chore: Move modules to root directory

modules/talos-bootstrap/main.tf

@@ -0,0 +1,103 @@
+terraform {
+  required_providers {
+    talos = {
+      source  = "siderolabs/talos"
+      version = "0.9.0"
+    }
+  }
+}
+locals {
+  cluster_endpoint_full = format("https://%s:6443", var.node_config.cluster_endpoint)
+}
+
+resource "talos_machine_secrets" "machine_secrets" {}
+
+data "talos_machine_configuration" "machineconfig-cp" {
+  cluster_name       = var.node_config.cluster_name
+  machine_type       = "controlplane"
+  cluster_endpoint   = local.cluster_endpoint_full
+  kubernetes_version = var.node_config.kubernetes_version
+  talos_version      = talos_machine_secrets.machine_secrets.talos_version
+  machine_secrets    = talos_machine_secrets.machine_secrets.machine_secrets
+}
+
+data "talos_machine_configuration" "machineconfig-worker" {
+  cluster_name       = var.node_config.cluster_name
+  machine_type       = "worker"
+  cluster_endpoint   = local.cluster_endpoint_full
+  kubernetes_version = var.node_config.kubernetes_version
+  talos_version      = talos_machine_secrets.machine_secrets.talos_version
+  machine_secrets    = talos_machine_secrets.machine_secrets.machine_secrets
+}
+
+data "talos_client_configuration" "talosconfig" {
+  cluster_name         = var.node_config.cluster_name
+  endpoints            = var.node_config.controlplane_addresses
+  client_configuration = talos_machine_secrets.machine_secrets.client_configuration
+  nodes                = concat(var.node_config.controlplane_addresses, var.node_config.worker_addresses)
+}
+
+resource "talos_machine_configuration_apply" "config_apply_cp" {
+  for_each = {
+    for talos_node in var.talos_nodes : talos_node.name => talos_node
+    if talos_node.type == "controlplane"
+  }
+
+  client_configuration        = talos_machine_secrets.machine_secrets.client_configuration
+  machine_configuration_input = data.talos_machine_configuration.machineconfig-cp.machine_configuration
+  endpoint                    = each.value.ipv4_address
+  node                        = each.value.ipv4_address
+  config_patches = [
+    templatefile("${path.module}/templates/machineconfig-cp.yaml.tmpl", {
+      hostname            = each.value.name
+      cluster_name        = var.node_config.cluster_name
+      vip_address         = var.node_config.cluster_endpoint
+      node_name           = format("%s.wheatley.in", var.node_config.proxmox_node)
+      machine_type        = each.value.type
+      gateway-api_version = var.node_config.gateway_api_version
+      cilium_version      = var.node_config.cilium_version
+      cilium_install_file = file("${path.module}/templates/cilium-install.yaml.tmpl")
+    })
+  ]
+}
+
+resource "talos_machine_configuration_apply" "config_apply_worker" {
+  for_each = {
+    for talos_node in var.talos_nodes : talos_node.name => talos_node
+    if talos_node.type == "worker"
+  }
+
+  client_configuration        = talos_machine_secrets.machine_secrets.client_configuration
+  machine_configuration_input = data.talos_machine_configuration.machineconfig-worker.machine_configuration
+  endpoint                    = each.value.ipv4_address
+  node                        = each.value.ipv4_address
+  config_patches = [
+    templatefile("${path.module}/templates/machineconfig-worker.yaml.tmpl", {
+      hostname            = each.value.name
+      cluster_name        = var.node_config.cluster_name
+      node_name           = format("%s.wheatley.in", var.node_config.proxmox_node)
+      storage_address     = each.value.storage_address
+      machine_type        = each.value.type
+      talos_version       = var.node_config.talos_version
+      gateway-api_version = var.node_config.gateway_api_version
+      cilium_version      = var.node_config.cilium_version
+      cilium_install_file = file("${path.module}/templates/cilium-install.yaml.tmpl")
+      pvc_disks           = each.value.pvc_disks
+      gpu_enabled         = each.value.gpu_enabled
+    })
+  ]
+}
+
+resource "talos_machine_bootstrap" "talos_machine_bootstrap" {
+  depends_on = [
+    talos_machine_configuration_apply.config_apply_cp,
+    talos_machine_configuration_apply.config_apply_worker
+  ]
+  client_configuration = talos_machine_secrets.machine_secrets.client_configuration
+  node                 = var.talos_nodes[0].ipv4_address
+}
+
+resource "talos_cluster_kubeconfig" "kubeconfig" {
+  client_configuration = talos_machine_secrets.machine_secrets.client_configuration
+  node                 = var.node_config.cluster_endpoint
+}

modules/talos-bootstrap/outputs.tf

@@ -0,0 +1,9 @@
+output "talosconfig" {
+  value     = data.talos_client_configuration.talosconfig.talos_config
+  sensitive = true
+}
+
+output "kubeconfig" {
+  value     = talos_cluster_kubeconfig.kubeconfig
+  sensitive = true
+}

modules/talos-bootstrap/templates/cilium-install.yaml.tmpl

@@ -0,0 +1,100 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cilium-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: cilium-install
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cilium-install
+  namespace: kube-system
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: cilium-install
+  namespace: kube-system
+spec:
+  backoffLimit: 10
+  template:
+    metadata:
+      labels:
+        app: cilium-install
+    spec:
+      restartPolicy: OnFailure
+      tolerations:
+        - operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+        - effect: PreferNoSchedule
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoExecute
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: PreferNoSchedule
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: Exists
+      serviceAccount: cilium-install
+      serviceAccountName: cilium-install
+      hostNetwork: true
+      containers:
+      - name: cilium-install
+        image: quay.io/cilium/cilium-cli:latest
+        env:
+        - name: KUBERNETES_SERVICE_HOST
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: KUBERNETES_SERVICE_PORT
+          value: "6443"
+        command:
+          - cilium
+          - install
+          - --set
+          - ipam.mode=kubernetes
+          - --set
+          - kubeProxyReplacement=true
+          - --set
+          - securityContext.capabilities.ciliumAgent={CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}
+          - --set
+          - securityContext.capabilities.cleanCiliumState={NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}
+          - --set
+          - cgroup.autoMount.enabled=false
+          - --set
+          - cgroup.hostRoot=/sys/fs/cgroup
+          - --set
+          - k8sServiceHost=$(KUBERNETES_SERVICE_HOST)
+          - --set
+          - k8sServicePort=$(KUBERNETES_SERVICE_PORT)
+          - --set
+          - gatewayAPI.enabled=true
+          - --set
+          - gatewayAPI.enableAlpn=true 
+          - --set
+          - gatewayAPI.enableAppProtocol=true
+          - --set
+          - hubble.relay.enabled=true
+          - --set 
+          - hubble.ui.enabled=true

modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl

@@ -0,0 +1,42 @@
+debug: false
+machine:
+  type: ${machine_type}
+  install:
+    disk: /dev/vda
+  network:
+    hostname: ${hostname}
+    nameservers:
+      - 9.9.9.9
+    interfaces:
+      - interface: eth0
+        dhcp: false
+        vip:
+          ip: ${vip_address}
+  kubelet:
+    extraArgs:
+      pod-max-pids: 1000
+    extraConfig:
+      imageGCHighThresholdPercent: 75
+      imageGCLowThresholdPercent: 70
+  nodeLabels:
+    topology.kubernetes.io/region: ${cluster_name}
+    topology.kubernetes.io/zone: ${node_name}
+
+cluster:
+  apiServer:
+    auditPolicy:
+      apiVersion: audit.k8s.io/v1
+      kind: Policy
+      rules:
+        - level: Metadata
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true
+  extraManifests:
+  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml
+  inlineManifests:
+  - name: cilium-bootstrap
+    contents: |
+      ${indent(6, cilium_install_file)}

modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl

@@ -0,0 +1,61 @@
+debug: false
+machine:
+  type: ${machine_type}
+  install:
+    disk: /dev/vda
+%{ if gpu_enabled != false ~}
+    image: factory.talos.dev/nocloud-installer-secureboot/29d29d87bf3b88fe13caf73c20c7a8b6a4355d8177d0d690d5c9f85d4ddb67b7:v${talos_version}
+%{ endif ~}
+  network:
+    hostname: ${hostname}
+    nameservers:
+      - 9.9.9.9
+%{ if storage_address != false ~}
+    interfaces:
+      - interface: eth1
+        mtu: 9000
+        dhcp: false
+        addresses:
+          - ${storage_address}/24
+%{ endif ~}
+  kubelet:
+    extraArgs:
+      pod-max-pids: 1000
+    extraConfig:
+      imageGCHighThresholdPercent: 75
+      imageGCLowThresholdPercent: 70
+    nodeIP:
+      validSubnets:
+        - 10.13.37.0/24
+  kernel:
+    modules:
+      - name: drbd
+        parameters:
+          - usermode_helper=disabled
+      - name: drbd_transport_tcp
+      - name: dm_thin_pool
+%{ if gpu_enabled != false ~}
+      - name: i915
+%{ endif ~}
+  nodeLabels:
+    topology.kubernetes.io/region: ${cluster_name}
+    topology.kubernetes.io/zone: ${node_name}
+
+cluster:
+  apiServer:
+    auditPolicy:
+      apiVersion: audit.k8s.io/v1
+      kind: Policy
+      rules:
+        - level: Metadata
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true
+  extraManifests:
+  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml
+  inlineManifests:
+  - name: cilium-bootstrap
+    contents: |
+      ${indent(6, cilium_install_file)}

modules/talos-bootstrap/variables.tf

@@ -0,0 +1,27 @@
+variable "node_config" {
+  description = "Talos node configuration"
+  type = object({
+    ipv4_gateway           = string
+    talos_version          = string
+    gateway_api_version    = string
+    cilium_version         = string
+    cluster_name           = string
+    kubernetes_version     = string
+    cluster_endpoint       = string
+    proxmox_node           = string
+    controlplane_addresses = list(string)
+    worker_addresses       = list(string)
+  })
+}
+
+variable "talos_nodes" {
+  description = "List of Talos nodes to bootstrap"
+  type = list(object({
+    name            = string
+    type            = string
+    ipv4_address    = string
+    storage_address = optional(string)
+    pvc_disks       = optional(list(number))
+    gpu_enabled     = optional(bool, false)
+  }))
+}

modules/talos-node/main.tf

@@ -0,0 +1,92 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "0.86.0"
+    }
+  }
+}
+
+resource "proxmox_virtual_environment_vm" "talos-node" {
+  vm_id     = var.node.id
+  name      = var.node.name
+  node_name = var.node.proxmox_node
+  tags      = ["tofu"]
+  bios      = "ovmf"
+
+  clone {
+    vm_id   = 10000 + tonumber(replace(var.node.talos_version, ".", ""))
+    retries = 3
+  }
+
+  cpu {
+    cores   = var.node.cpu
+    sockets = 1
+    type    = "host"
+  }
+
+  memory {
+    dedicated = var.node.memory * 1024
+  }
+
+  disk {
+    datastore_id = var.node.storagepool
+    interface    = "virtio0"
+    size         = var.node.disk
+    file_format  = "raw"
+  }
+
+  dynamic "disk" {
+    for_each = tolist(var.pvc_disks)
+    content {
+      datastore_id = "nvme-fastpool"
+      interface    = "virtio${disk.key + 1}"
+      size         = disk.value
+      file_format  = "raw"
+    }
+  }
+
+  network_device {
+    bridge = "vmbr1"
+    model  = "virtio"
+    mtu    = 1500
+  }
+
+  dynamic "network_device" {
+    for_each = var.node.type == "worker" ? [1] : []
+    content {
+      bridge = "vmbr2"
+      model  = "virtio"
+      mtu    = 9000
+    }
+  }
+
+  dynamic "hostpci" {
+    for_each = var.node.gpu == true ? [1] : []
+    content {
+      device  = "hostpci0"
+      mapping = "A380_GPU"
+      pcie    = true
+      rombar  = true
+    }
+  }
+
+  initialization {
+    datastore_id = var.node.storagepool
+    ip_config {
+      ipv4 {
+        address = format("%s/24", var.node.ipv4_address)
+        gateway = var.node.ipv4_gateway
+      }
+    }
+    dns {
+      servers = ["9.9.9.9"]
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      clone,
+    ]
+  }
+}

modules/talos-node/variables.tf

@@ -0,0 +1,25 @@
+variable "node" {
+  description = "Basic configuration for the Talos node"
+  type = object({
+    id                 = number
+    type               = string
+    name               = string
+    ipv4_address       = string
+    ipv4_gateway       = string
+    cpu                = number
+    gpu                = optional(bool, false)
+    memory             = number
+    disk               = string
+    storagepool        = string
+    talos_version      = string
+    cluster_name       = string
+    kubernetes_version = string
+    cluster_endpoint   = string
+    proxmox_node       = string
+  })
+}
+variable "pvc_disks" {
+  description = "List of extra disks to attach to the node"
+  type        = list(number)
+  default     = []
+}