commit 187c8bd7877af1654f82d90458cf75a4c2dff747 Author: Dreaded_X Date: Sat Nov 22 06:02:05 2025 +0100 feat: Created initial bootstrap script diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..7c650fb --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,119 @@ +#!/usr/bin/env bash +set -euo pipefail + +tools=(talosctl cilium-cli yq helm) +cilium_version=1.18.4 + +for tool in "${tools[@]}"; do + command -v ${tool} > /dev/null || (echo "Missing: ${tool}" && exit -1) +done + +cluster_name="${1:-}" +if [ -z "${cluster_name}" ]; then + echo "No cluster name has been specified." + exit -1 +fi + +bootstrap_ip="${2:-}" +if [ -z "${bootstrap_ip}" ]; then + echo "No bootstrap ip has been specified." + exit -1 +fi + +TALOSCONFIG=${TALOSCONFIG:-} +if [ -z "${TALOSCONFIG}" ]; then + echo "TALOSCONFIG is not set, please make sure to run \`. ./rendered/source.sh\` in the metal repository." + exit -1 +fi +if [ ! -f "${TALOSCONFIG}" ]; then + echo "File specified in TALOSCONFIG (${TALOSCONFIG}) does not exist, make sure to generate it using \`./rendered/generate_configs.sh\` in the metal repository." +fi +clusters=($(cat $TALOSCONFIG | yq '.contexts | keys' -o csv | tr ',' ' ')) + +if [[ ! "${clusters[*]}" =~ "${cluster_name}" ]]; then + echo "Cluster '${cluster_name}' does not exist." + echo "Available clusters:" + for (( i=0; i<${#clusters[@]}; i++ )); do + echo -e "\t${clusters[$i]}" + done + exit -1 +fi + +KUBECONFIG=${KUBECONFIG:-} +if [ -z "${KUBECONFIG}" ]; then + echo "KUBECONFIG is not set, please make sure to run \`. ./rendered/source.sh\` in the metal repository." + exit -1 +fi +KUBECONFIG=$(echo $KUBECONFIG | tr ':' '\n' | grep ${cluster_name}/kubeconfig) +if [ -z "${KUBECONFIG}" ]; then + echo "KUBECONFIG does not contain a path for the current cluster, please make sure to run \`. ./rendered/source.sh\` in the metal repository." + exit -1 +fi + +vip=$(cat $TALOSCONFIG | yq ".contexts.${cluster_name}.endpoints[0]") +if [ "${vip}" = "null" ]; then + echo "Failed to get VIP of cluster." + exit -1 +fi + +echo -n "Checking connection to ${bootstrap_ip}... " +if nmap -Pn ${bootstrap_ip} -p 50000 | grep -q 'open'; then + echo "[Success]" +else + echo "[Failure]" + exit -1 +fi + +count=0 +max_retries=20 +while ! nmap -Pn ${vip} -p 50000 | grep -q 'open' && [ ${count} -lt ${max_retries} ]; do + if [ $count -eq 0 ]; then + echo -n "Bootstrapping Kubernetes" + fi + echo -n "." + count=$((count+1)) + sleep 5 + talosctl --context ${cluster_name} -e ${bootstrap_ip} -n ${bootstrap_ip} bootstrap 2> /dev/null || true +done +if [ ${count} -ge ${max_retries} ]; then + echo " [Failure]" + exit -1 +elif [ ! $count -eq 0 ]; then + echo " [Success]" +fi + +talosctl --context ${cluster_name} -n "${bootstrap_ip}" kubeconfig -f + +count=0 +max_retries=20 +while [ -z "$(kubectl get nodes 2> /dev/null)" ]; do + if [ $count -eq 0 ]; then + echo -n "Waiting for apiserver" + fi + echo -n "." + count=$((count+1)) + sleep 15 +done +if [ ${count} -ge ${max_retries} ]; then + echo " [Failure]" + exit -1 +elif [ ! $count -eq 0 ]; then + echo " [Success]" +fi + +if ! helm status -n kube-system cilium &> /dev/null; then + echo "Installing cilium..." + helm repo add cilium https://helm.cilium.io/ > /dev/null + helm repo update > /dev/null + helm install \ + cilium \ + cilium/cilium \ + --version ${cilium_version} \ + --namespace kube-system \ + --values cilium.yaml +fi + +cilium-cli status --wait + +# echo "Running connectivity test..." +# cilium-cli connectivity test --namespace-labels pod-security.kubernetes.io/enforce=privileged diff --git a/cilium.yaml b/cilium.yaml new file mode 100644 index 0000000..8543a11 --- /dev/null +++ b/cilium.yaml @@ -0,0 +1,36 @@ +ipam: + mode: kubernetes +kubeProxyReplacement: true +securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE +cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup +k8sServiceHost: localhost +k8sServicePort: 7445 +gatewayAPI: + enabled: true + enableAlpn: true + enableAppProtocol: true +operator: + replicas: 1 +hubble: + relay: + enabled: true