From 2b18b12e0bb7e792476a990920e3e67ddd97b458 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Sun, 31 Mar 2024 11:33:45 +0800 Subject: [PATCH] fix(code-server): Talos admin --- .rtx.toml | 1 + Taskfile.dist.yaml | 1 + kube/deploy/apps/code-server/app/hr.yaml | 10 ++++++++++ kube/deploy/apps/code-server/app/rbac.yaml | 8 ++++++++ 4 files changed, 20 insertions(+) diff --git a/.rtx.toml b/.rtx.toml index ea6665bf..eb4ed864 100644 --- a/.rtx.toml +++ b/.rtx.toml @@ -14,6 +14,7 @@ talosctl = ["1.5.4", "1.3.6"] talhelper = ["1.16.2"] cilium-cli= ["0.15.14"] 1password-cli = ["2.24.0"] +restic = ["0.16.4"] #pulumi = ["3.95.0"] diff --git a/Taskfile.dist.yaml b/Taskfile.dist.yaml index 6068a1d1..bd83eec8 100644 --- a/Taskfile.dist.yaml +++ b/Taskfile.dist.yaml @@ -40,6 +40,7 @@ tasks: gitconfig: desc: Configure Git. + dir: '{{.USER_WORKING_DIR}}' cmds: - git config commit.gpgSign true - git config pull.rebase true diff --git a/kube/deploy/apps/code-server/app/hr.yaml b/kube/deploy/apps/code-server/app/hr.yaml index 45ae9bb8..b5172ac6 100644 --- a/kube/deploy/apps/code-server/app/hr.yaml +++ b/kube/deploy/apps/code-server/app/hr.yaml @@ -164,6 +164,16 @@ spec: - subPath: "ssh-pubkey" path: "/home/coder/.ssh/id_rsa.pub" readOnly: true + talos-admin: + enabled: true + type: secret + name: "talos" + defaultMode: 0400 + advancedMounts: + main: + main: + - path: "/var/run/secrets/talos.dev" + readOnly: true tmp: enabled: true type: emptyDir diff --git a/kube/deploy/apps/code-server/app/rbac.yaml b/kube/deploy/apps/code-server/app/rbac.yaml index b533bfeb..2be375ae 100644 --- a/kube/deploy/apps/code-server/app/rbac.yaml +++ b/kube/deploy/apps/code-server/app/rbac.yaml @@ -11,3 +11,11 @@ subjects: - kind: ServiceAccount name: *app namespace: *app +--- +apiVersion: talos.dev/v1alpha1 +kind: ServiceAccount +metadata: + name: talos +spec: + roles: + - os:admin