feat: Bootstrap cluster with Talos 1.11.3 ✅

2026-02-07 00:37:01 +01:00
parent 0fb1007e33
commit 9d42bbb46b
19 changed files with 121 additions and 91 deletions
--- a/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml
+++ b/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml
@@ -3,20 +3,20 @@ kind: Secret
 metadata:
  name: cloudflare-dns-secret
 stringData:
-  api-token: ENC[AES256_GCM,data:UKpTJgaK9G9O3J8d7Fgzw8WbfCg24JE=,iv:H1HKlF7vWiDxt7+A7OinafKHyNb5sf7U0krOZ3jK3DE=,tag:FrjImSrAjAf+ba3EWeieBw==,type:str]
+  api-token: ENC[AES256_GCM,data:WYpLcODNDH+hR5Du1vC0cyukqZxPSl0=,iv:m/EH50DeTQ1h15DKnLU+54XKfJzdSTB8kB3PiXpcYoA=,tag:FBaqpUvXd1iRxt+TgpBjIA==,type:str]
 sops:
  age:
    - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
      enc: |
        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MVRtS3UvTWkwUVpJVzlx
-        S2NPWUdVcEhCZjdXdmNBbDQ2MStic0FUblVVCjJrUHMwcWJ6YUI4YTR6NGJRN0RM
-        Nnh6WllvWWkzak1INENIWi8zTHNFNk0KLS0tIHhGRG0wRWNWWXVwUlRsaFYyWUxO
-        VUJTazdTanRPNCtLQXh4and5ZHJNYU0KruRvlrvLZkUTCTBa10m7+RWJ3o7AzntC
-        OnxLebUJC9aYTX6J1BVMPrhmFfSxsK6Rh7X3W8onDtIp2iy3ArrpNw==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdUIrWHJhR1QrdWdpZHJI
+        a1R1M1lxc2FmUERmU0h0TkpzVWorRnF2a2dnCktmQTFjRzBnZGJ1enBWUWdmb0JB
+        MnRoZWs2eEZMbGhsSnFhTENQYUJXOTAKLS0tIC9rS2MxTVZUK0c2TEljRnkyTVBs
+        NDZrc3p4VFgrYjdXUkp6eTY5bnN4TzQKj77N+klrJSaenw7zNDh6tSj8av+oZwKo
+        zEiAV3l6WnhNPV6d1MXISkWs1jdmq1mnUj96uN4L/8M9Rp9e5oN8Pw==
        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-02-06T17:15:16Z"
-  mac: ENC[AES256_GCM,data:gVpksh43O9k+oB/d+zWnZmUdN1VoEsNTL0PzSh1sVceKgxKqVmnWZ2rd4SeGgb5ZRY8qWVoc/VjBpmO5MOR+e9G/Mnr+ObgaMNF7jHfONqHrKrI5cb/V1QY6dLlGfOJXZAeJjNlFW66eBbOA4MYxSL2BN9EmEujhcTw/wN0eg0s=,iv:JJaPxRmuQjkOuLchKqncQKHye4Y/WZNId2HAe+SDQf4=,tag:YcubZaOGX7fNtb3KhEYwew==,type:str]
+  lastmodified: "2026-02-06T23:19:54Z"
+  mac: ENC[AES256_GCM,data:Cu9pIzQf4QJGe6ur4QmT5uKyTywJ9Ayqe7U6IgVQl0YQWMTgzPcr7crE7HzcHbnSWf0VOLTc69+4cdsMqiwZ8p/PqET+UD7QprFPa7tmi19rbuPSMgRhrYlbCPjo8tx22ASh17rQPLKDN/hw4HCt7N8lABDod6irOh5kJt4Ewdk=,iv:FR+JkSo/BMKuhy36/R1Cx0tmvYzV+oTmEvjex8E4jVQ=,tag:ynTb7yutVO61YSm5JNemFg==,type:str]
  encrypted_regex: ^(data|stringData)$
  mac_only_encrypted: true
  version: 3.11.0
--- a/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml
+++ b/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml
@@ -3,20 +3,20 @@ kind: Secret
 metadata:
  name: cloudflare-tunnel-secret
 stringData:
-  TUNNEL_TOKEN: ENC[AES256_GCM,data:9esVt/nhRJpjGM3SprOlvtUHHwhbY1b03lcG/Mod68ljpaIlrdu3qJ4iOIch8tRAETPATpB0ikbyyXtygFIQZ2wD5oiO/KhkmqDwmGFA+KRCah6ghnipMhpYhdYytNDaLfEnQBv88sTZFWDT7apjnHp+msUcpb0F+mD4LrTjLVE+WIBHFYfdAWspsXa+JWQwemjoHASJ6c4gvbB/yW5V1bjLy5R05Zyb5d5SYh+pb9WCLatl,iv:/8uhuoSjwTXFutDUlBxRFsJXQ/lsqs2AcieeUL5Bf0U=,tag:KpzZF9ic999b4NxYiB+8VA==,type:str]
+  TUNNEL_TOKEN: ENC[AES256_GCM,data:7dUHKyUL1HueEKAUYXBXFBJjOG7+DQs/kO+nCf9J2WxK8i88DiKjkoSoHeKJLXAyggayVjzOM15kxgZIa6SFfBKZWFN/qLHZ7I8rULyzkHf+FQvJx1GE7I31uLvWj7EXejPp053z+pGYBjdYe5/eZMfHy1rFXPqEPXw8oPSZ43UbP+Oa9Af5h8QSfuevNOpKX9VhIVdL71OoBsfKPNQhGkuCID6e3+x3QEbAnlB0tD8o2nOt,iv:YSf2745drewpDiNmcT6r/fVYAwakdUkBJWmPBS7wNjo=,tag:6v3A3X7TRIOtxOwGeQsIjA==,type:str]
 sops:
  age:
    - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst
      enc: |
        -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5M3F2RTNleFBoR0ZqWnJK
-        NnZJcUNjdXJ3NlJTN3NtMVU2RE96a1l0WFhBCkw1Z0ZCMmxwMU9IZUJsUUo1Lzhm
-        V3ViR2ZVaGVnU0RpUXBPZC8wYXlscHcKLS0tIExMbVEwdlk0a0RTN2d6M0tpNlo5
-        UHBPdnh0Y1N3SGk2N2ptT0o5bzEwMWsK1WCmvr5K8G6GCTmuNUlY9nmzvIh9UNuL
-        c5FQouMsoLnDcj7Vy/IwfHRr5wU2u28RdPmh4dq3yVVGxud3cPgfVw==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQ2FOZEU4OWsvTDNZa3pj
+        dUhPMkd4ZUtKWGxCSFpQZE05ZFhuQnAvelVjCmp0S0VpcDhGRGpLRGpIbFBzOGEx
+        dUJScnBOcDhmYnkwY2VRc05sNGd0YXMKLS0tIGJhNGRGcWY5Vjc5cEZJVFVYcHcw
+        UkdCRWI4Y096bU53c05xMWdiMjBpcDQK+FcoUkF4fcSokWwiKpgcFOl99V7KV3/N
+        AvV/Zhl2nrB0u/fsEhSBoPx4sHbrYe8qZZx5wgazQMnjkgGbbgyJ6w==
        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-02-06T17:15:16Z"
-  mac: ENC[AES256_GCM,data:Grg4MQaP8HS2RFO9I6NBQX/zCbF/YbrK56sH4jCtXISt3FPEvYs31Ka9DwRQD4ajPH8wAK9NQDsX8l9ph27sXIPabbB2oxMvrtT7p8/Ntj5h5asX/hqOOb/5465unw1TzwmSIDN6+8jEQlWzwG2qndNCX6WC54+xa//V1euNjt4=,iv:eMGsHVcLN2IjqwZuH1JToEwyjKUdJZw5yG6Eu7lnsVM=,tag:0oIQa83kSb1suI4db9qhMA==,type:str]
+  lastmodified: "2026-02-06T23:19:54Z"
+  mac: ENC[AES256_GCM,data:/P01+iM+clwj5/M+mh8UyeFLM/s9FYJPwgqrc8tD8vGy/BGISd+D6PKn2ia8ETKpNxCtPcM/9rv0mrmRFRD7nrJeY3iDa87tpRnoyo3+CDe0yJ22stAavrJf5O1Tu71NPKWhsw1SRYJgWUUB0mhIXVcRB4/+ECA7u3Wm2ux080U=,iv:7ulGhyCFZQdy5LEKyxydzGhg9gKYUgiERTZ38k9s3QA=,tag:dDaCZCRtvNYmKXODQ0+dwQ==,type:str]
  encrypted_regex: ^(data|stringData)$
  mac_only_encrypted: true
  version: 3.11.0
--- a/kubernetes/apps/network/envoy-gateway/app/envoy.yaml
+++ b/kubernetes/apps/network/envoy-gateway/app/envoy.yaml
@@ -52,7 +52,7 @@ spec:
  infrastructure:
    annotations:
      external-dns.alpha.kubernetes.io/hostname: external.${SECRET_DOMAIN}
-      lbipam.cilium.io/ips: "10.0.50.110"
+      lbipam.cilium.io/ips: "10.0.0.210"
  listeners:
    - name: http
      protocol: HTTP
@@ -82,7 +82,7 @@ spec:
  infrastructure:
    annotations:
      external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_DOMAIN}
-      lbipam.cilium.io/ips: "10.0.50.102"
+      lbipam.cilium.io/ips: "10.0.0.202"
  listeners:
    - name: http
      protocol: HTTP
--- a/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml
+++ b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml
@@ -16,6 +16,6 @@ spec:
      type: LoadBalancer
      port: 53
      annotations:
-        lbipam.cilium.io/ips: "10.0.50.101"
+        lbipam.cilium.io/ips: "10.0.0.201"
      externalTrafficPolicy: Cluster
    watchedResources: ["HTTPRoute", "Service"]