diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl index 978019b..67829b1 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl @@ -16,6 +16,7 @@ machine: kubelet: extraArgs: pod-max-pids: 1000 + rotate-server-certificates: true extraConfig: imageGCHighThresholdPercent: 75 imageGCLowThresholdPercent: 70 @@ -37,6 +38,7 @@ cluster: disabled: true extraManifests: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml + - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/refs/heads/main/deploy/standalone-install.yaml inlineManifests: - name: cilium-bootstrap contents: | diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl index 4300403..65e4900 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl @@ -19,6 +19,7 @@ machine: kubelet: extraArgs: pod-max-pids: 1000 + rotate-server-certificates: true extraConfig: imageGCHighThresholdPercent: 75 imageGCLowThresholdPercent: 70 @@ -50,6 +51,7 @@ cluster: disabled: true extraManifests: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml + - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/refs/heads/main/deploy/standalone-install.yaml inlineManifests: - name: cilium-bootstrap contents: | diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf b/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf index deae941..abf0934 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf @@ -8,21 +8,20 @@ terraform { } resource "proxmox_virtual_environment_vm" "talos-node" { - vm_id = var.node.id - name = var.node.name - node_name = var.node.proxmox_node - tags = ["tofu"] - bios = "ovmf" + vm_id = var.node.id + name = var.node.name + node_name = var.node.proxmox_node + tags = ["tofu"] clone { - vm_id = 10000 + tonumber(replace(var.node.talos_version, ".", "")) + vm_id = 10000 + tonumber(replace(var.node.talos_version, ".", "")) retries = 3 } cpu { cores = var.node.cpu sockets = 1 - type = "host" + type = "x86-64-v2-AES" } memory { @@ -47,17 +46,17 @@ resource "proxmox_virtual_environment_vm" "talos-node" { } network_device { - bridge = "vmbr1" - model = "virtio" - mtu = 1500 + bridge = "vmbr1" + model = "virtio" + mtu = 1500 } dynamic "network_device" { for_each = var.node.type == "worker" ? [1] : [] content { - bridge = "vmbr2" - model = "virtio" - mtu = 9000 + bridge = "vmbr2" + model = "virtio" + mtu = 9000 } } diff --git a/pve01.wheatley.in/templates/main.tf b/pve01.wheatley.in/templates/main.tf deleted file mode 100644 index f07e7ab..0000000 --- a/pve01.wheatley.in/templates/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -terraform { - backend "s3" { - bucket = "13225-wheatley-states" - key = "pve01-templates.tfstate" - region = "main" - skip_credentials_validation = true - skip_metadata_api_check = true - skip_region_validation = true - force_path_style = true - } -} - -provider "proxmox" { - endpoint = var.proxmox_endpoint - api_token = var.proxmox_api_token - ssh { - agent = true - username = "tofu" - } -} - -module "talos" { - source = "./talos" - talos_versions = ["1.11.5"] -} diff --git a/pve01.wheatley.in/templates/.terraform.lock.hcl b/pve01.wheatley.in/templates/talos/.terraform.lock.hcl similarity index 97% rename from pve01.wheatley.in/templates/.terraform.lock.hcl rename to pve01.wheatley.in/templates/talos/.terraform.lock.hcl index a6f5d9e..9f1211b 100644 --- a/pve01.wheatley.in/templates/.terraform.lock.hcl +++ b/pve01.wheatley.in/templates/talos/.terraform.lock.hcl @@ -25,8 +25,7 @@ provider "registry.opentofu.org/bpg/proxmox" { } provider "registry.opentofu.org/hashicorp/http" { - version = "3.5.0" - constraints = "3.5.0" + version = "3.5.0" hashes = [ "h1:eClUBisXme48lqiUl3U2+H2a2mzDawS9biqfkd9synw=", "zh:0a2b33494eec6a91a183629cf217e073be063624c5d3f70870456ddb478308e9", diff --git a/pve01.wheatley.in/templates/talos/main.tf b/pve01.wheatley.in/templates/talos/main.tf index bafe748..61cbd78 100644 --- a/pve01.wheatley.in/templates/talos/main.tf +++ b/pve01.wheatley.in/templates/talos/main.tf @@ -1,12 +1,29 @@ terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = "0.86.0" - } + backend "s3" { + bucket = "13225-wheatley-states" + key = "pve01-templates.tfstate" + region = "main" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + force_path_style = true } } +provider "proxmox" { + endpoint = var.proxmox_endpoint + api_token = var.proxmox_api_token + ssh { + agent = true + username = "root" + } +} + + +locals { + talos_versions = ["1.11.5"] +} + data "http" "schematic" { url = "https://factory.talos.dev/schematics" method = "POST" @@ -23,20 +40,21 @@ locals { } resource "proxmox_virtual_environment_download_file" "talos-image" { - for_each = toset(var.talos_versions) + for_each = toset(local.talos_versions) node_name = "pve01" datastore_id = "local" content_type = "iso" - url = "https://factory.talos.dev/image/${local.schematic_id}/v${each.value}/nocloud-amd64-secureboot.iso" - file_name = "talos-${each.value}-nocloud-amd64-secureboot.iso" + url = "https://factory.talos.dev/image/${local.schematic_id}/v${each.value}/nocloud-amd64-secureboot.raw.gz" + file_name = "talos-${each.value}-nocloud-amd64-secureboot.img" + decompression_algorithm = "gz" } resource "proxmox_virtual_environment_vm" "talos-template" { depends_on = [proxmox_virtual_environment_download_file.talos-image] - for_each = toset(var.talos_versions) + for_each = toset(local.talos_versions) template = true vm_id = 10000 + tonumber(replace(each.value, ".", "")) @@ -55,7 +73,7 @@ resource "proxmox_virtual_environment_vm" "talos-template" { cpu { cores = 2 sockets = 1 - type = "host" + type = "x86-64-v2-AES" } memory { dedicated = 2048 @@ -75,4 +93,7 @@ resource "proxmox_virtual_environment_vm" "talos-template" { datastore_id = local.storagepool version = "v2.0" } + network_device { + bridge = "vmbr1" + } } diff --git a/pve01.wheatley.in/templates/providers.tf b/pve01.wheatley.in/templates/talos/providers.tf similarity index 100% rename from pve01.wheatley.in/templates/providers.tf rename to pve01.wheatley.in/templates/talos/providers.tf diff --git a/pve01.wheatley.in/templates/talos/variables.tf b/pve01.wheatley.in/templates/talos/variables.tf index 22784bb..086f9ff 100644 --- a/pve01.wheatley.in/templates/talos/variables.tf +++ b/pve01.wheatley.in/templates/talos/variables.tf @@ -1,5 +1,8 @@ -variable talos_versions { - description = "List of Talos versions to create templates for" - type = list(string) - default = [] +variable "proxmox_endpoint" { + description = "Proxmox API endpoint" + type = string +} +variable "proxmox_api_token" { + description = "Proxmox API token" + type = string } diff --git a/pve01.wheatley.in/templates/variables.tf b/pve01.wheatley.in/templates/variables.tf deleted file mode 100644 index 086f9ff..0000000 --- a/pve01.wheatley.in/templates/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "proxmox_endpoint" { - description = "Proxmox API endpoint" - type = string -} -variable "proxmox_api_token" { - description = "Proxmox API token" - type = string -}