From 07ee540e469d3aedc4929b88a2d39eed2ad2630f Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Wed, 17 Nov 2021 00:09:19 +0200 Subject: [PATCH] Add proxmox templates --- proxmox/.gitignore | 1 + proxmox/Makefile | 25 ++++++++++ proxmox/instances-master.tf | 14 ++++-- proxmox/templates/controlplane.yaml.tpl | 65 +++++++++++++++++++++++++ proxmox/templates/worker.yaml.tpl | 41 ++++++++++++++++ proxmox/variables.tf | 9 ++-- 6 files changed, 149 insertions(+), 6 deletions(-) create mode 100644 proxmox/Makefile create mode 100644 proxmox/templates/controlplane.yaml.tpl create mode 100644 proxmox/templates/worker.yaml.tpl diff --git a/proxmox/.gitignore b/proxmox/.gitignore index 1e82fc7..f423a9b 100644 --- a/proxmox/.gitignore +++ b/proxmox/.gitignore @@ -1 +1,2 @@ +_cfgs/ *.yaml diff --git a/proxmox/Makefile b/proxmox/Makefile new file mode 100644 index 0000000..c918e4c --- /dev/null +++ b/proxmox/Makefile @@ -0,0 +1,25 @@ + +ENDPOINT=192.168.10.10 + +help: + @awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) + +create-config: ## Genereate talos configs + talosctl gen config --output-dir _cfgs --with-docs=false --with-examples=false talos-k8s-proxmox https://${ENDPOINT}:6443 + +create-templates: + @yq ea -P '. as $$item ireduce ({}; . * $$item )' _cfgs/controlplane.yaml templates/controlplane.yaml.tpl > templates/controlplane.yaml + @echo 'podSubnets: "10.32.0.0/12,fd00:10:32::/102"' > _cfgs/tfstate.vars + @echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/112"' >> _cfgs/tfstate.vars + @echo 'apiDomain: api.cluster.local' >> _cfgs/tfstate.vars + @yq eval '.cluster.network.dnsDomain' _cfgs/controlplane.yaml | awk '{ print "domain: "$$1}' >> _cfgs/tfstate.vars + @yq eval '.cluster.clusterName' _cfgs/controlplane.yaml | awk '{ print "clusterName: "$$1}' >> _cfgs/tfstate.vars + @yq eval '.machine.token' _cfgs/controlplane.yaml | awk '{ print "tokenMachine: "$$1}' >> _cfgs/tfstate.vars + @yq eval '.machine.ca.crt' _cfgs/controlplane.yaml | awk '{ print "caMachine: "$$1}' >> _cfgs/tfstate.vars + @yq eval '.cluster.token' _cfgs/controlplane.yaml | awk '{ print "token: "$$1}' >> _cfgs/tfstate.vars + @yq eval '.cluster.ca.crt' _cfgs/controlplane.yaml | awk '{ print "ca: "$$1}' >> _cfgs/tfstate.vars + + @yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json + +create-kubeconfig: + talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig diff --git a/proxmox/instances-master.tf b/proxmox/instances-master.tf index e367fac..4b2f201 100644 --- a/proxmox/instances-master.tf +++ b/proxmox/instances-master.tf @@ -8,8 +8,16 @@ resource "null_resource" "controlplane_machineconfig" { } provisioner "file" { - # content = file("init.yaml") - source = "init.yaml" + content = templatefile("${path.module}/templates/controlplane.yaml", + merge(var.kubernetes, { + name = "master-${count.index + 1}" + type = "controlplane" + ipv4_local = "192.168.10.11" + ipv4_vip = "192.168.10.10" + nodeSubnets = "${var.vpc_main_cidr},!192.168.10.10/32" + }) + ) + destination = "/var/lib/vz/snippets/master-${count.index + 1}.yml" } } @@ -46,7 +54,7 @@ resource "proxmox_vm_qemu" "controlplane" { network { model = "virtio" bridge = var.proxmox_bridge - firewall = true + firewall = false } boot = "order=scsi0" diff --git a/proxmox/templates/controlplane.yaml.tpl b/proxmox/templates/controlplane.yaml.tpl new file mode 100644 index 0000000..8338f99 --- /dev/null +++ b/proxmox/templates/controlplane.yaml.tpl @@ -0,0 +1,65 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: ${type} + certSANs: + - "${ipv4_local}" + - "${ipv4_vip}" + kubelet: + extraArgs: + rotate-server-certificates: true + nodeIP: + validSubnets: ${format("%#v",split(",",nodeSubnets))} + network: + hostname: "${name}" + interfaces: + - interface: eth0 + dhcp: true + vip: + ip: ${ipv4_vip} + - interface: dummy0 + addresses: + - 169.254.2.53/32 + - fd00::169:254:2:53/128 + install: + wipe: false + sysctls: + net.core.somaxconn: 65535 + net.core.netdev_max_backlog: 4096 + systemDiskEncryption: + state: + provider: luks2 + options: + - no_read_workqueue + - no_write_workqueue + keys: + - nodeID: {} + slot: 0 + ephemeral: + provider: luks2 + options: + - no_read_workqueue + - no_write_workqueue + keys: + - nodeID: {} + slot: 0 +cluster: + controlPlane: + endpoint: https://${ipv4_vip}:6443 + network: + dnsDomain: ${domain} + podSubnets: ${format("%#v",split(",",podSubnets))} + serviceSubnets: ${format("%#v",split(",",serviceSubnets))} + # proxy: + # disabled: true + apiServer: + certSANs: + - "${ipv4_local}" + - "${ipv4_vip}" + controllerManager: + extraArgs: + node-cidr-mask-size-ipv4: 24 + node-cidr-mask-size-ipv6: 112 + scheduler: {} + etcd: {} diff --git a/proxmox/templates/worker.yaml.tpl b/proxmox/templates/worker.yaml.tpl new file mode 100644 index 0000000..76cd006 --- /dev/null +++ b/proxmox/templates/worker.yaml.tpl @@ -0,0 +1,41 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: worker + token: ${tokenMachine} + ca: + crt: ${caMachine} + kubelet: + extraArgs: + cloud-provider: external + rotate-server-certificates: true + node-labels: "${labels}" + nodeIP: + validSubnets: ${format("%#v",split(",",nodeSubnets))} + clusterDNS: + - 169.254.2.53 + network: + hostname: "${name}" + interfaces: + - interface: dummy0 + addresses: + - 169.254.2.53/32 + - fd00::169:254:2:53/128 + sysctls: + net.core.somaxconn: 65535 + net.core.netdev_max_backlog: 4096 + install: + wipe: false +cluster: + controlPlane: + endpoint: https://${lbv4}:6443 + clusterName: ${clusterName} + network: + dnsDomain: ${domain} + serviceSubnets: ${format("%#v",split(",",serviceSubnets))} + # proxy: + # disabled: true + token: ${token} + ca: + crt: ${ca} diff --git a/proxmox/variables.tf b/proxmox/variables.tf index e291138..0752cfe 100644 --- a/proxmox/variables.tf +++ b/proxmox/variables.tf @@ -38,14 +38,17 @@ variable "proxmox_token_secret" { variable "kubernetes" { type = map(string) default = { - podSubnets = "10.32.0.0/12,f00d:10:32::/102" + podSubnets = "10.32.0.0/12,fd40:10:32::/102" serviceSubnets = "10.200.0.0/22,fd40:10:200::/112" domain = "cluster.local" - cluster_name = "talos-k8s-proxmox" - tokenmachine = "" + apiDomain = "api.cluster.local" + clusterName = "talos-k8s-proxmox" + tokenMachine = "" + caMachine = "" token = "" ca = "" } + sensitive = true } variable "vpc_main_cidr" {