mirror of
https://github.com/optim-enterprises-bv/terraform-talos.git
synced 2025-10-31 18:28:32 +00:00
update talos
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
This commit is contained in:
Serge Logvinov
@@ -10,10 +10,10 @@ The goal is to create all cloud services from scratch.
|
|||||||
| [Azure](azure) | 1.1.0 | CCM,CSI,Autoscaler | many regions, many zones | ✓ |
|
| [Azure](azure) | 1.1.0 | CCM,CSI,Autoscaler | many regions, many zones | ✓ |
|
||||||
| [Exoscale](exoscale) | 1.3.0 | CCM,Autoscaler | many regions | ✗ |
|
| [Exoscale](exoscale) | 1.3.0 | CCM,Autoscaler | many regions | ✗ |
|
||||||
| [GCP](gcp-zonal) | 0.14.0 | CCM,CSI,Autoscaler | one region, many zones | ✓ |
|
| [GCP](gcp-zonal) | 0.14.0 | CCM,CSI,Autoscaler | one region, many zones | ✓ |
|
||||||
| [Hetzner](hetzner) | 1.2.2 | CCM,CSI,Autoscaler | many regions | ✗ |
|
| [Hetzner](hetzner) | 1.3.0 | CCM,CSI,Autoscaler | many regions | ✗ |
|
||||||
| [Openstack](openstack) | 1.1.0 | CCM,CSI | many regions, many zones | ✓ |
|
| [Openstack](openstack) | 1.1.0 | CCM,CSI | many regions, many zones | ✓ |
|
||||||
| [Oracle](oracle) | 1.0.0 | | many regions, many zones | ✓ |
|
| [Oracle](oracle) | 1.0.0 | | many regions, many zones | ✓ |
|
||||||
| [Scaleway](scaleway) | 1.2.2 | CCM,CSI | one region | ✓ |
|
| [Scaleway](scaleway) | 1.3.0 | CCM,CSI | one region | ✓ |
|
||||||
|
|
||||||
|
|
||||||
## Common
|
## Common
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ k8sServicePort: "6443"
|
|||||||
|
|
||||||
operator:
|
operator:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
rollOutPods: true
|
||||||
replicas: 1
|
replicas: 1
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@@ -30,11 +30,11 @@ machine:
|
|||||||
- ip: ${lbv4}
|
- ip: ${lbv4}
|
||||||
aliases:
|
aliases:
|
||||||
- ${apiDomain}
|
- ${apiDomain}
|
||||||
|
install:
|
||||||
|
wipe: false
|
||||||
sysctls:
|
sysctls:
|
||||||
net.core.somaxconn: 65535
|
net.core.somaxconn: 65535
|
||||||
net.core.netdev_max_backlog: 4096
|
net.core.netdev_max_backlog: 4096
|
||||||
install:
|
|
||||||
wipe: false
|
|
||||||
systemDiskEncryption:
|
systemDiskEncryption:
|
||||||
state:
|
state:
|
||||||
provider: luks2
|
provider: luks2
|
||||||
@@ -59,7 +59,6 @@ cluster:
|
|||||||
enabled: true
|
enabled: true
|
||||||
network:
|
network:
|
||||||
dnsDomain: ${domain}
|
dnsDomain: ${domain}
|
||||||
podSubnets: ${format("%#v",split(",",podSubnets))}
|
|
||||||
serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
|
serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
|
||||||
token: ${token}
|
token: ${token}
|
||||||
ca:
|
ca:
|
||||||
|
|||||||
@@ -53,7 +53,16 @@ create-kubeconfig: ## Prepare kubeconfig
|
|||||||
kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system
|
kubectl --kubeconfig=kubeconfig config set-context --current --namespace=kube-system
|
||||||
|
|
||||||
create-deployments:
|
create-deployments:
|
||||||
helm template --namespace=kube-system --version=1.12.1 -f deployments/cilium.yaml cilium \
|
helm template --namespace=kube-system --version=1.12.4 -f deployments/cilium.yaml cilium \
|
||||||
cilium/cilium > deployments/cilium-result.yaml
|
cilium/cilium > deployments/cilium-result.yaml
|
||||||
helm template --namespace=ingress-nginx --version=4.2.4 -f deployments/ingress.yaml ingress-nginx \
|
helm template --namespace=ingress-nginx --version=4.4.0 -f deployments/ingress.yaml ingress-nginx \
|
||||||
ingress-nginx/ingress-nginx > deployments/ingress-result.yaml
|
ingress-nginx/ingress-nginx > deployments/ingress-result.yaml
|
||||||
|
|
||||||
|
deploy-csi:
|
||||||
|
dd if=/dev/urandom bs=1 count=16 2>/dev/null | hexdump -e '"%00x"' > scw-csi-secret.secret
|
||||||
|
kubectl --kubeconfig=kubeconfig create secret generic scw-csi-secret --from-file=encryptionPassphrase=scw-csi-secret.secret
|
||||||
|
|
||||||
|
kubectl --kubeconfig=kubeconfig apply -f deployments/scaleway-csi.yaml
|
||||||
|
kubectl --kubeconfig=kubeconfig apply -f deployments/scaleway-csi-node.yaml
|
||||||
|
kubectl --kubeconfig=kubeconfig apply -f deployments/scaleway-storage.yaml
|
||||||
|
rm -f scw-csi-secret.secret
|
||||||
|
|||||||
@@ -148,6 +148,7 @@ data:
|
|||||||
kube-proxy-replacement: "strict"
|
kube-proxy-replacement: "strict"
|
||||||
kube-proxy-replacement-healthz-bind-address: ""
|
kube-proxy-replacement-healthz-bind-address: ""
|
||||||
bpf-lb-sock: "false"
|
bpf-lb-sock: "false"
|
||||||
|
host-reachable-services-protos:
|
||||||
enable-health-check-nodeport: "true"
|
enable-health-check-nodeport: "true"
|
||||||
node-port-bind-protection: "true"
|
node-port-bind-protection: "true"
|
||||||
enable-auto-protect-node-port-range: "true"
|
enable-auto-protect-node-port-range: "true"
|
||||||
@@ -174,7 +175,6 @@ data:
|
|||||||
bpf-root: "/sys/fs/bpf"
|
bpf-root: "/sys/fs/bpf"
|
||||||
cgroup-root: "/sys/fs/cgroup"
|
cgroup-root: "/sys/fs/cgroup"
|
||||||
enable-k8s-terminating-endpoint: "true"
|
enable-k8s-terminating-endpoint: "true"
|
||||||
annotate-k8s-node: "true"
|
|
||||||
remove-cilium-node-taints: "true"
|
remove-cilium-node-taints: "true"
|
||||||
set-cilium-is-up-condition: "true"
|
set-cilium-is-up-condition: "true"
|
||||||
unmanaged-pod-watcher-interval: "15"
|
unmanaged-pod-watcher-interval: "15"
|
||||||
@@ -221,13 +221,6 @@ rules:
|
|||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- nodes/status
|
|
||||||
verbs:
|
|
||||||
# To annotate the k8s node with Cilium's metadata
|
|
||||||
- patch
|
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- apiextensions.k8s.io
|
- apiextensions.k8s.io
|
||||||
resources:
|
resources:
|
||||||
@@ -557,7 +550,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: cilium-agent
|
- name: cilium-agent
|
||||||
image: "quay.io/cilium/cilium:v1.12.1@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b"
|
image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- cilium-agent
|
- cilium-agent
|
||||||
@@ -664,6 +657,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
terminationMessagePolicy: FallbackToLogsOnError
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: bpf-maps
|
- name: bpf-maps
|
||||||
mountPath: /sys/fs/bpf
|
mountPath: /sys/fs/bpf
|
||||||
@@ -691,7 +685,7 @@ spec:
|
|||||||
mountPath: /run/xtables.lock
|
mountPath: /run/xtables.lock
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: clean-cilium-state
|
- name: clean-cilium-state
|
||||||
image: "quay.io/cilium/cilium:v1.12.1@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b"
|
image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- /init-container.sh
|
- /init-container.sh
|
||||||
@@ -712,6 +706,7 @@ spec:
|
|||||||
value: "api.cluster.local"
|
value: "api.cluster.local"
|
||||||
- name: KUBERNETES_SERVICE_PORT
|
- name: KUBERNETES_SERVICE_PORT
|
||||||
value: "6443"
|
value: "6443"
|
||||||
|
terminationMessagePolicy: FallbackToLogsOnError
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@@ -817,14 +812,14 @@ spec:
|
|||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
# ensure pods roll when configmap updates
|
# ensure pods roll when configmap updates
|
||||||
cilium.io/cilium-configmap-checksum: "10bcfd4171cc8219b04f7404f8c9add742e0de9272cd864272e80f23ec406384"
|
cilium.io/cilium-configmap-checksum: "c3ffdb3de5df1007b50c84e0af5ba77bc44d069f56d62d3232573a21084f2f80"
|
||||||
labels:
|
labels:
|
||||||
io.cilium/app: operator
|
io.cilium/app: operator
|
||||||
name: cilium-operator
|
name: cilium-operator
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: cilium-operator
|
- name: cilium-operator
|
||||||
image: quay.io/cilium/operator-generic:v1.12.1@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1
|
image: "quay.io/cilium/operator-generic:v1.12.4@sha256:071089ec5bca1f556afb8e541d9972a0dfb09d1e25504ae642ced021ecbedbd1"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- cilium-operator-generic
|
- cilium-operator-generic
|
||||||
@@ -865,6 +860,7 @@ spec:
|
|||||||
- name: cilium-config-path
|
- name: cilium-config-path
|
||||||
mountPath: /tmp/cilium/config-map
|
mountPath: /tmp/cilium/config-map
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
terminationMessagePolicy: FallbackToLogsOnError
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
restartPolicy: Always
|
restartPolicy: Always
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
@@ -881,8 +877,10 @@ spec:
|
|||||||
topologyKey: kubernetes.io/hostname
|
topologyKey: kubernetes.io/hostname
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
volumes:
|
volumes:
|
||||||
# To read the configuration from the config map
|
# To read the configuration from the config map
|
||||||
- name: cilium-config-path
|
- name: cilium-config-path
|
||||||
|
|||||||
@@ -9,6 +9,11 @@ operator:
|
|||||||
replicas: 1
|
replicas: 1
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
tolerations:
|
||||||
|
- operator: Exists
|
||||||
|
effect: NoSchedule
|
||||||
|
|
||||||
identityAllocationMode: crd
|
identityAllocationMode: crd
|
||||||
kubeProxyReplacement: strict
|
kubeProxyReplacement: strict
|
||||||
@@ -20,12 +25,6 @@ autoDirectNodeRoutes: false
|
|||||||
devices: [eth+]
|
devices: [eth+]
|
||||||
|
|
||||||
healthChecking: true
|
healthChecking: true
|
||||||
annotateK8sNode: true
|
|
||||||
|
|
||||||
# l7Proxy: false
|
|
||||||
# encryption:
|
|
||||||
# enabled: true
|
|
||||||
# type: wireguard
|
|
||||||
|
|
||||||
cni:
|
cni:
|
||||||
install: true
|
install: true
|
||||||
@@ -42,6 +41,8 @@ ipv4:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ipv6:
|
ipv6:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
hostServices:
|
||||||
|
enabled: true
|
||||||
hostPort:
|
hostPort:
|
||||||
enabled: true
|
enabled: true
|
||||||
nodePort:
|
nodePort:
|
||||||
@@ -50,6 +51,8 @@ externalIPs:
|
|||||||
enabled: true
|
enabled: true
|
||||||
hostFirewall:
|
hostFirewall:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ingressController:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|||||||
@@ -105,9 +105,6 @@ spec:
|
|||||||
serviceAccountName: coredns
|
serviceAccountName: coredns
|
||||||
enableServiceLinks: false
|
enableServiceLinks: false
|
||||||
tolerations:
|
tolerations:
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
operator: Exists
|
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/control-plane
|
key: node-role.kubernetes.io/control-plane
|
||||||
operator: Exists
|
operator: Exists
|
||||||
@@ -117,7 +114,7 @@ spec:
|
|||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
containers:
|
containers:
|
||||||
- name: coredns
|
- name: coredns
|
||||||
image: coredns/coredns:1.9.2
|
image: coredns/coredns:1.9.4
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
|
|||||||
@@ -4,10 +4,10 @@ apiVersion: v1
|
|||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -20,10 +20,10 @@ apiVersion: v1
|
|||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -66,10 +66,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
@@ -136,16 +136,24 @@ rules:
|
|||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- get
|
||||||
---
|
---
|
||||||
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
# Source: ingress-nginx/templates/clusterrolebinding.yaml
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
name: ingress-nginx
|
name: ingress-nginx
|
||||||
@@ -163,10 +171,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -230,7 +238,7 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- configmaps
|
- configmaps
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- ingress-controller-leader
|
- ingress-nginx-leader
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- update
|
- update
|
||||||
@@ -245,7 +253,7 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- leases
|
- leases
|
||||||
resourceNames:
|
resourceNames:
|
||||||
- ingress-controller-leader
|
- ingress-nginx-leader
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- update
|
- update
|
||||||
@@ -262,16 +270,24 @@ rules:
|
|||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- patch
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- get
|
||||||
---
|
---
|
||||||
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
# Source: ingress-nginx/templates/controller-rolebinding.yaml
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -292,10 +308,10 @@ kind: Service
|
|||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -329,10 +345,10 @@ apiVersion: apps/v1
|
|||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
@@ -363,7 +379,7 @@ spec:
|
|||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
containers:
|
containers:
|
||||||
- name: controller
|
- name: controller
|
||||||
image: "registry.k8s.io/ingress-nginx/controller:v1.3.0@sha256:d1707ca76d3b044ab8a28277a2466a02100ee9f58a86af1535a3edf9323ea1b5"
|
image: "registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629"
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
lifecycle:
|
lifecycle:
|
||||||
preStop:
|
preStop:
|
||||||
@@ -372,7 +388,7 @@ spec:
|
|||||||
- /wait-shutdown
|
- /wait-shutdown
|
||||||
args:
|
args:
|
||||||
- /nginx-ingress-controller
|
- /nginx-ingress-controller
|
||||||
- --election-id=ingress-controller-leader
|
- --election-id=ingress-nginx-leader
|
||||||
- --controller-class=k8s.io/ingress-nginx
|
- --controller-class=k8s.io/ingress-nginx
|
||||||
- --ingress-class=nginx
|
- --ingress-class=nginx
|
||||||
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
|
||||||
@@ -455,10 +471,10 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: IngressClass
|
kind: IngressClass
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: ingress-nginx-4.2.4
|
helm.sh/chart: ingress-nginx-4.4.0
|
||||||
app.kubernetes.io/name: ingress-nginx
|
app.kubernetes.io/name: ingress-nginx
|
||||||
app.kubernetes.io/instance: ingress-nginx
|
app.kubernetes.io/instance: ingress-nginx
|
||||||
app.kubernetes.io/version: "1.3.1"
|
app.kubernetes.io/version: "1.5.1"
|
||||||
app.kubernetes.io/part-of: ingress-nginx
|
app.kubernetes.io/part-of: ingress-nginx
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/component: controller
|
app.kubernetes.io/component: controller
|
||||||
|
|||||||
@@ -59,15 +59,15 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: local-path-provisioner
|
app: local-path-provisioner
|
||||||
spec:
|
spec:
|
||||||
|
nodeSelector:
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: "node-role.kubernetes.io/master"
|
|
||||||
effect: NoSchedule
|
|
||||||
- key: "node-role.kubernetes.io/control-plane"
|
- key: "node-role.kubernetes.io/control-plane"
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
serviceAccountName: local-path-provisioner-service-account
|
serviceAccountName: local-path-provisioner-service-account
|
||||||
containers:
|
containers:
|
||||||
- name: local-path-provisioner
|
- name: local-path-provisioner
|
||||||
image: rancher/local-path-provisioner:v0.0.19
|
image: rancher/local-path-provisioner:v0.0.23
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- local-path-provisioner
|
- local-path-provisioner
|
||||||
@@ -117,40 +117,12 @@ data:
|
|||||||
}
|
}
|
||||||
setup: |-
|
setup: |-
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
while getopts "m:s:p:" opt
|
set -eu
|
||||||
do
|
mkdir -m 0777 -p "$VOL_DIR"
|
||||||
case $opt in
|
|
||||||
p)
|
|
||||||
absolutePath=$OPTARG
|
|
||||||
;;
|
|
||||||
s)
|
|
||||||
sizeInBytes=$OPTARG
|
|
||||||
;;
|
|
||||||
m)
|
|
||||||
volMode=$OPTARG
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
mkdir -m 0777 -p ${absolutePath}
|
|
||||||
teardown: |-
|
teardown: |-
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
while getopts "m:s:p:" opt
|
set -eu
|
||||||
do
|
rm -rf "$VOL_DIR"
|
||||||
case $opt in
|
|
||||||
p)
|
|
||||||
absolutePath=$OPTARG
|
|
||||||
;;
|
|
||||||
s)
|
|
||||||
sizeInBytes=$OPTARG
|
|
||||||
;;
|
|
||||||
m)
|
|
||||||
volMode=$OPTARG
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
rm -rf ${absolutePath}
|
|
||||||
helperPod.yaml: |-
|
helperPod.yaml: |-
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
|
|||||||
@@ -131,19 +131,16 @@ spec:
|
|||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
node-role.kubernetes.io/control-plane: ""
|
node-role.kubernetes.io/control-plane: ""
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: "CriticalAddonsOnly"
|
|
||||||
operator: "Exists"
|
|
||||||
- key: "node-role.kubernetes.io/master"
|
|
||||||
effect: NoSchedule
|
|
||||||
- key: "node-role.kubernetes.io/control-plane"
|
- key: "node-role.kubernetes.io/control-plane"
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
- --cert-dir=/tmp
|
- --cert-dir=/tmp
|
||||||
- --secure-port=443
|
- --secure-port=6443
|
||||||
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
|
||||||
- --kubelet-use-node-status-port
|
- --kubelet-use-node-status-port
|
||||||
- --metric-resolution=15s
|
- --metric-resolution=15s
|
||||||
|
- --authorization-always-allow-paths=/metrics
|
||||||
image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0
|
image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
@@ -155,7 +152,7 @@ spec:
|
|||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
name: metrics-server
|
name: metrics-server
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 443
|
- containerPort: 6443
|
||||||
name: https
|
name: https
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
|
|||||||
@@ -131,23 +131,23 @@ spec:
|
|||||||
serviceAccountName: cloud-controller-manager
|
serviceAccountName: cloud-controller-manager
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
node-role.kubernetes.io/control-plane: ""
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
node.cloudprovider.kubernetes.io/platform: scaleway
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: "node.cloudprovider.kubernetes.io/uninitialized"
|
- key: "node.cloudprovider.kubernetes.io/uninitialized"
|
||||||
value: "true"
|
value: "true"
|
||||||
effect: "NoSchedule"
|
effect: "NoSchedule"
|
||||||
- key: "node-role.kubernetes.io/master"
|
|
||||||
effect: NoSchedule
|
|
||||||
- key: "node-role.kubernetes.io/control-plane"
|
- key: "node-role.kubernetes.io/control-plane"
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
containers:
|
containers:
|
||||||
- name: scaleway-cloud-controller-manager
|
- name: scaleway-cloud-controller-manager
|
||||||
image: ghcr.io/sergelogvinov/scaleway-cloud-controller-manager:1fa94b15f6d87e1f951331a7dca148302fe7318b
|
image: scaleway/scaleway-cloud-controller-manager:v0.21.6
|
||||||
|
# image: ghcr.io/sergelogvinov/scaleway-cloud-controller-manager:1fa94b15f6d87e1f951331a7dca148302fe7318b
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
args:
|
args:
|
||||||
- --cloud-provider=scaleway
|
- --cloud-provider=scaleway
|
||||||
- --leader-elect=true
|
- --leader-elect=true
|
||||||
- --allow-untagged-cloud
|
- --allow-untagged-cloud
|
||||||
- --controllers=cloud-node,cloud-node-lifecycle
|
- --controllers=cloud-node-lifecycle
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
|
|||||||
@@ -47,11 +47,13 @@ spec:
|
|||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
dnsPolicy: Default
|
dnsPolicy: Default
|
||||||
serviceAccount: scaleway-csi-node
|
serviceAccount: scaleway-csi-node
|
||||||
|
priorityClassName: system-node-critical
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
priorityClassName: system-node-critical
|
node.cloudprovider.kubernetes.io/platform: scaleway
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: "Exists"
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
containers:
|
containers:
|
||||||
- name: scaleway-csi-plugin
|
- name: scaleway-csi-plugin
|
||||||
image: scaleway/scaleway-csi:v0.1.7
|
image: scaleway/scaleway-csi:v0.1.7
|
||||||
|
|||||||
@@ -195,20 +195,15 @@ spec:
|
|||||||
serviceAccount: scaleway-csi-controller
|
serviceAccount: scaleway-csi-controller
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: linux
|
kubernetes.io/os: linux
|
||||||
|
node-role.kubernetes.io/control-plane: ""
|
||||||
|
node.cloudprovider.kubernetes.io/platform: scaleway
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-cluster-critical
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: "node-role.kubernetes.io/master"
|
|
||||||
operator: "Exists"
|
|
||||||
effect: "NoSchedule"
|
|
||||||
- key: "node-role.kubernetes.io/controlplane"
|
|
||||||
operator: "Exists"
|
|
||||||
effect: "NoSchedule"
|
|
||||||
- key: "node-role.kubernetes.io/control-plane"
|
- key: "node-role.kubernetes.io/control-plane"
|
||||||
operator: "Exists"
|
effect: NoSchedule
|
||||||
effect: "NoSchedule"
|
|
||||||
containers:
|
containers:
|
||||||
- name: scaleway-csi-plugin
|
- name: scaleway-csi-plugin
|
||||||
image: scaleway/scaleway-csi:v0.1.8
|
image: scaleway/scaleway-csi:v0.2.0
|
||||||
args :
|
args :
|
||||||
- "--endpoint=$(CSI_ENDPOINT)"
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||||||
- "--mode=controller"
|
- "--mode=controller"
|
||||||
@@ -248,7 +243,7 @@ spec:
|
|||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||||
- name: csi-attacher
|
- name: csi-attacher
|
||||||
image: k8s.gcr.io/sig-storage/csi-attacher:v3.3.0
|
image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
|
||||||
args:
|
args:
|
||||||
- "--v=5"
|
- "--v=5"
|
||||||
- "--csi-address=$(CSI_ADDRESS)"
|
- "--csi-address=$(CSI_ADDRESS)"
|
||||||
@@ -284,11 +279,9 @@ spec:
|
|||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||||
- name: liveness-probe
|
- name: liveness-probe
|
||||||
image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0
|
image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0
|
||||||
args:
|
args:
|
||||||
- --csi-address=/csi/csi.sock
|
- --csi-address=/csi/csi.sock
|
||||||
- --probe-timeout=3s
|
|
||||||
- --v=2
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: socket-dir
|
- name: socket-dir
|
||||||
mountPath: /csi
|
mountPath: /csi
|
||||||
|
|||||||
@@ -25,6 +25,11 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: persistent-storage
|
- name: persistent-storage
|
||||||
mountPath: /mnt/scaleway
|
mountPath: /mnt/scaleway
|
||||||
|
securityContext:
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
capabilities:
|
||||||
|
drop: ["ALL"]
|
||||||
updateStrategy:
|
updateStrategy:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
selector:
|
selector:
|
||||||
@@ -38,4 +43,4 @@ spec:
|
|||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 10Gi
|
storage: 10Gi
|
||||||
storageClassName: scw-bssd
|
storageClassName: scw-bssd-enc
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ resource "scaleway_instance_server" "controlplane" {
|
|||||||
ipv4_local = cidrhost(local.main_subnet, 11 + count.index)
|
ipv4_local = cidrhost(local.main_subnet, 11 + count.index)
|
||||||
lbv4 = local.lbv4
|
lbv4 = local.lbv4
|
||||||
ipv4 = scaleway_instance_ip.controlplane[count.index].address
|
ipv4 = scaleway_instance_ip.controlplane[count.index].address
|
||||||
labels = "${local.controlplane_labels},node.kubernetes.io/instance-type=${lookup(var.controlplane, "type", "DEV1-M")}"
|
labels = "node.kubernetes.io/instance-type=${lookup(var.controlplane, "type", "DEV1-M")}"
|
||||||
access = var.scaleway_access
|
access = var.scaleway_access
|
||||||
secret = var.scaleway_secret
|
secret = var.scaleway_secret
|
||||||
project_id = var.scaleway_project_id
|
project_id = var.scaleway_project_id
|
||||||
|
|||||||
@@ -7,6 +7,13 @@ machine:
|
|||||||
- "${lbv4}"
|
- "${lbv4}"
|
||||||
- "${ipv4}"
|
- "${ipv4}"
|
||||||
- "${apiDomain}"
|
- "${apiDomain}"
|
||||||
|
features:
|
||||||
|
kubernetesTalosAPIAccess:
|
||||||
|
enabled: true
|
||||||
|
allowedRoles:
|
||||||
|
- os:reader
|
||||||
|
allowedKubernetesNamespaces:
|
||||||
|
- kube-system
|
||||||
kubelet:
|
kubelet:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
node-ip: "${ipv4_local}"
|
node-ip: "${ipv4_local}"
|
||||||
@@ -28,9 +35,6 @@ machine:
|
|||||||
- interface: dummy0
|
- interface: dummy0
|
||||||
addresses:
|
addresses:
|
||||||
- 169.254.2.53/32
|
- 169.254.2.53/32
|
||||||
nameservers:
|
|
||||||
- 1.1.1.1
|
|
||||||
- 8.8.8.8
|
|
||||||
kubespan:
|
kubespan:
|
||||||
enabled: true
|
enabled: true
|
||||||
allowDownPeerBypass: true
|
allowDownPeerBypass: true
|
||||||
@@ -65,11 +69,6 @@ cluster:
|
|||||||
clusterName: ${clusterName}
|
clusterName: ${clusterName}
|
||||||
discovery:
|
discovery:
|
||||||
enabled: true
|
enabled: true
|
||||||
registries:
|
|
||||||
kubernetes:
|
|
||||||
disabled: false
|
|
||||||
service:
|
|
||||||
disabled: true
|
|
||||||
network:
|
network:
|
||||||
dnsDomain: ${domain}
|
dnsDomain: ${domain}
|
||||||
podSubnets: ${format("%#v",split(",",podSubnets))}
|
podSubnets: ${format("%#v",split(",",podSubnets))}
|
||||||
@@ -100,7 +99,8 @@ cluster:
|
|||||||
namespaces:
|
namespaces:
|
||||||
- kube-system
|
- kube-system
|
||||||
- ingress-nginx
|
- ingress-nginx
|
||||||
- local-path-provisioner
|
- monitoring
|
||||||
|
- local-path-storage
|
||||||
- local-lvm
|
- local-lvm
|
||||||
runtimeClasses: []
|
runtimeClasses: []
|
||||||
usernames: []
|
usernames: []
|
||||||
@@ -134,6 +134,7 @@ cluster:
|
|||||||
externalCloudProvider:
|
externalCloudProvider:
|
||||||
enabled: true
|
enabled: true
|
||||||
manifests:
|
manifests:
|
||||||
|
- https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml
|
||||||
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/scaleway-cloud-controller-manager.yaml
|
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/scaleway-cloud-controller-manager.yaml
|
||||||
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/kubelet-serving-cert-approver.yaml
|
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/kubelet-serving-cert-approver.yaml
|
||||||
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/metrics-server.yaml
|
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/metrics-server.yaml
|
||||||
|
|||||||
@@ -7,6 +7,8 @@ machine:
|
|||||||
ca:
|
ca:
|
||||||
crt: ${caMachine}
|
crt: ${caMachine}
|
||||||
certSANs: []
|
certSANs: []
|
||||||
|
nodeLabels:
|
||||||
|
node.kubernetes.io/disktype: ssd
|
||||||
kubelet:
|
kubelet:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
cloud-provider: external
|
cloud-provider: external
|
||||||
@@ -71,11 +73,6 @@ cluster:
|
|||||||
clusterName: ${clusterName}
|
clusterName: ${clusterName}
|
||||||
discovery:
|
discovery:
|
||||||
enabled: true
|
enabled: true
|
||||||
registries:
|
|
||||||
kubernetes:
|
|
||||||
disabled: false
|
|
||||||
service:
|
|
||||||
disabled: true
|
|
||||||
network:
|
network:
|
||||||
dnsDomain: ${domain}
|
dnsDomain: ${domain}
|
||||||
serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
|
serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ terraform {
|
|||||||
required_providers {
|
required_providers {
|
||||||
scaleway = {
|
scaleway = {
|
||||||
source = "scaleway/scaleway"
|
source = "scaleway/scaleway"
|
||||||
version = "~> 2.2.9"
|
version = "~> 2.8.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
required_version = ">= 1.0"
|
required_version = ">= 1.0"
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
packer {
|
packer {
|
||||||
required_plugins {
|
required_plugins {
|
||||||
scaleway = {
|
scaleway = {
|
||||||
version = "= 1.0.3"
|
version = "= 1.0.5"
|
||||||
source = "github.com/hashicorp/scaleway"
|
source = "github.com/hashicorp/scaleway"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ variable "scaleway_zone" {
|
|||||||
|
|
||||||
variable "talos_version" {
|
variable "talos_version" {
|
||||||
type = string
|
type = string
|
||||||
default = "v1.2.2"
|
default = "v1.3.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
|
|||||||
Reference in New Issue
Block a user