Dev/talos-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Initial commit, empty from template.

Browse Source
This commit is contained in:
Laur IVAN
2026-01-27 23:27:14 +01:00
commit f77a808d74
133 changed files with 4479 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.github/labeler.yaml vendored Normal file
View File

@@ -0,0 +1,43 @@
---
area/bootstrap:
- changed-files:
- any-glob-to-any-file:
- bootstrap/**/*
area/docs:
- changed-files:
- any-glob-to-any-file:
- README.md
area/github:
- changed-files:
- any-glob-to-any-file:
- .github/**/*
area/kubernetes:
- changed-files:
- any-glob-to-any-file:
- kubernetes/**/*
area/mise:
- changed-files:
- any-glob-to-any-file:
- .mise.toml
area/renovate:
- changed-files:
- any-glob-to-any-file:
- .renovate/**/*
- .renovaterc.json5
area/scripts:
- changed-files:
- any-glob-to-any-file:
- scripts/**/*
area/talos:
- changed-files:
- any-glob-to-any-file:
- talos/**/*
area/taskfile:
- changed-files:
- any-glob-to-any-file:
- .taskfiles/**/*
- Taskfile.yaml
area/templates:
- changed-files:
- any-glob-to-any-file:
- templates/**/*

47
.github/labels.yaml vendored Normal file
View File

@@ -0,0 +1,47 @@
---
# Areas
- name: area/bootstrap
color: "0e8a16"
- name: area/docs
color: "0e8a16"
- name: area/github
color: "0e8a16"
- name: area/kubernetes
color: "0e8a16"
- name: area/mise
color: "0e8a16"
- name: area/renovate
color: "0e8a16"
- name: area/scripts
color: "0e8a16"
- name: area/talos
color: "0e8a16"
- name: area/templates
color: "0e8a16"
- name: area/taskfile
color: "0e8a16"
# Renovate Types
- name: renovate/container
color: "027fa0"
- name: renovate/github-action
color: "027fa0"
- name: renovate/grafana-dashboard
color: "027fa0"
- name: renovate/github-release
color: "027fa0"
- name: renovate/helm
color: "027fa0"
# Semantic Types
- name: type/digest
color: "ffeC19"
- name: type/patch
color: "ffeC19"
- name: type/minor
color: "ff9800"
- name: type/major
color: "f6412d"
# Uncategorized
- name: community
color: "370fb2"
- name: hold
color: "ee0701"

5
.github/release.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
changelog:
exclude:
authors:
- github-actions
- renovate

19
.github/tests/nodes.yaml vendored Normal file
View File

@@ -0,0 +1,19 @@
nodes:
- name: k8s-0
address: 10.10.10.100
controller: true
disk: /dev/sdfake
mac_addr: 00:00:00:00:00:00
schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
- name: k8s-1
address: 10.10.10.101
controller: false
disk: /dev/sdfake
mac_addr: 00:00:00:00:00:01
schematic_id: "376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba"
mtu: 1500
secureboot: true
encrypt_disk: true
kernel_modules:
- nvidia
- nvidia_uvm

22
.github/tests/private.yaml vendored Normal file
View File

@@ -0,0 +1,22 @@
---
node_cidr: "10.10.10.0/24"
# node_default_gateway: ""
# node_vlan_tag:
# cluster_pod_cidr: ""
# cluster_svc_cidr: ""
# node_dns_servers: []
# node_ntp_servers: []
cluster_api_addr: "10.10.10.254"
# cluster_api_tls_sans: []
cluster_gateway_addr: "10.10.10.252"
cluster_dns_gateway_addr: "10.10.10.253"
repository_name: "onedr0p/cluster-template"
# repository_branch: ""
repository_visibility: "private"
cloudflare_domain: "example.com"
cloudflare_token: "fake"
cloudflare_gateway_addr: "10.10.10.251"
# cilium_bgp_router_addr: ""
# cilium_bgp_router_asn: ""
# cilium_bgp_node_asn: ""
# cilium_loadbalancer_mode: ""

22
.github/tests/public.yaml vendored Normal file
View File

@@ -0,0 +1,22 @@
---
node_cidr: "10.10.10.0/24"
node_default_gateway: "10.10.10.1"
node_vlan_tag: "100"
cluster_pod_cidr: "10.42.0.0/16"
cluster_svc_cidr: "10.43.0.0/16"
node_dns_servers: ["1.1.1.1"]
node_ntp_servers: ["162.159.200.123"]
cluster_api_addr: "10.10.10.254"
cluster_api_tls_sans: ["example.com"]
cluster_gateway_addr: "10.10.10.252"
cluster_dns_gateway_addr: "10.10.10.253"
repository_name: "onedr0p/cluster-template"
repository_branch: "main"
repository_visibility: "public"
cloudflare_domain: "example.com"
cloudflare_token: "fake"
cloudflare_gateway_addr: "10.10.10.251"
cilium_loadbalancer_mode: "dsr"
cilium_bgp_router_addr: "10.10.1.1"
cilium_bgp_router_asn: "64513"
cilium_bgp_node_asn: "64514"

71
.github/workflows/e2e.yaml vendored Normal file
View File

@@ -0,0 +1,71 @@
---
name: "e2e"
on:
workflow_dispatch:
pull_request:
branches: ["main"]
paths-ignore:
- kubernetes/**
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
configure:
if: ${{ github.repository == 'onedr0p/cluster-template' }}
name: configure
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config-files:
- public
- private
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup mise
uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
with:
cache: false
- name: Run init task
run: task init
- name: Prepare files
run: |
cp ./.github/tests/${{ matrix.config-files }}.yaml cluster.yaml
cp ./.github/tests/nodes.yaml nodes.yaml
echo '{"AccountTag":"fake","TunnelSecret":"fake","TunnelID":"fake"}' > cloudflare-tunnel.json
touch kubeconfig
- name: Run configure task
run: task configure --yes
- name: Run generate talconfig task
run: |
FILENAME=talos/talsecret.sops.yaml
talhelper gensecret | sops --filename-override $FILENAME --encrypt /dev/stdin > $FILENAME
task talos:generate-config
- name: Run flux-local test
uses: docker://ghcr.io/allenporter/flux-local:v8.1.0@sha256:37c3c4309a351830b04f93c323adfcb0e28c368001818cd819cbce3e08828261
with:
args: test --enable-helm --all-namespaces --path /github/workspace/kubernetes/flux/cluster -v
- name: Dry run bootstrap talos task
run: task bootstrap:talos --dry
- name: Dry run bootstrap apps task
run: task bootstrap:apps --dry
- name: Run reset task
run: task template:reset --yes
- name: Run cleanup task
run: task template:tidy --yes

121
.github/workflows/flux-local.yaml vendored Normal file
View File

@@ -0,0 +1,121 @@
---
name: "Flux Local"
on:
pull_request:
branches: ["main"]
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
jobs:
pre-job:
name: Flux Local Pre-Job
runs-on: ubuntu-latest
outputs:
any_changed: ${{ steps.changed-files.outputs.any_changed }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Get Changed Files
id: changed-files
uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
with:
files: kubernetes/**
test:
name: Flux Local Test
needs: pre-job
runs-on: ubuntu-latest
if: ${{ needs.pre-job.outputs.any_changed == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run flux-local test
uses: docker://ghcr.io/allenporter/flux-local:v8.1.0
with:
args: test --enable-helm --all-namespaces --path /github/workspace/kubernetes/flux/cluster -v
diff:
name: Flux Local Diff
needs: pre-job
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
strategy:
matrix:
resources: ["helmrelease", "kustomization"]
max-parallel: 4
fail-fast: false
if: ${{ needs.pre-job.outputs.any_changed == 'true' }}
steps:
- name: Checkout Pull Request Branch
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: pull
- name: Checkout Default Branch
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: "${{ github.event.repository.default_branch }}"
path: default
- name: Run flux-local diff
uses: docker://ghcr.io/allenporter/flux-local:v8.1.0
with:
args: >-
diff ${{ matrix.resources }}
--unified 6
--path /github/workspace/pull/kubernetes/flux/cluster
--path-orig /github/workspace/default/kubernetes/flux/cluster
--strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart"
--limit-bytes 10000
--all-namespaces
--sources "flux-system"
--output-file diff.patch
- name: Generate Diff
id: diff
run: |
cat diff.patch;
{
echo 'diff<<EOF'
cat diff.patch
echo EOF
} >> "$GITHUB_OUTPUT";
{
echo "### Diff"
echo '```diff'
cat diff.patch
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Add Comment
if: ${{ steps.diff.outputs.diff != '' }}
continue-on-error: true
uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
with:
message-id: "${{ github.event.pull_request.number }}/kubernetes/${{ matrix.resources }}"
message-failure: Diff was not successful
message: |
```diff
${{ steps.diff.outputs.diff }}
```
flux-local-status:
name: Flux Local Success
needs: ["test", "diff"]
runs-on: ubuntu-latest
if: ${{ always() }}
steps:
- name: Any jobs failed?
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1
- name: All jobs passed or skipped?
if: ${{ !(contains(needs.*.result, 'failure')) }}
run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"

25
.github/workflows/label-sync.yaml vendored Normal file
View File

@@ -0,0 +1,25 @@
---
name: "Label Sync"
on:
workflow_dispatch:
push:
branches: ["main"]
paths: [".github/labels.yaml"]
jobs:
label-sync:
name: Label Sync
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Sync Labels
uses: EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a # v2.3.3
with:
config-file: .github/labels.yaml
delete-other-labels: true

21
.github/workflows/labeler.yaml vendored Normal file
View File

@@ -0,0 +1,21 @@
---
name: "Labeler"
on:
workflow_dispatch:
pull_request_target:
branches: ["main"]
jobs:
labeler:
name: Labeler
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
issues: write
steps:
- name: Labeler
uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
with:
configuration-path: .github/labeler.yaml

56
.github/workflows/release.yaml vendored Normal file
View File

@@ -0,0 +1,56 @@
---
name: "Release"
on:
workflow_dispatch:
schedule:
- cron: "0 0 1 * *" # 1st of every month at midnight
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Get Previous Release Tag and Determine Next Tag
id: determine-next-tag
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
result-encoding: string
script: |
const { data: releases } = await github.rest.repos.listReleases({
owner: context.repo.owner,
repo: context.repo.repo,
per_page: 1,
});
let previousTag = "0.0.0"; // Default if no previous release exists
if (releases.length > 0) {
previousTag = releases[0].tag_name;
}
const [previousMajor, previousMinor, previousPatch] = previousTag.split('.').map(Number);
const currentYear = new Date().getFullYear();
const currentMonth = new Date().getMonth() + 1; // Months are 0-indexed in JavaScript
const nextMajorMinor = `${currentYear}.${currentMonth}`;
let nextPatch;
if (`${previousMajor}.${previousMinor}` === nextMajorMinor) {
console.log("Month release already exists for the year. Incrementing patch number by 1.");
nextPatch = previousPatch + 1;
} else {
console.log("Month release does not exist for the year. Starting with patch number 0.");
nextPatch = 0;
}
return `${nextMajorMinor}.${nextPatch}`;
- name: Create Release
uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
with:
generateReleaseNotes: true
tag: "${{ steps.determine-next-tag.outputs.result }}"
token: "${{ secrets.GITHUB_TOKEN }}"