Add proxmox templates

proxmox/.gitignore

@@ -1 +1,2 @@
+_cfgs/
 *.yaml

proxmox/Makefile

@@ -0,0 +1,25 @@
+
+ENDPOINT=192.168.10.10
+
+help:
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+create-config: ## Genereate talos configs
+	talosctl gen config --output-dir _cfgs --with-docs=false --with-examples=false talos-k8s-proxmox https://${ENDPOINT}:6443
+
+create-templates:
+	@yq ea -P '. as $$item ireduce ({}; . * $$item )' _cfgs/controlplane.yaml templates/controlplane.yaml.tpl > templates/controlplane.yaml
+	@echo 'podSubnets: "10.32.0.0/12,fd00:10:32::/102"'        >  _cfgs/tfstate.vars
+	@echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/112"'  >> _cfgs/tfstate.vars
+	@echo 'apiDomain: api.cluster.local'                       >> _cfgs/tfstate.vars
+	@yq eval '.cluster.network.dnsDomain' _cfgs/controlplane.yaml | awk '{ print "domain: "$$1}'       >> _cfgs/tfstate.vars
+	@yq eval '.cluster.clusterName' _cfgs/controlplane.yaml       | awk '{ print "clusterName: "$$1}'  >> _cfgs/tfstate.vars
+	@yq eval '.machine.token'  _cfgs/controlplane.yaml            | awk '{ print "tokenMachine: "$$1}' >> _cfgs/tfstate.vars
+	@yq eval '.machine.ca.crt' _cfgs/controlplane.yaml            | awk '{ print "caMachine: "$$1}'    >> _cfgs/tfstate.vars
+	@yq eval '.cluster.token'  _cfgs/controlplane.yaml            | awk '{ print "token: "$$1}'        >> _cfgs/tfstate.vars
+	@yq eval '.cluster.ca.crt' _cfgs/controlplane.yaml            | awk '{ print "ca: "$$1}'           >> _cfgs/tfstate.vars
+
+	@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
+
+create-kubeconfig:
+	talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig

proxmox/instances-master.tf

@@ -8,8 +8,16 @@ resource "null_resource" "controlplane_machineconfig" {
   }
 
   provisioner "file" {
-    # content     = file("init.yaml")
-    source      = "init.yaml"
+    content = templatefile("${path.module}/templates/controlplane.yaml",
+      merge(var.kubernetes, {
+        name        = "master-${count.index + 1}"
+        type        = "controlplane"
+        ipv4_local  = "192.168.10.11"
+        ipv4_vip    = "192.168.10.10"
+        nodeSubnets = "${var.vpc_main_cidr},!192.168.10.10/32"
+      })
+    )
+
     destination = "/var/lib/vz/snippets/master-${count.index + 1}.yml"
   }
 }
@@ -46,7 +54,7 @@ resource "proxmox_vm_qemu" "controlplane" {
   network {
     model    = "virtio"
     bridge   = var.proxmox_bridge
-    firewall = true
+    firewall = false
   }
 
   boot = "order=scsi0"

proxmox/templates/controlplane.yaml.tpl

@@ -0,0 +1,65 @@
+version: v1alpha1
+debug: false
+persist: true
+machine:
+  type: ${type}
+  certSANs:
+    - "${ipv4_local}"
+    - "${ipv4_vip}"
+  kubelet:
+    extraArgs:
+      rotate-server-certificates: true
+    nodeIP:
+      validSubnets: ${format("%#v",split(",",nodeSubnets))}
+  network:
+    hostname: "${name}"
+    interfaces:
+      - interface: eth0
+        dhcp: true
+        vip:
+          ip: ${ipv4_vip}
+      - interface: dummy0
+        addresses:
+          - 169.254.2.53/32
+          - fd00::169:254:2:53/128
+  install:
+    wipe: false
+  sysctls:
+    net.core.somaxconn: 65535
+    net.core.netdev_max_backlog: 4096
+  systemDiskEncryption:
+    state:
+      provider: luks2
+      options:
+        - no_read_workqueue
+        - no_write_workqueue
+      keys:
+        - nodeID: {}
+          slot: 0
+    ephemeral:
+      provider: luks2
+      options:
+        - no_read_workqueue
+        - no_write_workqueue
+      keys:
+        - nodeID: {}
+          slot: 0
+cluster:
+  controlPlane:
+    endpoint: https://${ipv4_vip}:6443
+  network:
+    dnsDomain: ${domain}
+    podSubnets: ${format("%#v",split(",",podSubnets))}
+    serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
+  # proxy:
+  #   disabled: true
+  apiServer:
+    certSANs:
+      - "${ipv4_local}"
+      - "${ipv4_vip}"
+  controllerManager:
+    extraArgs:
+        node-cidr-mask-size-ipv4: 24
+        node-cidr-mask-size-ipv6: 112
+  scheduler: {}
+  etcd: {}

proxmox/templates/worker.yaml.tpl

@@ -0,0 +1,41 @@
+version: v1alpha1
+debug: false
+persist: true
+machine:
+  type: worker
+  token: ${tokenMachine}
+  ca:
+    crt: ${caMachine}
+  kubelet:
+    extraArgs:
+      cloud-provider: external
+      rotate-server-certificates: true
+      node-labels: "${labels}"
+    nodeIP:
+      validSubnets: ${format("%#v",split(",",nodeSubnets))}
+    clusterDNS:
+      - 169.254.2.53
+  network:
+    hostname: "${name}"
+    interfaces:
+      - interface: dummy0
+        addresses:
+          - 169.254.2.53/32
+          - fd00::169:254:2:53/128
+  sysctls:
+    net.core.somaxconn: 65535
+    net.core.netdev_max_backlog: 4096
+  install:
+    wipe: false
+cluster:
+  controlPlane:
+    endpoint: https://${lbv4}:6443
+  clusterName: ${clusterName}
+  network:
+    dnsDomain: ${domain}
+    serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
+  # proxy:
+  #   disabled: true
+  token: ${token}
+  ca:
+    crt: ${ca}

proxmox/variables.tf

@@ -38,14 +38,17 @@ variable "proxmox_token_secret" {
 variable "kubernetes" {
   type = map(string)
   default = {
-    podSubnets     = "10.32.0.0/12,f00d:10:32::/102"
+    podSubnets     = "10.32.0.0/12,fd40:10:32::/102"
     serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
     domain         = "cluster.local"
-    cluster_name   = "talos-k8s-proxmox"
-    tokenmachine   = ""
+    apiDomain      = "api.cluster.local"
+    clusterName    = "talos-k8s-proxmox"
+    tokenMachine   = ""
+    caMachine      = ""
     token          = ""
     ca             = ""
   }
+  sensitive = true
 }
 
 variable "vpc_main_cidr" {