feat: Bootstrap cluster with Talos 1.11.3 ✅
This commit is contained in:
parent
0fb1007e33
commit
9d42bbb46b
16
.beads/daemon-error
Normal file
16
.beads/daemon-error
Normal file
@ -0,0 +1,16 @@
|
||||
|
||||
LEGACY DATABASE DETECTED!
|
||||
|
||||
This database was created before version 0.17.5 and lacks a repository fingerprint.
|
||||
To continue using this database, you must explicitly set its repository ID:
|
||||
|
||||
bd migrate --update-repo-id
|
||||
|
||||
This ensures the database is bound to this repository and prevents accidental
|
||||
database sharing between different repositories.
|
||||
|
||||
If this is a fresh clone, run:
|
||||
rm -rf .beads && bd init
|
||||
|
||||
Note: Auto-claiming legacy databases is intentionally disabled to prevent
|
||||
silent corruption when databases are copied between repositories.
|
||||
10
.beads/issues.jsonl
Normal file
10
.beads/issues.jsonl
Normal file
@ -0,0 +1,10 @@
|
||||
{"id":"homelab-3p8","title":"Watch cluster rollout","description":"Watch the rollout of the cluster to ensure all pods are starting correctly","acceptance_criteria":"- Command `kubectl get pods --all-namespaces --watch` is running\n- All pods are observed rolling out\n- Pods reach Running/Ready state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:25.122454196+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:25.122454196+01:00","labels":["bootstrap","verification"]}
|
||||
{"id":"homelab-4cn","title":"Configure GitHub webhook for Flux","description":"Configure GitHub webhook to send push events to Flux for automatic reconciliation on git push","acceptance_criteria":"- Command `kubectl -n flux-system get receiver github-webhook --output=jsonpath='{.status.webhookPath}'` returns webhook path\n- Full webhook URL is constructed with format: https://flux-webhook.${cloudflare_domain}/hook/{path}\n- Webhook is added to GitHub repository settings\n- Webhook payload URL is set correctly\n- Content type is set to application/json\n- Secret token from github-push-token.txt is configured\n- Events are set to \"Just the push event\"\n- Webhook is saved and active","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:23.881275565+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:23.881275565+01:00","labels":["configuration","flux","github"]}
|
||||
{"id":"homelab-7k4","title":"Push talhelper encrypted secret to git","description":"After installing Talos, commit and push the talhelper encrypted secret to the repository","acceptance_criteria":"- Changes are staged with `git add -A`\n- Commit is created with message \"chore: add talhelper encrypted secret :lock:\"\n- Changes are pushed to remote repository","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:05.950780413+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:05.950780413+01:00","labels":["bootstrap","git"]}
|
||||
{"id":"homelab-82o","title":"Verify Flux status and resources","description":"Check the status of Flux and verify all Flux resources are up-to-date and in a ready state","acceptance_criteria":"- Command `flux check` passes all checks\n- Command `flux get sources git flux-system` shows ready state\n- Command `flux get ks -A` shows all kustomizations ready\n- Command `flux get hr -A` shows all helm releases ready","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:43.666513198+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:43.666513198+01:00","labels":["flux","verification"]}
|
||||
{"id":"homelab-f7u","title":"Tidy up repository (remove templates)","description":"Clean up the repository by removing the templates directory and templating-related files to eliminate clutter and resolve Renovate warnings","acceptance_criteria":"- Command `task template:tidy` completes successfully\n- Templates directory is removed\n- Templating-related files are cleaned up\n- Changes are committed with message \"chore: tidy up :broom:\"\n- Changes are pushed to git","status":"open","priority":3,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:32.475687645+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:32.475687645+01:00","labels":["cleanup","git"]}
|
||||
{"id":"homelab-gqj","title":"Bootstrap cluster applications (cilium, coredns, spegel, flux)","description":"Install cilium, coredns, spegel, flux and sync the cluster to the repository state","acceptance_criteria":"- Command `task bootstrap:apps` completes successfully\n- Cilium is installed\n- CoreDNS is installed\n- Spegel is installed\n- Flux is installed\n- Cluster is synced to repository state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:15.371162045+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:15.371162045+01:00","labels":["apps","bootstrap"]}
|
||||
{"id":"homelab-k3j","title":"Verify DNS resolution for echo subdomain","description":"Check that DNS resolution works for the echo subdomain and resolves to the Cloudflare gateway address","acceptance_criteria":"- Command `dig @${cluster_dns_gateway_addr} echo.${cloudflare_domain}` resolves successfully\n- DNS resolves to ${cloudflare_gateway_addr}\n- DNS resolution is working correctly","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:02.539037288+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:02.539037288+01:00","labels":["dns","verification"]}
|
||||
{"id":"homelab-mbk","title":"Verify TCP connectivity to gateways","description":"Check TCP connectivity to both the internal and external gateways on port 443","acceptance_criteria":"- Command `nmap -Pn -n -p 443 ${cluster_gateway_addr} ${cloudflare_gateway_addr} -vv` succeeds\n- Port 443 is open on both internal and external gateways\n- TCP connectivity is confirmed","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:54.223562688+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:54.223562688+01:00","labels":["network","verification"]}
|
||||
{"id":"homelab-n0h","title":"Verify Cilium status","description":"Verify that Cilium is installed and running correctly","acceptance_criteria":"- Command `cilium status` runs successfully\n- Cilium reports healthy status\n- All Cilium components are operational","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:34.123646456+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:34.123646456+01:00","labels":["cilium","verification"]}
|
||||
{"id":"homelab-rzs","title":"Verify wildcard Certificate status","description":"Check the status of the wildcard Certificate in the network namespace","acceptance_criteria":"- Command `kubectl -n network describe certificates` runs successfully\n- Certificate status shows Ready condition\n- Certificate is valid and not expired","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:12.166198226+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:12.166198226+01:00","labels":["certificates","verification"]}
|
||||
@ -4,20 +4,20 @@ metadata:
|
||||
name: sops-age
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
age.agekey: ENC[AES256_GCM,data:nSKGHXW5dRxzBb0CmpYaIL/LdbFYvctP6V8UffwlE+zv7/QKT8gOfV/m26R8W4FUvUeR123IU75ygje8Ky2V+urS1WabmqJvV8E=,iv:15SpNCWOV32L4+mv6ud+EnRrR7i87SeAo5Kewo24h+0=,tag:i/VUNMHY0VzJR/C64hvXiQ==,type:str]
|
||||
age.agekey: ENC[AES256_GCM,data:wUWN4GHTYiqT6SqRNcr5hk6YEPnqcHQSBSYLbxnIpwaguwfhE7B/hIDXMngOyIWaDSoqohx0hGHoWAMKdPEv1b8bVEbDaaKo1QI=,iv:5y2IvZUzLeHfChv1BfO0H0nz2s4bwVzg3rfy30GzIik=,tag:KRxEgCHgShNYkuPq6qwCJQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3YjdLTUhYT2Z4NjhkaDBw
|
||||
bmtxUWh2dkZtaTRRT2p6N0NkYjBPYjA1K3hJCkt5bXhuLzN6bUFzaW5CMzRZSE9y
|
||||
S0RoMkhzNWYxejNVTjBRYVZtcVE3bDgKLS0tIHNBc1EvazNqNHp6R0w5ZUMwbkNz
|
||||
L0xCNnVpMDZjd1hQMWVEd2hmdmdTYlkKP3r9BmwP7LBS925BfbPMvnp5K7tSeSxI
|
||||
EXBW/Xlzf390tNoyw06PlCzx3kbiF58KjVI0wznFere6N/v3NRvGrA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UGY2VXZFd2FLT0oySnJa
|
||||
UTlIM21JemtRUzNUTEE1aFVvcGxzMlJ3V204Ck9sb0o1a3VJZStxekZvbmE0c3B1
|
||||
WjNJbmpBaWxrTGlnd0lQTThxU1FZMGsKLS0tIGtjNExDMStVZndhU0tmcnJsa1E0
|
||||
cytWWnRoNnlhVXpYcG0xRTZRMzQwTU0KW/C7wKtC8iM6no6YrjU7rfXMZs+uNJMy
|
||||
DjHgledfcJ5r/Ae5KwY5Su7tx/hAQAw+y+XOAUm1fzwV/zTVz5/WTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:0qWpT3ZpR8agsokUwGPbJ8O2ampboSSvVU7/EEByhLX/kHeCsChK9w/1wpKNWCxxxsiBjfFL91xyweVcbFXnix+O6hM78naUKYt2w1mTrNSw6SIwr9BCr6j+5kaen2edj8suy2OtIiobMOcOiu9UW2zEU3a9vSJLQQJi3uaWDaI=,iv:51+uzZHen36n4vF0t7R0YXC3e73u8nhfgQmNLAlj9c0=,tag:oEigckA9aW7KdcF6ssnr2Q==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:Kz53Z7KukIQqM6l3WRkv8Fm8ceZwFIEcMCi59ewh3H8o9qPYKtB3QJsqUJJZBrUor5FP/tbeTyutZxZU2Muqo8zge1+FrheyplIQSmVhMF6feCZSNdd9MZHBJD2jc1KHXHy3o0GdNyntARRjICDnE3vq6nrbMdVofODVBtEJGXk=,iv:VFUBchPk9PlOaQ0jfrHp0VgVCFcB50vbQcWOkadYeNY=,tag:nUNkgfwGy2QutLrpUHqP1Q==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cert-manager-secret
|
||||
stringData:
|
||||
api-token: ENC[AES256_GCM,data:g7EU9+F/w3ZfOmXfurtTriURKH6ACy0=,iv:cYlb1qcgA6rm4At9MB7gLd6nhx2xOUX3kS07EcFcpRc=,tag:M06roUVzO+KiCoo0Szafxw==,type:str]
|
||||
api-token: ENC[AES256_GCM,data:8ZfAyBvM7tVWaG2G/L/FFY6hbAAALBQ=,iv:NlG4loGnqLe+ECP0ckFz1LSCd2OAxXoyVk61FV/nskA=,tag:8xYcDqsFkmPa6l8N+0rGtQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MlhjQTZjTnpReU5uOXBK
|
||||
c2VzZmdFWXhBdHlRZEM2SHdJRUNTTDRFREVRCnMweDQzaTA5ZmlZTm1wc0NoYzBX
|
||||
UTFoRXczMVl1ZExjSk9ENG9zYkRLdFkKLS0tIHNzbDRXbzEyS1c4TWxLLzdEU29E
|
||||
UGZIbmJpOUVsMkV1eXlERVhhV2l4U1kKHwiICIi0T8JYanOwocbOjOJArZnp7+X0
|
||||
S75OyFJSTWtX5s5lAfpOnc6xfYDmEKVFC1IWGLcPpHSiXrl9blsd0A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWDJhaDR4QVhRZVZjbXVF
|
||||
MDdGazU2RWRuRzVDTVV0N1ZzQmpVYTFMZGdnClp5UExtUzl5K3ZjRWJEcDY5RnN0
|
||||
cUJ2QnA5ZGRONGFOeWhiZHhiWmJWRTQKLS0tIFM0ZStnK3VZRkQ5bU1EVUlFV0hY
|
||||
WVZ6L0JlZzZGVmhWa0tKQXhDWFowbTgK9cxIrmI9NEN5/MLOKfM/porIWuVu1jKL
|
||||
F+HPb7isgvY0P3c/PJLd9d0Z2mderFhvLPTgNVjXkqIVDMj8kJUtmg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:2JyFiMBdroxwKgYCq7Nh+5m9iuOrVAFuMk/OUZW2Lj0W1R8INvnNcrcXmtcr1g1Z+4M1mwGa2XKwDoJjNzeN6G0sVcU6vDb7Gxs3bjsGjE+pr5rxrbVumL+6x86t0AF/I6bUDXmcPJPoEoHxyJ1nY+9AeMPsqAHJ5pd2+Bcx3PE=,iv:oyafLwhq6vHEu8wTEhqIgqQAwyDahzdvtwjtDVRSKXI=,tag:hZdGfTQEEbxFF4wdLkbS4w==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:8A0c8MxMJLCd4nhsFBLRUGiC8IUbu7qJBa8zgp3vhgY+W7YCThmYzu2Q147zbch5kvA8PORF5CAbZjDvvwQ7WojSDw2qHEA7wPU8wbSE7WSL9o3Lp1027z1fk15TvlFCGRR3V3L8kTyMQXxc9tHCd0vFx7F+O99/c6hlovbSuDE=,iv:V8Okp/ciK/rt0FnEc6NJ9PDxjdoiUgiYs4UK6D2t47E=,tag:AMX4EDTokC66DMMBZ4hpYw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: github-webhook-token-secret
|
||||
stringData:
|
||||
token: ENC[AES256_GCM,data:Ax/iC24DNn7q+Muzr/1n7nW5rHkyI+RL272ptAqNj9E=,iv:93LLC0H0/rP7SsEVwu/K+FXGSIT+JrOxyEy9E5yohVw=,tag:3M8XVHUe057sZe0YdjIBkw==,type:str]
|
||||
token: ENC[AES256_GCM,data:tPhLMHfjDb36TYDTrURsThcMTPnEUXXd673xcrk0W9o=,iv:yTsvzqOTZvAJuEf8qmPS3boVQ6F0sUlFBy4VA67DXUM=,tag:DZr236d3zm55CufMo1+XQg==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dmt3TFl1cXZTUkJ6eDFt
|
||||
NzVzUU96NEVwSWgyTUVyWGVZdEFTRWRMOVhzCm9SbVpVZ25wMDFrYlRSazhleng5
|
||||
M3ZDUi9mWjJXSk1jS2x3cUtwNXpyd1UKLS0tIEZXWTZXVmdRRnBueG9aTzJwTitz
|
||||
VysvZFpUOVEwV09yTXdEaUs0NXJ0a2sK6qQ9XVf/hlBeCM1t/jzdd9mbX5zPpddd
|
||||
3wWEUxW+UnPiVDn5+4I1SYmx6ZGNs4hDZ41PzipV0MaD+VPbaVJkAA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBQzRTRms2bWdobnYzOW9Q
|
||||
UTg4WGtmMUMyaWVrVXhJUmpsV0ZTTmJiMWlZCmEzUnYvdWNENG5DdTg2elFiY09O
|
||||
ckhoTFp6RXdHM1NXcjlaMmdKd0dMaW8KLS0tIHFhMWNtZ0NzVU1ZOFUxQkN1NVBX
|
||||
RUV4d2ZwQ1c0cThxK0h1Wmo5cE1NelEKn1zF0F3mTITgcfr2Pt6Xgy1HjuXLAF7e
|
||||
d6xpY7HKSEhhESQO5veXdYpYi1k8o81HyZtl13pwkgwgOkuJw5MDlA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:CsfeTXYkMOAO+oL88JFSi4Hg9wBlLb8Fx/PNPcJJdm7z5bekkKmjQDzTyoon5xLMQazppTZ3FUK6MMYCXXdXVK+KoSgrxjgjw+BBx7+SPuSowwLhRD0bw3qyzZkVoVJR26ZzeJ/L4Zn1gAH8O0wBOvgPqEn7kq+1y2ybeK6ONyg=,iv:xuh6P1TToQkIikCGCFu8WQzy3uN1X+DeT7fOKKEZG+Y=,tag:CHtHBAve8e7Yzx/C/bcRyA==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:DoTwNwD8Vx3KXNDPeCLp4vyJR8s0Q2IOV10sUvwCSGWbuBm6P63v3k/6Yr74e72x5HHRFEG19yV0SKOY5S5V9GgMdb587gt08Nd7iInO9pVFl6sIyMOx1OiVBlmtdtB5TQP57FhoQ1uttcESsbKHgyEJCD5AAW81gbg6083EA9g=,iv:/HlzSO/9rSSXE7FRa5NLCyApYYxbXbwIsuFsYV15HJc=,tag:X2dE8gXXbz6ZInkvZqEgLg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -6,7 +6,7 @@ metadata:
|
||||
spec:
|
||||
allowFirstLastIPs: "No"
|
||||
blocks:
|
||||
- cidr: "10.0.50.0/24"
|
||||
- cidr: "10.0.0.0/24"
|
||||
---
|
||||
apiVersion: cilium.io/v2alpha1
|
||||
kind: CiliumL2AnnouncementPolicy
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-dns-secret
|
||||
stringData:
|
||||
api-token: ENC[AES256_GCM,data:UKpTJgaK9G9O3J8d7Fgzw8WbfCg24JE=,iv:H1HKlF7vWiDxt7+A7OinafKHyNb5sf7U0krOZ3jK3DE=,tag:FrjImSrAjAf+ba3EWeieBw==,type:str]
|
||||
api-token: ENC[AES256_GCM,data:WYpLcODNDH+hR5Du1vC0cyukqZxPSl0=,iv:m/EH50DeTQ1h15DKnLU+54XKfJzdSTB8kB3PiXpcYoA=,tag:FBaqpUvXd1iRxt+TgpBjIA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MVRtS3UvTWkwUVpJVzlx
|
||||
S2NPWUdVcEhCZjdXdmNBbDQ2MStic0FUblVVCjJrUHMwcWJ6YUI4YTR6NGJRN0RM
|
||||
Nnh6WllvWWkzak1INENIWi8zTHNFNk0KLS0tIHhGRG0wRWNWWXVwUlRsaFYyWUxO
|
||||
VUJTazdTanRPNCtLQXh4and5ZHJNYU0KruRvlrvLZkUTCTBa10m7+RWJ3o7AzntC
|
||||
OnxLebUJC9aYTX6J1BVMPrhmFfSxsK6Rh7X3W8onDtIp2iy3ArrpNw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdUIrWHJhR1QrdWdpZHJI
|
||||
a1R1M1lxc2FmUERmU0h0TkpzVWorRnF2a2dnCktmQTFjRzBnZGJ1enBWUWdmb0JB
|
||||
MnRoZWs2eEZMbGhsSnFhTENQYUJXOTAKLS0tIC9rS2MxTVZUK0c2TEljRnkyTVBs
|
||||
NDZrc3p4VFgrYjdXUkp6eTY5bnN4TzQKj77N+klrJSaenw7zNDh6tSj8av+oZwKo
|
||||
zEiAV3l6WnhNPV6d1MXISkWs1jdmq1mnUj96uN4L/8M9Rp9e5oN8Pw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:gVpksh43O9k+oB/d+zWnZmUdN1VoEsNTL0PzSh1sVceKgxKqVmnWZ2rd4SeGgb5ZRY8qWVoc/VjBpmO5MOR+e9G/Mnr+ObgaMNF7jHfONqHrKrI5cb/V1QY6dLlGfOJXZAeJjNlFW66eBbOA4MYxSL2BN9EmEujhcTw/wN0eg0s=,iv:JJaPxRmuQjkOuLchKqncQKHye4Y/WZNId2HAe+SDQf4=,tag:YcubZaOGX7fNtb3KhEYwew==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:Cu9pIzQf4QJGe6ur4QmT5uKyTywJ9Ayqe7U6IgVQl0YQWMTgzPcr7crE7HzcHbnSWf0VOLTc69+4cdsMqiwZ8p/PqET+UD7QprFPa7tmi19rbuPSMgRhrYlbCPjo8tx22ASh17rQPLKDN/hw4HCt7N8lABDod6irOh5kJt4Ewdk=,iv:FR+JkSo/BMKuhy36/R1Cx0tmvYzV+oTmEvjex8E4jVQ=,tag:ynTb7yutVO61YSm5JNemFg==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-tunnel-secret
|
||||
stringData:
|
||||
TUNNEL_TOKEN: ENC[AES256_GCM,data:9esVt/nhRJpjGM3SprOlvtUHHwhbY1b03lcG/Mod68ljpaIlrdu3qJ4iOIch8tRAETPATpB0ikbyyXtygFIQZ2wD5oiO/KhkmqDwmGFA+KRCah6ghnipMhpYhdYytNDaLfEnQBv88sTZFWDT7apjnHp+msUcpb0F+mD4LrTjLVE+WIBHFYfdAWspsXa+JWQwemjoHASJ6c4gvbB/yW5V1bjLy5R05Zyb5d5SYh+pb9WCLatl,iv:/8uhuoSjwTXFutDUlBxRFsJXQ/lsqs2AcieeUL5Bf0U=,tag:KpzZF9ic999b4NxYiB+8VA==,type:str]
|
||||
TUNNEL_TOKEN: ENC[AES256_GCM,data:7dUHKyUL1HueEKAUYXBXFBJjOG7+DQs/kO+nCf9J2WxK8i88DiKjkoSoHeKJLXAyggayVjzOM15kxgZIa6SFfBKZWFN/qLHZ7I8rULyzkHf+FQvJx1GE7I31uLvWj7EXejPp053z+pGYBjdYe5/eZMfHy1rFXPqEPXw8oPSZ43UbP+Oa9Af5h8QSfuevNOpKX9VhIVdL71OoBsfKPNQhGkuCID6e3+x3QEbAnlB0tD8o2nOt,iv:YSf2745drewpDiNmcT6r/fVYAwakdUkBJWmPBS7wNjo=,tag:6v3A3X7TRIOtxOwGeQsIjA==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5M3F2RTNleFBoR0ZqWnJK
|
||||
NnZJcUNjdXJ3NlJTN3NtMVU2RE96a1l0WFhBCkw1Z0ZCMmxwMU9IZUJsUUo1Lzhm
|
||||
V3ViR2ZVaGVnU0RpUXBPZC8wYXlscHcKLS0tIExMbVEwdlk0a0RTN2d6M0tpNlo5
|
||||
UHBPdnh0Y1N3SGk2N2ptT0o5bzEwMWsK1WCmvr5K8G6GCTmuNUlY9nmzvIh9UNuL
|
||||
c5FQouMsoLnDcj7Vy/IwfHRr5wU2u28RdPmh4dq3yVVGxud3cPgfVw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQ2FOZEU4OWsvTDNZa3pj
|
||||
dUhPMkd4ZUtKWGxCSFpQZE05ZFhuQnAvelVjCmp0S0VpcDhGRGpLRGpIbFBzOGEx
|
||||
dUJScnBOcDhmYnkwY2VRc05sNGd0YXMKLS0tIGJhNGRGcWY5Vjc5cEZJVFVYcHcw
|
||||
UkdCRWI4Y096bU53c05xMWdiMjBpcDQK+FcoUkF4fcSokWwiKpgcFOl99V7KV3/N
|
||||
AvV/Zhl2nrB0u/fsEhSBoPx4sHbrYe8qZZx5wgazQMnjkgGbbgyJ6w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:Grg4MQaP8HS2RFO9I6NBQX/zCbF/YbrK56sH4jCtXISt3FPEvYs31Ka9DwRQD4ajPH8wAK9NQDsX8l9ph27sXIPabbB2oxMvrtT7p8/Ntj5h5asX/hqOOb/5465unw1TzwmSIDN6+8jEQlWzwG2qndNCX6WC54+xa//V1euNjt4=,iv:eMGsHVcLN2IjqwZuH1JToEwyjKUdJZw5yG6Eu7lnsVM=,tag:0oIQa83kSb1suI4db9qhMA==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:/P01+iM+clwj5/M+mh8UyeFLM/s9FYJPwgqrc8tD8vGy/BGISd+D6PKn2ia8ETKpNxCtPcM/9rv0mrmRFRD7nrJeY3iDa87tpRnoyo3+CDe0yJ22stAavrJf5O1Tu71NPKWhsw1SRYJgWUUB0mhIXVcRB4/+ECA7u3Wm2ux080U=,iv:7ulGhyCFZQdy5LEKyxydzGhg9gKYUgiERTZ38k9s3QA=,tag:dDaCZCRtvNYmKXODQ0+dwQ==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
@ -52,7 +52,7 @@ spec:
|
||||
infrastructure:
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: external.${SECRET_DOMAIN}
|
||||
lbipam.cilium.io/ips: "10.0.50.110"
|
||||
lbipam.cilium.io/ips: "10.0.0.210"
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
@ -82,7 +82,7 @@ spec:
|
||||
infrastructure:
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_DOMAIN}
|
||||
lbipam.cilium.io/ips: "10.0.50.102"
|
||||
lbipam.cilium.io/ips: "10.0.0.202"
|
||||
listeners:
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
|
||||
@ -16,6 +16,6 @@ spec:
|
||||
type: LoadBalancer
|
||||
port: 53
|
||||
annotations:
|
||||
lbipam.cilium.io/ips: "10.0.50.101"
|
||||
lbipam.cilium.io/ips: "10.0.0.201"
|
||||
externalTrafficPolicy: Cluster
|
||||
watchedResources: ["HTTPRoute", "Service"]
|
||||
|
||||
@ -3,20 +3,20 @@ kind: Secret
|
||||
metadata:
|
||||
name: cluster-secrets
|
||||
stringData:
|
||||
SECRET_DOMAIN: ENC[AES256_GCM,data:/oM3dDZMlNi/FNit,iv:Rcx5E20gYVa/KYsT+LBAB3WCOXVo8xn82XJlEHzCIno=,tag:XwQNLwZNF9kRX90DbtZiXA==,type:str]
|
||||
SECRET_DOMAIN: ENC[AES256_GCM,data:FiRQTWKukYWG5SeU,iv:ZF66ws//NtgsLAAopFWxqfnS3v+zJ91cCtGDdKmrt8I=,tag:qpZ02/pHY75vPiNn55bnCQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDVKT0QwRHNNSzlicVMz
|
||||
YW52SHR5UmVSUTFzMHlOeCtPUjBPQWtQRzJRClJYUWdZWGlaeVF6ZDdJclVZQ0ht
|
||||
TnVHb214MkE4NkgwZUcwcmtoUmxWU2cKLS0tIEltL09BK0R5Z0VkWURzbmxGbE1M
|
||||
Y1hPbFo0eDlvZ0lnazc3aTRGd2htd0kKdyJCErhBU1d/d7ijNkW9OYWEjLAnsdjO
|
||||
Ov2z/d+7swzx7xhh5mmpjgDbLYoh/CMqTwGj5O4toNDgv/Zus4VpCg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeU9xRzFpNUIwVDd0L1FW
|
||||
TzBwS0U4bmNob0dISGlhRS9vY1FWVWRnVmlnCnlxOEZPUEd1WUdzK2VyNEpxckts
|
||||
S1QyUDVGaTJQYW53VzNHWHp2ek1CbzgKLS0tIG9hczhjY2s0U1N6RCtRS3pBUWd5
|
||||
S21ack5la3RDUTQ2dW8rRHNNK2ZXVEUK63/NjwmIn0cKAfbGGdgdN7meUQxHPnNH
|
||||
acqptglQpDthoGoI3sDhBeG+jcMfIwNCYP+lANbVaN0JXnTG/O7qxg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-06T17:15:16Z"
|
||||
mac: ENC[AES256_GCM,data:DRtYVDbOL02OivB7Bymy/bMW9I3gJfVcpHDYXaVDRdj1Nq6oQNbToTBdfJNgOcvVzVtq+AuJg7UF7mL4+hGN5EC8DoSbU9CfJxV0w7Zw7gyHKMV9OFsvE6dzXEXKYfsQtHnmQ/tZ6uSx9yrUzdq8cyLS8Dc9MxncCygTFwFp/fU=,iv:IjTWClKnorqCLVGxzq2pnp7EaivDdjMqnZ126CkQGbs=,tag:eO+t9hV9B4CZpnoO4DQonw==,type:str]
|
||||
lastmodified: "2026-02-06T23:19:54Z"
|
||||
mac: ENC[AES256_GCM,data:vAD+P1BodNPfsReicZ45ODsKol0e4zxG/x6USbJKvkNkVFAoqIlXCfbh8TeabDUbrVsucZMpCtViuhjGwnRaU1qhwoxxCAcq27MZk28c6eCjsWG8KxrUx3WM5nBk19Htgkm118Y+ls0vYCcS+H8rVuezAJ1+ZT2OhfD76JYHatY=,iv:T1nN8eKDlwICgRxfURETqrlD2FMie1ux9SlR/YnYkbc=,tag:IyCZ12r1hvpiKm4xXf62Yw==,type:str]
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
mac_only_encrypted: true
|
||||
version: 3.11.0
|
||||
|
||||
2
talos/clusterconfig/.gitignore
vendored
2
talos/clusterconfig/.gitignore
vendored
@ -1,4 +1,4 @@
|
||||
kubernetes-blade-cm4-001.yaml
|
||||
kubernetes-esxi-2cu-8g-02.yaml
|
||||
kubernetes-esxi-2cu-8g-01.yaml
|
||||
kubernetes-esxi-2cu-8g-03.yaml
|
||||
talosconfig
|
||||
|
||||
@ -15,7 +15,7 @@ cluster:
|
||||
extraArgs:
|
||||
listen-metrics-urls: http://0.0.0.0:2381
|
||||
advertisedSubnets:
|
||||
- 10.0.50.0/24
|
||||
- 10.0.0.0/24
|
||||
proxy:
|
||||
disabled: true
|
||||
scheduler:
|
||||
|
||||
@ -4,4 +4,4 @@ machine:
|
||||
serializeImagePulls: false
|
||||
nodeIP:
|
||||
validSubnets:
|
||||
- 10.0.50.0/24
|
||||
- 10.0.0.0/24
|
||||
|
||||
@ -4,10 +4,10 @@ clusterName: kubernetes
|
||||
talosVersion: "${talosVersion}"
|
||||
kubernetesVersion: "${kubernetesVersion}"
|
||||
|
||||
endpoint: https://10.0.50.100:6443
|
||||
endpoint: https://10.0.0.200:6443
|
||||
additionalApiServerCertSans: &sans
|
||||
- "127.0.0.1"
|
||||
- "10.0.50.100"
|
||||
- "10.0.0.200"
|
||||
additionalMachineCertSans: *sans
|
||||
|
||||
clusterPodNets: ["10.42.0.0/16"]
|
||||
@ -23,7 +23,8 @@ nodes:
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
talosImageURL: factory.talos.dev/installer/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
|
||||
# grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
- deviceSelector:
|
||||
@ -32,17 +33,18 @@ nodes:
|
||||
addresses:
|
||||
- "10.0.0.145/24"
|
||||
routes:
|
||||
- gateway: "10.0.50.1"
|
||||
- gateway: "10.0.0.1"
|
||||
network: 0.0.0.0/0
|
||||
mtu: 1500
|
||||
vip:
|
||||
ip: "10.0.50.100"
|
||||
ip: "10.0.0.200"
|
||||
- hostname: "esxi-2cu-8g-01"
|
||||
ipAddress: "10.0.0.146"
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
talosImageURL: factory.talos.dev/installer/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
|
||||
# grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
- deviceSelector:
|
||||
@ -51,17 +53,18 @@ nodes:
|
||||
addresses:
|
||||
- "10.0.0.146/24"
|
||||
routes:
|
||||
- gateway: "10.0.50.1"
|
||||
- gateway: "10.0.0.1"
|
||||
network: 0.0.0.0/0
|
||||
mtu: 1500
|
||||
vip:
|
||||
ip: "10.0.50.100"
|
||||
ip: "10.0.0.200"
|
||||
- hostname: "esxi-2cu-8g-03"
|
||||
ipAddress: "10.0.0.147"
|
||||
installDisk: "/dev/sda"
|
||||
machineSpec:
|
||||
secureboot: false
|
||||
talosImageURL: factory.talos.dev/installer/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
|
||||
# grubUseUKICmdline: false
|
||||
talosImageURL: factory.talos.dev/installer/43a1a6104d8dcd6547983f4ed13abb6f5e8a1b2fdad796c69e7db6e95d122884
|
||||
controlPlane: true
|
||||
networkInterfaces:
|
||||
- deviceSelector:
|
||||
@ -70,11 +73,11 @@ nodes:
|
||||
addresses:
|
||||
- "10.0.0.147/24"
|
||||
routes:
|
||||
- gateway: "10.0.50.1"
|
||||
- gateway: "10.0.0.1"
|
||||
network: 0.0.0.0/0
|
||||
mtu: 1500
|
||||
vip:
|
||||
ip: "10.0.50.100"
|
||||
ip: "10.0.0.200"
|
||||
|
||||
# Global patches
|
||||
patches:
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
|
||||
talosVersion: v1.12.2
|
||||
talosVersion: v1.11.3
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
|
||||
kubernetesVersion: v1.35.0
|
||||
kubernetesVersion: v1.34.0
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -32,6 +32,7 @@ nodes:
|
||||
#% endif %#
|
||||
machineSpec:
|
||||
secureboot: #{ (true if item.secureboot else false) | string | lower }#
|
||||
# grubUseUKICmdline: #{ (true if item.UseUKI else false) | string | lower }#
|
||||
talosImageURL: factory.talos.dev/installer#{ "-secureboot" if item.secureboot | default(false, true) }#/#{ item.schematic_id }#
|
||||
controlPlane: #{ (item.controller) | string | lower }#
|
||||
networkInterfaces:
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
|
||||
talosVersion: v1.12.2
|
||||
talosVersion: v1.11.3
|
||||
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
|
||||
kubernetesVersion: v1.35.0
|
||||
kubernetesVersion: v1.34.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user