infra/metal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: infra:787c763b7a033057ed6bac392abc56f97569d3de
Branches Tags
infra:main
..
compare: infra:main
Branches Tags
infra:main

10 Commits
787c763b7a ... main

Author SHA1 Message Date
Dreaded_X
b6c201775a feat: Added gateway api 2025-12-17 02:29:08 +01:00
Dreaded_X
be9dc8438b feat: Enable metrics server 2025-12-16 23:47:36 +01:00
Dreaded_X
873e73c310 feat: Added volume for local-path-provisioner 2025-12-09 02:38:51 +01:00
Dreaded_X
5c8cda5cc4 feat: Switched to longhorn 2025-12-09 02:21:43 +01:00
Dreaded_X
ac0d5244d3 feat: Added openebs patch 2025-12-09 02:21:42 +01:00
Dreaded_X
92345e5f1e chore: Added pre-commit hooks 2025-12-09 02:21:42 +01:00
Dreaded_X
47b85437e3 fix: Increase available resources 2025-12-09 02:21:37 +01:00
Dreaded_X
9c3c4005ed Configure talos for spegel 2025-12-02 02:45:26 +01:00
Dreaded_X
5eeba518a9 Added cluster variables for flux substitutions 2025-12-02 02:18:46 +01:00
Dreaded_X
f5798dae4c Added sops keys 2025-12-01 02:19:52 +01:00
26 changed files with 133 additions and 136 deletions
Expand all files Collapse all files

2
.gitattributes vendored
View File

@@ -1,3 +1,3 @@
_secrets.yaml filter=git-crypt diff=git-crypt _secrets.yaml filter=git-crypt diff=git-crypt
secrets.yaml filter=git-crypt diff=git-crypt secrets.yaml filter=git-crypt diff=git-crypt
_sops.asc filter=git-crypt diff=git-crypt *.agekey filter=git-crypt diff=git-crypt

28
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,28 @@
default_install_hook_types: [pre-commit, commit-msg]
exclude: gotk-.*.yaml
repos:
- repo: builtin
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
args:
- --allow-multiple-documents
- id: check-added-large-files
- id: check-merge-conflict
- id: check-executables-have-shebangs
- repo: https://github.com/crate-ci/typos
rev: v1.40.0
hooks:
- id: typos
- repo: https://github.com/sirwart/ripsecrets
rev: v0.1.11
hooks:
- id: ripsecrets-system
- repo: https://github.com/crate-ci/committed
rev: v1.1.8
hooks:
- id: committed

3
.secretsignore Normal file
View File

@@ -0,0 +1,3 @@
_secrets.yaml
secrets.yaml
*.agekey

2
committed.toml Normal file
View File

@@ -0,0 +1,2 @@
style = "conventional"
ignore_author_re = "Flux"

9
nodes/_defaults.yaml
View File

@@ -29,6 +29,15 @@ patches:
- !patch vip - !patch vip
- !patch tailscale - !patch tailscale
- !patch cilium - !patch cilium
- !patch spegel
- !patch longhorn
- !patch longhorn-user-volume
- !patch local-path-provisioner-volume
- !patch limit-ephemeral
- !patch metrics
patchesControlPlane: patchesControlPlane:
- !patch allow-control-plane-workloads - !patch allow-control-plane-workloads
- !patch sops - !patch sops
- !patch cluster-variables
- !patch metrics-cluster
- !patch gateway-api

BIN
nodes/testing/_age.agekey Normal file
View File

Binary file not shown.

3
nodes/testing/_defaults.yaml
View File

@@ -4,6 +4,7 @@ installDisk: /dev/vda
autoInstall: true autoInstall: true
cluster: cluster:
name: testing name: testing
production: false
controlPlaneIp: 192.168.1.100 controlPlaneIp: 192.168.1.100
secretsFile: !realpath _secrets.yaml secretsFile: !realpath _secrets.yaml
sopsKeyFile: !realpath _sops.asc sopsKeyFile: !realpath _age.agekey

BIN
nodes/testing/_sops.asc
View File

Binary file not shown.

63
nodes/testing/_sops.pub.asc
View File

@@ -1,63 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGks4XgBEADGW3kWVuEpcHoqjO19ztTrRhqG7y58M6jo3aiL1YuAKUMsGJOv
ifWVnqy+Twbkc+o7yYZIaxdzXkmT+3vtHJzEI2HoL9tTs43fnG4Lu+28c8TFl480
k9rOrvhP1UFTiYt5lsa7+gnH6UPcbaNFOWDxOKrzzr879Vv6884XOPUQ4qdsk/jV
YkqYbOzsSNeaicJIfIA8PIrBNMeV/v83gnEo6sgL4E/nVT2foGZg+MnOU1rO2N63
R+qK1iNTHR3TswuwI4TDAdw93s5Qn+5dYKKnB5lTdipXfidarMFojLAcfHPwsFl0
p5HRJnOJo5Vfj5Ljaj0GLLPk8gZjwA69vLQYY0d+IDhnvToScgolt1b2XaKGw+m6
gC9THU4i+RqDf/o6B7nN97ySJeuDvigu7af1jdDocQNQKp1o8BCoe93jM6CS6EZN
YIvN/7cNP2E/ABdVPXYdrSTgbeltJyQtxPiwfdmiNKK5wFNl4GqeTa98Vh6q5Guw
U5ZZCvk/dfXodylG/3htCJyXKx1GXzd6w3fGn3cCemNnlOih7CiBqM3mL2/jLbE1
7AKDGXcM8gn3jEAssgZZWFl4C0Fs4c7ow4+6zMJ6+C9N/gJAd3CFMJPbiNlMbE9e
uW4TAx5lG/pXyQugEZ9Dw/jrQS/3K71kr4D4bo2K9SUj0+tjzuL41Xd2WwARAQAB
tCJ0ZXN0aW5nLmh1aXppbmcuZGV2IChmbHV4IHNlY3JldHMpiQJPBBMBCgA5FiEE
dv92pag2QTfq8b5ulf94w46a1ukFAmks4XgDGy8EBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEJX/eMOOmtbpX8YP/2Z7a5xp+imXItXJSPgFa+NJBs4V1SMPPF2V
2YcHJGlnX6mOJJZUYXo8f615uN4+hRI3z4n2Uc2VYZdOFCKRcqFrY10wB1nvdukb
0OHR3CoBV4/S2NV6QS12JIyyYgV1WjstEK+CsdxVMVp4dvQvRcOWZ1Wt0tIx/rj0
1ccvBexXkyVrMc576yK+aB+fb9EOgdmpC8JswoyicHugi2Mq+QsVoNjKwMQwvKDR
NrLdJ+PCInuwBEwpy0cNRALrVTN9zzZpInZ7EAOkEUBH8t8g6MebDZgiZqgdeBJk
QcY9ciC8lyPcES0MOcSY2tpSAfHkPGbytv2DHxm7p+Lraczm8bxNOFnoCfy1i62Y
ewCMT4H/5PTmWVGPbKIOHg0B6ATZEnl+Hw4WIbKSAzIZnVNLSaFAXM3M/HWs/XUa
5CKYi2PmN0Jo85rsRczzboTuLyfqmnah1vznwrgp+MXk5Y7vT4DqHvhiij0vG9iG
buC4HQ642pszau2BF5+l16EnfFaC21k1AGQWiPQNZPeR18MvhJflmaMS6URZY0E9
QY487s+rJ1gTiL7zlPAfexNHc/z8kvQi8yF5PfBKPxXBAf18nIG6+n6vxn9lLxi4
7AjcA7pDbPAw2t9rgM6BUQkFHjwt6qCF7A65lLL1M36he/b7Wr8WYmo4Cd+X1jXK
WgGqwzk/uQINBGks4XgBEAC8EOELmKWvvuAMvKYb0kdeBYoCYMWscig8s6fQGJRt
vPsPvQmyZoVJ69fiEXcw9d/3StfkxlPaEakYNILdVL6Q+AgZgJFn/iY3ewMtnUNO
/P19cahl8PFSBnOWrGRLqGfC2bDoeW7rt7Muy1YjP+cVLoXL3qz685k8SUfVspka
qi84w1ucAvR8XTzN4/lwSgk8Avfx1vPiToFHugxDb7JiLmMBssKRRzAT3iPycMYK
kc0tNxAlMnKXPOPntdXw/50mtsM4WNP0/yMpdbmtGrGbIQUvpRBE7D7dZ6m0/+WI
9plpljVwbs3dikUfWILM3NseDK2CEid5VXQMqqdXaQlQDOwya2d0o5yzfUW+Yj+l
6dWlcNeI8wM9raum/GEsxoIGkzQ+fvT73StglcIPwACOJlwdRRu+WrDtS8PebirL
w70hKebEEwel8IA9U19L0GpnNjKhK10pqY39jX09YdMMq9f1gigsCj3Ika2l3ZyQ
Wl6y0UhiTiVkphqM9JJAApRlZbrxUxX6Sw0M6iOBX394ZKgzQbcpGcOGnGdQXs4V
7hMOtqYrQqYqTSoJYHqWNCgVsTcGeoo8/NN/9f0aVB2gv3CDIqnB+8xq15rsKrLN
9mM3Bxi2fRws6gTEcENV64j22Z1tKR3yHPSLv0/1Ta7A9SXnXmqw/BMjWJxQSmmN
ZwARAQABiQRsBBgBCgAgFiEEdv92pag2QTfq8b5ulf94w46a1ukFAmks4XgCGy4C
QAkQlf94w46a1unBdCAEGQEKAB0WIQTXTIfxfRLD7cv4AoBl1ZPdaI4nIwUCaSzh
eAAKCRBl1ZPdaI4nI+nzEACZspevA9KxrWo8ZMv3Jyz/SZ6qGeUZm0cS+wYlnXTO
jwHq+gjvzQvmrg/+S9kneE4mFx21p3exKh6waYt9M18MHj623HGTXrKHuXTbKhom
7kDISFbnKjcoyyLT7KvCP27lfhv9ahkgvj2GdjPCVsWY3m53dWMKjLEHNYrVPw5v
ublNbjvAZ8sUEuP1wIZDqqCImYR2VP+ND8BCx+br20mnpHbB9GRSWKWZ0kG8cc9n
bJgUnd0f6rp0kPqTvH2YNPx8V56v3NqbnvON+p/2YfRZ4ff9hTB65Gune8xlqXUf
KbRCgepkgH5uYXCl/1+urWQZJPlUOGYP5b37wezm2vrd3Gq9LY52JXw+If953dAi
AGYhlqtQsu/MtA0MwGqSYBWY9SRHoNkCJw798B3ZrQOescnmokjAZhH/8def2r6Q
NXlMVwrKYl7vQMxa5uDJP9VqwrLn3FMpnOCEAWfl+nc+cu1MP17KwofwbtzbDlSq
rTiIskYb571ZgW/wSNTi6Y0qtq0Hn7ruoRfLONgdsru/JlrRUWMHiziWz21lJYOZ
KR3snLGdURh8JBPHI4eUYe6F0gk1g6Mn9BJljWTASzEs41Wbs7SXyn0bKEvOVZza
t+on9ab22futkoxdD9TQgYLtYJy6kvcnd3opa9FaVlFzS4zLVetwgj2fcri779+o
ozu/D/4qlHXpPmgfPYfaLHPzpAq6GEFf3uLU/Ue7LJAipNdgSWgQGqpu070pFTYp
FxOyhECEixBpFzs9ygfa35Sjw/8cDd+6aAYrIPEk2V98gA8N0nIeUOwh7mcy8vfD
1omqkiS4hanhv2Q5OrgHlTj/28K6CXTRouRaaADvudjSLdt5jM9Y87uuBE7N2okF
tq1oYgvNOiZt9vERU3N8raefgGs869Oi3CawyD71/UV8mdUzkg4awlCDz2tCvEBg
h8G/ys/4fVp6orac6qvIr9SGKu8oT20VCmAc4tv1ze6avjcARvuzrhIRFbiZtDpB
nJafOLOqzOcoZgEy+7Iwa6/iZjFiRMdgEjgU62bVeQEQKny5Nm7y3lnEBNja/ISP
xB6emz/G6nmWwAt0OnZnH3lFwiXrRgefb+MPHi5rvRN9mqRHQ43UU4pkYQO0fa1H
PeNhhe7qo8H4AFdZTzsRurBOsLTZ+uJGjwto+Zq+hQkzPBvfVSzVbkvvEUFwn+Hm
PmP+lKYThzVSlxbDEMHu7BDnJQZX/MTTyJnviXgMaRstgjMak52SAjIReiI+RRgO
mihWQ21nN9u2WC78sZLHJTuej2yv6K7BZBl+TRRwwnRP7sQIassfXqB30kHFUXqr
kC7eCKdgW/DSKw5rhmMDfS0ILBTkhtL1XmOtcHK2PKdPe9DjAA==
=DrdW
-----END PGP PUBLIC KEY BLOCK-----

BIN
nodes/titan/_age.agekey Normal file
View File

Binary file not shown.

3
nodes/titan/_defaults.yaml
View File

@@ -3,6 +3,7 @@ gateway: 10.0.0.1
installDisk: /dev/sda installDisk: /dev/sda
cluster: cluster:
name: titan name: titan
production: true
controlPlaneIp: 10.0.2.1 controlPlaneIp: 10.0.2.1
secretsFile: !realpath _secrets.yaml secretsFile: !realpath _secrets.yaml
sopsKeyFile: !realpath _sops.asc sopsKeyFile: !realpath _age.agekey

BIN
nodes/titan/_sops.asc
View File

Binary file not shown.

63
nodes/titan/_sops.pub.asc
View File

@@ -1,63 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGks5cwBEADdTNm9v45f1r76Ka6+5zd9JIO0b7qGKSRaQ1FBw5Cf6424FhLg
5VJ5Ct01cyqemJsmgf/qMOFW8hDs0X8KeQO24D79qdTu9DO/q212R6BKjuFz+TRX
rdPrSoky5MDhLcN+AEU+Ban9aMvUbKiVeEtxJq/1SgTWfKnUsil5OmmzsR6LXhlZ
gA2kubo2oh4hrql9+i+iO5A7HZ5dc1T5bPYivXA/7tJ8Y66OUs1kaaMR8Cy1Qfp7
iPRkvmrMTQtLwVpWNWn0KCvyxtpBeeWxo1oGJYvVm8GJTBrB+Xhl5bOrnvqbD9Pw
6jzyN5ecMXn+KF4JZZW8Y9EIfH5JX+hA/W/zfF4y3oNszS/JlxyuRIHc3dsQQ2za
YpZ+rsvKJtIsZdPW+J9J5fjQkYvF1+wmOEOVtvryFlFjH5aPlDSnSPbU138dRPva
IfY/c0bOKW/Xd5GawYGKdfkJThJR/In1WQMimSpqydzLt3ELfovLmBFyMWjmiz+b
VFUCPktrt7m2VFHWjYu03REdV60L1CqKFvkoBp4KV5EnjAN7XKDCfKxM5gC8f/Yg
3F+R1+XzZPLUgTk/5/rDjAFynwcWnf2WfXd5JwJEi1pXgLiFVbK6phnfAJLvcsDt
jHVmjYf8dkMuMPXdubeyPo+CKaOffmCAmLgCppR5qDTF/ubDB20gLpBCcwARAQAB
tCF0aXRhbi5odWl6aW5nYS5kZXYgKGZsdXggc2VjcmV0cymJAk8EEwEKADkWIQSz
0/lFIzjCNZTY/8wOE+ZBNIET3QUCaSzlzAMbLwQFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQDhPmQTSBE92rjg//dzU4BFAZXtiSnuqCdI+kCNykRyP4UIjxZICz
ixsXoG+0eIgOgLN5A4i1lDg/lPj/lpPCWlJvnOm/OAU7XUNA3KK98qQGViwVfrou
CqAeWMPMAvAgUB2cwkWV3FmCR/v9xBdo6eHeZfPoZ7OnND7uSck/u+5GgtMX0ZP0
qRbQo7DC+2fjObgXuLaCG49vBTYmy1S/uAAhSU0W7wpOUztn1srNCgWwYCAjAt0A
CzdNYSP10k8hA2a9+a4zsXjScdVjEqkoLeWJMtzt4roYArZjt9XJ4iKnroXCx52T
uaMmFdpGeBZno0Ih/qwGLFkvEcIwHe4uxY4aQK8k9wLNdS9s3qayXj1mF2HSMH16
wlg6aD6XB/2rTAaIdSs4yLipbN9Lo4jDeEkmag0n6qAcqZHCp+Z1nKeehNIX2MxT
VDo0XwQzBl3MrOJI/U/n7tD9cKi6lWHNJ2SZf42gPe6a06WklAoAj/YpLe2FbxYh
TTnkmHbIyMSUcdQ+xC/3h8qo8F9TssO8fA0JgdwVa96iBPJShCWW4V4nfumQYRGV
zeWRu7LEVnflSVZz/2a9P3ecE5DtmkUibVxDn5/xYYWsJpARV3QEGPT1pOvI8TBB
hc//XxZZ8j8MyFSX+hMFj2y+cqprqb0vCUPcnP6g298yAWlpgJwP+UcnyrOuTKkM
B0Tnume5Ag0EaSzlzAEQAODCxs7vrTtGJbEWxDUa/q4G/3cGNuA52EpSZfM3ZfCU
66gIRC6OPrIz3pIB4UKExS9OZtLxcrAVggzFhgOEaaBK87ku6KmC+PCKX1oY6AVT
FeaWtW8ajY53VAASNeA7GcDlCAV7DgM9n2w3SuiybvJkMQ4XkUlDwW3hxIYOi1/R
h3cRBHiQDR6beHkBd9BmH9HFGEDO7d2sR33Bl2UZOvc6+NQartp8znDmTJ+5RoZz
A/i8AvurEm6u3e6W1LZmHitIhBINd71tjRXiRsOmCuEcoFyChR7BpAUn9WaiW5BB
Y3VWXZC/O86donSuoWwlgIi9T9SXs+iIZzm4w9ongKGdbsEmpp/NcT28gQytTrug
2o9SSSVmLpnH/hg4D/M/a5eOI7UzWszf4iCZB01f/fyWtbokUxDpnn4bzUWXyie1
2P9yGtSjyeZPRn6ELGuCOrjvHTA6uIgRaXjYenDlTOPv1Gr5XeuGEJZaK/4d7rQb
u4yLDKC9n80pF06qD00XpnyX6hGL5ntMIiXbWeAbWNcfZEBu5TJg5H4PqcSDwI3E
TfJgf6RBzG8+XcjAgEWzdDJhat5QGCKGKmANfwbYHLj2XJdiwWqanWZmDXFH5p6o
b4zwceS9zx31Ex/XhJ4mutibpvTtDklpU3Ol6Jml/koB4KYHxRQwipCfPElwouhB
ABEBAAGJBGwEGAEKACAWIQSz0/lFIzjCNZTY/8wOE+ZBNIET3QUCaSzlzAIbLgJA
CRAOE+ZBNIET3cF0IAQZAQoAHRYhBJdlMI5OZl6R69KAiY629oMZwkJNBQJpLOXM
AAoJEI629oMZwkJNfLgQAKclJQc1yXj8hu/peiLcfdoTqYCzitu9h3x5KNerKCO1
I/iGDcOc/g17K8QdyTRB4zHunVMfBuC8Wp7G6uwhnCanMcOzfVdM80MSxdaBb+hM
3nJooZTxnXNJBNy5NPy2P9vE/+Fx7UQhC5DK70wX96Xm7WnA6dunvDP/DdD7Tzf2
qU2I9/axRBsBowJ1N0CL7VusLr+Iml6s6S/Z20o5EfFKNfHHpK7lUIxc41J1KWRw
qhqzm9GJh+PrafeYcq1/Q99HkmFBFkAHfUhiHkpTGVdc39fEM3ywxxJ5VuK51CKj
Q772kITdoJxgfv//+k51OPDDYmcidyK/jU+SE8GXlBsEAGDvvxf8zsh/PhXw+qNM
1JqX+OD6Mm02cbaWieDXbFXta3/4apAcbvBLaPggHyIHvjA2WbAsq7iQwjlFLeBV
qP9Vs6muREocNbvxQ3x8kM5ruWgogWl60TS+lKCN+bmJ2u64VdCtHZZxUZr3swQY
67RTEUvicqr0unP9/+87rjYPPpc+XSoh+MIQLQ3YrzE9aG/29P55+WlzsjayrYBR
MkM76zWMK/7xRx+fG+GITyfqGF+jAylNqGkpMBq8257JzfEE3kQJKBaZF6apOF+H
uJtr1u5+Y1HpClBqROw52Szb5VfTxrYS7aCd5DJdA1YM/jFGQYh2lM0z98ZqlBqR
R/cP+QEzGdJ1bYZhBU/P1NvHkbYc3GwN6j8UFYCGncJiUhJcNPgixogNJLFiWHom
+PrvvFrQI8ATCvcNF3pbETUP+PH2oLZ35KmOI9GGMNS/v/66E7o+1vXylXP0pZ9W
knEgQEUSxTSqvsSxfn06rSZvwjUcd/qOjvSJVS1urtBL9dt3Ct1jiXHaJEhPEY/z
nJLD/qaTF3Z4K2SoermaS8d3+fnp+7HrQcVfLneWpb7hrWATtRyPTvfvMEQzmmXP
G1v57wbA2fwAHPoth5Yzn5Cnib/677n2grnsumHFWYWhpSaRVGhJe8lMXjDiwNV6
Y45o9lmBUbgRXuO1ZprVXbc0ujkFyTLa0NZtMALHiy7XjzVMFgRmtwKX+KjAZGLr
hhqOrX+S3pcFqJTVLMP0bk7dV8IKAcbWrf7luQAtbQqVGIECrUqzDx4OfxuZl/rF
5UZKVXTFEGEDt7OFKrPDM802FqvUVHJxCm21WDUdBKWhLd9OnD74f16+9B+0cKHt
LXMTVEQINOcEuPwbqnkZqUz/vbR5Q7IR70Rdw3rXMEfvlyQMNzgmCw4PRzfa4cHq
CUgCYrvIBTmcjwa78+DCvfgfbe0/FtuQv1SNkpYiSU0qYx2S+aBl07pknO8mfSll
EWXe/zokPxeEtteNZkZ/gz4YtBymE+GUR+zM3IV7pYxVmtPE
=UtAO
-----END PGP PUBLIC KEY BLOCK-----

16
patches/cluster-variables.yaml Normal file
View File

@@ -0,0 +1,16 @@
cluster:
inlineManifests:
- name: cluster-variables
contents: |
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-variables
namespace: flux-system
data:
cluster_env: {%- if node.cluster.production %} production {%- else %} staging {%- endif %}

3
patches/gateway-api.yaml Normal file
View File

@@ -0,0 +1,3 @@
cluster:
extraManifests:
- https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml

5
patches/limit-ephemeral.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1alpha1
kind: VolumeConfig
name: EPHEMERAL
provisioning:
maxSize: 30GB

8
patches/local-path-provisioner-volume.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1alpha1
kind: UserVolumeConfig
name: local-path-provisioner
provisioning:
diskSelector:
match: system_disk
grow: true
maxSize: 10GB

8
patches/longhorn-user-volume.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1alpha1
kind: UserVolumeConfig
name: longhorn
provisioning:
diskSelector:
match: system_disk
grow: true
maxSize: 2000GB

10
patches/longhorn.yaml Normal file
View File

@@ -0,0 +1,10 @@
machine:
kubelet:
extraMounts:
- destination: /var/lib/longhorn
type: bind
source: /var/lib/longhorn
options:
- bind
- rshared
- rw

4
patches/metrics-cluster.yaml Normal file
View File

@@ -0,0 +1,4 @@
cluster:
extraManifests:
- https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
- https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

4
patches/metrics.yaml Normal file
View File

@@ -0,0 +1,4 @@
machine:
kubelet:
extraArgs:
rotate-server-certificates: true

16
patches/openebs.yaml Normal file
View File

@@ -0,0 +1,16 @@
machine:
# This is only needed on nodes that will have storage
sysctls:
vm.nr_hugepages: "1024"
nodeLabels:
openebs.io/engine: mayastor
# This is needed on ALL nodes
kubelet:
extraMounts:
- destination: /var/local
type: bind
source: /var/local
options:
- bind
- rshared
- rw

2
patches/sops.yaml
View File

@@ -13,5 +13,5 @@ cluster:
name: sops-gpg name: sops-gpg
namespace: flux-system namespace: flux-system
data: data:
sops.acs: | age.agekey: |
{{ helper.load_secret(node.cluster.sopsKeyFile) }} {{ helper.load_secret(node.cluster.sopsKeyFile) }}

7
patches/spegel.yaml Normal file
View File

@@ -0,0 +1,7 @@
machine:
files:
- path: /etc/cri/conf.d/20-customization.part
op: create
content: |
[plugins."io.containerd.cri.v1.images"]
discard_unpacked_layers = false

4
patches/tailscale.yaml
View File

@@ -4,6 +4,4 @@ name: tailscale
environment: environment:
- TS_AUTHKEY={{ config.tailscale.authKey }} - TS_AUTHKEY={{ config.tailscale.authKey }}
- TS_EXTRA_ARGS=--login-server {{ config.tailscale.loginServer }} --advertise-tags=tag:cluster-{{ node.cluster.name }} - TS_EXTRA_ARGS=--login-server {{ config.tailscale.loginServer }} --advertise-tags=tag:cluster-{{ node.cluster.name }}
{% if node.advertiseRoutes %} - TS_ROUTES={% if node.advertiseRoutes -%} {{ helper.tailscale_subnet(node.gateway, node.netmask) }} {%- endif %}
- TS_ROUTES={{ helper.tailscale_subnet(node.gateway, node.netmask) }}
{% endif %}

6
tools/vm
View File

@@ -3,9 +3,9 @@ set -euo pipefail
ROOT=$(git rev-parse --show-toplevel) ROOT=$(git rev-parse --show-toplevel)
VM_NAME="talos-vm" VM_NAME="talos-vm"
VCPUS="2" VCPUS="6"
RAM_MB="2048" RAM_MB="16384"
DISK_GB="10" DISK_GB="100"
NETWORK=talos NETWORK=talos
CONNECTION="qemu:///system" CONNECTION="qemu:///system"