mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-01-27 10:18:27 +00:00
5ba9c8ae7b
- installs Flux in hostNetwork mode binded to localhost to new clusters - rework Taskfiles for new bootstrap flow, including loading secrets direct from 1Password with no SOPS for secret zero - use 1Password for both talsecret and talenv for talhelper genconfig - remove SOPS secrets - add Sinon cluster, used as NAS - cleanup ExternalSecret and 1P Connect's Flux ks for smoother bootstrap - try out 1Password Connect as extraContainer in external-secrets deployment to avoid secrets going over network - general cleanup
Kuberhazard
Let's-a Go!
Clone repo
git clone git@github.com:JJGadgets/Biohazard.git && cd ./Biohazard/kubeInstall Kubernetes
- Use Talos Linux to install, the install script & patches are in `0-install` folder.
cd ./0-install && chmod +x ./talosInstall.sh && ./talosInstall.sh- Or use Sidero, whatever floats your boat.
Install & Bootstrap Flux
Run `kubectl apply` twice due to CRD race conditions, and applying the same manifests multiple times won't duplicate deployed resources anyway so it's probably a good idea. (TODO: add SOPS steps after deploying it)
cd .. && kubectl apply -k ./1-bootstrap/flux/flux-system && kubectl apply -k ./1-bootstrap/flux/flux-systemHardware & Network Grid
| Name | OS | Role | CPU | RAM | Storage | VLAN | IP |
| thunder | Proxmox | Hypervisor (R730xd) | 20C40T 2xE5-2660v3 | 64GB DDR4 + 32GB zstd zram | ZFS Mirror 2xSN550 1TB + ZFS RAID10 HDDs | LAN | masked |
| pve2 | Proxmox | Hypervisor (Supermicro Dual) | 16C32T 2xE5-2670v1 | 64GB DDR3 + 32GB zstd zram | ZFS 1x870Evo 1TB + ext4 1TB HDD boot | LAN | masked |
| pve2 | Proxmox | Hypervisor (Supermicro Single) | 8C16T 1xE5-2670v1 | 64GB DDR3 + 32GB zstd zram | ZFS Mirror 2x500GB HDDs | LAN | masked |
| Blackhawk | Void | kubectl client | 8C16T Ryzen 4750U | 48GB SODIMM | ext4 SN520 512GB OS + ZFS 1xSN550 1TB /home | LAN/JJ | DHCP |
| OPNsense | FreeBSD | Firewall Router (VM) | vCPU E5-2660v3 | 8GB VM | 40GB zvol boot | LAN/58 | masked |
| Sidero | Alpine | Talos Manager (inactive) | vCPU E5-2660v3 | 6GB VM | 50GB zvol boot | 58 | 172.27.27.28 |
| cp-vip | Talos | Control Plane VIP | - | - | - | 58 | 172.27.27.27 |
| kube-pve-master1 | Talos | Untainted Master Node 1 | 6C vCPU E5-2660v3 | 12GB VM | 100GB qcow2 boot + 100GB qcow2 Ceph | 58 | 172.27.27.18 |
| kube-pve-master2 | Talos | Untainted Master Node 2 | 6C vCPU E5-2670v1 | 10GB VM | 100GB qcow2 boot + 100GB qcow2 Ceph | 58 | 172.27.27.19 |
| kube-pve-master3 | Talos | Control Plane & Master 3 | 6C vCPU E5-2660v3 | 4GB VM | 100GB qcow2 boot | 58 | 172.27.27.20 |
| kube-pve-worker3 | Talos | Worker Node 3 | 6C vCPU E5-2660v3 | 12GB VM | 100GB qcow2 boot + 100GB qcow2 Ceph | 58 | 172.27.27.23 |
| kube-pve-worker1 | Talos | Worker Node 1 (Inactive, no RAM) | 6C vCPU E5-2660v3 | 6GB VM | 100GB qcow2 boot | 58 | 172.27.27.21 |
| kube-pve-worker2 | Talos | Worker Node 2 (Inactive, no RAM) | 6C vCPU E5-2670v2 | 6GB VM | 100GB qcow2 boot | 58 | 172.27.27.22 |