From a955600d202a040e5502e22856e6e7073b8e9c6d Mon Sep 17 00:00:00 2001 From: Laur IVAN Date: Sat, 7 Feb 2026 15:52:03 +0100 Subject: [PATCH] chore: Updated apps. --- .beads/issues.jsonl | 2 +- bootstrap/sops-age.sops.yaml | 16 ++++++++-------- .../cert-manager/app/secret.sops.yaml | 16 ++++++++-------- .../flux-instance/app/helmrelease.yaml | 2 +- .../flux-instance/app/secret.sops.yaml | 16 ++++++++-------- .../network/cloudflare-dns/app/secret.sops.yaml | 16 ++++++++-------- .../cloudflare-tunnel/app/secret.sops.yaml | 16 ++++++++-------- .../apps/network/envoy-gateway/app/envoy.yaml | 4 ++-- .../network/k8s-gateway/app/helmrelease.yaml | 2 +- .../components/sops/cluster-secrets.sops.yaml | 16 ++++++++-------- talos/talconfig.yaml | 10 +++++----- 11 files changed, 58 insertions(+), 58 deletions(-) diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl index fc91a6b..c9133e8 100644 --- a/.beads/issues.jsonl +++ b/.beads/issues.jsonl @@ -1,6 +1,6 @@ {"id":"homelab-3p8","title":"Watch cluster rollout","description":"Watch the rollout of the cluster to ensure all pods are starting correctly","acceptance_criteria":"- Command `kubectl get pods --all-namespaces --watch` is running\n- All pods are observed rolling out\n- Pods reach Running/Ready state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:25.122454196+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:25.122454196+01:00","labels":["bootstrap","verification"]} {"id":"homelab-4cn","title":"Configure GitHub webhook for Flux","description":"Configure GitHub webhook to send push events to Flux for automatic reconciliation on git push","acceptance_criteria":"- Command `kubectl -n flux-system get receiver github-webhook --output=jsonpath='{.status.webhookPath}'` returns webhook path\n- Full webhook URL is constructed with format: https://flux-webhook.${cloudflare_domain}/hook/{path}\n- Webhook is added to GitHub repository settings\n- Webhook payload URL is set correctly\n- Content type is set to application/json\n- Secret token from github-push-token.txt is configured\n- Events are set to \"Just the push event\"\n- Webhook is saved and active","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:23.881275565+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:23.881275565+01:00","labels":["configuration","flux","github"]} -{"id":"homelab-7k4","title":"Push talhelper encrypted secret to git","description":"After installing Talos, commit and push the talhelper encrypted secret to the repository","acceptance_criteria":"- Changes are staged with `git add -A`\n- Commit is created with message \"chore: add talhelper encrypted secret :lock:\"\n- Changes are pushed to remote repository","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:05.950780413+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:05.950780413+01:00","labels":["bootstrap","git"]} +{"id":"homelab-7k4","title":"Push talhelper encrypted secret to git","description":"After installing Talos, commit and push the talhelper encrypted secret to the repository","acceptance_criteria":"- Changes are staged with `git add -A`\n- Commit is created with message \"chore: add talhelper encrypted secret :lock:\"\n- Changes are pushed to remote repository","status":"closed","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:05.950780413+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:44:58.80046492+01:00","closed_at":"2026-02-07T00:44:58.80046492+01:00","close_reason":"Successfully staged, committed, and pushed talhelper encrypted secret to git repository","labels":["bootstrap","git"]} {"id":"homelab-82o","title":"Verify Flux status and resources","description":"Check the status of Flux and verify all Flux resources are up-to-date and in a ready state","acceptance_criteria":"- Command `flux check` passes all checks\n- Command `flux get sources git flux-system` shows ready state\n- Command `flux get ks -A` shows all kustomizations ready\n- Command `flux get hr -A` shows all helm releases ready","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:43.666513198+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:43.666513198+01:00","labels":["flux","verification"]} {"id":"homelab-f7u","title":"Tidy up repository (remove templates)","description":"Clean up the repository by removing the templates directory and templating-related files to eliminate clutter and resolve Renovate warnings","acceptance_criteria":"- Command `task template:tidy` completes successfully\n- Templates directory is removed\n- Templating-related files are cleaned up\n- Changes are committed with message \"chore: tidy up :broom:\"\n- Changes are pushed to git","status":"open","priority":3,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:33:32.475687645+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:33:32.475687645+01:00","labels":["cleanup","git"]} {"id":"homelab-gqj","title":"Bootstrap cluster applications (cilium, coredns, spegel, flux)","description":"Install cilium, coredns, spegel, flux and sync the cluster to the repository state","acceptance_criteria":"- Command `task bootstrap:apps` completes successfully\n- Cilium is installed\n- CoreDNS is installed\n- Spegel is installed\n- Flux is installed\n- Cluster is synced to repository state","status":"open","priority":2,"issue_type":"task","owner":"laur.ivan@ec.europa.eu","created_at":"2026-02-07T00:32:15.371162045+01:00","created_by":"Laur IVAN","updated_at":"2026-02-07T00:32:15.371162045+01:00","labels":["apps","bootstrap"]} diff --git a/bootstrap/sops-age.sops.yaml b/bootstrap/sops-age.sops.yaml index 657181f..de82d6e 100644 --- a/bootstrap/sops-age.sops.yaml +++ b/bootstrap/sops-age.sops.yaml @@ -4,20 +4,20 @@ metadata: name: sops-age namespace: flux-system stringData: - age.agekey: ENC[AES256_GCM,data:wUWN4GHTYiqT6SqRNcr5hk6YEPnqcHQSBSYLbxnIpwaguwfhE7B/hIDXMngOyIWaDSoqohx0hGHoWAMKdPEv1b8bVEbDaaKo1QI=,iv:5y2IvZUzLeHfChv1BfO0H0nz2s4bwVzg3rfy30GzIik=,tag:KRxEgCHgShNYkuPq6qwCJQ==,type:str] + age.agekey: ENC[AES256_GCM,data:2SWwOO6ak2wDQhqum1iLyCB67w5Q6cgk3BRxkLopPzVk3g7lx37uv39aArzPyZp8kCoeYm3pyu2cOyYRzbVpC84IL/Stt8x81qE=,iv:BMDhZM1AgulnlEdlC5lFIt470VnAmFs646rjWzofSoY=,tag:4KqhLm57R6pFZCgwKPYzmg==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UGY2VXZFd2FLT0oySnJa - UTlIM21JemtRUzNUTEE1aFVvcGxzMlJ3V204Ck9sb0o1a3VJZStxekZvbmE0c3B1 - WjNJbmpBaWxrTGlnd0lQTThxU1FZMGsKLS0tIGtjNExDMStVZndhU0tmcnJsa1E0 - cytWWnRoNnlhVXpYcG0xRTZRMzQwTU0KW/C7wKtC8iM6no6YrjU7rfXMZs+uNJMy - DjHgledfcJ5r/Ae5KwY5Su7tx/hAQAw+y+XOAUm1fzwV/zTVz5/WTw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTGpVT0tjWGpwanNYS0Rz + Ti9RUjBxRTFPTmRCVjUzVkJ2aWNnK1h6azF3CkxkVGljUlFuRTJYQVFnTzIrcXVT + eHFYRHV5cHVtZ3FxNWlFcnI2MW5SWHMKLS0tIENGQnhQZ2kwV0pvUWtWb1NGOFB0 + YThOYkpSNUZ1Qy8rc0I4VHAwd3hTVEEK/2PusdI4o497PrSxGN1Zs8GaTEw1RJmY + UduWX7s9niTPFuQdZogTYhwC/sM8VgMHTSdnFjCqJBQPv61gWfX92w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:Kz53Z7KukIQqM6l3WRkv8Fm8ceZwFIEcMCi59ewh3H8o9qPYKtB3QJsqUJJZBrUor5FP/tbeTyutZxZU2Muqo8zge1+FrheyplIQSmVhMF6feCZSNdd9MZHBJD2jc1KHXHy3o0GdNyntARRjICDnE3vq6nrbMdVofODVBtEJGXk=,iv:VFUBchPk9PlOaQ0jfrHp0VgVCFcB50vbQcWOkadYeNY=,tag:nUNkgfwGy2QutLrpUHqP1Q==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:S7xFcBXePVZNxwQY5qujhsnamLcDU8TUBjmHzSoViA7k+omqzHx1j8gnM6duvD/s245s3IK8iEbkVokefVJnDhw9epKaz6w1uz0dES9poghjfeuJ2CfIem9rfti/xPOcdPXzOU7vj1ClzZzXPoMJPdMzqncc7q8BKik9Ca7MoL8=,iv:ciGDBPZL/9JXFONBoCYZmwLckV+kc+/Pf308/0h9yEM=,tag:BLiqIwDJVJC+TO7Hmxx4iA==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml index 80f8b67..a887358 100644 --- a/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cert-manager-secret stringData: - api-token: ENC[AES256_GCM,data:8ZfAyBvM7tVWaG2G/L/FFY6hbAAALBQ=,iv:NlG4loGnqLe+ECP0ckFz1LSCd2OAxXoyVk61FV/nskA=,tag:8xYcDqsFkmPa6l8N+0rGtQ==,type:str] + api-token: ENC[AES256_GCM,data:fUGFx/nZfHuErWttiHWWDlcW2Els+R8=,iv:o+TZqelQf/luxijmJqWyBjW6fnOTL02JeMpey36nl4I=,tag:HonwhhfRpXVQaWGnO8iBDA==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWDJhaDR4QVhRZVZjbXVF - MDdGazU2RWRuRzVDTVV0N1ZzQmpVYTFMZGdnClp5UExtUzl5K3ZjRWJEcDY5RnN0 - cUJ2QnA5ZGRONGFOeWhiZHhiWmJWRTQKLS0tIFM0ZStnK3VZRkQ5bU1EVUlFV0hY - WVZ6L0JlZzZGVmhWa0tKQXhDWFowbTgK9cxIrmI9NEN5/MLOKfM/porIWuVu1jKL - F+HPb7isgvY0P3c/PJLd9d0Z2mderFhvLPTgNVjXkqIVDMj8kJUtmg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K056MmZyZzBsK3h2SXBi + R2l6Vmd0ekMxV1hPVTh6ZHpZYmszelAwTlZjCnNLcllBRFlTczRZR2hCRDM4bGFN + dU8vZFA5cFk4aWZGaXJYZTlpb2w3YTgKLS0tIDNicmVQMGdWczI2UTloNDdFbjFG + TVRaQkZlazJXV1hEcUxKNFY3Z3dxYW8KxidCwhu/63CGFHUrBzjO73lM01ZE0nK3 + ACbhUuV+BtC8jtSNcUa49RTKiiGPtecwCwE22N0MmLKwj9MsJyNf3A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:8A0c8MxMJLCd4nhsFBLRUGiC8IUbu7qJBa8zgp3vhgY+W7YCThmYzu2Q147zbch5kvA8PORF5CAbZjDvvwQ7WojSDw2qHEA7wPU8wbSE7WSL9o3Lp1027z1fk15TvlFCGRR3V3L8kTyMQXxc9tHCd0vFx7F+O99/c6hlovbSuDE=,iv:V8Okp/ciK/rt0FnEc6NJ9PDxjdoiUgiYs4UK6D2t47E=,tag:AMX4EDTokC66DMMBZ4hpYw==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:3USl1LeFYd4j6sra0s3D2Y3a5zhrMTu/OnSoRQAfByFKYA1/54QR9+r50Ww8Ct00Ok5GnUEGgqC3U5fE3nkr/eUKk8XZ/hhDhVLQ0sN4FGFRNtqRKQV3fRml2Ad54+HMgfh9as4co+fhk4+KRHl8ZMqABqsOloUQgIhc6yE9dUM=,iv:Od3IdoVc6byJD6ehlGhki60z3efNnxfGw1v4M5iLwyY=,tag:gs4dsqSQUfffNzmlIRxQdA==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml b/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml index 63545ee..da768ab 100644 --- a/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/flux-instance/app/helmrelease.yaml @@ -21,7 +21,7 @@ spec: - notification-controller sync: kind: GitRepository - url: "https://github.com/dev/cluster.git" + url: "https://git.laurivan.com/Dev/talos-cluster.git" ref: "refs/heads/main" path: kubernetes/flux/cluster commonMetadata: diff --git a/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml b/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml index efd196b..8fb4053 100644 --- a/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml +++ b/kubernetes/apps/flux-system/flux-instance/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: github-webhook-token-secret stringData: - token: ENC[AES256_GCM,data:tPhLMHfjDb36TYDTrURsThcMTPnEUXXd673xcrk0W9o=,iv:yTsvzqOTZvAJuEf8qmPS3boVQ6F0sUlFBy4VA67DXUM=,tag:DZr236d3zm55CufMo1+XQg==,type:str] + token: ENC[AES256_GCM,data:Izz95QiCRTxans5ogPlELMBW8mS1MxdIdKNemTmJn0w=,iv:vTgx9nMQvDYdfC8fPsfHMgPoCt8vdEmrs4xUwvZC200=,tag:zD4qZrn1yREXXvQ4g5jjjA==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBQzRTRms2bWdobnYzOW9Q - UTg4WGtmMUMyaWVrVXhJUmpsV0ZTTmJiMWlZCmEzUnYvdWNENG5DdTg2elFiY09O - ckhoTFp6RXdHM1NXcjlaMmdKd0dMaW8KLS0tIHFhMWNtZ0NzVU1ZOFUxQkN1NVBX - RUV4d2ZwQ1c0cThxK0h1Wmo5cE1NelEKn1zF0F3mTITgcfr2Pt6Xgy1HjuXLAF7e - d6xpY7HKSEhhESQO5veXdYpYi1k8o81HyZtl13pwkgwgOkuJw5MDlA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZmR3b1ZaL0JKVzlBVTg1 + eWlOSnpNYkNBUlYxelMwU3hJU1RTUjF5SDF3CmhWVGlGMnJ4bzFhVk1CVGt5SjIw + U1d3cXRvTUhyaFFnSXhaWStyM1dCdlkKLS0tIEIvbEY3WldlSkc4TkNOYXQyeXl1 + emd4WXF1MnBOTlY5ODFiamMwOHgxc0UKVPa/FP9/ZbuqFHIfl4mj1KIoadL5XK81 + pVph+eEOb/A5lBCtQxuuAu7nNOIbT9RBIGVjBADq28MwYKPoiWWXiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:DoTwNwD8Vx3KXNDPeCLp4vyJR8s0Q2IOV10sUvwCSGWbuBm6P63v3k/6Yr74e72x5HHRFEG19yV0SKOY5S5V9GgMdb587gt08Nd7iInO9pVFl6sIyMOx1OiVBlmtdtB5TQP57FhoQ1uttcESsbKHgyEJCD5AAW81gbg6083EA9g=,iv:/HlzSO/9rSSXE7FRa5NLCyApYYxbXbwIsuFsYV15HJc=,tag:X2dE8gXXbz6ZInkvZqEgLg==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:2EzDzs9CfeWb+T6INQSXRdvslL+NTVgk+Xy0JZYtLH+lV4wH2BdEwKIELEcJCVdQXzwt6INJK+BW1avs02jH9bwB9smmeOttPFsfpc7xS9REafPUsvZerezZh9Nn4yUPeQvq74sKOYviaRHGmMtv0D5EfBil3qU9czDQ7I+Kf7c=,iv:epLU37sX7HBfEaIgYXpocMed1HXP8jVvrxcY7bIYh8M=,tag:ImZ4tZr+Zgfre/SZMz6n4g==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml b/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml index 1fd4a6d..c2f8a6a 100644 --- a/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml +++ b/kubernetes/apps/network/cloudflare-dns/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cloudflare-dns-secret stringData: - api-token: ENC[AES256_GCM,data:WYpLcODNDH+hR5Du1vC0cyukqZxPSl0=,iv:m/EH50DeTQ1h15DKnLU+54XKfJzdSTB8kB3PiXpcYoA=,tag:FBaqpUvXd1iRxt+TgpBjIA==,type:str] + api-token: ENC[AES256_GCM,data:WcvJWc2AluvtAWoZCVHvSQvAQhI5RQc=,iv:1WKH9pSBfVi25Hk/k7uRuR2GE4QTcOvIFVOASoo9cD4=,tag:cYmR+p54WBScrA4kDHoj8A==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdUIrWHJhR1QrdWdpZHJI - a1R1M1lxc2FmUERmU0h0TkpzVWorRnF2a2dnCktmQTFjRzBnZGJ1enBWUWdmb0JB - MnRoZWs2eEZMbGhsSnFhTENQYUJXOTAKLS0tIC9rS2MxTVZUK0c2TEljRnkyTVBs - NDZrc3p4VFgrYjdXUkp6eTY5bnN4TzQKj77N+klrJSaenw7zNDh6tSj8av+oZwKo - zEiAV3l6WnhNPV6d1MXISkWs1jdmq1mnUj96uN4L/8M9Rp9e5oN8Pw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWTltMFUzY1VZb1pWc2RD + bWZzTVp6S2F1NVd4c212eHJVOEs0NngxMzBrClo0NFlDM3RQcGNaWHF4dkZFTHg0 + dmJZWFk3c3FrNlR6UGVMUmRIMWVIZzgKLS0tIERBaUovUlZKcStzUzdhRFlKaVI2 + bkUwWVB4Q09haCtuYVQrZm1DZDExcTgKS261rildFFryuhP1kks+YbaWQmD8e++S + ius1YYddJqQ2WgtKdotV765uSH3ptA1N0ARppqnCKgp8p8Uywu9tcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:Cu9pIzQf4QJGe6ur4QmT5uKyTywJ9Ayqe7U6IgVQl0YQWMTgzPcr7crE7HzcHbnSWf0VOLTc69+4cdsMqiwZ8p/PqET+UD7QprFPa7tmi19rbuPSMgRhrYlbCPjo8tx22ASh17rQPLKDN/hw4HCt7N8lABDod6irOh5kJt4Ewdk=,iv:FR+JkSo/BMKuhy36/R1Cx0tmvYzV+oTmEvjex8E4jVQ=,tag:ynTb7yutVO61YSm5JNemFg==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:ZJ3KIzeFzrMeGGiKpjtmcDbHs2WqRaCQWCufl9yrRMAKHre4BgTNL0+ISu0PcQHOsECswPeH4cioCiuIyzEj9wRyLFTD/+wHpMjdZ62jtyLk7SR+tGL4QoqYEKyc3gwMyrJvpbYzxelNrOIV5L0mubrqkwtgPlvUpKsqbNcHsuE=,iv:IaOntWIKxnytLTTWCqvnF4wwMldNyUzkqjVI8XCxzr4=,tag:vjMnTt57JUxWuzh2ht8z7Q==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml b/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml index e4827e0..8651e27 100644 --- a/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml +++ b/kubernetes/apps/network/cloudflare-tunnel/app/secret.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cloudflare-tunnel-secret stringData: - TUNNEL_TOKEN: ENC[AES256_GCM,data:7dUHKyUL1HueEKAUYXBXFBJjOG7+DQs/kO+nCf9J2WxK8i88DiKjkoSoHeKJLXAyggayVjzOM15kxgZIa6SFfBKZWFN/qLHZ7I8rULyzkHf+FQvJx1GE7I31uLvWj7EXejPp053z+pGYBjdYe5/eZMfHy1rFXPqEPXw8oPSZ43UbP+Oa9Af5h8QSfuevNOpKX9VhIVdL71OoBsfKPNQhGkuCID6e3+x3QEbAnlB0tD8o2nOt,iv:YSf2745drewpDiNmcT6r/fVYAwakdUkBJWmPBS7wNjo=,tag:6v3A3X7TRIOtxOwGeQsIjA==,type:str] + TUNNEL_TOKEN: ENC[AES256_GCM,data:syjBrBTRKtixZTytObYGKJOJctZcCGXz3zH814fUn7iJOGR7X/W73JaPTPQz+FCnCCnrg//hbrgKiuayWJo0KjIy8/Z7oWWeGpkdVZQTxBJoS68M0W4X9bv0h5cz6OS5g4Pnx9nkY0U+BVvg1sKQ6/35oYi3O8OFi9+nuHQNaQbKK0Jc/GNuqMHc3C2YWj1dBHQgplVVEO/81k9h9bPGtK61G4QZJIgtnQvCJ3oOv23i2/uV,iv:uXiebkh8o9Ma8SMD7EMUJcDvMaUpso8FDplsE80RljY=,tag:21lL3z7jtYVaJWB2dnlYdQ==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQ2FOZEU4OWsvTDNZa3pj - dUhPMkd4ZUtKWGxCSFpQZE05ZFhuQnAvelVjCmp0S0VpcDhGRGpLRGpIbFBzOGEx - dUJScnBOcDhmYnkwY2VRc05sNGd0YXMKLS0tIGJhNGRGcWY5Vjc5cEZJVFVYcHcw - UkdCRWI4Y096bU53c05xMWdiMjBpcDQK+FcoUkF4fcSokWwiKpgcFOl99V7KV3/N - AvV/Zhl2nrB0u/fsEhSBoPx4sHbrYe8qZZx5wgazQMnjkgGbbgyJ6w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcnZsN0lQOEp5T2JHUXZG + bGo4KzNvNzBxTWlXSXhNTFlkNVdUZ2FQcmtvCmpnQ1hZN0REbHVOeHZWRlFrRTU0 + UjR1Y2p1RG44Y3creTNqSHVQT0V4TTAKLS0tIHpWaEVqS1h4WG9pUXRYMXRmcHB1 + YWgrNjkzb1RvdFpEK0ozYjNmeDF3OEkKnpjJD0fcR2UmCj8MYsC2SLIwhXo6dFWs + d92slhnijEVrVIxNuEvd8PBr+V3otPhVcMW+fqYWbmoPySEdD3CRqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:/P01+iM+clwj5/M+mh8UyeFLM/s9FYJPwgqrc8tD8vGy/BGISd+D6PKn2ia8ETKpNxCtPcM/9rv0mrmRFRD7nrJeY3iDa87tpRnoyo3+CDe0yJ22stAavrJf5O1Tu71NPKWhsw1SRYJgWUUB0mhIXVcRB4/+ECA7u3Wm2ux080U=,iv:7ulGhyCFZQdy5LEKyxydzGhg9gKYUgiERTZ38k9s3QA=,tag:dDaCZCRtvNYmKXODQ0+dwQ==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:9ho0CklKYBA3ynca+tcCMb/LULWj8EIN4pMPllWGFS6T/ESbZgWyMSQcPE1gdVGXC13vLatc7jSIkjjsoFPRfJ6BIgGsuyJv7tLGfLXBHj8+6fuRRDT6dItB0+jrIhq1jekS1KwDaKbzKmFDZN81/nv6z6Y+SyKcOkVfOrZWrBk=,iv:AFyDvL0bczXw7qYgsLam6sgOYf7hCLSyc0HegApLG/Y=,tag:WaEiOxU8r2W0hHwXtWqfIA==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/kubernetes/apps/network/envoy-gateway/app/envoy.yaml b/kubernetes/apps/network/envoy-gateway/app/envoy.yaml index f30d55e..c686769 100644 --- a/kubernetes/apps/network/envoy-gateway/app/envoy.yaml +++ b/kubernetes/apps/network/envoy-gateway/app/envoy.yaml @@ -52,7 +52,7 @@ spec: infrastructure: annotations: external-dns.alpha.kubernetes.io/hostname: external.${SECRET_DOMAIN} - lbipam.cilium.io/ips: "10.0.0.210" + lbipam.cilium.io/ips: "10.0.0.158" listeners: - name: http protocol: HTTP @@ -82,7 +82,7 @@ spec: infrastructure: annotations: external-dns.alpha.kubernetes.io/hostname: internal.${SECRET_DOMAIN} - lbipam.cilium.io/ips: "10.0.0.202" + lbipam.cilium.io/ips: "10.0.0.157" listeners: - name: http protocol: HTTP diff --git a/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml index 0969181..bfd0578 100644 --- a/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml +++ b/kubernetes/apps/network/k8s-gateway/app/helmrelease.yaml @@ -16,6 +16,6 @@ spec: type: LoadBalancer port: 53 annotations: - lbipam.cilium.io/ips: "10.0.0.201" + lbipam.cilium.io/ips: "10.0.0.156" externalTrafficPolicy: Cluster watchedResources: ["HTTPRoute", "Service"] diff --git a/kubernetes/components/sops/cluster-secrets.sops.yaml b/kubernetes/components/sops/cluster-secrets.sops.yaml index 5ef5782..4a6973c 100644 --- a/kubernetes/components/sops/cluster-secrets.sops.yaml +++ b/kubernetes/components/sops/cluster-secrets.sops.yaml @@ -3,20 +3,20 @@ kind: Secret metadata: name: cluster-secrets stringData: - SECRET_DOMAIN: ENC[AES256_GCM,data:FiRQTWKukYWG5SeU,iv:ZF66ws//NtgsLAAopFWxqfnS3v+zJ91cCtGDdKmrt8I=,tag:qpZ02/pHY75vPiNn55bnCQ==,type:str] + SECRET_DOMAIN: ENC[AES256_GCM,data:NpYoGaCOn3ZGDe0r,iv:vzF+j/JcCXQXBLGpgzEvUUE/wuFUGsblv5Qdfdfc4ss=,tag:RycYp6GkiLdba5T+guGGTw==,type:str] sops: age: - recipient: age1yzrqhl9dk8ljswpmzsqme3enad5kxxhsptdvecy3lwlq0ms80gaqxrctst enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeU9xRzFpNUIwVDd0L1FW - TzBwS0U4bmNob0dISGlhRS9vY1FWVWRnVmlnCnlxOEZPUEd1WUdzK2VyNEpxckts - S1QyUDVGaTJQYW53VzNHWHp2ek1CbzgKLS0tIG9hczhjY2s0U1N6RCtRS3pBUWd5 - S21ack5la3RDUTQ2dW8rRHNNK2ZXVEUK63/NjwmIn0cKAfbGGdgdN7meUQxHPnNH - acqptglQpDthoGoI3sDhBeG+jcMfIwNCYP+lANbVaN0JXnTG/O7qxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSG5qTnVqcnowTHYzdldt + M3pTU3NUbldMcG5JcjFVMjQ3dklZdzJhcUNvCjJqaVVDL25OdC9UWG9GU0xWV0pj + YzFwNUpSNkJ6U2YxUzliaU1YbVdFWDgKLS0tIE1FMVBGKzFhK295NEtJY2FiMGRx + QXNqbUlWZ2ZIbUNFaDJHQkhwZTg5eTAKX5nNQVus1GUjENzxssmL/E/M7EoCa3if + B8aaSPDe15gFYTnnthu3Xx4w1hr6TeX32o23c7VKjwx21KlW74ME4w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T23:19:54Z" - mac: ENC[AES256_GCM,data:vAD+P1BodNPfsReicZ45ODsKol0e4zxG/x6USbJKvkNkVFAoqIlXCfbh8TeabDUbrVsucZMpCtViuhjGwnRaU1qhwoxxCAcq27MZk28c6eCjsWG8KxrUx3WM5nBk19Htgkm118Y+ls0vYCcS+H8rVuezAJ1+ZT2OhfD76JYHatY=,iv:T1nN8eKDlwICgRxfURETqrlD2FMie1ux9SlR/YnYkbc=,tag:IyCZ12r1hvpiKm4xXf62Yw==,type:str] + lastmodified: "2026-02-07T00:41:44Z" + mac: ENC[AES256_GCM,data:2f0SeZVzUoPtIiD6j/DhSBLv5sy5m3uEMip8oCZlbZF6yW0Xj5dVo9ZT8cvIo9hmcbinKH0Ltcvt9RRiceGcVHstv82pgTqtST2G7o63YjX26bVvpqgOgfPqssPKgc7VzoxC8G8Kt4QUHubEY7fbGdP75wViAQaHM2ycg4RdKb8=,iv:Iv7bbhThj3EIGKgLWjQjnoYFIaDQ57nNx+N800UryxM=,tag:XJqCGeZfQ0+a0uVmcw8A3A==,type:str] encrypted_regex: ^(data|stringData)$ mac_only_encrypted: true version: 3.11.0 diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml index 3f7c54f..9bf7cd2 100644 --- a/talos/talconfig.yaml +++ b/talos/talconfig.yaml @@ -4,10 +4,10 @@ clusterName: kubernetes talosVersion: "${talosVersion}" kubernetesVersion: "${kubernetesVersion}" -endpoint: https://10.0.0.200:6443 +endpoint: https://10.0.0.155:6443 additionalApiServerCertSans: &sans - "127.0.0.1" - - "10.0.0.200" + - "10.0.0.155" additionalMachineCertSans: *sans clusterPodNets: ["10.42.0.0/16"] @@ -37,7 +37,7 @@ nodes: network: 0.0.0.0/0 mtu: 1500 vip: - ip: "10.0.0.200" + ip: "10.0.0.155" - hostname: "esxi-2cu-8g-01" ipAddress: "10.0.0.146" installDisk: "/dev/sda" @@ -57,7 +57,7 @@ nodes: network: 0.0.0.0/0 mtu: 1500 vip: - ip: "10.0.0.200" + ip: "10.0.0.155" - hostname: "esxi-2cu-8g-03" ipAddress: "10.0.0.147" installDisk: "/dev/sda" @@ -77,7 +77,7 @@ nodes: network: 0.0.0.0/0 mtu: 1500 vip: - ip: "10.0.0.200" + ip: "10.0.0.155" # Global patches patches: