chore: Update talos to 1.12.3/ k8s to 1.35.0
This commit is contained in:
parent
282ce1f09c
commit
0c1aaa5f8b
@ -2,14 +2,15 @@
|
||||
{"id":"homelab-4cn","title":"Configure GitHub webhook for Flux","description":"Configure GitHub webhook to send push events to Flux for automatic reconciliation on git push","acceptance_criteria":"- Command `kubectl -n flux-system get receiver github-webhook --output=jsonpath='{.status.webhookPath}'` returns webhook path\n- Full webhook URL is constructed with format: https://flux-webhook.${cloudflare_domain}/hook/{path}\n- Webhook is added to GitHub repository settings\n- Webhook payload URL is set correctly\n- Content type is set to application/json\n- Secret token from github-push-token.txt is configured\n- Events are set to \"Just the push event\"\n- Webhook is saved and active","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:23.881275565+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:23.881275565+01:00","labels":["configuration","flux","github"]}
|
||||
{"id":"homelab-5wg","title":"Fix network configuration conflicts (etcd + routes)","description":"Multiple network configuration issues on the cluster nodes:\n\n**Issue 1: etcd Peer URL Conflict**\nNode esxi-2cu-8g-01 (10.0.0.146) has duplicate peer URLs in etcd (10.0.0.128 and 10.0.0.146), causing \"Peer URLs already exists\" error. Node is currently unreachable.\n\n**Issue 2: Network Route Conflict**\nNodes are showing route conflict errors:\n```\nerror adding route: netlink receive: file exists\ngateway: 10.0.0.129\n```\n\nThis is because nodes were previously configured with `/24` subnet and gateway `10.0.0.1`, but now configured with `/27` subnet and gateway `10.0.0.129`. Old routes persist.\n\n**Root Cause:**\nConfiguration changed from:\n- Old: 10.0.0.0/24, gateway 10.0.0.1\n- New: 10.0.0.128/27, gateway 10.0.0.129\n\n**Solution:**\n1. Reset ALL nodes to clear old network config\n2. Re-apply Talos configuration\n3. Bootstrap cluster fresh\n\nCommands:\n```bash\n# Reset each node\ntalosctl -n 10.0.0.145 reset --graceful=false --reboot\ntalosctl -n 10.0.0.146 reset --graceful=false --reboot \ntalosctl -n 10.0.0.147 reset --graceful=false --reboot\n\n# Wait for nodes to boot into maintenance mode, then:\ntask bootstrap:talos\n```","acceptance_criteria":"- Member ceeb52e03fde8032 is removed from etcd cluster\n- Node 10.0.0.146 is reset and reconfigured\n- Node rejoins etcd cluster with correct peer URL\n- `talosctl etcd members` shows only one peer URL per member\n- All three nodes are healthy in etcd cluster","notes":"**Recommended Fix: Full Cluster Reset (Option 1)**\n\nAll nodes are currently offline. Once nodes are back online, execute:\n\n```bash\n# Reset all nodes to maintenance mode\ntalosctl -n 10.0.0.145 reset --graceful=false --reboot --insecure\ntalosctl -n 10.0.0.146 reset --graceful=false --reboot --insecure\ntalosctl -n 10.0.0.147 reset --graceful=false --reboot --insecure\n\n# Wait for nodes to boot into maintenance mode (~2-3 min)\n# Verify with: nmap -Pn -n -p 50000 10.0.0.145-147 -vv\n\n# Re-bootstrap\ntask bootstrap:talos\ntask bootstrap:apps\n```\n\nThis is the cleanest approach to clear all lingering network config and etcd state issues. Estimated time: ~15 minutes total.","status":"closed","priority":1,"issue_type":"bug","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T01:10:22.498887798+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T22:59:48.077254996+01:00","closed_at":"2026-02-10T22:59:48.077254996+01:00","close_reason":"Fixed - etcd cluster healthy with 3 members, each with single peer URL. No route conflicts. All cluster health checks passed.","labels":["etcd","talos","urgent"]}
|
||||
{"id":"homelab-7k4","title":"Push talhelper encrypted secret to git","description":"After installing Talos, commit and push the talhelper encrypted secret to the repository","acceptance_criteria":"- Changes are staged with `git add -A`\n- Commit is created with message \"chore: add talhelper encrypted secret :lock:\"\n- Changes are pushed to remote repository","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:05.950780413+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:44:58.80046492+01:00","closed_at":"2026-02-07T00:44:58.80046492+01:00","close_reason":"Successfully staged, committed, and pushed talhelper encrypted secret to git repository","labels":["bootstrap","git"]}
|
||||
{"id":"homelab-82o","title":"Verify Flux status and resources","description":"Check the status of Flux and verify all Flux resources are up-to-date and in a ready state","acceptance_criteria":"- Command `flux check` passes all checks\n- Command `flux get sources git flux-system` shows ready state\n- Command `flux get ks -A` shows all kustomizations ready\n- Command `flux get hr -A` shows all helm releases ready","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:43.666513198+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:43.666513198+01:00","labels":["flux","verification"]}
|
||||
{"id":"homelab-82o","title":"Verify Flux status and resources","description":"Check the status of Flux and verify all Flux resources are up-to-date and in a ready state","acceptance_criteria":"- Command `flux check` passes all checks\n- Command `flux get sources git flux-system` shows ready state\n- Command `flux get ks -A` shows all kustomizations ready\n- Command `flux get hr -A` shows all helm releases ready","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:43.666513198+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T23:03:07.067406014+01:00","closed_at":"2026-02-10T23:03:07.067406014+01:00","close_reason":"Verified - Flux check passed. All controllers ready (helm, kustomize, notification, source). GitRepository synced. All Kustomizations applied successfully.","labels":["flux","verification"]}
|
||||
{"id":"homelab-c68","title":"Fix volsync MutatingAdmissionPolicy API version","description":"Kustomization storage-system/volsync is failing with error:\\n\\n```\\nMutatingAdmissionPolicy/storage-system/volsync-mover-jitter dry-run failed: no matches for kind \\\"MutatingAdmissionPolicy\\\" in version \\\"admissionregistration.k8s.io/v1beta1\\\"\\n```\\n\\nThis indicates that MutatingAdmissionPolicy v1beta1 API is not available in Kubernetes 1.34. This API was introduced in 1.30 as v1alpha1 and promoted to v1beta1 in 1.32, but may have been removed or changed in 1.34.\\n\\nFix: Update volsync configuration to use correct API version or remove the MutatingAdmissionPolicy if not needed.","status":"open","priority":2,"issue_type":"bug","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-11T00:51:29.41277186+01:00","created_by":"Laur IVAN","updated_at":"2026-02-11T00:51:29.41277186+01:00","labels":["api-version","storage","volsync"]}
|
||||
{"id":"homelab-f7u","title":"Tidy up repository (remove templates)","description":"Clean up the repository by removing the templates directory and templating-related files to eliminate clutter and resolve Renovate warnings","acceptance_criteria":"- Command `task template:tidy` completes successfully\n- Templates directory is removed\n- Templating-related files are cleaned up\n- Changes are committed with message \"chore: tidy up :broom:\"\n- Changes are pushed to git","status":"open","priority":3,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:32.475687645+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:32.475687645+01:00","labels":["cleanup","git"]}
|
||||
{"id":"homelab-gqj","title":"Bootstrap cluster applications (cilium, coredns, spegel, flux)","description":"Install cilium, coredns, spegel, flux and sync the cluster to the repository state","acceptance_criteria":"- Command `task bootstrap:apps` completes successfully\n- Cilium is installed\n- CoreDNS is installed\n- Spegel is installed\n- Flux is installed\n- Cluster is synced to repository state","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:15.371162045+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T15:50:03.091375279+01:00","closed_at":"2026-02-07T15:50:03.091375279+01:00","close_reason":"Successfully installed cilium, coredns, spegel, cert-manager, flux-operator. Flux-instance is reconciling (timeout is normal). All nodes are Ready.","labels":["apps","bootstrap"]}
|
||||
{"id":"homelab-hmc","title":"Finish monitoring system setup","description":"Uncomment the grafana and kube-prometheus-stack resources in kubernetes/apps/monitoring-system/kustomization.yaml to enable the full monitoring stack with Grafana dashboards and Prometheus metrics collection","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:53:49.071709362+01:00","updated_at":"2026-02-09T22:53:49.071709362+01:00","labels":["grafana","monitoring","prometheus"]}
|
||||
{"id":"homelab-icy","title":"Publish Kubernetes schemas locally","description":"Set up CronJob to publish K8s schemas locally. Reference: https://github.com/bjw-s-labs/home-ops/tree/main/kubernetes/apps/jobs/publish-k8s-schemas","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-10T22:57:34.155916454+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T22:57:34.155916454+01:00","labels":["cronjob","schemas","validation"]}
|
||||
{"id":"homelab-k3j","title":"Verify DNS resolution for echo subdomain","description":"Check that DNS resolution works for the echo subdomain and resolves to the Cloudflare gateway address","acceptance_criteria":"- Command `dig @${cluster_dns_gateway_addr} echo.${cloudflare_domain}` resolves successfully\n- DNS resolves to ${cloudflare_gateway_addr}\n- DNS resolution is working correctly","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:02.539037288+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:02.539037288+01:00","labels":["dns","verification"]}
|
||||
{"id":"homelab-k3j","title":"Verify DNS resolution for echo subdomain","description":"Check that DNS resolution works for the echo subdomain and resolves to the Cloudflare gateway address","acceptance_criteria":"- Command `dig @${cluster_dns_gateway_addr} echo.${cloudflare_domain}` resolves successfully\n- DNS resolves to ${cloudflare_gateway_addr}\n- DNS resolution is working correctly","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:02.539037288+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T23:03:01.06585734+01:00","closed_at":"2026-02-10T23:03:01.06585734+01:00","close_reason":"Verified - DNS resolution working. echo.laurivan.com resolves to 10.0.0.158 (envoy-external gateway) via k8s-gateway","labels":["dns","verification"]}
|
||||
{"id":"homelab-mbk","title":"Verify TCP connectivity to gateways","description":"Check TCP connectivity to both the internal and external gateways on port 443","acceptance_criteria":"- Command `nmap -Pn -n -p 443 ${cluster_gateway_addr} ${cloudflare_gateway_addr} -vv` succeeds\n- Port 443 is open on both internal and external gateways\n- TCP connectivity is confirmed","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:54.223562688+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:54.223562688+01:00","labels":["network","verification"]}
|
||||
{"id":"homelab-n0h","title":"Verify Cilium status","description":"Verify that Cilium is installed and running correctly","acceptance_criteria":"- Command `cilium status` runs successfully\n- Cilium reports healthy status\n- All Cilium components are operational","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:34.123646456+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:34.123646456+01:00","labels":["cilium","verification"]}
|
||||
{"id":"homelab-n0h","title":"Verify Cilium status","description":"Verify that Cilium is installed and running correctly","acceptance_criteria":"- Command `cilium status` runs successfully\n- Cilium reports healthy status\n- All Cilium components are operational","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:34.123646456+01:00","created_by":"Laur IVAN","updated_at":"2026-02-10T23:01:46.996445944+01:00","closed_at":"2026-02-10T23:01:46.996445944+01:00","close_reason":"Verified - Cilium OK, Operator OK, 3/3 DaemonSet ready, 1/1 Operator ready, 29/29 cluster pods managed","labels":["cilium","verification"]}
|
||||
{"id":"homelab-rzs","title":"Verify wildcard Certificate status","description":"Check the status of the wildcard Certificate in the network namespace","acceptance_criteria":"- Command `kubectl -n network describe certificates` runs successfully\n- Certificate status shows Ready condition\n- Certificate is valid and not expired","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:12.166198226+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:12.166198226+01:00","labels":["certificates","verification"]}
|
||||
{"id":"homelab-u3p","title":"Install homepage dashboard","description":"Create the homepage application manifests (helmrelease, ocirepository, kustomization) in kubernetes/apps/default/homepage/app/ directory and configure the ks.yaml to deploy it","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:53:44.511470131+01:00","updated_at":"2026-02-09T22:53:44.511470131+01:00","labels":["dashboard","deployment","homepage"]}
|
||||
{"id":"homelab-xpp","title":"Install home assistant for home automation","description":"Create home assistant application manifests (helmrelease, ocirepository, kustomization) in kubernetes/apps/default/home-assistant/app/ directory and configure deployment.\n\nNote: Ensure the application has network access to the IoT VLAN where most smart home devices are located. This may require configuring network policies or multus CNI for VLAN access.","status":"open","priority":2,"issue_type":"task","created_at":"2026-02-09T22:57:31.4810088+01:00","updated_at":"2026-02-09T22:57:31.4810088+01:00","labels":["automation","home-assistant","iot","networking"]}
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cert-manager-secret
|
||||
stringData:
|
||||
api-token: ENC[AES256_GCM,data:xdBpjIzUgPbizxsRuPEIG4Yt8c64fY3NCmGZyJxe9XYoUIII41ES+g==,iv:7k+0DSiv/V8iyqSr7l70tszSAVX456P9kgqoGoG85YI=,tag:iy2txSzIna/HCIkD2INQ4w==,type:str]
|
||||
api-token: ENC[AES256_GCM,data:LdTzQmoLiDWQPkQBYH9Dd7Btvv5IAA7YBYNbcT0GIYm2FwfBQoF/xQ==,iv:2kW+tnmb45NznfAutoFeKIbhTDnpnhfIznIz/RJwXNo=,tag:AKCkTjfu8bfbSiItc/vMTA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3R0RwLzc2ai9jODlkWUFG
|
||||
RXFMamEwbGFlZlNZbklVbmxzWm5OSjFIVW5nCjNJZHFIbEo2MmU1WmtmL2o1Ylls
|
||||
dVduZXVaald0K0lWNkl6UkhCZ1hZZUEKLS0tIGlEa1ZFdlIvejlxbzRNcjBweW5n
|
||||
MHpuc3lxY0tIWk04WHVYWmswVEkxWFEKsKed/DElYzkxC9lTQtSWHxxD75NAYhVq
|
||||
ZIUsrMQarg2LhjMaDFOBXTfZ1vJ88OyIaDp0uNwisg8VfNCuIMEq4A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncEg3QlNCdXJvMlFvUVgx
|
||||
RU9jU2E1K3h5dlphWmN4R3VhdXBYaDhybFZFCjJuRjFoZ25RQU53RDhpeElTb1Ba
|
||||
RXVYdWFFVFlZT0JmOXRRc3JlWk9zdmcKLS0tIDhFSkJJcytTR1JIZlBIT2ZNZGJ6
|
||||
YWxtMWJrd3hUQlQ3dG04TlRWdy9VbzQKNcokkZu9wDTKM17sLcJ7OkafSI1nFhyO
|
||||
/IM1vRlkJh12vPFE4351skFkgDdExf4gRoZH9MzXdDSh5b/2YBl8Ig==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-07T16:13:21Z"
|
||||
mac: ENC[AES256_GCM,data:AGYpCxN0bxcV6BDIEBm8pfgRnJAq0h7C5LM1z5uqVXGXvkriDQitfcGhR8Mych6GsU8qlDWAGkBV8UymDJ0G2DVEevr7zaPRZSzWp7YuGlLZpq5wFFTBncukKmLYA4/ekqQJFpay7vn3A3xCl9yIYDgAU+PvVrRW8hZ5xINKSDM=,iv:zmHe6XDPImYl3UZlcv77a7HORIrwmaC7ew3swQp34As=,tag:Zwo+uDhDZyncpR7rhYJDzA==,type:str]
|
||||
lastmodified: "2026-02-10T19:13:05Z"
|
||||
mac: ENC[AES256_GCM,data:Bka475PO/TH009Jq3AZbezkM5fLy/evFvsJoYm9fFpjpPM0s70FTDQxaNi3+SE+iYlyYN1a46yo38HPKlVVvM+d/Tn+G3CMqI4t0U4BFEle3SCjbaLSZjPpVvYC4mRsqhl9wYs29mEaQOeilETbvuug8QIV1ZJB+HH0NVWJONiM=,iv:LVo5qX/CngF1DOz7wtrYHPIKHtSHusGpTusrG5Ijbo8=,tag:Pafpdq9Zo2ItKCijhj/ynA==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
|
||||
talosVersion: v1.11.3
|
||||
talosVersion: v1.12.3
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
|
||||
kubernetesVersion: v1.34.0
|
||||
kubernetesVersion: v1.35.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user