feat: better?
This commit is contained in:
parent
7c6c07b155
commit
c47b3c222a
14 changed files with 5514 additions and 128 deletions
7
.envrc
Normal file
7
.envrc
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Automatically sets up your devbox environment whenever you cd into this
|
||||
# directory via our direnv integration:
|
||||
|
||||
eval "$(devbox generate direnv --print-envrc)"
|
||||
|
||||
# check out https://www.jetpack.io/devbox/docs/ide_configuration/direnv/
|
||||
# for more details
|
21
devbox.json
Normal file
21
devbox.json
Normal file
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
"$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json",
|
||||
"packages": [
|
||||
"opentofu@latest",
|
||||
"kubectl@latest",
|
||||
"cilium-cli@latest",
|
||||
"kubelogin-oidc@latest",
|
||||
"talosctl@latest",
|
||||
"kubernetes-helm@latest"
|
||||
],
|
||||
"shell": {
|
||||
"init_hook": [
|
||||
"echo 'Welcome to devbox!' > /dev/null"
|
||||
],
|
||||
"scripts": {
|
||||
"test": [
|
||||
"echo \"Error: no test specified\" && exit 1"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
329
devbox.lock
Normal file
329
devbox.lock
Normal file
|
@ -0,0 +1,329 @@
|
|||
{
|
||||
"lockfile_version": "1",
|
||||
"packages": {
|
||||
"cilium-cli@latest": {
|
||||
"last_modified": "2024-07-13T12:58:17Z",
|
||||
"resolved": "github:NixOS/nixpkgs/b729601a9e6c459fd8884dea513af143111bed54#cilium-cli",
|
||||
"source": "devbox-search",
|
||||
"version": "0.16.13",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/325f3629lcqv2pi95zyvsfgs6ch72r4z-cilium-cli-0.16.13",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/325f3629lcqv2pi95zyvsfgs6ch72r4z-cilium-cli-0.16.13"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/bpwam0jwmbzlvwq2blscbh79mwyrcm6i-cilium-cli-0.16.13",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/bpwam0jwmbzlvwq2blscbh79mwyrcm6i-cilium-cli-0.16.13"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/pxbrkgm1mwydmpvyc72rf2y8k1kzkahz-cilium-cli-0.16.13",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/pxbrkgm1mwydmpvyc72rf2y8k1kzkahz-cilium-cli-0.16.13"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/y53dhix1adcsnlb697fyv9508g4a5rlg-cilium-cli-0.16.13",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/y53dhix1adcsnlb697fyv9508g4a5rlg-cilium-cli-0.16.13"
|
||||
}
|
||||
}
|
||||
},
|
||||
"kubectl@latest": {
|
||||
"last_modified": "2024-07-07T07:43:47Z",
|
||||
"resolved": "github:NixOS/nixpkgs/b60793b86201040d9dee019a05089a9150d08b5b#kubectl",
|
||||
"source": "devbox-search",
|
||||
"version": "1.30.2",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/i1zidf41bkfzs2l1pq9fi1frymsfgywc-kubectl-1.30.2",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "man",
|
||||
"path": "/nix/store/dzxnn9mk9plcx3w9862jyd0nxys2yywz-kubectl-1.30.2-man",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "convert",
|
||||
"path": "/nix/store/v9ij5fnxxa02jkzpjvkbxw2jc4p9cbld-kubectl-1.30.2-convert"
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/i1zidf41bkfzs2l1pq9fi1frymsfgywc-kubectl-1.30.2"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/k7ql4247qs6ny27m3iz5c9xf5gb248a2-kubectl-1.30.2",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "man",
|
||||
"path": "/nix/store/wy64r4nn3isydw4nx257h95qy2x2z4mx-kubectl-1.30.2-man",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "convert",
|
||||
"path": "/nix/store/ic8za302hvb4kf4zrs55ivr4q2n2lznn-kubectl-1.30.2-convert"
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/k7ql4247qs6ny27m3iz5c9xf5gb248a2-kubectl-1.30.2"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/v029n959l5b289br0cq591b04yc48516-kubectl-1.30.2",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "man",
|
||||
"path": "/nix/store/0dvcxn7gsi2ycy9blb7pcy506w4xp2vi-kubectl-1.30.2-man",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "convert",
|
||||
"path": "/nix/store/2nfq4ivwa4a7jwc0183f2wpl1jxbn754-kubectl-1.30.2-convert"
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/v029n959l5b289br0cq591b04yc48516-kubectl-1.30.2"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/3vkf0406s1i6l89hk5wrakh4bbn0p1p2-kubectl-1.30.2",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "man",
|
||||
"path": "/nix/store/3wbvgkkka1knkxvyr4c8qbpr448smw8i-kubectl-1.30.2-man",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "convert",
|
||||
"path": "/nix/store/h5zxz8db6wligwhw5gnwk4gbc8j1ixik-kubectl-1.30.2-convert"
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/3vkf0406s1i6l89hk5wrakh4bbn0p1p2-kubectl-1.30.2"
|
||||
}
|
||||
}
|
||||
},
|
||||
"kubelogin-oidc@latest": {
|
||||
"last_modified": "2024-07-07T07:43:47Z",
|
||||
"resolved": "github:NixOS/nixpkgs/b60793b86201040d9dee019a05089a9150d08b5b#kubelogin-oidc",
|
||||
"source": "devbox-search",
|
||||
"version": "1.28.1",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/411wlw1vgyhnijckr0b1rrsmclz4hjm9-kubelogin-1.28.1",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/411wlw1vgyhnijckr0b1rrsmclz4hjm9-kubelogin-1.28.1"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/570rcxdmd0sjzvbyddx43rj0g84l74yj-kubelogin-1.28.1",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/570rcxdmd0sjzvbyddx43rj0g84l74yj-kubelogin-1.28.1"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/zdqpjs87irnay5hdv5npqqfz4ij2hf49-kubelogin-1.28.1",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/zdqpjs87irnay5hdv5npqqfz4ij2hf49-kubelogin-1.28.1"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/xqcgm0mgk80gx1vbqzhhh3nbpqrix4mi-kubelogin-1.28.1",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/xqcgm0mgk80gx1vbqzhhh3nbpqrix4mi-kubelogin-1.28.1"
|
||||
}
|
||||
}
|
||||
},
|
||||
"kubernetes-helm@latest": {
|
||||
"last_modified": "2024-07-13T12:58:17Z",
|
||||
"resolved": "github:NixOS/nixpkgs/b729601a9e6c459fd8884dea513af143111bed54#kubernetes-helm",
|
||||
"source": "devbox-search",
|
||||
"version": "3.15.3",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/z4w7bnylg9h3f543yrf9bcwkxzfs82z2-kubernetes-helm-3.15.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/z4w7bnylg9h3f543yrf9bcwkxzfs82z2-kubernetes-helm-3.15.3"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/aa4jksq9ljgha8plw5cqyxf60n931dir-kubernetes-helm-3.15.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/aa4jksq9ljgha8plw5cqyxf60n931dir-kubernetes-helm-3.15.3"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/5gjk6w3agm49ljiwi991ailvmw35zq1j-kubernetes-helm-3.15.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/5gjk6w3agm49ljiwi991ailvmw35zq1j-kubernetes-helm-3.15.3"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/n4p0zh1s8jz9mqf1r1pki23kviq4waa7-kubernetes-helm-3.15.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/n4p0zh1s8jz9mqf1r1pki23kviq4waa7-kubernetes-helm-3.15.3"
|
||||
}
|
||||
}
|
||||
},
|
||||
"opentofu@latest": {
|
||||
"last_modified": "2024-07-10T00:27:26Z",
|
||||
"resolved": "github:NixOS/nixpkgs/16e401f01842c5bb2499e78c1fe227f939c0c474#opentofu",
|
||||
"source": "devbox-search",
|
||||
"version": "1.7.3",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/i7v0fb7v32yv3cclabl3g16wj4xypjpl-opentofu-1.7.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/i7v0fb7v32yv3cclabl3g16wj4xypjpl-opentofu-1.7.3"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/f5zsfy3f5rwrlaq44089vvqg3i1qma3m-opentofu-1.7.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/f5zsfy3f5rwrlaq44089vvqg3i1qma3m-opentofu-1.7.3"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/pby4f2314mds1by92byfb2lwgynl4cxz-opentofu-1.7.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/pby4f2314mds1by92byfb2lwgynl4cxz-opentofu-1.7.3"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/rs06b0wfi94j37s3dpzsb8sp1ksnpgi8-opentofu-1.7.3",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/rs06b0wfi94j37s3dpzsb8sp1ksnpgi8-opentofu-1.7.3"
|
||||
}
|
||||
}
|
||||
},
|
||||
"talosctl@latest": {
|
||||
"last_modified": "2024-07-17T09:45:27Z",
|
||||
"resolved": "github:NixOS/nixpkgs/5e73714b16ca222dcb2fc3ea2618fd7ba698da65#talosctl",
|
||||
"source": "devbox-search",
|
||||
"version": "1.7.5",
|
||||
"systems": {
|
||||
"aarch64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/82qvbk0rjv70va7f2akn0bl29450ik8w-talosctl-1.7.5",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/82qvbk0rjv70va7f2akn0bl29450ik8w-talosctl-1.7.5"
|
||||
},
|
||||
"aarch64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/hhrdspryw3jm5faifp42z54ys0jp84fs-talosctl-1.7.5",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/hhrdspryw3jm5faifp42z54ys0jp84fs-talosctl-1.7.5"
|
||||
},
|
||||
"x86_64-darwin": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/5kbsqj87ga9iv1mix4g9pmjhr6r4i328-talosctl-1.7.5",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/5kbsqj87ga9iv1mix4g9pmjhr6r4i328-talosctl-1.7.5"
|
||||
},
|
||||
"x86_64-linux": {
|
||||
"outputs": [
|
||||
{
|
||||
"name": "out",
|
||||
"path": "/nix/store/63slizc3fnqigbbn8lwpdwwz9ccx13qa-talosctl-1.7.5",
|
||||
"default": true
|
||||
}
|
||||
],
|
||||
"store_path": "/nix/store/63slizc3fnqigbbn8lwpdwwz9ccx13qa-talosctl-1.7.5"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
10
example.env
10
example.env
|
@ -1,6 +1,10 @@
|
|||
TF_VAR_tailscale_authkey=""
|
||||
|
||||
DIGITALOCEAN_TOKEN=""
|
||||
TF_VAR_oidc_username=""
|
||||
TF_VAR_oidc_password=""
|
||||
TF_VAR_oidc_issuer_url=""
|
||||
TF_VAR_oidc_client_id=""
|
||||
|
||||
PM_API_TOKEN_ID="terraform@pve!terraform-provisioner"
|
||||
PM_API_TOKEN_SECRET=""
|
||||
TF_VAR_digitalocean_token=""
|
||||
|
||||
TF_VAR_proxmox_token=""
|
||||
|
|
20
justfile
Normal file
20
justfile
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Always use devbox environment to run commands.
|
||||
set shell := ["devbox", "run"]
|
||||
# Load dotenv
|
||||
set dotenv-load
|
||||
|
||||
GATEWAY_API_VERSION := "v1.1.0"
|
||||
METRICS_SERVER_VERSION := "v0.7.1"
|
||||
|
||||
modules-cluster-manifests:
|
||||
@rm -rf modules/cluster/manifests
|
||||
@mkdir -p modules/cluster/manifests
|
||||
@curl -L -o modules/cluster/manifests/gateway-api.crds.yaml \
|
||||
"https://github.com/kubernetes-sigs/gateway-api/releases/download/{{GATEWAY_API_VERSION}}/experimental-install.yaml"
|
||||
@curl -L -o modules/cluster/manifests/metrics-server.yaml \
|
||||
"https://github.com/kubernetes-sigs/metrics-server/releases/download/{{METRICS_SERVER_VERSION}}/components.yaml"
|
||||
|
||||
k8s-apply: modules-cluster-manifests
|
||||
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud init
|
||||
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply -target module.cluster
|
||||
tofu -chdir={{justfile_directory()}}/k8s.tjo.cloud apply
|
|
@ -1,28 +1,6 @@
|
|||
# This file is maintained automatically by "tofu init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/alekc/kubectl" {
|
||||
version = "2.0.4"
|
||||
constraints = "2.0.4"
|
||||
hashes = [
|
||||
"h1:6xRO3WlBsOTbeJ90QFjxGbc4BjnoGdEaeSCdWI/B1jU=",
|
||||
"zh:15c227886bac78c8b8827f85595648212574ec81febc39e1055e1a6bf048fe65",
|
||||
"zh:2211ebeeb0918dbb3587d206e32adca9e1f343a93bbffcd37d8d99bf4d8dea9a",
|
||||
"zh:2303836cdea12ece8dbe39c2d7d30a9378fd06e9c2ebda66cbe5e01cc096ee2e",
|
||||
"zh:3687f69e531c70845682b214888a9959b93f2be3c2531801228a4b1965d59921",
|
||||
"zh:4dd686b4c55e2eedd80464984c9bb736c2df7a96d9dd59a692d91d09173f5f64",
|
||||
"zh:51e29c13a87e56867b4be0b0c68da874149bf6d4014d7259b62d91162142c1bd",
|
||||
"zh:5d9d99260f2adfb8867068a3d7644336d57cfa7710062c5221dcbb5a7ec90c7d",
|
||||
"zh:901c19d73da6688437b19a85e3cd60e8f2090c84699e108b31953bb87f6d3141",
|
||||
"zh:9547743606a36fa6b6748c5e2e1959b6f185730a1da53a3c351cfa0d8c096687",
|
||||
"zh:9772a30704e69b54de5a332858a39591f52286121cffcba702346830b1c6e362",
|
||||
"zh:b44792f99d7c90b9a364dd922f861e459ae1b1edc039f6b3078549021fec4511",
|
||||
"zh:b5eb871ed2e39b9236dce06170b1fd5dda29f3c1d53f8e08285ccb9a4f574201",
|
||||
"zh:e8bb4c3d9f680977b560e9dec24662650f790259b2c1311ee07a72157f6492b3",
|
||||
"zh:f4772cfa0f9c73fdef008bb917cd268620009dc7ff270a4d819125c642b5acce",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.opentofu.org/bpg/proxmox" {
|
||||
version = "0.61.1"
|
||||
constraints = "0.61.1"
|
||||
|
|
26
k8s.tjo.cloud/kubeconfig
Executable file
26
k8s.tjo.cloud/kubeconfig
Executable file
|
@ -0,0 +1,26 @@
|
|||
apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- name: tjo-cloud
|
||||
cluster:
|
||||
server: https://api.k8s.tjo.cloud:6443
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQU5MekZhUjV4SENpZHFZQjB5K0Z2ZVF3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTWpBeE56STNNRFZhRncwek5EQTNNVGd4TnpJMwpNRFZhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVN3T2xEMnBYeXRyQjdFUkFNZFQ5VVkwaDZNN1BtU1k1SjVBa2F4bk8vYm1FOW84bjNMTU9JbVZFaFYKdEdScFhvNTl6MHQ5dnJJRkd3VGNLeGlpaG5STW8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGRHg1bDd1aDdtNUlvNWc5b285NUwvOGpVVXZJTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUhOblhLV2cKcUZPbkQvbXVyU0Y4S3BlNHJyN3FkSzFLWGQ2dm03aXN2ZThOQWlFQW5TTHM3dy9ySUFQM09GWTJmTnJsbFd2cgpJZlRpRG1IV3AzWVU5UDFVM2ljPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||
contexts:
|
||||
- name: oidc@tjo-cloud
|
||||
context:
|
||||
cluster: tjo-cloud
|
||||
namespace: default
|
||||
user: oidc
|
||||
current-context: oidc@tjo-cloud
|
||||
users:
|
||||
- name: oidc
|
||||
user:
|
||||
exec:
|
||||
apiVersion: client.authentication.k8s.io/v1beta1
|
||||
command: kubectl
|
||||
args:
|
||||
- oidc-login
|
||||
- get-token
|
||||
- --oidc-issuer-url=https://id.tjo.space/application/o/k8stjocloud/
|
||||
- --oidc-client-id=HAI6rW0EWtgmSPGKAJ3XXzubQTUut2GMeTRS2spg
|
||||
- --oidc-extra-scope=profile
|
|
@ -27,29 +27,12 @@ module "cluster" {
|
|||
|
||||
tailscale_authkey = var.tailscale_authkey
|
||||
|
||||
allow_scheduling_on_control_planes = true
|
||||
nodes = {
|
||||
pink = {
|
||||
public = true
|
||||
type = "controlplane"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
cores = 4
|
||||
memory = 4096
|
||||
}
|
||||
purple = {
|
||||
public = true
|
||||
type = "controlplane"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
cores = 4
|
||||
memory = 4096
|
||||
}
|
||||
violet = {
|
||||
public = true
|
||||
type = "controlplane"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
storage = "main"
|
||||
cores = 4
|
||||
memory = 4096
|
||||
}
|
||||
|
@ -57,24 +40,16 @@ module "cluster" {
|
|||
public = false
|
||||
type = "worker"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
cores = 4
|
||||
storage = "main"
|
||||
cores = 6
|
||||
memory = 16384
|
||||
}
|
||||
cyan = {
|
||||
public = false
|
||||
type = "worker"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
cores = 4
|
||||
memory = 16384
|
||||
}
|
||||
green = {
|
||||
public = false
|
||||
type = "worker"
|
||||
host = "hetzner"
|
||||
storage = "local-zfs"
|
||||
cores = 4
|
||||
storage = "main"
|
||||
cores = 6
|
||||
memory = 16384
|
||||
}
|
||||
}
|
||||
|
|
|
@ -98,25 +98,25 @@ data "helm_template" "proxmox-csi" {
|
|||
region: "${var.proxmox.name}"
|
||||
|
||||
storageClass:
|
||||
- name: proxmox
|
||||
storage: local-zfs
|
||||
- name: proxmox-main
|
||||
storage: main
|
||||
reclaimPolicy: Delete
|
||||
fstype: ext4
|
||||
cache: none
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
node.cloudprovider.kubernetes.io/platform: nocloud
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
effect: NoSchedule
|
||||
|
||||
node:
|
||||
nodeSelector:
|
||||
node.cloudprovider.kubernetes.io/platform: nocloud
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
effect: NoSchedule
|
||||
EOF
|
||||
]
|
||||
}
|
||||
|
@ -198,23 +198,4 @@ data "helm_template" "envoy" {
|
|||
]
|
||||
|
||||
include_crds = true
|
||||
|
||||
values = [
|
||||
yamlencode({
|
||||
config = {
|
||||
envoyGateway = {
|
||||
provider = {
|
||||
type = "Kubernetes"
|
||||
kubernetes = {
|
||||
envoyDaemonSet = {}
|
||||
envoyDeployment = null
|
||||
}
|
||||
}
|
||||
gateway = {
|
||||
controllerName = "gateway.envoyproxy.io/gatewayclass-controller"
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
]
|
||||
}
|
||||
|
|
|
@ -65,7 +65,7 @@ locals {
|
|||
},
|
||||
{
|
||||
name : "gateway-api-crds"
|
||||
contents : file("${path.module}/manifests/gateway-api-crds.yaml")
|
||||
contents : file("${path.module}/manifests/gateway-api.crds.yaml")
|
||||
},
|
||||
{
|
||||
name : "metrics-server"
|
||||
|
@ -150,10 +150,15 @@ locals {
|
|||
}
|
||||
nodeLabels = {
|
||||
"k8s.tjo.cloud/public" = node.public ? "true" : "false"
|
||||
#"k8s.tjo.cloud/ipv4" = node.ipv4
|
||||
#"k8s.tjo.cloud/ipv6" = node.ipv6
|
||||
"k8s.tjo.cloud/host" = node.host
|
||||
"k8s.tjo.cloud/proxmox" = var.proxmox.name
|
||||
# TODO: Can we remove this?
|
||||
"node.cloudprovider.kubernetes.io/platform" = "proxmox"
|
||||
}
|
||||
kubelet = {
|
||||
extraConfig = {
|
||||
podCIDR = ""
|
||||
}
|
||||
}
|
||||
}
|
||||
}),
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -0,0 +1,201 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
name: system:aggregated-metrics-reader
|
||||
rules:
|
||||
- apiGroups:
|
||||
- metrics.k8s.io
|
||||
resources:
|
||||
- pods
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: system:metrics-server
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/metrics
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: metrics-server-auth-reader
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: extension-apiserver-authentication-reader
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: metrics-server:system:auth-delegator
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: system:metrics-server
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:metrics-server
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
targetPort: https
|
||||
selector:
|
||||
k8s-app: metrics-server
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: metrics-server
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 0
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --cert-dir=/tmp
|
||||
- --secure-port=10250
|
||||
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||||
- --kubelet-use-node-status-port
|
||||
- --metric-resolution=15s
|
||||
image: registry.k8s.io/metrics-server/metrics-server:v0.7.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /livez
|
||||
port: https
|
||||
scheme: HTTPS
|
||||
periodSeconds: 10
|
||||
name: metrics-server
|
||||
ports:
|
||||
- containerPort: 10250
|
||||
name: https
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: https
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 200Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp-dir
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: metrics-server
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: tmp-dir
|
||||
---
|
||||
apiVersion: apiregistration.k8s.io/v1
|
||||
kind: APIService
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: metrics-server
|
||||
name: v1beta1.metrics.k8s.io
|
||||
spec:
|
||||
group: metrics.k8s.io
|
||||
groupPriorityMinimum: 100
|
||||
insecureSkipTLSVerify: true
|
||||
service:
|
||||
name: metrics-server
|
||||
namespace: kube-system
|
||||
version: v1beta1
|
||||
versionPriority: 100
|
|
@ -126,10 +126,10 @@ resource "proxmox_virtual_environment_vm" "nodes" {
|
|||
iothread = true
|
||||
}
|
||||
|
||||
initialization {
|
||||
datastore_id = each.value.storage
|
||||
meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id
|
||||
}
|
||||
#initialization {
|
||||
# datastore_id = each.value.storage
|
||||
# meta_data_file_id = proxmox_virtual_environment_file.metadata[each.key].id
|
||||
#}
|
||||
}
|
||||
|
||||
resource "proxmox_virtual_environment_role" "csi" {
|
||||
|
|
Loading…
Reference in a new issue