621",
"zh:5b7cde484b9534bf5238c0f50da704edd53658bc376df5ef5b27406e4c80ee92",
"zh:5e844e071112293b4fced2ac9dd0fa2f744e78db18732dd989fd54783408b667",
"zh:a5442065fdc1de0bd38f70418b843d82570fb05a66e0a47c1358d0d9dab4418f",
"zh:b140dae2b6d0a09c2160841bf75fc7a654d7249b5b9f59db07df980ed950ffec",
"zh:b3cbf898cab3ae26be1dc3ed24b43f3a91510e6a190f5442c08957aaf1b6537e",
"zh:ba5eca495b37a2fd8647c138f1d50090fcaeb266508b87e7b8c931f0b6bdb735",
"zh:c0202c98f555fd7ecdc1b75255c3438351a557534c4ee0e9b55d678c007f785f",
"zh:d4bf2b894ecba7437906a450ecf136f2885b85108b3d49f8e1a046611535c841",
"zh:d89a71c1a3e2ea9cb109e2cbea7fd202a9ede5f5f0cc263ef50cb7f70c249c8e",
"zh:d98a6963b680db5a91ac51ede3be175fa9621070df2f3774197b34db0fc2e964",
"zh:1a55506c9e7d95977993f20ddd3c2ab4f3189883bead9f16a6381472af196be9",
"zh:1b557541e736b717c4333b04e8562c04863b42c7505f3dfd4f6293f92e0c9189",
"zh:34ab5cd76713decca325283bb5e811aff13b1d8330891e8afbc341f9b7859fd5",
"zh:4efea58e2323c02481935acd10af78aef03eeb6f3f7509edf895d0a80728387f",
"zh:4f8dc087fec4c057dae46c50d4b23e01c1455e3aab02b978241bf692aa4e8ccc",
"zh:74c385c6ceb29e6184f780573ebbb657f07398ddfffe35b945fa7d0d47e1eb58",
"zh:778e3fb012ecffbffb98ad9c1cae2936477f961c4f7f0eb8e8bfe68364f71663",
"zh:7b27c2e8e6267f0965003e6ab7d5132a3262fd7f126e64447d3dc65db6b74f84",
"zh:7ea097f7814966332e4a2e1657d6c3a80413244a071754c3f0c0f435837eb93d",
"zh:7ecee92a6e8bbee8d9c006ba2ae27c7a55dbc6f15f0f2302173dd4c0901a5477",
"zh:89523e2fedc3c1c9b4fe1884ea9ba133b1f1f341a5386076bbcb306300cd7559",
"zh:acb917f9ce0631ed1eeae75d54b161b45956a5264593fb86e2bb53133c40da69",
"zh:e570bcfbe648f6c31bbc4be0edaca6159d3b10758259196e71714b2c3a288cd2",
]
}

6
k8s.tjo.cloud/main.tf
View file

@ -10,8 +10,8 @@ module "cluster" {
}
talos = {
version = "v1.8.3"
kubernetes = "v1.31.0"
version = "v1.9.0"
kubernetes = "v1.32.0"
}
cluster = {
@ -59,7 +59,7 @@ module "cluster" {
type = "worker"
host = "mustafar"
storage = "local"
cores = 2
cores = 4
memory = 4096
}
}

28
k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml
View file

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
operator.prometheus.io/version: 0.79.0
operator.prometheus.io/version: 0.79.2
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@ -78,6 +78,18 @@ spec:
It requires Prometheus >= v2.28.0.
pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
type: string
fallbackScrapeProtocol:
description: |-
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
It requires Prometheus >= v3.0.0.
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
jobLabel:
description: |-
The label to use to retrieve the job name from.
@ -1094,18 +1106,6 @@ spec:
Whether to scrape a classic histogram that is also exposed as a native histogram.
It requires Prometheus >= v2.45.0.
type: boolean
scrapeFallbackProtocol:
description: |-
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
It requires Prometheus >= v3.0.0.
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
scrapeProtocols:
description: |-
`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the

28
k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml
View file

@ -1,11 +1,11 @@
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
operator.prometheus.io/version: 0.79.0
operator.prometheus.io/version: 0.79.2
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
@ -1011,6 +1011,18 @@ spec:
type: boolean
type: object
type: array
fallbackScrapeProtocol:
description: |-
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
It requires Prometheus >= v3.0.0.
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
jobLabel:
description: |-
`jobLabel` selects the label from the associated Kubernetes `Service`
@ -1108,18 +1120,6 @@ spec:
Whether to scrape a classic histogram that is also exposed as a native histogram.
It requires Prometheus >= v2.45.0.
type: boolean
scrapeFallbackProtocol:
description: |-
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
It requires Prometheus >= v3.0.0.
enum:
- PrometheusProto
- OpenMetricsText0.0.1
- OpenMetricsText1.0.0
- PrometheusText0.0.4
- PrometheusText1.0.0
type: string
scrapeProtocols:
description: |-
`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the

14
k8s.tjo.cloud/modules/cluster/components.tf
View file

@ -23,23 +23,19 @@ data "helm_template" "cilium" {
bgpControlPlane:
enabled: true
bpf:
masquerade: true
ipv4:
enabled: true
ipv4NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv4}"
enableIPv4Masquerade: false
ipv6:
enabled: false
ipv6NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv6}"
enableIPv6Masquerade: false
kubeProxyReplacement: true
# This breaks it??
#k8s:
# requireIPv4PodCIDR: true
# requireIPv6PodCIDR: true
k8s:
requireIPv4PodCIDR: true
requireIPv6PodCIDR: true
securityContext:
capabilities:

23
k8s.tjo.cloud/modules/cluster/main.tf
View file

@ -26,7 +26,6 @@ locals {
}
}
cluster = {
allowSchedulingOnControlPlanes = true,
apiServer = {
certSANs = [
local.public_domain,
@ -184,12 +183,12 @@ locals {
image = "factory.talos.dev/installer/${var.talos.schematic_id}:${var.talos.version}"
disk = "/dev/vda"
}
features = {
hostDNS = {
enabled = true
forwardKubeDNSToHost = false
}
}
#features = {
# hostDNS = {
# enabled = true
# forwardKubeDNSToHost = false
# }
#}
}
}
@ -251,6 +250,11 @@ resource "talos_machine_configuration_apply" "controlplane" {
],
local.talos_node_config[each.key]
))
timeouts = {
create = "1m"
update = "1m"
}
}
resource "talos_machine_configuration_apply" "worker" {
@ -268,6 +272,11 @@ resource "talos_machine_configuration_apply" "worker" {
],
local.talos_node_config[each.key]
))
timeouts = {
create = "1m"
update = "1m"
}
}
resource "talos_machine_bootstrap" "this" {

3
k8s.tjo.cloud/modules/cluster/proxmox.tf
View file

@ -13,7 +13,6 @@ locals {
})
}
first_controlplane_node = values({ for k, v in local.nodes_with_address : k => v if v.type == "controlplane" })[0]
ipv4_addresses = {
@ -74,7 +73,7 @@ resource "proxmox_virtual_environment_vm" "nodes" {
node_name = each.value.host
description = "Node ${each.value.name} for cluster ${var.cluster.name}."
tags = ["kubernetes.tjo.cloud", each.value.type]
tags = ["k8s.tjo.cloud", each.value.type]
stop_on_destroy = true
timeout_start_vm = 60

4
k8s.tjo.cloud/modules/cluster/variables.tf
View file

@ -20,8 +20,8 @@ variable "hosts" {
variable "talos" {
type = object({
version = optional(string, "v1.8.3")
kubernetes = optional(string, "v1.31.0")
version = optional(string, "v1.9.0")
kubernetes = optional(string, "v1.32.0")
# Default is:
# customization:

4
k8s.tjo.cloud/modules/cluster/versions.tf
View file

@ -4,11 +4,11 @@ terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.61.1"
version = "0.69.0"
}
talos = {
source = "siderolabs/talos"
version = "0.6.1"
version = "0.7.0"
}
local = {
source = "hashicorp/local"

4
k8s.tjo.cloud/terraform.tf
View file

@ -2,11 +2,11 @@ terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.61.1"
version = "0.69.0"
}
talos = {
source = "siderolabs/talos"
version = "0.6.1"
version = "0.7.0"
}
local = {
source = "hashicorp/local"