This commit is contained in:
Daniel Flanagan 2022-07-07 20:32:35 -05:00
parent aa268d68e1
commit 5001b2f0c1
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
14 changed files with 30 additions and 90 deletions

View file

@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pod.yaml

View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: alpine-playground
namespace: default
labels:
app: alpine-playground
spec:
containers:
- image: alpine
imagePullPolicy: IfNotPresent
name: alpine-playground
command: ["sh", "-c", "sleep 3600 && exit 1"]
restartPolicy: OnFailure

View file

@ -1,24 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: echoserver
namespace: echoserver
spec:
replicas: 1
selector:
matchLabels:
app: echoserver
template:
metadata:
labels:
app: echoserver
spec:
containers:
- image: nginx:1.23.0-alpine
imagePullPolicy: IfNotPresent
name: echoserver
ports:
- containerPort: 80
env:
- name: PORT
value: "80"

View file

@ -1,7 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- service.yaml
- deployment.yaml

View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: echoserver

View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: echoserver
namespace: echoserver
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: LoadBalancer
selector:
app: echoserver

View file

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./metallb/
- ./argocd/

View file

@ -2,4 +2,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./initialization/ - ./metallb/
- ./argocd/

View file

@ -33,21 +33,23 @@ set AGE_KEY (pass age-key | rg '# public key: ' | awk '{printf $4}')
- Setup talos directory if needed - Setup talos directory if needed
- `mkdir -p talos; cd talos` - `mkdir -p talos; cd talos`
- Boot the Talos image on the initial node
- If you are not using _this_ configuration: - If you are not using _this_ configuration:
- `talosctl gen config "$CLUSTER_NAME" "$CLUSTER_ENDPOINT"` - `talosctl gen config "$CLUSTER_NAME" "$CLUSTER_ENDPOINT"`
- Edit files as needed - Edit files as needed, making sure only one of the controlplane nodes is the `endpoint` in the `talosconfig`
- `mv talosconfig talosconfig.yaml` - `mv talosconfig talosconfig.yaml`
- Encrypt via `sops` with `age` - Encrypt via `sops` with `age`
- `for f in *; sops yaml --encrypt --age-key "$AGE_KEY" --in-place "$f"; end` - `for f in *; sops yaml --encrypt --age-key "$AGE_KEY" --in-place "$f"; end`
- Apply the control plane config to the initial node - Setup the `talosctl` client to use your configuration
- `sops exec-file controlplane.yaml 'talosctl apply-config --insecure --nodes '"$NODE_ADDR"' --file {}'` - `sops exec-file talosconfig.yaml 'talosctl config merge {}'`
- You will need to wait a bit for the configuration to be applied, Talos to - For each node in the cluster as specified in `talosconfig.yaml`, do the
install itself, for the node to reboot, and for post-boot initialization following:
- Setup the client to communicate with the newly-configured node - Boot the Talos image on the node
- `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["endpoints"][0] "'"$NODE_ADDR"'"' talosconfig.yaml` - Disconnect boot media from the node after it's booted otherwise your
- `sops --set '["contexts"]["'"$CLUSTER_NAME"'"]["nodes"][0] "'"$NODE_ADDR"'"' talosconfig.yaml` Ventoy will get wiped
- Optionally also make this the default in `~/.talos/config` with `sops exec-file talosconfig.yaml 'talosctl config merge {}'` - Apply the appropriate configuration to the node
- `sops exec-file (controlplane.yml|worker.yml) 'talosctl apply-config --insecure --nodes '"$NODE_ADDR"' --file {}'`
- This can take a moment to finish, but you can move on to the next node
while you wait
- Bootstrap the cluster - Bootstrap the cluster
- `talosctl bootstrap --nodes "$NODE_ADDR"` - `talosctl bootstrap --nodes "$NODE_ADDR"`
- You will need to wait a bit for Kubernetes to initialize - You will need to wait a bit for Kubernetes to initialize
@ -59,18 +61,26 @@ able to `kubectl get nodes`.
#### Adding Nodes #### Adding Nodes
> **NOTE**: UNTESTED > **TODO**: This process is untested!
- Boot the Talos image on the target node - Boot the Talos image on the target node
- Add the node to `talosconfig.yaml` - Add the node to `talosconfig.yaml`
- Apply the appropriate configuration to the target node - `sops talos/talosconfig.yaml`
- `sops exec-file "$CONFIG_FILE" 'talosctl apply-config --insecure --nodes "$NODE_ADDR" --file {}'` - Setup the `talosctl` client to use your configuration
- You will need to wait a bit for Kubernetes to initialize, start up, and - `sops exec-file talos/talosconfig.yaml 'talosctl config merge {}'`
then join the cluster - Apply the appropriate configuration to all nodes in the cluster
#### Removing Nodes #### Removing Nodes
- **TODO** > **TODO**: This process is untested!
- Cordon and drain the node
- Remove the node from `talosconfig.yaml`
- `sops talos/talosconfig.yaml`
- Update the `talosctl` client to use your configuration
- `sops exec-file talos/talosconfig.yaml 'talosctl config merge {}'`
- Apply the appropriate configuration to all nodes in the cluster
- Power down the node
#### Untaint Masters #### Untaint Masters
@ -83,6 +93,8 @@ kubectl taint nodes --all node-role.kubernetes.io/master-
### Apply Manifests ### Apply Manifests
Currently, all my manifests are managed from a single Kustomize:
```bash ```bash
kubectl apply -k manifests kubectl apply -k manifests
``` ```