diff --git a/README.md b/README.md index 3ff9619..d889c66 100644 --- a/README.md +++ b/README.md @@ -65,3 +65,9 @@ Upgrading talos or changing the schematic: ```bash talosctl upgrade --nodes --image factory.talos.dev/metal-installer/: ``` + +To upgrade kubernetes or inline manifests, first apply the updated controlplane configs, then run: + +```bash +talosctl upgrade-k8s +``` diff --git a/nodes/_cilium_values.yaml b/nodes/_cilium_values.yaml new file mode 100644 index 0000000..35ae1cc --- /dev/null +++ b/nodes/_cilium_values.yaml @@ -0,0 +1,31 @@ +ipam: + mode: kubernetes +kubeProxyReplacement: true +securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE +cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup +k8sServiceHost: localhost +k8sServicePort: 7445 +gatewayAPI: + enabled: true + enableAlpn: true + enableAppProtocol: true diff --git a/nodes/_defaults.yaml b/nodes/_defaults.yaml index a7aa824..cac55bd 100644 --- a/nodes/_defaults.yaml +++ b/nodes/_defaults.yaml @@ -2,6 +2,10 @@ schematicId: !schematic default arch: amd64 talosVersion: v1.11.3 kubernesVersion: v1.34.1 +cluster: + cilium: + version: 1.18.3 + valuesFile: !realpath _cilium_values.yaml kernelArgs: - talos.platform=metal - console=tty0 @@ -27,5 +31,6 @@ patches: - !patch network - !patch vip - !patch tailscale + - !patch cilium patchesControlPlane: - !patch allow-control-plane-workloads diff --git a/patches/cilium.yaml b/patches/cilium.yaml new file mode 100644 index 0000000..fcde5de --- /dev/null +++ b/patches/cilium.yaml @@ -0,0 +1,11 @@ +machine: + features: + hostDNS: + # This option is enabled by default and causes issues with cilium + forwardKubeDNSToHost: false +cluster: + network: + cni: + name: none + proxy: + disabled: true diff --git a/templates/generate_configs.sh b/templates/generate_configs.sh index 021b554..38c0cd4 100644 --- a/templates/generate_configs.sh +++ b/templates/generate_configs.sh @@ -2,6 +2,36 @@ set -euo pipefail CONFIGS={{ root }}/configs +function create_inline_manifest() { + # Add indentation + CONTENT=$(echo "$3" | sed 's/^/ /') + + # Create inline manifest patch + cat > $2 << EOF +cluster: + inlineManifests: + - name: ${1} + contents: | +${CONTENT} +EOF +} + +helm repo add cilium https://helm.cilium.io/ +helm repo update +{% for cluster in clusters -%} +{% if "cilium" in cluster -%} +# Generate manifests +CONTENT=$(helm template \ + cilium \ + cilium/cilium \ + --version {{ cluster.cilium.version }} \ + --namespace kube-system \ + --values {{ cluster.cilium.valuesFile }}) + +create_inline_manifest cilium ${CONFIGS}/{{cluster.name}}/cilium.yaml "${CONTENT}" +{% endif %} +{%- endfor %} + # Generate the configuration for each node {% for node in nodes -%} talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlaneIp }}:6443 -f \ @@ -17,6 +47,9 @@ talosctl gen config {{ node.cluster.name }} https://{{ node.cluster.controlPlane {% for patch in node.patchesControlPlane -%} --config-patch-control-plane {{ patch|tojson|tojson }} \ {% endfor -%} + {% if "cilium" in node.cluster -%} + --config-patch-control-plane "@${CONFIGS}/{{node.cluster.name}}/cilium.yaml" \ + {%- endif %} --with-docs=false \ --with-examples=false \ -o ${CONFIGS}/{{ node.filename }}.yaml