tjo-cloud/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: better?

Browse source
This commit is contained in:
Tine 2024-07-21 12:27:40 +02:00
parent 7c6c07b155
commit c47b3c222a
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
14 changed files with 5514 additions and 128 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.envrc Normal file
View file

@ -0,0 +1,7 @@
# Automatically sets up your devbox environment whenever you cd into this
# directory via our direnv integration:
eval "$(devbox generate direnv --print-envrc)"
# check out https://www.jetpack.io/devbox/docs/ide_configuration/direnv/
# for more details

21
devbox.json Normal file
View file

@ -0,0 +1,21 @@
{
"$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json",
"packages": [
"opentofu@latest",
"kubectl@latest",
"cilium-cli@latest",
"kubelogin-oidc@latest",
"talosctl@latest",
"kubernetes-helm@latest"
],
"shell": {
"init_hook": [
"echo 'Welcome to devbox!' > /dev/null"
],
"scripts": {
"test": [
"echo \"Error: no test specified\" && exit 1"
]
}
}
}

329
devbox.lock Normal file
View file

@ -0,0 +1,329 @@
{
"lockfile_version": "1",
"packages": {
"cilium-cli@latest": {
"last_modified": "2024-07-13T12:58:17Z",
"resolved": "github:NixOS/nixpkgs/b729601a9e6c459fd8884dea513af143111bed54#cilium-cli",
"source": "devbox-search",
"version": "0.16.13",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/325f3629lcqv2pi95zyvsfgs6ch72r4z-cilium-cli-0.16.13",
"default": true
}
],
"store_path": "/nix/store/325f3629lcqv2pi95zyvsfgs6ch72r4z-cilium-cli-0.16.13"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/bpwam0jwmbzlvwq2blscbh79mwyrcm6i-cilium-cli-0.16.13",
"default": true
}
],
"store_path": "/nix/store/bpwam0jwmbzlvwq2blscbh79mwyrcm6i-cilium-cli-0.16.13"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/pxbrkgm1mwydmpvyc72rf2y8k1kzkahz-cilium-cli-0.16.13",
"default": true
}
],
"store_path": "/nix/store/pxbrkgm1mwydmpvyc72rf2y8k1kzkahz-cilium-cli-0.16.13"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/y53dhix1adcsnlb697fyv9508g4a5rlg-cilium-cli-0.16.13",
"default": true
}
],
"store_path": "/nix/store/y53dhix1adcsnlb697fyv9508g4a5rlg-cilium-cli-0.16.13"
}
}
},
"kubectl@latest": {
"last_modified": "2024-07-07T07:43:47Z",
"resolved": "github:NixOS/nixpkgs/b60793b86201040d9dee019a05089a9150d08b5b#kubectl",
"source": "devbox-search",
"version": "1.30.2",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/i1zidf41bkfzs2l1pq9fi1frymsfgywc-kubectl-1.30.2",
"default": true
},
{
"name": "man",
"path": "/nix/store/dzxnn9mk9plcx3w9862jyd0nxys2yywz-kubectl-1.30.2-man",
"default": true
},
{
"name": "convert",
"path": "/nix/store/v9ij5fnxxa02jkzpjvkbxw2jc4p9cbld-kubectl-1.30.2-convert"
}
],
"store_path": "/nix/store/i1zidf41bkfzs2l1pq9fi1frymsfgywc-kubectl-1.30.2"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/k7ql4247qs6ny27m3iz5c9xf5gb248a2-kubectl-1.30.2",
"default": true
},
{
"name": "man",
"path": "/nix/store/wy64r4nn3isydw4nx257h95qy2x2z4mx-kubectl-1.30.2-man",
"default": true
},
{
"name": "convert",
"path": "/nix/store/ic8za302hvb4kf4zrs55ivr4q2n2lznn-kubectl-1.30.2-convert"
}
],
"store_path": "/nix/store/k7ql4247qs6ny27m3iz5c9xf5gb248a2-kubectl-1.30.2"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/v029n959l5b289br0cq591b04yc48516-kubectl-1.30.2",
"default": true
},
{
"name": "man",
"path": "/nix/store/0dvcxn7gsi2ycy9blb7pcy506w4xp2vi-kubectl-1.30.2-man",
"default": true
},
{
"name": "convert",
"path": "/nix/store/2nfq4ivwa4a7jwc0183f2wpl1jxbn754-kubectl-1.30.2-convert"
}
],
"store_path": "/nix/store/v029n959l5b289br0cq591b04yc48516-kubectl-1.30.2"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/3vkf0406s1i6l89hk5wrakh4bbn0p1p2-kubectl-1.30.2",
"default": true
},
{
"name": "man",
"path": "/nix/store/3wbvgkkka1knkxvyr4c8qbpr448smw8i-kubectl-1.30.2-man",
"default": true
},
{
"name": "convert",
"path": "/nix/store/h5zxz8db6wligwhw5gnwk4gbc8j1ixik-kubectl-1.30.2-convert"
}
],
"store_path": "/nix/store/3vkf0406s1i6l89hk5wrakh4bbn0p1p2-kubectl-1.30.2"
}
}
},
"kubelogin-oidc@latest": {
"last_modified": "2024-07-07T07:43:47Z",
"resolved": "github:NixOS/nixpkgs/b60793b86201040d9dee019a05089a9150d08b5b#kubelogin-oidc",
"source": "devbox-search",
"version": "1.28.1",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/411wlw1vgyhnijckr0b1rrsmclz4hjm9-kubelogin-1.28.1",
"default": true
}
],
"store_path": "/nix/store/411wlw1vgyhnijckr0b1rrsmclz4hjm9-kubelogin-1.28.1"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/570rcxdmd0sjzvbyddx43rj0g84l74yj-kubelogin-1.28.1",
"default": true
}
],
"store_path": "/nix/store/570rcxdmd0sjzvbyddx43rj0g84l74yj-kubelogin-1.28.1"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/zdqpjs87irnay5hdv5npqqfz4ij2hf49-kubelogin-1.28.1",
"default": true
}
],
"store_path": "/nix/store/zdqpjs87irnay5hdv5npqqfz4ij2hf49-kubelogin-1.28.1"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/xqcgm0mgk80gx1vbqzhhh3nbpqrix4mi-kubelogin-1.28.1",
"default": true
}
],
"store_path": "/nix/store/xqcgm0mgk80gx1vbqzhhh3nbpqrix4mi-kubelogin-1.28.1"
}
}
},
"kubernetes-helm@latest": {
"last_modified": "2024-07-13T12:58:17Z",
"resolved": "github:NixOS/nixpkgs/b729601a9e6c459fd8884dea513af143111bed54#kubernetes-helm",
"source": "devbox-search",
"version": "3.15.3",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/z4w7bnylg9h3f543yrf9bcwkxzfs82z2-kubernetes-helm-3.15.3",
"default": true
}
],
"store_path": "/nix/store/z4w7bnylg9h3f543yrf9bcwkxzfs82z2-kubernetes-helm-3.15.3"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/aa4jksq9ljgha8plw5cqyxf60n931dir-kubernetes-helm-3.15.3",
"default": true
}
],
"store_path": "/nix/store/aa4jksq9ljgha8plw5cqyxf60n931dir-kubernetes-helm-3.15.3"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/5gjk6w3agm49ljiwi991ailvmw35zq1j-kubernetes-helm-3.15.3",
"default": true
}
],
"store_path": "/nix/store/5gjk6w3agm49ljiwi991ailvmw35zq1j-kubernetes-helm-3.15.3"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/n4p0zh1s8jz9mqf1r1pki23kviq4waa7-kubernetes-helm-3.15.3",
"default": true
}
],
"store_path": "/nix/store/n4p0zh1s8jz9mqf1r1pki23kviq4waa7-kubernetes-helm-3.15.3"
}
}
},
"opentofu@latest": {
"last_modified": "2024-07-10T00:27:26Z",
"resolved": "github:NixOS/nixpkgs/16e401f01842c5bb2499e78c1fe227f939c0c474#opentofu",
"source": "devbox-search",
"version": "1.7.3",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/i7v0fb7v32yv3cclabl3g16wj4xypjpl-opentofu-1.7.3",
"default": true
}
],
"store_path": "/nix/store/i7v0fb7v32yv3cclabl3g16wj4xypjpl-opentofu-1.7.3"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/f5zsfy3f5rwrlaq44089vvqg3i1qma3m-opentofu-1.7.3",
"default": true
}
],
"store_path": "/nix/store/f5zsfy3f5rwrlaq44089vvqg3i1qma3m-opentofu-1.7.3"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/pby4f2314mds1by92byfb2lwgynl4cxz-opentofu-1.7.3",
"default": true
}
],
"store_path": "/nix/store/pby4f2314mds1by92byfb2lwgynl4cxz-opentofu-1.7.3"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/rs06b0wfi94j37s3dpzsb8sp1ksnpgi8-opentofu-1.7.3",
"default": true
}
],
"store_path": "/nix/store/rs06b0wfi94j37s3dpzsb8sp1ksnpgi8-opentofu-1.7.3"
}
}
},
"talosctl@latest": {
"last_modified": "2024-07-17T09:45:27Z",
"resolved": "github:NixOS/nixpkgs/5e73714b16ca222dcb2fc3ea2618fd7ba698da65#talosctl",
"source": "devbox-search",
"version": "1.7.5",
"systems": {
"aarch64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/82qvbk0rjv70va7f2akn0bl29450ik8w-talosctl-1.7.5",
"default": true
}
],
"store_path": "/nix/store/82qvbk0rjv70va7f2akn0bl29450ik8w-talosctl-1.7.5"
},
"aarch64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/hhrdspryw3jm5faifp42z54ys0jp84fs-talosctl-1.7.5",
"default": true
}
],
"store_path": "/nix/store/hhrdspryw3jm5faifp42z54ys0jp84fs-talosctl-1.7.5"
},
"x86_64-darwin": {
"outputs": [
{
"name": "out",
"path": "/nix/store/5kbsqj87ga9iv1mix4g9pmjhr6r4i328-talosctl-1.7.5",
"default": true
}
],
"store_path": "/nix/store/5kbsqj87ga9iv1mix4g9pmjhr6r4i328-talosctl-1.7.5"
},
"x86_64-linux": {
"outputs": [
{
"name": "out",
"path": "/nix/store/63slizc3fnqigbbn8lwpdwwz9ccx13qa-talosctl-1.7.5",
"default": true
}
],
"store_path": "/nix/store/63slizc3fnqigbbn8lwpdwwz9ccx13qa-talosctl-1.7.5"
}
}
}
}
}

10
example.env
View file

@ -1,6 +1,10 @@
TF_VAR_tailscale_authkey="" TF_VAR_tailscale_authkey=""
DIGITALOCEAN_TOKEN="" TF_VAR_oidc_username=""
TF_VAR_oidc_password=""
TF_VAR_oidc_issuer_url=""
TF_VAR_oidc_client_id=""
PM_API_TOKEN_ID="terraform@pve!terraform-provisioner" TF_VAR_digitalocean_token=""
PM_API_TOKEN_SECRET=""
TF_VAR_proxmox_token=""

20
justfile Normal file
View file

@ -0,0 +1,20 @@
# Always use devbox environment to run commands.
set shell := ["devbox", "run"]
# Load dotenv
set dotenv-load
GATEWAY_API_VERSION := "v1.1.0"
METRICS_SERVER_VERSION := "v0.7.1"
modules-cluster-manifests:
@rm -rf modules/cluster/manifests
@mkdir -p modules/cluster/manifests
@curl -L -o modules/cluster/manifests/gateway-api.crds.yaml \
"https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml"
@curl -L -o modules/cluster/manifests/metrics-server.yaml \
"https://github.com/kubernetes-sigs/metrics-server/releases/download/{{METRICS_SERVER_VERSION}}/components.yaml"
k8s-apply: modules-cluster-manifests
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud init
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply

22
k8s.tjo.cloud/.terraform.lock.hcl
View file

@ -1,28 +1,6 @@
# This file is maintained automatically by "tofu init". # This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/alekc/kubectl" {
version = "2.0.4"
constraints = "2.0.4"
hashes = [
"h1:6xRO3WlBsOTbeJ90QFjxGbc4BjnoGdEaeSCdWI/B1jU=",
"zh:15c227886bac78c8b8827f85595648212574ec81febc39e1055e1a6bf048fe65",
"zh:2211ebeeb0918dbb3587d206e32adca9e1f343a93bbffcd37d8d99bf4d8dea9a",
"zh:2303836cdea12ece8dbe39c2d7d30a9378fd06e9c2ebda66cbe5e01cc096ee2e",
"zh:3687f69e531c70845682b214888a9959b93f2be3c2531801228a4b1965d59921",
"zh:4dd686b4c55e2eedd80464984c9bb736c2df7a96d9dd59a692d91d09173f5f64",
"zh:51e29c13a87e56867b4be0b0c68da874149bf6d4014d7259b62d91162142c1bd",
"zh:5d9d99260f2adfb8867068a3d7644336d57cfa7710062c5221dcbb5a7ec90c7d",
"zh:901c19d73da6688437b19a85e3cd60e8f2090c84699e108b31953bb87f6d3141",
"zh:9547743606a36fa6b6748c5e2e1959b6f185730a1da53a3c351cfa0d8c096687",
"zh:9772a30704e69b54de5a332858a39591f52286121cffcba702346830b1c6e362",
"zh:b44792f99d7c90b9a364dd922f861e459ae1b1edc039f6b3078549021fec4511",
"zh:b5eb871ed2e39b9236dce06170b1fd5dda29f3c1d53f8e08285ccb9a4f574201",
"zh:e8bb4c3d9f680977b560e9dec24662650f790259b2c1311ee07a72157f6492b3",
"zh:f4772cfa0f9c73fdef008bb917cd268620009dc7ff270a4d819125c642b5acce",
]
}
provider "registry.opentofu.org/bpg/proxmox" { provider "registry.opentofu.org/bpg/proxmox" {
version = "0.61.1" version = "0.61.1"
constraints = "0.61.1" constraints = "0.61.1"

26
k8s.tjo.cloud/kubeconfig Executable file
View file

@ -0,0 +1,26 @@
apiVersion: v1
kind: Config
clusters:
- name: tjo-cloud
cluster:
server: https://api.k8s.tjo.cloud:6443
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQU5MekZhUjV4SENpZHFZQjB5K0Z2ZVF3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTWpBeE56STNNRFZhRncwek5EQTNNVGd4TnpJMwpNRFZhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVN3T2xEMnBYeXRyQjdFUkFNZFQ5VVkwaDZNN1BtU1k1SjVBa2F4bk8vYm1FOW84bjNMTU9JbVZFaFYKdEdScFhvNTl6MHQ5dnJJRkd3VGNLeGlpaG5STW8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGRHg1bDd1aDdtNUlvNWc5b285NUwvOGpVVXZJTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUhOblhLV2cKcUZPbkQvbXVyU0Y4S3BlNHJyN3FkSzFLWGQ2dm03aXN2ZThOQWlFQW5TTHM3dy9ySUFQM09GWTJmTnJsbFd2cgpJZlRpRG1IV3AzWVU5UDFVM2ljPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
contexts:
- name: oidc@tjo-cloud
context:
cluster: tjo-cloud
namespace: default
user: oidc
current-context: oidc@tjo-cloud
users:
- name: oidc
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
command: kubectl
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://id.tjo.space/application/o/k8stjocloud/
- --oidc-client-id=HAI6rW0EWtgmSPGKAJ3XXzubQTUut2GMeTRS2spg
- --oidc-extra-scope=profile

35
k8s.tjo.cloud/main.tf
View file

@ -27,29 +27,12 @@ module "cluster" {
tailscale_authkey = var.tailscale_authkey tailscale_authkey = var.tailscale_authkey
allow_scheduling_on_control_planes = true
nodes = { nodes = {
pink = { pink = {
public = true public = true
type = "controlplane" type = "controlplane"
host = "hetzner" host = "hetzner"
storage = "local-zfs" storage = "main"
cores = 4
memory = 4096
}
purple = {
public = true
type = "controlplane"
host = "hetzner"
storage = "local-zfs"
cores = 4
memory = 4096
}
violet = {
public = true
type = "controlplane"
host = "hetzner"
storage = "local-zfs"
cores = 4 cores = 4
memory = 4096 memory = 4096
} }
@ -57,24 +40,16 @@ module "cluster" {
public = false public = false
type = "worker" type = "worker"
host = "hetzner" host = "hetzner"
storage = "local-zfs" storage = "main"
cores = 4 cores = 6
memory = 16384 memory = 16384
} }
cyan = { cyan = {
public = false public = false
type = "worker" type = "worker"
host = "hetzner" host = "hetzner"
storage = "local-zfs" storage = "main"
cores = 4 cores = 6
memory = 16384
}
green = {
public = false
type = "worker"
host = "hetzner"
storage = "local-zfs"
cores = 4
memory = 16384 memory = 16384
} }
} }

0
k8s.tjo.cloud/providers.tf → k8s.tjo.cloud/terraform.tf
View file

29
modules/cluster/components.tf
View file

@ -98,25 +98,25 @@ data "helm_template" "proxmox-csi" {
region: "${var.proxmox.name}" region: "${var.proxmox.name}"
storageClass: storageClass:
- name: proxmox - name: proxmox-main
storage: local-zfs storage: main
reclaimPolicy: Delete reclaimPolicy: Delete
fstype: ext4 fstype: ext4
cache: none cache: none
replicaCount: 1
nodeSelector: nodeSelector:
node-role.kubernetes.io/control-plane: "" node-role.kubernetes.io/control-plane: ""
node.cloudprovider.kubernetes.io/platform: nocloud node.cloudprovider.kubernetes.io/platform: nocloud
tolerations: tolerations:
- key: node-role.kubernetes.io/control-plane - key: node-role.kubernetes.io/control-plane
effect: NoSchedule effect: NoSchedule
node: node:
nodeSelector: nodeSelector:
node.cloudprovider.kubernetes.io/platform: nocloud node.cloudprovider.kubernetes.io/platform: nocloud
tolerations: tolerations:
- operator: Exists - key: node-role.kubernetes.io/control-plane
effect: NoSchedule
EOF EOF
] ]
} }
@ -198,23 +198,4 @@ data "helm_template" "envoy" {
] ]
include_crds = true include_crds = true
values = [
yamlencode({
config = {
envoyGateway = {
provider = {
type = "Kubernetes"
kubernetes = {
envoyDaemonSet = {}
envoyDeployment = null
}
}
gateway = {
controllerName = "gateway.envoyproxy.io/gatewayclass-controller"
}
}
}
})
]
} }

13
modules/cluster/main.tf
View file

@ -65,7 +65,7 @@ locals {
}, },
{ {
name : "gateway-api-crds" name : "gateway-api-crds"
contents : file("${path.module}/manifests/gateway-api-crds.yaml") contents : file("${path.module}/manifests/gateway-api.crds.yaml")
}, },
{ {
name : "metrics-server" name : "metrics-server"
@ -149,11 +149,16 @@ locals {
hostname = node.name hostname = node.name
} }
nodeLabels = { nodeLabels = {
"k8s.tjo.cloud/public" = node.public ? "true" : "false" "k8s.tjo.cloud/public" = node.public ? "true" : "false"
#"k8s.tjo.cloud/ipv4" = node.ipv4
#"k8s.tjo.cloud/ipv6" = node.ipv6
"k8s.tjo.cloud/host" = node.host "k8s.tjo.cloud/host" = node.host
"k8s.tjo.cloud/proxmox" = var.proxmox.name "k8s.tjo.cloud/proxmox" = var.proxmox.name
# TODO: Can we remove this? }
"node.cloudprovider.kubernetes.io/platform" = "proxmox" kubelet = {
extraConfig = {
podCIDR = ""
}
} }
} }
}), }),

4921
modules/cluster/manifests/gateway-api-crds.yaml → modules/cluster/manifests/gateway-api.crds.yaml
View file

File diff suppressed because it is too large Load diff

201
modules/cluster/manifests/metrics-server.yaml
View file

@ -0,0 +1,201 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=10250
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
image: registry.k8s.io/metrics-server/metrics-server:v0.7.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 10250
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100

8
modules/cluster/proxmox.tf
View file

@ -126,10 +126,10 @@ resource "proxmox_virtual_environment_vm" "nodes" {
iothread = true iothread = true
} }
initialization { #initialization {
datastore_id = each.value.storage # datastore_id = each.value.storage
meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id # meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id
} #}
} }
resource "proxmox_virtual_environment_role" "csi" { resource "proxmox_virtual_environment_role" "csi" {