scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-30 17:58:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

update bootstrap

Browse Source
This commit is contained in:
Serge Logvinov
2022-12-22 00:18:02 +02:00
parent 56f806ead6
commit 1a9ac328de
18 changed files with 73 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
oracle/Makefile
View File

@@ -37,12 +37,16 @@ create-templates:
@yq eval -o=json '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
create-controlplane-bootstrap:
talosctl --talosconfig _cfgs/talosconfig config endpoint ${ENDPOINT}
talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 bootstrap
create-controlplane: ## Bootstrap controlplane node
terraform apply -auto-approve -target=oci_core_instance.controlplane
create-kubeconfig: ## Download kubeconfig
talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig .
kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-openstack.server https://${ENDPOINT}:6443
talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.1.11 kubeconfig .
kubectl --kubeconfig=kubeconfig config set clusters.talos-k8s-oracle.server https://${ENDPOINT}:6443
kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system
create-deployments:

2
oracle/README.md
View File

@@ -65,7 +65,7 @@ make create-config create-templates
```tf
controlplane = {
count = 1,
count = 1
type = "VM.Standard.E4.Flex"
ocpus = 1
memgb = 4

16
oracle/images/README.md Normal file
View File

@@ -0,0 +1,16 @@
# Upload images
Create the config file **terraform.tfvars** and add params.
```hcl
# Body of terraform.tfvars
```
```shell
wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-amd64.qcow2.xz
wget https://github.com/siderolabs/talos/releases/download/v1.3.0/oracle-arm64.qcow2.xz
xz -d oracle-amd64.qcow2.xz
xz -d oracle-arm64.qcow2.xz
terraform init && terraform apply -auto-approve
```

6
oracle/images/auth.tf
View File

@@ -1,7 +1,7 @@
# openssl genrsa -out ~/.oci/oci_api_key.pem 2048
# chmod go-rwx ~/.oci/oci_api_key.pem
# openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
# openssl genrsa -out ~/.oci/oci_main_terraform.pem 2048
# chmod go-rwx ~/.oci/oci_main_terraform.pem
# openssl rsa -pubout -in ~/.oci/oci_main_terraform.pem -out ~/.oci/oci_main_terraform_public.pem
provider "oci" {
tenancy_ocid = var.tenancy_ocid

3
oracle/images/bucket.tf
View File

@@ -6,7 +6,8 @@ resource "random_id" "backet" {
resource "oci_objectstorage_bucket" "images" {
compartment_id = var.compartment_ocid
namespace = data.oci_objectstorage_namespace.ns.namespace
name = "talos-images-${random_id.backet.hex}"
name = "images-${random_id.backet.hex}"
access_type = "NoPublicAccess"
auto_tiering = "Disabled"
versioning = "Enabled"
}

4
oracle/images/images.tf
View File

@@ -28,7 +28,7 @@ resource "oci_core_image" "talos_amd64" {
object_name = oci_objectstorage_object.talos_amd64.object
operating_system = "Talos"
operating_system_version = "0.15.0"
operating_system_version = "1.3.0"
source_image_type = "QCOW2"
}
@@ -50,7 +50,7 @@ resource "oci_core_image" "talos_arm64" {
object_name = oci_objectstorage_object.talos_arm64.object
operating_system = "Talos"
operating_system_version = "0.15.0"
operating_system_version = "1.3.0"
source_image_type = "QCOW2"
}

2
oracle/images/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "key_file" {
default = "~/.oci/oci_main_terraform_public.pem"
default = "~/.oci/oci_main_terraform.pem"
}
variable "region" {

3
oracle/images/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.61.0"
version = "4.102.0"
}
}
required_version = ">= 1.2"
}

3
oracle/init/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.61.0"
version = "4.102.0"
}
}
required_version = ">= 1.2"
}

3
oracle/instances-controlplane.tf
View File

@@ -83,7 +83,8 @@ resource "oci_core_instance" "contolplane" {
shape_config,
defined_tags,
create_vnic_details["defined_tags"],
launch_options["is_pv_encryption_in_transit_enabled"]
launch_options["is_pv_encryption_in_transit_enabled"],
metadata
]
}
}

8
oracle/instances-web.tf
View File

@@ -16,13 +16,13 @@ resource "oci_core_instance_pool" "web" {
load_balancers {
backend_set_name = oci_load_balancer_backend_set.web.name
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
port = 80
vnic_selection = "primaryvnic"
}
load_balancers {
backend_set_name = oci_load_balancer_backend_set.webs.name
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
port = 443
vnic_selection = "primaryvnic"
}
@@ -37,7 +37,7 @@ resource "oci_core_instance_pool" "web" {
}
locals {
web_labels = "topology.kubernetes.io/region=${var.region},project.io/node-pool=web"
web_labels = "project.io/node-pool=web"
}
resource "oci_core_instance_configuration" "web" {
@@ -68,7 +68,7 @@ resource "oci_core_instance_configuration" "web" {
lbv4 = local.lbv4_local
clusterDns = cidrhost(split(",", var.kubernetes["serviceSubnets"])[0], 10)
nodeSubnets = local.network_public[each.key].cidr_block
labels = "${local.web_labels},topology.kubernetes.io/zone=${split(":", each.key)[1]}"
labels = local.web_labels
})
))
}

26
oracle/network-lb-l7.tf
View File

@@ -1,17 +1,19 @@
resource "oci_load_balancer" "web" {
compartment_id = var.compartment_ocid
display_name = "${local.project}-web-lb-l7"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
shape = "flexible"
resource "oci_load_balancer_load_balancer" "web" {
compartment_id = var.compartment_ocid
display_name = "${local.project}-web-lb-l7"
defined_tags = merge(var.tags, { "Kubernetes.Type" = "infra" })
subnet_ids = [local.network_lb.id]
network_security_group_ids = [local.nsg_web]
is_private = false
shape = "flexible"
shape_details {
maximum_bandwidth_in_mbps = 10
minimum_bandwidth_in_mbps = 10
}
subnet_ids = [local.network_lb.id]
network_security_group_ids = [local.nsg_web]
lifecycle {
ignore_changes = [
defined_tags,
@@ -20,7 +22,7 @@ resource "oci_load_balancer" "web" {
}
resource "oci_load_balancer_listener" "web_http" {
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
name = "${local.project}-web-http"
default_backend_set_name = oci_load_balancer_backend_set.web.name
port = 80
@@ -28,7 +30,7 @@ resource "oci_load_balancer_listener" "web_http" {
}
resource "oci_load_balancer_listener" "web_https" {
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
name = "${local.project}-web-https"
default_backend_set_name = oci_load_balancer_backend_set.webs.name
port = 443
@@ -37,7 +39,7 @@ resource "oci_load_balancer_listener" "web_https" {
resource "oci_load_balancer_backend_set" "web" {
name = "${local.project}-web-lb-l7"
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
policy = "ROUND_ROBIN"
health_checker {
@@ -51,7 +53,7 @@ resource "oci_load_balancer_backend_set" "web" {
resource "oci_load_balancer_backend_set" "webs" {
name = "${local.project}-webs-lb-l7"
load_balancer_id = oci_load_balancer.web.id
load_balancer_id = oci_load_balancer_load_balancer.web.id
policy = "ROUND_ROBIN"
health_checker {

4
oracle/network-lb.tf
View File

@@ -5,7 +5,7 @@ locals {
lbv4_local = local.lbv4_enable ? [for ip in oci_network_load_balancer_network_load_balancer.contolplane[0].ip_addresses : ip.ip_address if !ip.is_public][0] : cidrhost(local.network_public[0].cidr_block, 11)
lbv4_web_enable = false
lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer.web.ip_addresses[0]
lbv4_web = local.lbv4_web_enable ? [for ip in oci_network_load_balancer_network_load_balancer.web[0].ip_addresses : ip.ip_address if ip.is_public][0] : oci_load_balancer_load_balancer.web.ip_address_details[0].ip_address
}
resource "oci_dns_rrset" "lbv4_local" {
@@ -69,7 +69,7 @@ resource "oci_network_load_balancer_backend_set" "contolplane" {
protocol = "HTTPS"
port = 6443
url_path = "/readyz"
return_code = 200
return_code = 401
interval_in_millis = 15000
}
}

2
oracle/prepare/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "key_file" {
default = "~/.oci/oci_main_terraform_public.pem"
default = "~/.oci/oci_main_terraform.pem"
}
variable "project" {

3
oracle/prepare/versions.tf
View File

@@ -3,7 +3,8 @@ terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.61.0"
version = "4.102.0"
}
}
required_version = ">= 1.2"
}

9
oracle/templates/controlplane.yaml.tpl
View File

@@ -30,7 +30,7 @@ machine:
addresses:
- 169.254.2.53/32
extraHostEntries:
- ip: ${ipv4_local_vip}
- ip: ${lbv4_local}
aliases:
- ${apiDomain}
install:
@@ -59,7 +59,7 @@ cluster:
id: ${clusterID}
secret: ${clusterSecret}
controlPlane:
endpoint: https://${lbv4_local}:6443
endpoint: https://${apiDomain}:6443
clusterName: ${clusterName}
discovery:
enabled: true
@@ -106,9 +106,9 @@ cluster:
scheduler: {}
etcd:
advertisedSubnets:
- ${nodeSubnets[0]}
- ${nodeSubnets}
listenSubnets:
- ${nodeSubnets[0]}
- ${nodeSubnets}
inlineManifests:
- name: cloud-provider.yaml
contents: |-
@@ -128,5 +128,6 @@ cluster:
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/kubelet-serving-cert-approver.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/metrics-server.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/local-path-storage.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/coredns-local.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress-ns.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/oracle/deployments/ingress_result.yaml

9
oracle/variables.tf
View File

@@ -4,7 +4,7 @@ variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "key_file" {
default = "~/.oci/oci_public.pem"
default = "~/.oci/oci_main_terraform.pem"
}
variable "project" {
@@ -57,6 +57,7 @@ variable "kubernetes" {
default = {
podSubnets = "10.32.0.0/12,fd40:10:32::/102"
serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
nodeSubnets = "192.168.0.0/16"
domain = "cluster.local"
apiDomain = "api.cluster.local"
clusterName = "talos-k8s-oracle"
@@ -75,9 +76,9 @@ variable "controlplane" {
type = map(any)
default = {
count = 0,
type = "VM.Standard.E4.Flex"
ocpus = 1
memgb = 3
type = "VM.Standard.A1.Flex"
ocpus = 2
memgb = 8
}
}

5
oracle/versions.tf
View File

@@ -2,8 +2,9 @@
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = "4.73.0"
source = "hashicorp/oci"
version = "4.102.0"
}
}
required_version = ">= 1.2"
}