cosmetic

2025-10-29 17:42:47 +00:00 · 2024-11-02 16:06:53 +02:00
parent 17dac27379
commit d9d2a04b83
8 changed files with 27 additions and 16 deletions
--- a/proxmox/.gitignore
+++ b/proxmox/.gitignore
@@ -9,3 +9,4 @@ terraform.tfvars.sops.json
 #
 age.key.txt
 .env.yaml
+secrets.proxmox.yaml
--- a/proxmox/Makefile
+++ b/proxmox/Makefile
@@ -80,8 +80,8 @@ system:
 		proxmox-cloud-controller-manager oci://ghcr.io/sergelogvinov/charts/proxmox-cloud-controller-manager

 	#
-	# File vars/secrets.proxmox.yaml should be created manually
+	# File vars/secrets.proxmox.yaml was created by terraform
 	#
 	kubectl --kubeconfig=kubeconfig apply -f vars/proxmox-ns.yaml
-	# helm --kubeconfig=kubeconfig secrets upgrade -i --namespace=csi-proxmox -f vars/proxmox-csi.yaml -f vars/secrets.proxmox.yaml \
-	# 	proxmox-csi-plugin oci://ghcr.io/sergelogvinov/charts/proxmox-csi-plugin
+	helm --kubeconfig=kubeconfig secrets upgrade -i --namespace=csi-proxmox -f vars/proxmox-csi.yaml -f vars/secrets.proxmox.yaml \
+		proxmox-csi-plugin oci://ghcr.io/sergelogvinov/charts/proxmox-csi-plugin
--- a/proxmox/instances-controlplane.tf
+++ b/proxmox/instances-controlplane.tf
@@ -204,8 +204,8 @@ resource "local_sensitive_file" "controlplane" {
        "clusters" : [{
          "url" : "https://${each.value.hvv4}:8006/api2/json",
          "insecure" : true,
-          "token_id" : split("=", local.proxmox_token)[0],
-          "token_secret" : split("=", local.proxmox_token)[1],
+          "token_id" : split("=", local.proxmox_token_ccm)[0],
+          "token_secret" : split("=", local.proxmox_token_ccm)[1],
          "region" : var.region,
        }]
      })
@@ -215,6 +215,22 @@ resource "local_sensitive_file" "controlplane" {
  file_permission = "0600"
 }

+resource "local_sensitive_file" "csi" {
+  content = yamlencode({
+    "config" : {
+      "clusters" : [{
+        "url" : "https://${var.proxmox_host}:8006/api2/json",
+        "insecure" : true,
+        "token_id" : split("=", local.proxmox_token_csi)[0],
+        "token_secret" : split("=", local.proxmox_token_csi)[1],
+        "region" : var.region,
+      }]
+    }
+  })
+  filename        = "vars/secrets.proxmox.yaml"
+  file_permission = "0600"
+}
+
 locals {
  controlplane_config = { for k, v in local.controlplanes : k => "talosctl apply-config --insecure --nodes ${v.ipv6} --config-patch @_cfgs/${v.name}.yaml --file _cfgs/controlplane.yaml" }
 }
--- a/proxmox/instances-db.tf
+++ b/proxmox/instances-db.tf
@@ -88,7 +88,7 @@ resource "proxmox_virtual_environment_vm" "db" {
    up_delay = 5
  }

-  machine = "pc"
+  machine = "q35"
  cpu {
    architecture = "x86_64"
    cores        = each.value.cpu
--- a/proxmox/instances-web.tf
+++ b/proxmox/instances-web.tf
@@ -105,7 +105,7 @@ resource "proxmox_virtual_environment_vm" "web" {
    up_delay = 5
  }

-  machine = "pc"
+  machine = "q35"
  cpu {
    architecture = "x86_64"
    cores        = each.value.cpu
--- a/proxmox/instances-worker.tf
+++ b/proxmox/instances-worker.tf
@@ -84,7 +84,7 @@ resource "proxmox_virtual_environment_vm" "worker" {
    up_delay = 15
  }

-  machine = "pc"
+  machine = "q35"
  cpu {
    architecture = "x86_64"
    cores        = each.value.cpu
--- a/proxmox/variables.tf
+++ b/proxmox/variables.tf
@@ -43,7 +43,8 @@ data "terraform_remote_state" "init" {
 locals {
  kubernetes = jsondecode(data.sops_file.tfvars.raw)["kubernetes"]

-  proxmox_token = data.terraform_remote_state.init.outputs.ccm
+  proxmox_token_ccm = data.terraform_remote_state.init.outputs.ccm
+  proxmox_token_csi = data.terraform_remote_state.init.outputs.csi
 }

 variable "nodes" {
--- a/proxmox/vars/secrets.proxmox.yaml
+++ b/proxmox/vars/secrets.proxmox.yaml
@@ -1,7 +0,0 @@
-config:
-    clusters:
-        - region: region-1
-          url: https://172.16.0.128:8006/api2/json
-          insecure: true
-          token_id: kubernetes@pve!csi
-          token_secret: f6ead34e-11c0-4c4d-b8f3-7ae99b526ac0