From 0e37a6419831887e054f65fa758a70facf8e27d3 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 20 Dec 2025 19:35:37 +0100 Subject: [PATCH 1/3] chore: Refactor templates into modules --- .../templates/{talos => }/.terraform.lock.hcl | 3 +- pve01.wheatley.in/templates/main.tf | 25 +++++++++++ .../templates/{talos => }/providers.tf | 0 pve01.wheatley.in/templates/talos/main.tf | 41 +++++-------------- .../templates/talos/variables.tf | 11 ++--- pve01.wheatley.in/templates/variables.tf | 8 ++++ 6 files changed, 49 insertions(+), 39 deletions(-) rename pve01.wheatley.in/templates/{talos => }/.terraform.lock.hcl (97%) create mode 100644 pve01.wheatley.in/templates/main.tf rename pve01.wheatley.in/templates/{talos => }/providers.tf (100%) create mode 100644 pve01.wheatley.in/templates/variables.tf diff --git a/pve01.wheatley.in/templates/talos/.terraform.lock.hcl b/pve01.wheatley.in/templates/.terraform.lock.hcl similarity index 97% rename from pve01.wheatley.in/templates/talos/.terraform.lock.hcl rename to pve01.wheatley.in/templates/.terraform.lock.hcl index 9f1211b..a6f5d9e 100644 --- a/pve01.wheatley.in/templates/talos/.terraform.lock.hcl +++ b/pve01.wheatley.in/templates/.terraform.lock.hcl @@ -25,7 +25,8 @@ provider "registry.opentofu.org/bpg/proxmox" { } provider "registry.opentofu.org/hashicorp/http" { - version = "3.5.0" + version = "3.5.0" + constraints = "3.5.0" hashes = [ "h1:eClUBisXme48lqiUl3U2+H2a2mzDawS9biqfkd9synw=", "zh:0a2b33494eec6a91a183629cf217e073be063624c5d3f70870456ddb478308e9", diff --git a/pve01.wheatley.in/templates/main.tf b/pve01.wheatley.in/templates/main.tf new file mode 100644 index 0000000..f07e7ab --- /dev/null +++ b/pve01.wheatley.in/templates/main.tf @@ -0,0 +1,25 @@ +terraform { + backend "s3" { + bucket = "13225-wheatley-states" + key = "pve01-templates.tfstate" + region = "main" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + force_path_style = true + } +} + +provider "proxmox" { + endpoint = var.proxmox_endpoint + api_token = var.proxmox_api_token + ssh { + agent = true + username = "tofu" + } +} + +module "talos" { + source = "./talos" + talos_versions = ["1.11.5"] +} diff --git a/pve01.wheatley.in/templates/talos/providers.tf b/pve01.wheatley.in/templates/providers.tf similarity index 100% rename from pve01.wheatley.in/templates/talos/providers.tf rename to pve01.wheatley.in/templates/providers.tf diff --git a/pve01.wheatley.in/templates/talos/main.tf b/pve01.wheatley.in/templates/talos/main.tf index 61cbd78..bafe748 100644 --- a/pve01.wheatley.in/templates/talos/main.tf +++ b/pve01.wheatley.in/templates/talos/main.tf @@ -1,29 +1,12 @@ terraform { - backend "s3" { - bucket = "13225-wheatley-states" - key = "pve01-templates.tfstate" - region = "main" - skip_credentials_validation = true - skip_metadata_api_check = true - skip_region_validation = true - force_path_style = true + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "0.86.0" + } } } -provider "proxmox" { - endpoint = var.proxmox_endpoint - api_token = var.proxmox_api_token - ssh { - agent = true - username = "root" - } -} - - -locals { - talos_versions = ["1.11.5"] -} - data "http" "schematic" { url = "https://factory.talos.dev/schematics" method = "POST" @@ -40,21 +23,20 @@ locals { } resource "proxmox_virtual_environment_download_file" "talos-image" { - for_each = toset(local.talos_versions) + for_each = toset(var.talos_versions) node_name = "pve01" datastore_id = "local" content_type = "iso" - url = "https://factory.talos.dev/image/${local.schematic_id}/v${each.value}/nocloud-amd64-secureboot.raw.gz" - file_name = "talos-${each.value}-nocloud-amd64-secureboot.img" - decompression_algorithm = "gz" + url = "https://factory.talos.dev/image/${local.schematic_id}/v${each.value}/nocloud-amd64-secureboot.iso" + file_name = "talos-${each.value}-nocloud-amd64-secureboot.iso" } resource "proxmox_virtual_environment_vm" "talos-template" { depends_on = [proxmox_virtual_environment_download_file.talos-image] - for_each = toset(local.talos_versions) + for_each = toset(var.talos_versions) template = true vm_id = 10000 + tonumber(replace(each.value, ".", "")) @@ -73,7 +55,7 @@ resource "proxmox_virtual_environment_vm" "talos-template" { cpu { cores = 2 sockets = 1 - type = "x86-64-v2-AES" + type = "host" } memory { dedicated = 2048 @@ -93,7 +75,4 @@ resource "proxmox_virtual_environment_vm" "talos-template" { datastore_id = local.storagepool version = "v2.0" } - network_device { - bridge = "vmbr1" - } } diff --git a/pve01.wheatley.in/templates/talos/variables.tf b/pve01.wheatley.in/templates/talos/variables.tf index 086f9ff..22784bb 100644 --- a/pve01.wheatley.in/templates/talos/variables.tf +++ b/pve01.wheatley.in/templates/talos/variables.tf @@ -1,8 +1,5 @@ -variable "proxmox_endpoint" { - description = "Proxmox API endpoint" - type = string -} -variable "proxmox_api_token" { - description = "Proxmox API token" - type = string +variable talos_versions { + description = "List of Talos versions to create templates for" + type = list(string) + default = [] } diff --git a/pve01.wheatley.in/templates/variables.tf b/pve01.wheatley.in/templates/variables.tf new file mode 100644 index 0000000..086f9ff --- /dev/null +++ b/pve01.wheatley.in/templates/variables.tf @@ -0,0 +1,8 @@ +variable "proxmox_endpoint" { + description = "Proxmox API endpoint" + type = string +} +variable "proxmox_api_token" { + description = "Proxmox API token" + type = string +} From 814a1cf5e3e0dfe372106d6a37e0624d1d9918c6 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 20 Dec 2025 19:36:11 +0100 Subject: [PATCH 2/3] chore: Remove kubelet-serving-cert-approver --- .../talos-bootstrap/templates/machineconfig-cp.yaml.tmpl | 2 -- .../talos-bootstrap/templates/machineconfig-worker.yaml.tmpl | 2 -- 2 files changed, 4 deletions(-) diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl index 67829b1..978019b 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-cp.yaml.tmpl @@ -16,7 +16,6 @@ machine: kubelet: extraArgs: pod-max-pids: 1000 - rotate-server-certificates: true extraConfig: imageGCHighThresholdPercent: 75 imageGCLowThresholdPercent: 70 @@ -38,7 +37,6 @@ cluster: disabled: true extraManifests: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml - - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/refs/heads/main/deploy/standalone-install.yaml inlineManifests: - name: cilium-bootstrap contents: | diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl index 65e4900..4300403 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-bootstrap/templates/machineconfig-worker.yaml.tmpl @@ -19,7 +19,6 @@ machine: kubelet: extraArgs: pod-max-pids: 1000 - rotate-server-certificates: true extraConfig: imageGCHighThresholdPercent: 75 imageGCLowThresholdPercent: 70 @@ -51,7 +50,6 @@ cluster: disabled: true extraManifests: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v${gateway-api_version}/standard-install.yaml - - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/refs/heads/main/deploy/standalone-install.yaml inlineManifests: - name: cilium-bootstrap contents: | From 58dce491bb3ddda5cceee76b6b203e2239137c9b Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 20 Dec 2025 19:36:29 +0100 Subject: [PATCH 3/3] chore: Formatting --- .../k8s-wheatley/modules/talos-node/main.tf | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf b/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf index abf0934..deae941 100644 --- a/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf +++ b/pve01.wheatley.in/k8s-wheatley/modules/talos-node/main.tf @@ -8,20 +8,21 @@ terraform { } resource "proxmox_virtual_environment_vm" "talos-node" { - vm_id = var.node.id - name = var.node.name - node_name = var.node.proxmox_node - tags = ["tofu"] + vm_id = var.node.id + name = var.node.name + node_name = var.node.proxmox_node + tags = ["tofu"] + bios = "ovmf" clone { - vm_id = 10000 + tonumber(replace(var.node.talos_version, ".", "")) + vm_id = 10000 + tonumber(replace(var.node.talos_version, ".", "")) retries = 3 } cpu { cores = var.node.cpu sockets = 1 - type = "x86-64-v2-AES" + type = "host" } memory { @@ -46,17 +47,17 @@ resource "proxmox_virtual_environment_vm" "talos-node" { } network_device { - bridge = "vmbr1" - model = "virtio" - mtu = 1500 + bridge = "vmbr1" + model = "virtio" + mtu = 1500 } dynamic "network_device" { for_each = var.node.type == "worker" ? [1] : [] content { - bridge = "vmbr2" - model = "virtio" - mtu = 9000 + bridge = "vmbr2" + model = "virtio" + mtu = 9000 } }