scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-30 17:37:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

1. Using a dict instead of set in proxmox_virtual_environment_download_file to maintain consistant order and avoid destroying and recreating resource.

Browse Source 
2. Pointing the update_schematic to existing file and added a comment.
3. Reverted to using http api for getting schematic id.
4. Left the official provider code intact and added a comment.
5. Fixed a typo in cert generation comment

Signed-off-by: Karteek <120569182+karteekiitg@users.noreply.github.com>
This commit is contained in:
Karteek
2025-02-23 01:02:30 +05:30
committed by Vegard Stenhjem Hagen
parent 25cfa2bbb6
commit dee7911259
3 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tofu/kubernetes/main.tf
View File

@@ -9,6 +9,8 @@ module "talos" {
version = "v1.9.2" version = "v1.9.2"
update_version = "v1.9.3" # renovate: github-releases=siderolabs/talos update_version = "v1.9.3" # renovate: github-releases=siderolabs/talos
schematic = file("${path.module}/talos/image/schematic.yaml") schematic = file("${path.module}/talos/image/schematic.yaml")
# Point this to a new schematic file to update the schematic
update_schematic = file("${path.module}/talos/image/schematic.yaml")
} }
cilium = { cilium = {
@@ -77,7 +79,7 @@ module "sealed_secrets" {
kubernetes = kubernetes kubernetes = kubernetes
} }
// openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout sealed-secrets.key -out sealed-secrets.cert -subj "/CN=sealed-secret/O=sealed-secret" // openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout sealed-secrets.key -out sealed-secrets.crt -subj "/CN=sealed-secret/O=sealed-secret"
cert = { cert = {
cert = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.crt") cert = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.crt")
key = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.key") key = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.key")

41
tofu/kubernetes/talos/image.tf
View File

@@ -1,11 +1,33 @@
locals { locals {
version = var.image.version version = var.image.version
schematic = var.image.schematic schematic = var.image.schematic
image_id = "${talos_image_factory_schematic.this.id}_${local.version}" schematic_id = jsondecode(data.http.schematic_id.response_body)["id"]
update_version = coalesce(var.image.update_version, var.image.version) update_version = coalesce(var.image.update_version, var.image.version)
update_schematic = coalesce(var.image.update_schematic, var.image.schematic) update_schematic = coalesce(var.image.update_schematic, var.image.schematic)
update_image_id = "${talos_image_factory_schematic.updated.id}_${local.update_version}" update_schematic_id = jsondecode(data.http.updated_schematic_id.response_body)["id"]
image_id = "${local.schematic_id}_${local.version}"
update_image_id = "${local.update_schematic_id}_${local.update_version}"
# Comment the above 2 lines and un-comment the below 2 lines to use the provider schematic ID instead of the HTTP one
# ref - https://github.com/vehagn/homelab/issues/106
# image_id = "${talos_image_factory_schematic.this.id}_${local.version}"
# update_image_id = "${talos_image_factory_schematic.updated.id}_${local.update_version}"
}
data "http" "schematic_id" {
url = "${var.image.factory_url}/schematics"
method = "POST"
request_body = local.schematic
}
data "http" "updated_schematic_id" {
url = "${var.image.factory_url}/schematics"
method = "POST"
request_body = local.update_schematic
} }
resource "talos_image_factory_schematic" "this" { resource "talos_image_factory_schematic" "this" {
@@ -17,14 +39,21 @@ resource "talos_image_factory_schematic" "updated" {
} }
resource "proxmox_virtual_environment_download_file" "this" { resource "proxmox_virtual_environment_download_file" "this" {
for_each = toset(distinct([for k, v in var.nodes : "${v.host_node}_${v.update == true ? local.update_image_id : local.image_id}"])) for_each = {
for k, v in var.nodes :
"${v.host_node}_${v.update == true ? local.update_image_id : local.image_id}" => {
host_node = v.host_node
version = v.update == true ? local.update_version : local.version
schematic = v.update == true ? talos_image_factory_schematic.updated.id : talos_image_factory_schematic.this.id
}
}
node_name = split("_", each.key)[0] node_name = each.value.host_node
content_type = "iso" content_type = "iso"
datastore_id = var.image.proxmox_datastore datastore_id = var.image.proxmox_datastore
file_name = "talos-${split("_",each.key)[1]}-${split("_", each.key)[2]}-${var.image.platform}-${var.image.arch}.img" file_name = "talos-${each.value.schematic}-${each.value.version}-${var.image.platform}-${var.image.arch}.img"
url = "${var.image.factory_url}/image/${split("_", each.key)[1]}/${split("_", each.key)[2]}/${var.image.platform}-${var.image.arch}.raw.gz" url = "${var.image.factory_url}/image/${each.value.schematic}/${each.value.version}/${var.image.platform}-${var.image.arch}.raw.gz"
decompression_algorithm = "gz" decompression_algorithm = "gz"
overwrite = false overwrite = false
} }

4
tofu/kubernetes/talos/providers.tf
View File

@@ -8,5 +8,9 @@ terraform {
source = "siderolabs/talos" source = "siderolabs/talos"
version = ">=0.6.0" version = ">=0.6.0"
} }
http = {
source = "hashicorp/http"
version = ">=3.4.5"
}
} }
} }