diff --git a/.gitignore b/.gitignore index 3a8b887..390746c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ +talos/secrets.yaml + kgnot/config.production.json -53ll/config.production.json \ No newline at end of file +53ll/config.production.json diff --git a/README.md b/README.md index 2d6201c..58151cf 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,24 @@ Like the cloud but local. ## Required tools -- talosctl (https://www.talos.dev/v1.9/talos-guides/install/talosctl/) -- kubectl (https://kubernetes.io/docs/tasks/tools/#kubectl) -- bitwarded secrets CLI (https://bitwarden.com/help/secrets-manager-cli/) +- talosctl (https://www.talos.dev/v1.9/talos-guides/install/talosctl/ ) +- kubectl (https://kubernetes.io/docs/tasks/tools/#kubectl ) +- bitwarded secrets CLI (https://bitwarden.com/help/secrets-manager-cli/ ) ## Talos Cluster - +### Generate config +```sh +bws secret get -o json | jq .value --raw-output > talos/secrets.yaml +talosctl gen config fog https://192.168.1.43:6443 \ + --with-secrets talos/secrets.yaml \ + --config-patch @talos/machine_patch.yaml \ + --config-patch-control-plane @talos/cluster_patch.yaml +``` ### Add node to talos cluster ```sh -talosctl apply-config [--insecure] -n 192.168.1.38 --file worker.yaml -talosctl apply-config [--insecure] -n 192.168.1.39 --file worker.yaml -talosctl apply-config [--insecure] -n 192.168.1.43 --file controlplane.yaml +talosctl apply-config [--insecure] -n 192.168.1.38 --file talos/worker.yaml +talosctl apply-config [--insecure] -n 192.168.1.39 --file talos/worker.yaml +talosctl apply-config [--insecure] -n 192.168.1.43 --file talos/controlplane.yaml ``` ### Update context ```sh diff --git a/talos/cluster_patch.yaml b/talos/cluster_patch.yaml new file mode 100644 index 0000000..f54c3b5 --- /dev/null +++ b/talos/cluster_patch.yaml @@ -0,0 +1,5 @@ +cluster: + proxy: + extraArgs: + ipvs-strict-arp: true + allowSchedulingOnControlPlanes: true diff --git a/talos/machine_patch.yaml b/talos/machine_patch.yaml new file mode 100644 index 0000000..c947b04 --- /dev/null +++ b/talos/machine_patch.yaml @@ -0,0 +1,14 @@ +machine: + kubelet: + extraArgs: + rotate-server-certificates: true + udev: + rules: + # set all disks to `none` scheduler (optimal setting for Ceph and ZFS) + - SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", ATTR{queue/scheduler}="none" + - SUBSYSTEM=="drm", GROUP="44", MODE="0660" + # Allow ceph to recognize usb devices as scsi via udev custom rules + # https://github.com/rook/rook/issues/14699#issuecomment-2350953135 + - ACTION=="add", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi" + - ACTION=="change", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi" + - ACTION=="online", ENV{ID_TYPE}=="disk", ENV{ID_BUS}=="usb", ENV{ID_BUS}="scsi"