From 0c710be6d4a0cc9d4cfa1bde452e299a42275942 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 17:51:12 +0200 Subject: [PATCH 01/13] feat: add kustomization and configuration files for flux and talos infrastructure Signed-off-by: Nikolai Emil Damm --- k8s/clusters/dev/apps/flux-kustomization.yaml | 17 +++++ k8s/clusters/dev/apps/kustomization.yaml | 5 ++ .../controllers/kustomization.yaml | 5 ++ .../infrastructure/flux-kustomization.yaml | 62 +++++++++++++++++++ .../dev/infrastructure/kustomization.yaml | 5 ++ k8s/clusters/dev/kustomization.yaml | 4 +- k8s/clusters/dev/variables/config-map.yaml | 9 +++ .../dev/variables/flux-kustomization.yaml | 20 ++++++ k8s/clusters/dev/variables/kustomization.yaml | 7 +++ k8s/clusters/dev/variables/secret.enc.yaml | 24 +++++++ .../talos/apps/kustomization.yaml | 5 ++ .../controllers/kustomization.yaml | 5 ++ .../talos/infrastructure/kustomization.yaml | 5 ++ .../talos/variables/kustomization.yaml | 5 ++ 14 files changed, 177 insertions(+), 1 deletion(-) create mode 100644 k8s/clusters/dev/apps/flux-kustomization.yaml create mode 100644 k8s/clusters/dev/apps/kustomization.yaml create mode 100644 k8s/clusters/dev/infrastructure/controllers/kustomization.yaml create mode 100644 k8s/clusters/dev/infrastructure/flux-kustomization.yaml create mode 100644 k8s/clusters/dev/infrastructure/kustomization.yaml create mode 100644 k8s/clusters/dev/variables/config-map.yaml create mode 100644 k8s/clusters/dev/variables/flux-kustomization.yaml create mode 100644 k8s/clusters/dev/variables/kustomization.yaml create mode 100644 k8s/clusters/dev/variables/secret.enc.yaml create mode 100644 k8s/distributions/talos/apps/kustomization.yaml create mode 100644 k8s/distributions/talos/infrastructure/controllers/kustomization.yaml create mode 100644 k8s/distributions/talos/infrastructure/kustomization.yaml create mode 100644 k8s/distributions/talos/variables/kustomization.yaml diff --git a/k8s/clusters/dev/apps/flux-kustomization.yaml b/k8s/clusters/dev/apps/flux-kustomization.yaml new file mode 100644 index 000000000..59bcdfeec --- /dev/null +++ b/k8s/clusters/dev/apps/flux-kustomization.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 60m + timeout: 3m + retryInterval: 2m + sourceRef: + kind: OCIRepository + name: flux-system + path: clusters/dev/apps + prune: true + wait: true + force: true diff --git a/k8s/clusters/dev/apps/kustomization.yaml b/k8s/clusters/dev/apps/kustomization.yaml new file mode 100644 index 000000000..6fc4f2175 --- /dev/null +++ b/k8s/clusters/dev/apps/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../distributions/talos/infrastructure diff --git a/k8s/clusters/dev/infrastructure/controllers/kustomization.yaml b/k8s/clusters/dev/infrastructure/controllers/kustomization.yaml new file mode 100644 index 000000000..32019d524 --- /dev/null +++ b/k8s/clusters/dev/infrastructure/controllers/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../distributions/talos/infrastructure/controllers diff --git a/k8s/clusters/dev/infrastructure/flux-kustomization.yaml b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml new file mode 100644 index 000000000..3cf71d474 --- /dev/null +++ b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infrastructure-controllers + namespace: flux-system +spec: + interval: 5m + timeout: 2m + retryInterval: 1m + path: clusters/dev/infrastructure/controllers + sourceRef: + kind: OCIRepository + name: flux-system + dependsOn: + - name: variables + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: variables-dev + - kind: Secret + name: variables-dev-sensitive + wait: true + prune: true + force: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infrastructure + namespace: flux-system +spec: + interval: 5m + timeout: 2m + retryInterval: 1m + path: clusters/dev/infrastructure + sourceRef: + kind: OCIRepository + name: flux-system + dependsOn: + - name: variables + namespace: flux-system + - name: infrastructure-controllers + namespace: flux-system + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: variables-dev + - kind: Secret + name: variables-dev-sensitive + wait: true + prune: true + force: true diff --git a/k8s/clusters/dev/infrastructure/kustomization.yaml b/k8s/clusters/dev/infrastructure/kustomization.yaml new file mode 100644 index 000000000..6fc4f2175 --- /dev/null +++ b/k8s/clusters/dev/infrastructure/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../distributions/talos/infrastructure diff --git a/k8s/clusters/dev/kustomization.yaml b/k8s/clusters/dev/kustomization.yaml index fe0f332a9..c3fcd9ce5 100644 --- a/k8s/clusters/dev/kustomization.yaml +++ b/k8s/clusters/dev/kustomization.yaml @@ -1,4 +1,6 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] +resources: + - infrastructure/flux-kustomization.yaml + - variables/flux-kustomization.yaml diff --git a/k8s/clusters/dev/variables/config-map.yaml b/k8s/clusters/dev/variables/config-map.yaml new file mode 100644 index 000000000..b8d3e170f --- /dev/null +++ b/k8s/clusters/dev/variables/config-map.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: variables-dev + namespace: flux-system +data: + domain: dev.devantler.tech + github_app_client_id: Iv23liZ8GHRgpx32Em2y diff --git a/k8s/clusters/dev/variables/flux-kustomization.yaml b/k8s/clusters/dev/variables/flux-kustomization.yaml new file mode 100644 index 000000000..9565c33d5 --- /dev/null +++ b/k8s/clusters/dev/variables/flux-kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: variables + namespace: flux-system +spec: + interval: 5m + timeout: 2m + retryInterval: 1m + path: clusters/dev/variables + sourceRef: + kind: OCIRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-age + wait: true + prune: true + force: true diff --git a/k8s/clusters/dev/variables/kustomization.yaml b/k8s/clusters/dev/variables/kustomization.yaml new file mode 100644 index 000000000..5bda90a1a --- /dev/null +++ b/k8s/clusters/dev/variables/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../distributions/talos/variables + - config-map.yaml + - secret.enc.yaml diff --git a/k8s/clusters/dev/variables/secret.enc.yaml b/k8s/clusters/dev/variables/secret.enc.yaml new file mode 100644 index 000000000..0ca3f9612 --- /dev/null +++ b/k8s/clusters/dev/variables/secret.enc.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Secret +metadata: + name: variables-dev-sensitive + namespace: flux-system +stringData: + dex_client_secret: ENC[AES256_GCM,data:+e5Ci4m7nMWUpkDT42brDaehqE0=,iv:vt18z7crgtdhsa2L371GLCv/acPnD3hNS5ZA2ZktAgw=,tag:nPQRcUHivbfwg98P0hP+6Q==,type:str] + github_app_client_secret: ENC[AES256_GCM,data:ElSZ3N+pvXNWarUiBazdBYme7LGCbbSOCGXpgutMJ8Agt+SHBaCaIw==,iv:TQVSBXGdRdyMGUXUP3YMZjpw4GF/jvA+9Bro2al0sNs=,tag:99sUHhgeVxgvmpXIuRfZ/A==,type:str] + github_app_private_key: ENC[AES256_GCM,data:+uRkDbVKduvgExe15gaue3/Mr5MGLIyiJJsjbhQBbfeRPU0wsGc0Vrcyj+4eFUjloTBB0R29I/rsZrhDE0B9L+tF59YYK1uFn5Uc+MsNkxdwxpJ4XXZPBlMsfwclLZxtncm9BhP950PQnY/5VN2Fb53BGp+xDBv42ARkT2T2qjrYzogO3uOefMv5GqL4UX2Qxj+pRjw6VelUMUNSHFKCFBQ7DDl3eI2dhIfqT0ZwxxVBxvIgNdBnEKgzQgblWz8xpyNIeFHFscTWnpoY4xgMwJJOzdCwq7IV4zhmmzxAv339VmUi2jUE055ZvyX1D7mxGontQbjuJn7uFW8Z5b0ov8A3PMa6CuEycEKvymYhKG07s3KsUZvegtKheV4L33l/3LPUPHV9T8uIYfyImcJ8fJj5C/indawdxQDMpyDN5+KuSkc/AP4Xtte4YWdNXUxmo0SxsR0HOR0VsBCIOetVnkB5WBtDXI9hTCMGDS3QZ5PoHTjQtyvZdFBrS4sv8g3tsvNmuHCcfZ6s6qo6FQ65/ZJmzSWJ6BM8H/iIJWiLDFiDIAG1XiZNqr8GRSP/jzYcTTma6sh9ST7DmdAlAeSigV/Shn8IFLKmfXxlMUMEBnPoHbOeqIpLPxDZPOlr7CiYHPE7y6gjswVNfAb1KyU7HiLzDQdtwR7VMjghJ5bAJu+erBhSb3oMU/yecBCOnTCgZStV7Qn86DWflaWa/rdn7hC4elsMYGrfbocERef2AWRFQS3ZdmjczlLc2nEspiRPEdrw3SqPEr7MduHA0nHg/OPe7+OTbXevBp0/hNXLh8Jdbk63B3RqE2+aSvSal49n8bdLlK+S8F4UKTecxtIuhMGcmU7FLcgAjuFBda0FQqC8yMEaWSzmAfLybXQuEZxlHIMKc44ODpqVdT4y9mqQuS30tz0+UnXGYOzkPqmq75p46yltIj29ZoZ1mvQjBQ2ZU8dOLOIX1ouGu417cvpMq8qG4iFL9cfW6xzrwbMC8tlLh7tC2fYgtbqf1/JPRmraJCCqiWCwZaaihTcoEy/1yWmmreGjfNMbpyaauyzJ+8OnUq5bk91nP57PHaLPsHFrphNrjyGIhFh73+3rCZrwkfyf9BOpxNyXtNXFPlLTw6r22u1tr/qSPdvElcIWlxOrSX54b9lettgFB0SSPe6hJxr5afmaErAVG6uwxcrTaGhFuVDJ4FZTCV1ws8i9Q8txM7prvV8xmwf0zuG2eUjWcZfUEiZlZ9GVCSsPVqnHXuoSXEPiGGAKY3t3d+oVuVsenfk4LK/srJGBYUrahdG7TGEhMHgMyhd++/y02S+93oxJdGIwYwpZbHca/n0asEs8m8mwirs2+Fj+zAC9JOjo3F7ew4Plh63hkJC3j2bOXY4yD0gwNjrr9TyEkLlj06354TGVzlnmpkIRl2r8PwZdOtDrHWh1zMutMKYv2D+ws9nOqKjzE0Zf6hVI1XIbn471gVvMkVvxeMq8A//txNF5g0eYDBlY8iBZ3//dbhCWiY4MFPAkCC4+6QEkbSsGNqbnDZPwPMQm1zXrrF6hJpC4Oc6elo0wPk85hzdoyqTBE0XFEpgsvDFAeyEowNYFGaBMC6vM7snxfJvH4f3X8Kro74i9ImAO+DpviiMhT5NoYCstLkyYklzn/XEsN+EOMNq6p9CvDI3X3IYucI6julbAH6XgCYcetPPN0UdXtGn4eh7X1Y9ZG1xfI1xP7122y/OClx+LjhxRw/Tuw3uVgzo6pSC10TCXqEhmpO3kKlGKd09z3vTBpFueG2rCTpZ4MmrrLXdFCu2o7Z2jbzM0iD8MYl6LQ5FmWGyUWMSfkY8FQLOqRUklP/Uh9ZHQEf1yxR1JNcTSrzyqrP4l66js4q8hVxw/T9DJnOtDIF6dOk81K4GDRF8J/0j2ikMgeunESyblXsVomSjZkchSbjgfKpAagLqS1koBbflkU0NrVsqHCF0ZjiGFlkAGtfbTrUPLTMAR17r4QbJ5zqq3/ROjhS476GS8xiqZm4UnfX4LXezVEKMF4Y++IvbLkZ5SsV3a6+aL9yF+v0eQcA56Bb8MYag9KB7kkvWIfKbJcS+hINAChRABjzSSY0RHlPjeN4+6fyEbvAlllaRIO45s4vdIJOjvdTgtCJ4CMcWW5XGMRYshrypKi5sA/Na6SCKS6G8yvBmg+QuTJpaYm0XfFBYIsVikBknWNxHuTlzMbcbznlj6fX2WDIG/zPTBp5Jlpw==,iv:/tby64GY0Q5UPkbg0w81YT6aOBiTNyDBKFFgLB0T1WA=,tag:HZ8/bnRqeO0cFfSPffzhaw==,type:str] +sops: + age: + - recipient: age1fqcl89lrl8daucdkn7xstjhv9mcxk39m59a9mhvw0g3j24kjmu6qcaxpp7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b20wRER4SWdWdVgwTXpF + ZWxqTExtOFpFc2dpQ2l4bkNPRVZ4R3MyUVVnCnhUYkgxL1UxWGV6ZXBDb2xyQjZq + akJyVzdneUlPaXltNjhpYy9QbWtLVVkKLS0tIDFJUW54QUoxbXh5ZUNRcXBWRWI1 + OE1CVEVqRVBjT3Jqckc1L0gwZ1JTdk0KGKF8qlUINhdrzW3JuplBqQ52s4PfbSo9 + 8HBAS+DlVet6PrlaolKlNjI5qL0u4FZfPwub6AXrI0jIq8XwEGzj/g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-09T15:47:43Z" + mac: ENC[AES256_GCM,data:Zw3zc3sQ6jLMAfj3rkMFbXh86F94JeOmP3caFW+cpqaziPyydXahQ+296Q10n3ydivNbEq2EMEkgjut3fArpN6KTxxTQ3vagpeReq3kOlDqOwdKTAwZ+Xd1IkCvljdUigbpsUWn6pPKvzfrxQ5UiOsA3J4re3ngndrKUqypW98s=,iv:qblri7AXEtDDKAIGJCCRZwrFR8b7Syk3uQphPqQNtNA=,tag:OSYICwjt0IC1IChS+shezQ==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/k8s/distributions/talos/apps/kustomization.yaml b/k8s/distributions/talos/apps/kustomization.yaml new file mode 100644 index 000000000..c14378572 --- /dev/null +++ b/k8s/distributions/talos/apps/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../bases/apps/ diff --git a/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml b/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml new file mode 100644 index 000000000..1a36a40c0 --- /dev/null +++ b/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../bases/infrastructure/controllers/ diff --git a/k8s/distributions/talos/infrastructure/kustomization.yaml b/k8s/distributions/talos/infrastructure/kustomization.yaml new file mode 100644 index 000000000..0211ac6ad --- /dev/null +++ b/k8s/distributions/talos/infrastructure/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../bases/infrastructure/ diff --git a/k8s/distributions/talos/variables/kustomization.yaml b/k8s/distributions/talos/variables/kustomization.yaml new file mode 100644 index 000000000..3424e610d --- /dev/null +++ b/k8s/distributions/talos/variables/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../bases/variables/ From 9de72525050b00cf05f4c6a14dd73385287ddb49 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 17:51:30 +0200 Subject: [PATCH 02/13] fix: correct resource paths in kustomization files for consistency Signed-off-by: Nikolai Emil Damm --- k8s/distributions/kind/apps/kustomization.yaml | 3 ++- .../kind/infrastructure/controllers/kustomization.yaml | 2 +- k8s/distributions/kind/infrastructure/kustomization.yaml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/k8s/distributions/kind/apps/kustomization.yaml b/k8s/distributions/kind/apps/kustomization.yaml index fe0f332a9..c14378572 100644 --- a/k8s/distributions/kind/apps/kustomization.yaml +++ b/k8s/distributions/kind/apps/kustomization.yaml @@ -1,4 +1,5 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] +resources: + - ../../../bases/apps/ diff --git a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml index d8c95998c..1a36a40c0 100644 --- a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml +++ b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../../bases/infrastructure/controllers + - ../../../../bases/infrastructure/controllers/ diff --git a/k8s/distributions/kind/infrastructure/kustomization.yaml b/k8s/distributions/kind/infrastructure/kustomization.yaml index f5f434fb3..a742d6616 100644 --- a/k8s/distributions/kind/infrastructure/kustomization.yaml +++ b/k8s/distributions/kind/infrastructure/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../bases/infrastructure + - ../../../bases/infrastructure/ - selfsigned-cluster-issuer/ From 5bb2af86e14a4da836d84282978e10f636a65244 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 17:59:48 +0200 Subject: [PATCH 03/13] feat: add cilium HelmRelease and HelmRepository configurations Signed-off-by: Nikolai Emil Damm --- .../cert-manager/helm-release.yaml | 2 ++ .../controllers/cilium/helm-release.yaml | 30 +++++++++++++++++++ .../controllers/cilium/helm-repository.yaml | 8 +++++ .../controllers/cilium/kustomization.yaml | 6 ++++ .../controllers/kustomization.yaml | 1 + .../controllers/kustomization.yaml | 4 +-- 6 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 k8s/bases/infrastructure/controllers/cilium/helm-release.yaml create mode 100644 k8s/bases/infrastructure/controllers/cilium/helm-repository.yaml create mode 100644 k8s/bases/infrastructure/controllers/cilium/kustomization.yaml diff --git a/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml b/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml index 60e9dde12..a0c342fcd 100644 --- a/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml +++ b/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml @@ -12,6 +12,8 @@ spec: sourceRef: kind: HelmRepository name: cert-manager + dependsOn: + - name: cilium # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml values: podDisruptionBudget: diff --git a/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml new file mode 100644 index 000000000..478c91132 --- /dev/null +++ b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cilium + namespace: kube-system +spec: + chart: + spec: + chart: cilium + version: v1.17.3 + sourceRef: + kind: HelmRepository + name: cilium + interval: 10m0s + # https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/values.yaml + values: {} + # gatewayAPI: + # enabled: true + # enableAlpn: true + # Talos specific configuration + # kubeProxyReplacement: true + # ipam: + # mode: kubernetes + # cgroup: + # automount: + # enabled: false + # hostRoot: /sys/fs/cgroup + # k8sServiceHost: localhost + # k8sServicePort: 7445 diff --git a/k8s/bases/infrastructure/controllers/cilium/helm-repository.yaml b/k8s/bases/infrastructure/controllers/cilium/helm-repository.yaml new file mode 100644 index 000000000..7a578c4ec --- /dev/null +++ b/k8s/bases/infrastructure/controllers/cilium/helm-repository.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cilium + namespace: kube-system +spec: + url: https://helm.cilium.io/ diff --git a/k8s/bases/infrastructure/controllers/cilium/kustomization.yaml b/k8s/bases/infrastructure/controllers/cilium/kustomization.yaml new file mode 100644 index 000000000..34760f7ad --- /dev/null +++ b/k8s/bases/infrastructure/controllers/cilium/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml + - helm-repository.yaml diff --git a/k8s/bases/infrastructure/controllers/kustomization.yaml b/k8s/bases/infrastructure/controllers/kustomization.yaml index e98af6700..c1ead2a1a 100644 --- a/k8s/bases/infrastructure/controllers/kustomization.yaml +++ b/k8s/bases/infrastructure/controllers/kustomization.yaml @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cert-manager/ + - cilium/ diff --git a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml index 1a36a40c0..7ca1d5d4e 100644 --- a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml +++ b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml @@ -1,5 +1,5 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../../../bases/infrastructure/controllers/ +resources: [] + #- ../../../../bases/infrastructure/controllers/ From 8abdd579c0b19227045aa83a48b93ff98f013d23 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 18:05:47 +0200 Subject: [PATCH 04/13] feat: add README for Cilium CNI with documentation links Signed-off-by: Nikolai Emil Damm --- k8s/bases/infrastructure/controllers/cilium/README.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 k8s/bases/infrastructure/controllers/cilium/README.md diff --git a/k8s/bases/infrastructure/controllers/cilium/README.md b/k8s/bases/infrastructure/controllers/cilium/README.md new file mode 100644 index 000000000..83793fb94 --- /dev/null +++ b/k8s/bases/infrastructure/controllers/cilium/README.md @@ -0,0 +1,6 @@ +# Cilium + +Cilium is ebpf-based CNI (Container Network Interface) for Kubernetes, providing advanced networking, security, and observability features. + +- [Documentation](https://docs.cilium.io/en/stable/) +- [Helm Chart](https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium) From 854aea1364f45f3725f0e4993a35d2c2e9c56c8b Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 21:01:09 +0200 Subject: [PATCH 05/13] fix: remove unnecessary dependency from cert-manager HelmRelease and add ipam configuration to cilium HelmRelease Signed-off-by: Nikolai Emil Damm --- .../controllers/cert-manager/helm-release.yaml | 2 -- .../infrastructure/controllers/cilium/helm-release.yaml | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml b/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml index a0c342fcd..60e9dde12 100644 --- a/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml +++ b/k8s/bases/infrastructure/controllers/cert-manager/helm-release.yaml @@ -12,8 +12,6 @@ spec: sourceRef: kind: HelmRepository name: cert-manager - dependsOn: - - name: cilium # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml values: podDisruptionBudget: diff --git a/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml index 478c91132..ee7ab2231 100644 --- a/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml +++ b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml @@ -14,14 +14,14 @@ spec: name: cilium interval: 10m0s # https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/values.yaml - values: {} + values: + ipam: + mode: kubernetes # gatewayAPI: # enabled: true # enableAlpn: true # Talos specific configuration # kubeProxyReplacement: true - # ipam: - # mode: kubernetes # cgroup: # automount: # enabled: false From fba6500b97ff6e9d3cab241664e9a38919c9384b Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 21:04:04 +0200 Subject: [PATCH 06/13] fix: clear resources in kustomization files for talos infrastructure Signed-off-by: Nikolai Emil Damm --- .../talos/infrastructure/controllers/kustomization.yaml | 4 ++-- k8s/distributions/talos/infrastructure/kustomization.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml b/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml index 1a36a40c0..7ca1d5d4e 100644 --- a/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml +++ b/k8s/distributions/talos/infrastructure/controllers/kustomization.yaml @@ -1,5 +1,5 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../../../bases/infrastructure/controllers/ +resources: [] + #- ../../../../bases/infrastructure/controllers/ diff --git a/k8s/distributions/talos/infrastructure/kustomization.yaml b/k8s/distributions/talos/infrastructure/kustomization.yaml index 0211ac6ad..e92f6dfba 100644 --- a/k8s/distributions/talos/infrastructure/kustomization.yaml +++ b/k8s/distributions/talos/infrastructure/kustomization.yaml @@ -1,5 +1,5 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../../bases/infrastructure/ +resources: [] + #- ../../../bases/infrastructure/ From 2fbceb934c24425ab4f8b359891a0b0077bd80e6 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 21:04:11 +0200 Subject: [PATCH 07/13] fix: restore resource path in kustomization file for infrastructure controllers Signed-off-by: Nikolai Emil Damm --- .../kind/infrastructure/controllers/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml index 7ca1d5d4e..1a36a40c0 100644 --- a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml +++ b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml @@ -1,5 +1,5 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: [] - #- ../../../../bases/infrastructure/controllers/ +resources: + - ../../../../bases/infrastructure/controllers/ From 3ad9d7459768addcdc7ee47f6ced0251f8530d9a Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 21:10:35 +0200 Subject: [PATCH 08/13] fix: add nodes to local env Signed-off-by: Nikolai Emil Damm --- kind.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/kind.yaml b/kind.yaml index 1ddaaee6a..b0114b1ec 100644 --- a/kind.yaml +++ b/kind.yaml @@ -2,9 +2,14 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 name: local +nodes: + - role: control-plane + - role: worker + - role: worker + - role: worker networking: disableDefaultCNI: true containerdConfigPatches: -- >- - [plugins."io.containerd.grpc.v1.cri".registry] - config_path = "/etc/containerd/certs.d" + - >- + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" From 7d5fc37ceab2c3849cd36115a770a3b089300960 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 21:16:21 +0200 Subject: [PATCH 09/13] fix: restore gatewayAPI configuration and enable kubeProxyReplacement in Cilium HelmRelease Signed-off-by: Nikolai Emil Damm --- .../controllers/cilium/helm-release.yaml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml index ee7ab2231..fea3959d6 100644 --- a/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml +++ b/k8s/bases/infrastructure/controllers/cilium/helm-release.yaml @@ -17,14 +17,7 @@ spec: values: ipam: mode: kubernetes - # gatewayAPI: - # enabled: true - # enableAlpn: true - # Talos specific configuration - # kubeProxyReplacement: true - # cgroup: - # automount: - # enabled: false - # hostRoot: /sys/fs/cgroup - # k8sServiceHost: localhost - # k8sServicePort: 7445 + kubeProxyReplacement: true + gatewayAPI: + enabled: true + enableAlpn: true From be734018fed58ebc0ed7bedd9a2fafdb09aec586 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 23:47:17 +0200 Subject: [PATCH 10/13] fix: remove unnecessary namespace references from Kustomization dependencies Signed-off-by: Nikolai Emil Damm --- k8s/clusters/local/infrastructure/flux-kustomization.yaml | 3 --- .../cluster-issuers/selfsigned-cluster-issuer.yaml | 1 - 2 files changed, 4 deletions(-) diff --git a/k8s/clusters/local/infrastructure/flux-kustomization.yaml b/k8s/clusters/local/infrastructure/flux-kustomization.yaml index 813b813dc..d71ff4c0a 100644 --- a/k8s/clusters/local/infrastructure/flux-kustomization.yaml +++ b/k8s/clusters/local/infrastructure/flux-kustomization.yaml @@ -14,7 +14,6 @@ spec: name: flux-system dependsOn: - name: variables - namespace: flux-system decryption: provider: sops secretRef: @@ -44,9 +43,7 @@ spec: name: flux-system dependsOn: - name: variables - namespace: flux-system - name: infrastructure-controllers - namespace: flux-system decryption: provider: sops secretRef: diff --git a/k8s/distributions/kind/infrastructure/cluster-issuers/selfsigned-cluster-issuer.yaml b/k8s/distributions/kind/infrastructure/cluster-issuers/selfsigned-cluster-issuer.yaml index 741c0e0f0..cc23a476c 100644 --- a/k8s/distributions/kind/infrastructure/cluster-issuers/selfsigned-cluster-issuer.yaml +++ b/k8s/distributions/kind/infrastructure/cluster-issuers/selfsigned-cluster-issuer.yaml @@ -2,6 +2,5 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: selfsigned-cluster-issuer - namespace: cert-manager spec: selfSigned: {} From 6dffe977110e5bff8140aabbacd7c7800da05c6e Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 23:53:56 +0200 Subject: [PATCH 11/13] fix: ensure paths in Kustomization files end with a trailing slash Signed-off-by: Nikolai Emil Damm --- k8s/clusters/dev/apps/flux-kustomization.yaml | 2 +- k8s/clusters/dev/infrastructure/flux-kustomization.yaml | 7 ++----- k8s/clusters/dev/variables/flux-kustomization.yaml | 2 +- k8s/clusters/local/apps/flux-kustomization.yaml | 2 +- k8s/clusters/local/infrastructure/flux-kustomization.yaml | 4 ++-- k8s/clusters/local/variables/flux-kustomization.yaml | 2 +- k8s/distributions/kind/infrastructure/kustomization.yaml | 2 +- 7 files changed, 9 insertions(+), 12 deletions(-) diff --git a/k8s/clusters/dev/apps/flux-kustomization.yaml b/k8s/clusters/dev/apps/flux-kustomization.yaml index 59bcdfeec..63304f693 100644 --- a/k8s/clusters/dev/apps/flux-kustomization.yaml +++ b/k8s/clusters/dev/apps/flux-kustomization.yaml @@ -11,7 +11,7 @@ spec: sourceRef: kind: OCIRepository name: flux-system - path: clusters/dev/apps + path: clusters/dev/apps/ prune: true wait: true force: true diff --git a/k8s/clusters/dev/infrastructure/flux-kustomization.yaml b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml index 3cf71d474..8b3e86244 100644 --- a/k8s/clusters/dev/infrastructure/flux-kustomization.yaml +++ b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml @@ -8,13 +8,12 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/dev/infrastructure/controllers + path: clusters/dev/infrastructure/controllers/ sourceRef: kind: OCIRepository name: flux-system dependsOn: - name: variables - namespace: flux-system decryption: provider: sops secretRef: @@ -38,15 +37,13 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/dev/infrastructure + path: clusters/dev/infrastructure/ sourceRef: kind: OCIRepository name: flux-system dependsOn: - name: variables - namespace: flux-system - name: infrastructure-controllers - namespace: flux-system decryption: provider: sops secretRef: diff --git a/k8s/clusters/dev/variables/flux-kustomization.yaml b/k8s/clusters/dev/variables/flux-kustomization.yaml index 9565c33d5..59a72abc5 100644 --- a/k8s/clusters/dev/variables/flux-kustomization.yaml +++ b/k8s/clusters/dev/variables/flux-kustomization.yaml @@ -7,7 +7,7 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/dev/variables + path: clusters/dev/variables/ sourceRef: kind: OCIRepository name: flux-system diff --git a/k8s/clusters/local/apps/flux-kustomization.yaml b/k8s/clusters/local/apps/flux-kustomization.yaml index 1c1353fe9..6ad63f9d4 100644 --- a/k8s/clusters/local/apps/flux-kustomization.yaml +++ b/k8s/clusters/local/apps/flux-kustomization.yaml @@ -11,7 +11,7 @@ spec: sourceRef: kind: OCIRepository name: flux-system - path: clusters/local/apps + path: clusters/local/apps/ prune: true wait: true force: true diff --git a/k8s/clusters/local/infrastructure/flux-kustomization.yaml b/k8s/clusters/local/infrastructure/flux-kustomization.yaml index d71ff4c0a..3d4c5c06e 100644 --- a/k8s/clusters/local/infrastructure/flux-kustomization.yaml +++ b/k8s/clusters/local/infrastructure/flux-kustomization.yaml @@ -8,7 +8,7 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/local/infrastructure/controllers + path: clusters/local/infrastructure/controllers/ sourceRef: kind: OCIRepository name: flux-system @@ -37,7 +37,7 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/local/infrastructure + path: clusters/local/infrastructure/ sourceRef: kind: OCIRepository name: flux-system diff --git a/k8s/clusters/local/variables/flux-kustomization.yaml b/k8s/clusters/local/variables/flux-kustomization.yaml index 7c2eb3dbb..4699819b9 100644 --- a/k8s/clusters/local/variables/flux-kustomization.yaml +++ b/k8s/clusters/local/variables/flux-kustomization.yaml @@ -7,7 +7,7 @@ spec: interval: 5m timeout: 2m retryInterval: 1m - path: clusters/local/variables + path: clusters/local/variables/ sourceRef: kind: OCIRepository name: flux-system diff --git a/k8s/distributions/kind/infrastructure/kustomization.yaml b/k8s/distributions/kind/infrastructure/kustomization.yaml index 9ab7a8c9a..e491646f3 100644 --- a/k8s/distributions/kind/infrastructure/kustomization.yaml +++ b/k8s/distributions/kind/infrastructure/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../bases/infrastructure + - ../../../bases/infrastructure/ - cluster-issuers/ - traefik/ From ac5ef37caa550b6e9412d94c12ad826179804ab2 Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 23:56:18 +0200 Subject: [PATCH 12/13] feat: add flux-kustomization for infrastructure controllers Signed-off-by: Nikolai Emil Damm --- .../controllers/flux-kustomization.yaml | 29 +++++++++++++++++++ .../infrastructure/flux-kustomization.yaml | 29 ------------------- k8s/clusters/local/kustomization.yaml | 1 + 3 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 k8s/clusters/local/infrastructure/controllers/flux-kustomization.yaml diff --git a/k8s/clusters/local/infrastructure/controllers/flux-kustomization.yaml b/k8s/clusters/local/infrastructure/controllers/flux-kustomization.yaml new file mode 100644 index 000000000..c5c5de7a5 --- /dev/null +++ b/k8s/clusters/local/infrastructure/controllers/flux-kustomization.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infrastructure-controllers + namespace: flux-system +spec: + interval: 5m + timeout: 2m + retryInterval: 1m + path: clusters/local/infrastructure/controllers/ + sourceRef: + kind: OCIRepository + name: flux-system + dependsOn: + - name: variables + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: variables-local + - kind: Secret + name: variables-local-sensitive + wait: true + prune: true + force: true diff --git a/k8s/clusters/local/infrastructure/flux-kustomization.yaml b/k8s/clusters/local/infrastructure/flux-kustomization.yaml index 3d4c5c06e..11b9aaefc 100644 --- a/k8s/clusters/local/infrastructure/flux-kustomization.yaml +++ b/k8s/clusters/local/infrastructure/flux-kustomization.yaml @@ -1,35 +1,6 @@ --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization -metadata: - name: infrastructure-controllers - namespace: flux-system -spec: - interval: 5m - timeout: 2m - retryInterval: 1m - path: clusters/local/infrastructure/controllers/ - sourceRef: - kind: OCIRepository - name: flux-system - dependsOn: - - name: variables - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substituteFrom: - - kind: ConfigMap - name: variables-local - - kind: Secret - name: variables-local-sensitive - wait: true - prune: true - force: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization metadata: name: infrastructure namespace: flux-system diff --git a/k8s/clusters/local/kustomization.yaml b/k8s/clusters/local/kustomization.yaml index c3fcd9ce5..b6f6de5e6 100644 --- a/k8s/clusters/local/kustomization.yaml +++ b/k8s/clusters/local/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - infrastructure/controllers/flux-kustomization.yaml - infrastructure/flux-kustomization.yaml - variables/flux-kustomization.yaml From 3577ec833906060d6dcf5d9f8b41fd3da340230a Mon Sep 17 00:00:00 2001 From: Nikolai Emil Damm Date: Fri, 9 May 2025 23:57:10 +0200 Subject: [PATCH 13/13] feat: add flux-kustomization for infrastructure controllers and update kustomization references Signed-off-by: Nikolai Emil Damm --- .../controllers/flux-kustomization.yaml | 29 +++++++++++++++++++ .../infrastructure/flux-kustomization.yaml | 29 ------------------- k8s/clusters/dev/kustomization.yaml | 1 + 3 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 k8s/clusters/dev/infrastructure/controllers/flux-kustomization.yaml diff --git a/k8s/clusters/dev/infrastructure/controllers/flux-kustomization.yaml b/k8s/clusters/dev/infrastructure/controllers/flux-kustomization.yaml new file mode 100644 index 000000000..04a61e090 --- /dev/null +++ b/k8s/clusters/dev/infrastructure/controllers/flux-kustomization.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infrastructure-controllers + namespace: flux-system +spec: + interval: 5m + timeout: 2m + retryInterval: 1m + path: clusters/dev/infrastructure/controllers/ + sourceRef: + kind: OCIRepository + name: flux-system + dependsOn: + - name: variables + decryption: + provider: sops + secretRef: + name: sops-age + postBuild: + substituteFrom: + - kind: ConfigMap + name: variables-dev + - kind: Secret + name: variables-dev-sensitive + wait: true + prune: true + force: true diff --git a/k8s/clusters/dev/infrastructure/flux-kustomization.yaml b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml index 8b3e86244..448a45451 100644 --- a/k8s/clusters/dev/infrastructure/flux-kustomization.yaml +++ b/k8s/clusters/dev/infrastructure/flux-kustomization.yaml @@ -1,35 +1,6 @@ --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization -metadata: - name: infrastructure-controllers - namespace: flux-system -spec: - interval: 5m - timeout: 2m - retryInterval: 1m - path: clusters/dev/infrastructure/controllers/ - sourceRef: - kind: OCIRepository - name: flux-system - dependsOn: - - name: variables - decryption: - provider: sops - secretRef: - name: sops-age - postBuild: - substituteFrom: - - kind: ConfigMap - name: variables-dev - - kind: Secret - name: variables-dev-sensitive - wait: true - prune: true - force: true ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization metadata: name: infrastructure namespace: flux-system diff --git a/k8s/clusters/dev/kustomization.yaml b/k8s/clusters/dev/kustomization.yaml index c3fcd9ce5..b6f6de5e6 100644 --- a/k8s/clusters/dev/kustomization.yaml +++ b/k8s/clusters/dev/kustomization.yaml @@ -2,5 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - infrastructure/controllers/flux-kustomization.yaml - infrastructure/flux-kustomization.yaml - variables/flux-kustomization.yaml