From 840c9c14294b90abb3fc98393214c6ddc9932ffa Mon Sep 17 00:00:00 2001 From: Tine Date: Thu, 19 Dec 2024 22:15:46 +0100 Subject: [PATCH] feat: update versions and cilum fixes --- k8s.tjo.cloud/.terraform.lock.hcl | 104 +++++++++--------- k8s.tjo.cloud/main.tf | 6 +- .../manifests/crd-podmonitors.yaml | 28 ++--- .../manifests/crd-servicemonitors.yaml | 28 ++--- k8s.tjo.cloud/modules/cluster/components.tf | 14 +-- k8s.tjo.cloud/modules/cluster/main.tf | 23 ++-- k8s.tjo.cloud/modules/cluster/proxmox.tf | 3 +- k8s.tjo.cloud/modules/cluster/variables.tf | 4 +- k8s.tjo.cloud/modules/cluster/versions.tf | 4 +- k8s.tjo.cloud/terraform.tf | 4 +- 10 files changed, 111 insertions(+), 107 deletions(-) diff --git a/k8s.tjo.cloud/.terraform.lock.hcl b/k8s.tjo.cloud/.terraform.lock.hcl index 03cab4c..dfab453 100644 --- a/k8s.tjo.cloud/.terraform.lock.hcl +++ b/k8s.tjo.cloud/.terraform.lock.hcl @@ -2,49 +2,49 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/bpg/proxmox" { - version = "0.61.1" - constraints = "0.61.1" + version = "0.69.0" + constraints = "0.69.0" hashes = [ - "h1:6kz2Rdjc8+TVq2aUxEQXLOwbb9OdhJJei0L1fC4K2R4=", - "zh:27d8b589a2dc1e0a5b0f8ab299b9f3704a2f0b69799d1d4d8845c68056986d1f", - "zh:46dfa6b33ddd7007a2144f38090457604eb56a59a303b37bb0ad1be5c84ddaca", - "zh:47a1b14a759393c5ecc76f2feb950677c418c910b8c677fde0dd3e4675c41579", - "zh:582e49d109d1c2b1f3b1268a7cbc43548f3c6d96a87c92a5428767097a5e383e", - "zh:5e98ad6afae5969a4c3ffb14c0484936550c66c8313d7686551c29b633ff32f2", - "zh:7b9e24b76f947ab8f1e571cf61beefc983b7d2aa1b85df35c4f015728fe37a38", - "zh:8255ca210f279a0f7b8ca2762df26d2ea1a01704298c5e3d5cf601bd39a743f0", - "zh:85d7655fdc95dedced9cf8105a0beeb0d7bc8f668c55f62019a7215a76d60300", - "zh:8aeea5a1d001b06baaf923b754e1a14d06c75eb8c8b87a7f65a3c8205fc8b079", - "zh:a9cfab6c06f613658c5fdd83742cd22c0eb7563778924b1407965ef8c36c1ce0", - "zh:ceaab67801d49a92eb5858b1ddae6df2569462e5ffbe31f9dbd79dcb684ea142", - "zh:dc25b506d5c55d1d78a335d3ebd03213c99b4b2a5859812349a955c2f746ff7e", - "zh:e04b477fd77a0d37a0bdb76a7cf69184dad9e7fbba9b4f3a378a8901b82b75e5", - "zh:f1e6838d9141557f73340df9b21fce5a82b41cc16ae36f063a920ccc36bc0758", + "h1:ULUO3AUJfhLxDU02ktVgVS24MH1XyvKkHAujs/KYI1I=", + "zh:046713ab723f4aecc2886263b3e2fc79f2391c821a81a5346f7ff185edd17f68", + "zh:05c19166978a8a81031e502d3934bae5daac17fe44d8f397bb6a67f9bade337b", + "zh:12327ed39e85680cfd086bcb0d7ebefd15d352c1cd857e5164d4729122821489", + "zh:4f833932192a136dbafc54ee98dcfeb612dc7b679ba5bcb59f7d430721b58f80", + "zh:6c5547ee42a6ed6ae40a707c97fd1bf22b082feed8d31f34bcc9447018b7a2c5", + "zh:6ee9fe5d73fe283cc4c6cb551b7a5ccd857be65f91872446b772f75f75a2a272", + "zh:8a4d23aa38298286bee221db01a8f02492679e5ab877eaa793df4f16af4ed714", + "zh:982011abf6ce4499d6b8e00aa7d7ba92229ae641fa8e631b14ced37343f443cc", + "zh:a46683898b8d193f40de3837c6ea2bbf8a68ac59e6d4463c307a9931cccb5e42", + "zh:ce3ea79bd1b4f3d881e7de8d2e9e0bf86f0c48ad1b71ff4ce48f0ba09b732106", + "zh:d20d861810452ee57670d0389e8409644f7b61888c8c9cc67f65cdb06fc3456d", + "zh:d6169bdacfc2f88decf2c8f3af47bbf411de914120e128cd53af639a707b6d13", + "zh:e8690a35444bfdd3899fef16afcce1ccf4ab9b7140f53e23ba96aa623f84e6c5", "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597", + "zh:f9c0df46f852e241eb6342d684466dd9de4b8a1058f1453fbe1ec0ffb6d1fe1a", ] } provider "registry.opentofu.org/digitalocean/digitalocean" { - version = "2.44.1" + version = "2.46.1" constraints = "~> 2.0" hashes = [ - "h1:wIccPAQ8HhEOg/Eo7ZLLiADITIfDRBv3ncRtnuwwkKc=", - "zh:02e0bd7320167fed3b9ceea492ab218c2568abd619e816c14542c0d185eb969a", - "zh:309452ac92ddfe6402613a5a7dcaf780e1b648e8737da3fef068e587eb932d88", - "zh:32433f540e9feb9a22a015e83dc299d46f08adec3880f72bd6af89ac1032b13c", - "zh:347664ab9c218f26eac168c10c52f6d72d1ff084fd6e24418d8e4982ec2f880e", - "zh:3a917158aa57372fa2254e4578905211338b0452135b47f00c9444202bb53311", - "zh:593b7ec19653558bbb75d202b8ecdf9580545b24ba20584c4abe2497b232fd60", - "zh:64506619588bc381471183dca0d5bf457df697699b08a42d1ae2a5cdb261c58c", - "zh:6b0c6dfdb5b685e25d1505445a0dd26d93a515c86ace1187767f7fadc6c69206", - "zh:9a4595e36ae6fb3341724dd08a476234cdb28c0b12615792a5cf73d5d2cccd26", - "zh:9e88880489f3162440f166cf083adbe876a022a7558c1cb7e35b759778c0439e", - "zh:a48c72a7e0b67a13c054c6dc1024124e8637cbecb45c684985a6037f3abd51a2", - "zh:d21f16e85cd02e4e1a147aa7dc65e149723bd2c6844236608278a4433ee56f62", - "zh:dee7a153f4201831607749c5f02b1433589c1e39db8b1d19da16836e0f3eb6cf", - "zh:df40d88ef94fd98c5c9eeabd82ed5178da4618735eaff06b83817b2ef5717e47", - "zh:f7bcc22d9ff38b98bf48c02834f4861f5b7a37c0144f2e7464d17751e01cea32", - "zh:fbf47dc012166d6545cc33a6c00b5dbdb789f7fef5b4f59935a3763f2d74e670", + "h1:R4hRmY/txPFZWzBhc8NRa40rymtrxhuFfb6TlGjNVPw=", + "zh:3526081f8a54f40cc15deedc451e1fd6e816af1d64910e5db5c4feb344efb2aa", + "zh:448140c8a9cbc3c0f98cafc77eeefb67216f8a508ba2d7519a95a1f35b985f14", + "zh:4a751404e28d81fd3665b7d3771e3e56ffa577f8da5568da6c81d486bf8debe1", + "zh:5106ed89005f49e7125ab6939a78a05c36db4a55e0d8ac0c77c0a8df8f36e054", + "zh:53f455e0ab52a2f99d42ca3e8154153be387ae375d616f61fea9aca94529a03f", + "zh:7360d2c1aa2840de001803f0d553898fc0278b6c86cd32bf74118a336dc810d7", + "zh:83a7a62c60ccac1cd88827c679175ab7197941820bacb0c1dd109519ac8389d4", + "zh:9771d84362d27e11e16002841ab5375f8f66984de84cc975a2d0650c42b7f81f", + "zh:a7271363d571aab0056886b00fdf336cc8d5ab780c56ce2abd4a409f3a77b25b", + "zh:b2067cdac25b2f21d5b13f381a1178a7a4cb164e24d248c22216738ae84d0a67", + "zh:b3189cc0989e858f8473f18a57f0f69cd99916ec5e55eba5031159f8fe6f7f56", + "zh:c0324136a3fbff814d82660b21225fd45bb7d04350cf669cc8651e9ae4fb467f", + "zh:c6f4be572b3d008cb67e31f5588ff2d1a3807e2e4dc880bfec08e217d2fa09df", + "zh:ddeee2f45a510ecb0ef0cfe5981e7f4f8286baab171b13ac87c46f269ced2dab", + "zh:f13d58ec144f19d6520df799c9915cec4b911dd7cb347732645504818b2b9f20", + "zh:f984d88e4fccf533adf0b73f32c23aca503596b6872fde5f08dcb76134130175", ] } @@ -116,24 +116,24 @@ provider "registry.opentofu.org/hashicorp/random" { } provider "registry.opentofu.org/siderolabs/talos" { - version = "0.6.1" - constraints = "0.6.1" + version = "0.7.0" + constraints = "0.7.0" hashes = [ - "h1:eFw5nEpptkVQ+SNXFEaYa8o++5Q3WVznDgrxJ78ROLA=", + "h1:1yCF9ScXtXPZFU7dDhwFvgJuvA68yz9VLTmVLnd5HAA=", + "zh:010555eadc96ea5bfd60813d9b248b8da6a6cb8c90fdfb7ed59580e35db73392", "zh:0fa82a384b25a58b65523e0ea4768fa1212b1f5cfc0c9379d31162454fedcc9d", - "zh:14f377dd6c3786583e1e8e10d74c762fd7767f84ab048d02cd418920f42686e7", - "zh:2bff386f61360f306e0c7cd8d4e67048b7e38bfcb974dd7f70b1f385477fa08d", - "zh:3601a3e133867abacc5836392db329dc6dfe52116263e2931837c8dfdf5d0bde", - "zh:54b47cfd80a939ccfdc4ebb693796e930be98e2ca1b3676c3fe61b114ca12621", - "zh:5b7cde484b9534bf5238c0f50da704edd53658bc376df5ef5b27406e4c80ee92", - "zh:5e844e071112293b4fced2ac9dd0fa2f744e78db18732dd989fd54783408b667", - "zh:a5442065fdc1de0bd38f70418b843d82570fb05a66e0a47c1358d0d9dab4418f", - "zh:b140dae2b6d0a09c2160841bf75fc7a654d7249b5b9f59db07df980ed950ffec", - "zh:b3cbf898cab3ae26be1dc3ed24b43f3a91510e6a190f5442c08957aaf1b6537e", - "zh:ba5eca495b37a2fd8647c138f1d50090fcaeb266508b87e7b8c931f0b6bdb735", - "zh:c0202c98f555fd7ecdc1b75255c3438351a557534c4ee0e9b55d678c007f785f", - "zh:d4bf2b894ecba7437906a450ecf136f2885b85108b3d49f8e1a046611535c841", - "zh:d89a71c1a3e2ea9cb109e2cbea7fd202a9ede5f5f0cc263ef50cb7f70c249c8e", - "zh:d98a6963b680db5a91ac51ede3be175fa9621070df2f3774197b34db0fc2e964", + "zh:1a55506c9e7d95977993f20ddd3c2ab4f3189883bead9f16a6381472af196be9", + "zh:1b557541e736b717c4333b04e8562c04863b42c7505f3dfd4f6293f92e0c9189", + "zh:34ab5cd76713decca325283bb5e811aff13b1d8330891e8afbc341f9b7859fd5", + "zh:4efea58e2323c02481935acd10af78aef03eeb6f3f7509edf895d0a80728387f", + "zh:4f8dc087fec4c057dae46c50d4b23e01c1455e3aab02b978241bf692aa4e8ccc", + "zh:74c385c6ceb29e6184f780573ebbb657f07398ddfffe35b945fa7d0d47e1eb58", + "zh:778e3fb012ecffbffb98ad9c1cae2936477f961c4f7f0eb8e8bfe68364f71663", + "zh:7b27c2e8e6267f0965003e6ab7d5132a3262fd7f126e64447d3dc65db6b74f84", + "zh:7ea097f7814966332e4a2e1657d6c3a80413244a071754c3f0c0f435837eb93d", + "zh:7ecee92a6e8bbee8d9c006ba2ae27c7a55dbc6f15f0f2302173dd4c0901a5477", + "zh:89523e2fedc3c1c9b4fe1884ea9ba133b1f1f341a5386076bbcb306300cd7559", + "zh:acb917f9ce0631ed1eeae75d54b161b45956a5264593fb86e2bb53133c40da69", + "zh:e570bcfbe648f6c31bbc4be0edaca6159d3b10758259196e71714b2c3a288cd2", ] } diff --git a/k8s.tjo.cloud/main.tf b/k8s.tjo.cloud/main.tf index 2dc53d0..ea39924 100644 --- a/k8s.tjo.cloud/main.tf +++ b/k8s.tjo.cloud/main.tf @@ -10,8 +10,8 @@ module "cluster" { } talos = { - version = "v1.8.3" - kubernetes = "v1.31.0" + version = "v1.9.0" + kubernetes = "v1.32.0" } cluster = { @@ -59,7 +59,7 @@ module "cluster" { type = "worker" host = "mustafar" storage = "local" - cores = 2 + cores = 4 memory = 4096 } } diff --git a/k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml b/k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml index 2252724..861415a 100644 --- a/k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml +++ b/k8s.tjo.cloud/modules/cluster-core/manifests/crd-podmonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.0 + operator.prometheus.io/version: 0.79.2 name: podmonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -78,6 +78,18 @@ spec: It requires Prometheus >= v2.28.0. pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ type: string + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string jobLabel: description: |- The label to use to retrieve the job name from. @@ -1094,18 +1106,6 @@ spec: Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. type: boolean - scrapeFallbackProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the diff --git a/k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml b/k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml index b6f0f6d..30c7f60 100644 --- a/k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml +++ b/k8s.tjo.cloud/modules/cluster-core/manifests/crd-servicemonitors.yaml @@ -1,11 +1,11 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.79.2/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 - operator.prometheus.io/version: 0.79.0 + operator.prometheus.io/version: 0.79.2 name: servicemonitors.monitoring.coreos.com spec: group: monitoring.coreos.com @@ -1011,6 +1011,18 @@ spec: type: boolean type: object type: array + fallbackScrapeProtocol: + description: |- + The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + + It requires Prometheus >= v3.0.0. + enum: + - PrometheusProto + - OpenMetricsText0.0.1 + - OpenMetricsText1.0.0 + - PrometheusText0.0.4 + - PrometheusText1.0.0 + type: string jobLabel: description: |- `jobLabel` selects the label from the associated Kubernetes `Service` @@ -1108,18 +1120,6 @@ spec: Whether to scrape a classic histogram that is also exposed as a native histogram. It requires Prometheus >= v2.45.0. type: boolean - scrapeFallbackProtocol: - description: |- - The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. - - It requires Prometheus >= v3.0.0. - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - - PrometheusText1.0.0 - type: string scrapeProtocols: description: |- `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the diff --git a/k8s.tjo.cloud/modules/cluster/components.tf b/k8s.tjo.cloud/modules/cluster/components.tf index 22f03a7..7f410c0 100644 --- a/k8s.tjo.cloud/modules/cluster/components.tf +++ b/k8s.tjo.cloud/modules/cluster/components.tf @@ -23,23 +23,19 @@ data "helm_template" "cilium" { bgpControlPlane: enabled: true - bpf: - masquerade: true - ipv4: enabled: true - ipv4NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv4}" + enableIPv4Masquerade: false ipv6: enabled: false - ipv6NativeRoutingCIDR: "${var.cluster.pod_cidr.ipv6}" + enableIPv6Masquerade: false kubeProxyReplacement: true - # This breaks it?? - #k8s: - # requireIPv4PodCIDR: true - # requireIPv6PodCIDR: true + k8s: + requireIPv4PodCIDR: true + requireIPv6PodCIDR: true securityContext: capabilities: diff --git a/k8s.tjo.cloud/modules/cluster/main.tf b/k8s.tjo.cloud/modules/cluster/main.tf index 5b2f5d0..b6501be 100644 --- a/k8s.tjo.cloud/modules/cluster/main.tf +++ b/k8s.tjo.cloud/modules/cluster/main.tf @@ -26,7 +26,6 @@ locals { } } cluster = { - allowSchedulingOnControlPlanes = true, apiServer = { certSANs = [ local.public_domain, @@ -184,12 +183,12 @@ locals { image = "factory.talos.dev/installer/${var.talos.schematic_id}:${var.talos.version}" disk = "/dev/vda" } - features = { - hostDNS = { - enabled = true - forwardKubeDNSToHost = false - } - } + #features = { + # hostDNS = { + # enabled = true + # forwardKubeDNSToHost = false + # } + #} } } @@ -251,6 +250,11 @@ resource "talos_machine_configuration_apply" "controlplane" { ], local.talos_node_config[each.key] )) + + timeouts = { + create = "1m" + update = "1m" + } } resource "talos_machine_configuration_apply" "worker" { @@ -268,6 +272,11 @@ resource "talos_machine_configuration_apply" "worker" { ], local.talos_node_config[each.key] )) + + timeouts = { + create = "1m" + update = "1m" + } } resource "talos_machine_bootstrap" "this" { diff --git a/k8s.tjo.cloud/modules/cluster/proxmox.tf b/k8s.tjo.cloud/modules/cluster/proxmox.tf index 5081e06..dc399a4 100644 --- a/k8s.tjo.cloud/modules/cluster/proxmox.tf +++ b/k8s.tjo.cloud/modules/cluster/proxmox.tf @@ -13,7 +13,6 @@ locals { }) } - first_controlplane_node = values({ for k, v in local.nodes_with_address : k => v if v.type == "controlplane" })[0] ipv4_addresses = { @@ -74,7 +73,7 @@ resource "proxmox_virtual_environment_vm" "nodes" { node_name = each.value.host description = "Node ${each.value.name} for cluster ${var.cluster.name}." - tags = ["kubernetes.tjo.cloud", each.value.type] + tags = ["k8s.tjo.cloud", each.value.type] stop_on_destroy = true timeout_start_vm = 60 diff --git a/k8s.tjo.cloud/modules/cluster/variables.tf b/k8s.tjo.cloud/modules/cluster/variables.tf index bfa6427..182f219 100644 --- a/k8s.tjo.cloud/modules/cluster/variables.tf +++ b/k8s.tjo.cloud/modules/cluster/variables.tf @@ -20,8 +20,8 @@ variable "hosts" { variable "talos" { type = object({ - version = optional(string, "v1.8.3") - kubernetes = optional(string, "v1.31.0") + version = optional(string, "v1.9.0") + kubernetes = optional(string, "v1.32.0") # Default is: # customization: diff --git a/k8s.tjo.cloud/modules/cluster/versions.tf b/k8s.tjo.cloud/modules/cluster/versions.tf index 593f519..3c6a76e 100644 --- a/k8s.tjo.cloud/modules/cluster/versions.tf +++ b/k8s.tjo.cloud/modules/cluster/versions.tf @@ -4,11 +4,11 @@ terraform { required_providers { proxmox = { source = "bpg/proxmox" - version = "0.61.1" + version = "0.69.0" } talos = { source = "siderolabs/talos" - version = "0.6.1" + version = "0.7.0" } local = { source = "hashicorp/local" diff --git a/k8s.tjo.cloud/terraform.tf b/k8s.tjo.cloud/terraform.tf index c1497f4..aa213fa 100644 --- a/k8s.tjo.cloud/terraform.tf +++ b/k8s.tjo.cloud/terraform.tf @@ -2,11 +2,11 @@ terraform { required_providers { proxmox = { source = "bpg/proxmox" - version = "0.61.1" + version = "0.69.0" } talos = { source = "siderolabs/talos" - version = "0.6.1" + version = "0.7.0" } local = { source = "hashicorp/local"