scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-30 01:52:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync setup

Browse Source
This commit is contained in:
Serge Logvinov
2024-08-16 17:57:31 +03:00
parent 4797ae6210
commit 4934aebeff
16 changed files with 253 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
oracle/images/Makefile Normal file
View File

@@ -0,0 +1,39 @@
#
REGISTRY ?= ghcr.io/siderolabs
TAG ?= 1.6.7
clean:
rm -rf .terraform.lock.hcl .terraform/
rm -f oracle-*.qcow2
rm -f oracle-*.oci
rm -f image_metadata.json
init:
terraform init -upgrade
images: clean
docker run --rm -i -v /dev:/dev --privileged $(REGISTRY)/imager:v$(TAG) oracle \
--extra-kernel-arg talos.dashboard.disabled=1 --platform oracle --arch amd64 --tar-to-stdout | tar xz
xz -d oracle-amd64.qcow2.xz
cp image_metadata_amd64.json image_metadata.json
tar zcf oracle-amd64.oci oracle-amd64.qcow2 image_metadata.json
docker run --rm -i -v /dev:/dev --privileged $(REGISTRY)/imager:v$(TAG) oracle \
--extra-kernel-arg talos.dashboard.disabled=1 --platform oracle --arch arm64 --tar-to-stdout | tar xz
xz -d oracle-arm64.qcow2.xz
cp image_metadata_arm64.json image_metadata.json
tar zcf oracle-arm64.oci oracle-arm64.qcow2 image_metadata.json
images-factory: clean
wget -O oracle-amd64.qcow2.xz https://factory.talos.dev/image/6d423353cba6ef7d56d5a818fff27caf23f32b90cf271eada90f706141a84ec0/v$(TAG)/oracle-amd64.qcow2.xz
xz -d oracle-amd64.qcow2.xz
cp image_metadata_amd64.json image_metadata.json
tar zcf oracle-amd64.oci oracle-amd64.qcow2 image_metadata.json
wget -O oracle-arm64.qcow2.xz https://factory.talos.dev/image/6d423353cba6ef7d56d5a818fff27caf23f32b90cf271eada90f706141a84ec0/v$(TAG)/oracle-arm64.qcow2.xz
xz -d oracle-arm64.qcow2.xz
cp image_metadata_arm64.json image_metadata.json
tar zcf oracle-arm64.oci oracle-arm64.qcow2 image_metadata.json
images-update:
terraform apply -var="release=v$(TAG)"

2
oracle/images/auth.tf
View File

@@ -8,5 +8,5 @@ provider "oci" {
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.key_file
region = var.region
region = local.region
}

53
oracle/images/images.tf
View File

@@ -1,55 +1,38 @@
resource "oci_objectstorage_object" "talos_amd64" {
resource "oci_objectstorage_object" "talos" {
for_each = toset(var.arch)
bucket = oci_objectstorage_bucket.images.name
namespace = data.oci_objectstorage_namespace.ns.namespace
object = "talos-amd64.oci"
source = "oracle-amd64.oci"
content_md5 = filemd5("oracle-amd64.oci")
object = "talos-${lower(each.key)}.oci"
source = "oracle-${lower(each.key)}.oci"
content_md5 = filemd5("oracle-${lower(each.key)}.oci")
}
resource "oci_objectstorage_object" "talos_arm64" {
bucket = oci_objectstorage_bucket.images.name
namespace = data.oci_objectstorage_namespace.ns.namespace
object = "talos-arm64.oci"
source = "oracle-arm64.oci"
content_md5 = filemd5("oracle-arm64.oci")
}
resource "oci_core_image" "talos_amd64" {
resource "oci_core_image" "talos" {
for_each = toset(var.arch)
compartment_id = var.compartment_ocid
display_name = "Talos-amd64"
display_name = "Talos-${lower(each.key)}"
defined_tags = local.tags
freeform_tags = { "OS" : "Talos", "Arch" : lower(each.key) }
launch_mode = "PARAVIRTUALIZED"
image_source_details {
source_type = "objectStorageTuple"
namespace_name = oci_objectstorage_bucket.images.namespace
bucket_name = oci_objectstorage_bucket.images.name
object_name = oci_objectstorage_object.talos_amd64.object
object_name = oci_objectstorage_object.talos[each.key].object
operating_system = "Talos"
operating_system_version = "1.3.0"
operating_system_version = var.release
source_image_type = "QCOW2"
}
timeouts {
create = "30m"
}
}
resource "oci_core_image" "talos_arm64" {
compartment_id = var.compartment_ocid
display_name = "Talos-arm64"
launch_mode = "PARAVIRTUALIZED"
image_source_details {
source_type = "objectStorageTuple"
namespace_name = oci_objectstorage_bucket.images.namespace
bucket_name = oci_objectstorage_bucket.images.name
object_name = oci_objectstorage_object.talos_arm64.object
operating_system = "Talos"
operating_system_version = "1.3.0"
source_image_type = "QCOW2"
lifecycle {
ignore_changes = [
defined_tags,
]
replace_triggered_by = [oci_objectstorage_object.talos[each.key].content_md5]
}
timeouts {

38
oracle/images/variables.tf
View File

@@ -1,14 +1,40 @@
variable "compartment_ocid" {}
variable "tenancy_ocid" {}
variable "compartment_ocid" {
description = "The OCID of the compartment"
type = string
default = "ocid1.compartment.oc1.."
}
variable "tenancy_ocid" {
description = "The OCID of the tenancy"
type = string
default = "ocid1.tenancy.oc1.."
}
variable "user_ocid" {}
variable "fingerprint" {}
variable "key_file" {
default = "~/.oci/oci_main_terraform.pem"
}
variable "region" {
description = "the OCI region where resources will be created"
type = string
default = null
data "terraform_remote_state" "init" {
backend = "local"
config = {
path = "${path.module}/../prepare/terraform.tfstate"
}
}
locals {
region = data.terraform_remote_state.init.outputs.region
tags = data.terraform_remote_state.init.outputs.tags
}
variable "release" {
description = "The image name"
type = string
default = "1.6.7"
}
variable "arch" {
description = "The Talos architecture list"
type = list(string)
default = ["amd64", "arm64"]
}

20
oracle/images/versions.tf
View File

@@ -2,9 +2,23 @@
terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.108.0"
source = "oracle/oci"
version = "5.38.0"
}
}
required_version = ">= 1.2"
required_version = ">= 1.5"
}
# terraform {
# backend "s3" {
# bucket = "YYY"
# key = "images/terraform.tfstate"
# region = local.region
# endpoint = "https://XXX.compat.objectstorage.${local.region}.oraclecloud.com"
# shared_credentials_file = "../terraform.tfstate.credentials"
# skip_region_validation = true
# skip_credentials_validation = true
# skip_metadata_api_check = true
# force_path_style = true
# }
# }

7
oracle/prepare/Makefile Normal file
View File

@@ -0,0 +1,7 @@
init:
terraform init -upgrade
apply:
terraform apply -target=oci_core_vcn.main
terraform apply

8
oracle/prepare/common.tf
View File

@@ -14,3 +14,11 @@ data "oci_core_services" "object_store" {
regex = true
}
}
data "oci_core_services" "all_services" {
filter {
name = "name"
values = ["All .* Services In Oracle Services Network"]
regex = true
}
}

19
oracle/prepare/variables.tf
View File

@@ -26,25 +26,6 @@ variable "tags" {
}
}
variable "kubernetes" {
type = map(string)
default = {
podSubnets = "10.32.0.0/12,fd40:10:32::/102"
serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
nodeSubnets = "192.168.0.0/16"
domain = "cluster.local"
apiDomain = "api.cluster.local"
clusterName = "talos-k8s-oracle"
clusterID = ""
clusterSecret = ""
tokenMachine = ""
caMachine = ""
token = ""
ca = ""
}
sensitive = true
}
variable "vpc_main_cidr" {
description = "Local subnet rfc1918"
type = string

6
oracle/prepare/versions.tf
View File

@@ -2,9 +2,9 @@
terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.108.0"
source = "oracle/oci"
version = "5.38.0"
}
}
required_version = ">= 1.2"
required_version = ">= 1.5"
}

16
oracle/scripts/download
View File

@@ -1,16 +0,0 @@
#!/bin/bash
dest="./images"
version="1.5.5"
url=https://github.com/siderolabs/talos/releases/download/v${version}/
for arch in amd64 arm64
do
file=oracle-${arch}.qcow2.xz
echo "Downloading ${file} to ${dest}/${file}"
curl -L ${url}/${file} -o ${dest}/${file}
echo "Extracting: ${dest}/${file}"
xz -df ${dest}/${file}
echo
done

9
oracle/services/auth.tf
View File

@@ -1,13 +1,8 @@
# openssl genrsa -out ~/.oci/oci_api_key.pem 2048
# chmod go-rwx ~/.oci/oci_api_key.pem
# openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = "~/.oci/oci_api_key.pem"
region = var.region
private_key_path = var.key_file
region = local.region
}

52
oracle/services/backet-backup.tf Normal file
View File

@@ -0,0 +1,52 @@
resource "random_string" "backup" {
length = 16
numeric = false
special = false
upper = false
}
data "oci_objectstorage_namespace" "namespace" {
compartment_id = var.compartment_ocid
}
resource "oci_objectstorage_bucket" "backup" {
compartment_id = var.compartment_ocid
name = random_string.registry.result
namespace = data.oci_objectstorage_namespace.namespace.namespace
defined_tags = merge(local.tags, { "Kubernetes.Type" = "project", "Kubernetes.Role" = "backup" })
access_type = "NoPublicAccess"
auto_tiering = "Disabled"
storage_tier = "Standard"
versioning = "Disabled"
lifecycle {
ignore_changes = [
defined_tags,
]
}
}
resource "oci_objectstorage_object_lifecycle_policy" "test_object_lifecycle_policy" {
bucket = oci_objectstorage_bucket.backup.name
namespace = data.oci_objectstorage_namespace.namespace.namespace
rules {
action = "DELETE"
is_enabled = "true"
name = "Clean all objects"
time_amount = "30"
time_unit = "DAYS"
target = "objects"
}
rules {
action = "ABORT"
is_enabled = "true"
name = "Abort incomplete multipart uploads"
time_amount = "2"
time_unit = "DAYS"
target = "multipart-uploads"
}
}

15
oracle/services/output.tf
View File

@@ -1,5 +1,16 @@
output "registry" {
output "registries" {
description = "Registry name"
value = "https://${var.region}.ocir.io/${data.oci_artifacts_container_configuration.registry.namespace}/${oci_artifacts_container_repository.registry.display_name}"
value = [for repo in oci_artifacts_container_repository.registry :
try("${local.region}.ocir.io/${data.oci_artifacts_container_configuration.registry.namespace}/${repo.display_name}", "")
]
}
output "backup" {
description = "Backup bucket name"
value = {
bucket = oci_objectstorage_bucket.backup.name,
region = local.region,
endpoint = "https://${data.oci_objectstorage_namespace.namespace.namespace}.compat.objectstorage.${local.region}.oraclecloud.com",
}
}

19
oracle/services/registry.tf
View File

@@ -1,6 +1,9 @@
resource "random_id" "registry" {
byte_length = 8
resource "random_string" "registry" {
length = 16
numeric = false
special = false
upper = false
}
data "oci_artifacts_container_configuration" "registry" {
@@ -8,13 +11,21 @@ data "oci_artifacts_container_configuration" "registry" {
}
resource "oci_artifacts_container_repository" "registry" {
for_each = toset(var.repos)
compartment_id = var.compartment_ocid
display_name = "registry-${random_id.registry.hex}"
display_name = "${random_string.registry.result}/${each.value}"
defined_tags = merge(local.tags, { "Kubernetes.Type" = "infra" })
is_immutable = false
is_public = false
readme {
content = "Container registry for ${var.project}"
content = "Container mirror of ${each.value}"
format = "text/plain"
}
lifecycle {
ignore_changes = [
defined_tags,
]
}
}

39
oracle/services/variables.tf
View File

@@ -1,16 +1,35 @@
variable "compartment_ocid" {}
variable "tenancy_ocid" {}
variable "compartment_ocid" {
description = "The OCID of the compartment"
type = string
default = "ocid1.compartment.oc1.."
}
variable "tenancy_ocid" {
description = "The OCID of the tenancy"
type = string
default = "ocid1.tenancy.oc1.."
}
variable "user_ocid" {}
variable "fingerprint" {}
variable "project" {
type = string
default = "main"
variable "key_file" {
default = "~/.oci/oci_production_terraform.pem"
}
variable "region" {
description = "the OCI region where resources will be created"
type = string
default = null
data "terraform_remote_state" "prepare" {
backend = "local"
config = {
path = "${path.module}/../prepare/terraform.tfstate"
}
}
locals {
project = data.terraform_remote_state.prepare.outputs.project
region = data.terraform_remote_state.prepare.outputs.region
tags = data.terraform_remote_state.prepare.outputs.tags
}
variable "repos" {
default = [
"kubelet",
]
}

19
oracle/services/versions.tf
View File

@@ -2,8 +2,23 @@
terraform {
required_providers {
oci = {
source = "hashicorp/oci"
version = "4.108.0"
source = "oracle/oci"
version = "5.38.0"
}
}
required_version = ">= 1.5"
}
# terraform {
# backend "s3" {
# bucket = "YYY"
# key = "services/terraform.tfstate"
# region = local.region
# endpoint = "https://fracoo9ea64h.compat.objectstorage.${local.region}.oraclecloud.com"
# shared_credentials_file = "../terraform.tfstate.credentials"
# skip_region_validation = true
# skip_credentials_validation = true
# skip_metadata_api_check = true
# force_path_style = true
# }
# }