scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-11-01 02:38:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

update bootstrap

Browse Source
This commit is contained in:
Serge Logvinov
2022-12-22 00:18:02 +02:00
parent 56f806ead6
commit 1a9ac328de
18 changed files with 73 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
oracle/Makefile
View File

@@ -37,12 +37,16 @@ create-templates:
@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json @yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
create-controlplane-bootstrap:
talosctl --talosconfig _cfgs/talosconfig config endpoint ${ENDPOINT}
talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 bootstrap
create-controlplane: ## Bootstrap controlplane node create-controlplane: ## Bootstrap controlplane node
terraform apply -auto-approve -target=oci_core_instance.controlplane terraform apply -auto-approve -target=oci_core_instance.controlplane
create-kubeconfig: ## Download kubeconfig create-kubeconfig: ## Download kubeconfig
talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig . talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 kubeconfig .
kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-openstack.server https://${ENDPOINT}:6443 kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-oracle.server https://${ENDPOINT}:6443
kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system
create-deployments: create-deployments:

2
oracle/README.md
View File

@@ -65,7 +65,7 @@ make create-config create-templates
```tf ```tf
controlplane = { controlplane = {
count = 1, count = 1
type = "VM.Standard.E4.Flex" type = "VM.Standard.E4.Flex"
ocpus = 1 ocpus = 1
memgb = 4 memgb = 4

16
oracle/images/README.md Normal file
View File

@@ -0,0 +1,16 @@
# Upload images
Create the config file **terraform.tfvars** and add params.
```hcl
# Body of terraform.tfvars
```
```shell
wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-amd64.qcow2.xz
wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-arm64.qcow2.xz
xz -d oracle-amd64.qcow2.xz
xz -d oracle-arm64.qcow2.xz
terraform init && terraform apply -auto-approve
```

6
oracle/images/auth.tf
View File

@@ -1,7 +1,7 @@
# openssl genrsa -out ~/.oci/oci_api_key.pem 2048 # openssl genrsa -out ~/.oci/oci_main_terraform.pem 2048
# chmod go-rwx ~/.oci/oci_api_key.pem # chmod go-rwx ~/.oci/oci_main_terraform.pem
# openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem # openssl rsa -pubout -in ~/.oci/oci_main_terraform.pem -out ~/.oci/oci_main_terraform_public.pem
provider "oci" { provider "oci" {
tenancy_ocid = var.tenancy_ocid tenancy_ocid = var.tenancy_ocid

3
oracle/images/bucket.tf
View File

@@ -6,7 +6,8 @@ resource "random_id" "backet" {
resource "oci_objectstorage_bucket" "images" { resource "oci_objectstorage_bucket" "images" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
namespace = data.oci_objectstorage_namespace.ns.namespace namespace = data.oci_objectstorage_namespace.ns.namespace
name = "talos-images-${random_id.backet.hex}" name = "images-${random_id.backet.hex}"
access_type = "NoPublicAccess" access_type = "NoPublicAccess"
auto_tiering = "Disabled" auto_tiering = "Disabled"
versioning = "Enabled"
} }

4
oracle/images/images.tf
View File

@@ -28,7 +28,7 @@ resource "oci_core_image" "talos_amd64" {
object_name = oci_objectstorage_object.talos_amd64.object object_name = oci_objectstorage_object.talos_amd64.object
operating_system = "Talos" operating_system = "Talos"
operating_system_version = "0.15.0" operating_system_version = "1.3.0"
source_image_type = "QCOW2" source_image_type = "QCOW2"
} }
@@ -50,7 +50,7 @@ resource "oci_core_image" "talos_arm64" {
object_name = oci_objectstorage_object.talos_arm64.object object_name = oci_objectstorage_object.talos_arm64.object
operating_system = "Talos" operating_system = "Talos"
operating_system_version = "0.15.0" operating_system_version = "1.3.0"
source_image_type = "QCOW2" source_image_type = "QCOW2"
} }

2
oracle/images/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {} variable "user_ocid" {}
variable "fingerprint" {} variable "fingerprint" {}
variable "key_file" { variable "key_file" {
default = "~/.oci/oci_main_terraform_public.pem" default = "~/.oci/oci_main_terraform.pem"
} }
variable "region" { variable "region" {

3
oracle/images/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers { required_providers {
oci = { oci = {
source = "hashicorp/oci" source = "hashicorp/oci"
version = "4.61.0" version = "4.102.0"
} }
} }
required_version = ">= 1.2"
} }

3
oracle/init/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers { required_providers {
oci = { oci = {
source = "hashicorp/oci" source = "hashicorp/oci"
version = "4.61.0" version = "4.102.0"
} }
} }
required_version = ">= 1.2"
} }

3
oracle/instances-controlplane.tf
View File

@@ -83,7 +83,8 @@ resource "oci_core_instance" "contolplane" {
shape_config, shape_config,
defined_tags, defined_tags,
create_vnic_details["defined_tags"], create_vnic_details["defined_tags"],
launch_options["is_pv_encryption_in_transit_enabled"] launch_options["is_pv_encryption_in_transit_enabled"],
metadata
] ]
} }
} }

8
oracle/instances-web.tf
View File

@@ -16,13 +16,13 @@ resource "oci_core_instance_pool" "web" {
load_balancers { load_balancers {
backend_set_name = oci_load_balancer_backend_set.web.name backend_set_name = oci_load_balancer_backend_set.web.name
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
port = 80 port = 80
vnic_selection = "primaryvnic" vnic_selection = "primaryvnic"
} }
load_balancers { load_balancers {
backend_set_name = oci_load_balancer_backend_set.webs.name backend_set_name = oci_load_balancer_backend_set.webs.name
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
port = 443 port = 443
vnic_selection = "primaryvnic" vnic_selection = "primaryvnic"
} }
@@ -37,7 +37,7 @@ resource "oci_core_instance_pool" "web" {
} }
locals { locals {
web_labels = "topology.kubernetes.io/region=${var.region},project.io/node-pool=web" web_labels = "project.io/node-pool=web"
} }
resource "oci_core_instance_configuration" "web" { resource "oci_core_instance_configuration" "web" {
@@ -68,7 +68,7 @@ resource "oci_core_instance_configuration" "web" {
lbv4 = local.lbv4_local lbv4 = local.lbv4_local
clusterDns = cidrhost(split(",", var.kubernetes["serviceSubnets"])[0], 10) clusterDns = cidrhost(split(",", var.kubernetes["serviceSubnets"])[0], 10)
nodeSubnets = local.network_public[each.key].cidr_block nodeSubnets = local.network_public[each.key].cidr_block
labels = "${local.web_labels},topology.kubernetes.io/zone=${split(":", each.key)[1]}" labels = local.web_labels
}) })
)) ))
} }

26
oracle/network-lb-l7.tf
View File

@@ -1,17 +1,19 @@
resource "oci_load_balancer" "web" { resource "oci_load_balancer_load_balancer" "web" {
compartment_id = var.compartment_ocid compartment_id = var.compartment_ocid
display_name = "${local.project}-web-lb-l7" display_name = "${local.project}-web-lb-l7"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" }) defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
shape = "flexible" subnet_ids = [local.network_lb.id]
network_security_group_ids = [local.nsg_web]
is_private = false
shape = "flexible"
shape_details { shape_details {
maximum_bandwidth_in_mbps = 10 maximum_bandwidth_in_mbps = 10
minimum_bandwidth_in_mbps = 10 minimum_bandwidth_in_mbps = 10
} }
subnet_ids = [local.network_lb.id]
network_security_group_ids = [local.nsg_web]
lifecycle { lifecycle {
ignore_changes = [ ignore_changes = [
defined_tags, defined_tags,
@@ -20,7 +22,7 @@ resource "oci_load_balancer" "web" {
} }
resource "oci_load_balancer_listener" "web_http" { resource "oci_load_balancer_listener" "web_http" {
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
name = "${local.project}-web-http" name = "${local.project}-web-http"
default_backend_set_name = oci_load_balancer_backend_set.web.name default_backend_set_name = oci_load_balancer_backend_set.web.name
port = 80 port = 80
@@ -28,7 +30,7 @@ resource "oci_load_balancer_listener" "web_http" {
} }
resource "oci_load_balancer_listener" "web_https" { resource "oci_load_balancer_listener" "web_https" {
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
name = "${local.project}-web-https" name = "${local.project}-web-https"
default_backend_set_name = oci_load_balancer_backend_set.webs.name default_backend_set_name = oci_load_balancer_backend_set.webs.name
port = 443 port = 443
@@ -37,7 +39,7 @@ resource "oci_load_balancer_listener" "web_https" {
resource "oci_load_balancer_backend_set" "web" { resource "oci_load_balancer_backend_set" "web" {
name = "${local.project}-web-lb-l7" name = "${local.project}-web-lb-l7"
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
policy = "ROUND_ROBIN" policy = "ROUND_ROBIN"
health_checker { health_checker {
@@ -51,7 +53,7 @@ resource "oci_load_balancer_backend_set" "web" {
resource "oci_load_balancer_backend_set" "webs" { resource "oci_load_balancer_backend_set" "webs" {
name = "${local.project}-webs-lb-l7" name = "${local.project}-webs-lb-l7"
load_balancer_id = oci_load_balancer.web.id load_balancer_id = oci_load_balancer_load_balancer.web.id
policy = "ROUND_ROBIN" policy = "ROUND_ROBIN"
health_checker { health_checker {

4
oracle/network-lb.tf
View File

@@ -5,7 +5,7 @@ locals {
lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : cidrhost(local.network_public[0].cidr_block, 11) lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : cidrhost(local.network_public[0].cidr_block, 11)
lbv4_web_enable = false lbv4_web_enable = false
lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer.web.ip_addresses[0] lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer_load_balancer.web.ip_address_details[0].ip_address
} }
resource "oci_dns_rrset" "lbv4_local" { resource "oci_dns_rrset" "lbv4_local" {
@@ -69,7 +69,7 @@ resource "oci_network_load_balancer_backend_set" "contolplane" {
protocol = "HTTPS" protocol = "HTTPS"
port = 6443 port = 6443
url_path = "/readyz" url_path = "/readyz"
return_code = 200 return_code = 401
interval_in_millis = 15000 interval_in_millis = 15000
} }
} }

2
oracle/prepare/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {} variable "user_ocid" {}
variable "fingerprint" {} variable "fingerprint" {}
variable "key_file" { variable "key_file" {
default = "~/.oci/oci_main_terraform_public.pem" default = "~/.oci/oci_main_terraform.pem"
} }
variable "project" { variable "project" {

3
oracle/prepare/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers { required_providers {
oci = { oci = {
source = "hashicorp/oci" source = "hashicorp/oci"
version = "4.61.0" version = "4.102.0"
} }
} }
required_version = ">= 1.2"
} }

9
oracle/templates/controlplane.yaml.tpl
View File

@@ -30,7 +30,7 @@ machine:
addresses: addresses:
- 169.254.2.53/32 - 169.254.2.53/32
extraHostEntries: extraHostEntries:
- ip: ${ipv4_local_vip} - ip: ${lbv4_local}
aliases: aliases:
- ${apiDomain} - ${apiDomain}
install: install:
@@ -59,7 +59,7 @@ cluster:
id: ${clusterID} id: ${clusterID}
secret: ${clusterSecret} secret: ${clusterSecret}
controlPlane: controlPlane:
endpoint: https://${lbv4_local}:6443 endpoint: https://${apiDomain}:6443
clusterName: ${clusterName} clusterName: ${clusterName}
discovery: discovery:
enabled: true enabled: true
@@ -106,9 +106,9 @@ cluster:
scheduler: {} scheduler: {}
etcd: etcd:
advertisedSubnets: advertisedSubnets:
- ${nodeSubnets[0]} - ${nodeSubnets}
listenSubnets: listenSubnets:
- ${nodeSubnets[0]} - ${nodeSubnets}
inlineManifests: inlineManifests:
- name: cloud-provider.yaml - name: cloud-provider.yaml
contents: |- contents: |-
@@ -128,5 +128,6 @@ cluster:
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/kubelet-serving-cert-approver.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/kubelet-serving-cert-approver.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/metrics-server.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/metrics-server.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/local-path-storage.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/local-path-storage.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/coredns-local.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress-ns.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress-ns.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress_result.yaml - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress_result.yaml

9
oracle/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {} variable "user_ocid" {}
variable "fingerprint" {} variable "fingerprint" {}
variable "key_file" { variable "key_file" {
default = "~/.oci/oci_public.pem" default = "~/.oci/oci_main_terraform.pem"
} }
variable "project" { variable "project" {
@@ -57,6 +57,7 @@ variable "kubernetes" {
default = { default = {
podSubnets = "10.32.0.0/12,fd40:10:32::/102" podSubnets = "10.32.0.0/12,fd40:10:32::/102"
serviceSubnets = "10.200.0.0/22,fd40:10:200::/112" serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
nodeSubnets = "192.168.0.0/16"
domain = "cluster.local" domain = "cluster.local"
apiDomain = "api.cluster.local" apiDomain = "api.cluster.local"
clusterName = "talos-k8s-oracle" clusterName = "talos-k8s-oracle"
@@ -75,9 +76,9 @@ variable "controlplane" {
type = map(any) type = map(any)
default = { default = {
count = 0, count = 0,
type = "VM.Standard.E4.Flex" type = "VM.Standard.A1.Flex"
ocpus = 1 ocpus = 2
memgb = 3 memgb = 8
} }
} }

5
oracle/versions.tf
View File

@@ -2,8 +2,9 @@
terraform { terraform {
required_providers { required_providers {
oci = { oci = {
source = "oracle/oci" source = "hashicorp/oci"
version = "4.73.0" version = "4.102.0"
} }
} }
required_version = ">= 1.2"
} }