Skip to content

Commit

Permalink
Initial commit for Talos 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
@tuxpeople
tuxpeople committed Jun 20, 2024
1 parent ebce537 commit 55af9fb
Show file tree
Hide file tree
Showing 344 changed files with 10,086 additions and 33 deletions.
12 changes: 12 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
creation_rules:
- # IMPORTANT: This rule MUST be above the others
path_regex: talos/.*\.sops\.ya?ml
key_groups:
- age:
- "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w"
- path_regex: kubernetes/.*\.sops\.ya?ml
encrypted_regex: "^(data|stringData)$"
key_groups:
- age:
- "age1y0kzuf0tn94a74whazwae4r9qal4snuqfuhl5jacscrpr7up5gts74fe5w"
2 changes: 1 addition & 1 deletion Taskfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ includes:
optional: true

tasks:

default: task --list

init:
Expand All @@ -58,6 +57,7 @@ tasks:
- task: .template
- task: sops:encrypt
- task: .validate
- cmd: bash {{.ROOT_DIR}}/scripts/rebuild-kustomizations.sh

.template:
internal: true
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: cert-manager
version: v1.14.5
version: v1.15.0
sourceRef:
kind: HelmRepository
name: jetstack
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/apps/cert-manager/cert-manager/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -36,7 +36,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/flux-system/webhooks/app/github/receiver.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
resources:
- apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
namespace: flux-system
- apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/flux-system/webhooks/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: cilium
version: 1.15.5
version: 1.15.6
sourceRef:
kind: HelmRepository
name: cilium
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/apps/kube-system/cilium/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -35,7 +35,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/coredns/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/metrics-server/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/reloader/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: reloader
version: 1.0.101
version: 1.0.107
sourceRef:
kind: HelmRepository
name: stakater
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/reloader/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/spegel/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: spegel
version: v0.0.22
version: v0.0.23
sourceRef:
kind: HelmRepository
name: spegel
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/kube-system/spegel/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/cloudflared/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
app:
image:
repository: docker.io/cloudflare/cloudflared
tag: 2024.5.0
tag: 2024.6.0
env:
NO_AUTOUPDATE: true
TUNNEL_CRED_FILE: /etc/cloudflared/creds/credentials.json
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/cloudflared/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/echo-server/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/external-dns/app/helmrelease.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
chart:
spec:
chart: external-dns
version: 1.14.4
version: 1.14.5
sourceRef:
kind: HelmRepository
name: external-dns
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/external-dns/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand Down
6 changes: 3 additions & 3 deletions bootstrap/templates/kubernetes/apps/network/ingress-nginx/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: true
interval: 30m
retryInterval: 1m
Expand All @@ -37,7 +37,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand All @@ -59,7 +59,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/network/k8s-gateway/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/observability/prometheus-operator-crds/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: false # never should be deleted
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/apps/openebs-system/openebs/ks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
wait: false
interval: 30m
retryInterval: 1m
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/bootstrap/helmfile.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ releases:
- name: cilium
namespace: kube-system
chart: cilium/cilium
version: 1.15.5
version: 1.15.6
values:
- ../apps/kube-system/cilium/app/helm-values.yaml
needs:
Expand All @@ -49,7 +49,7 @@ releases:
- name: spegel
namespace: kube-system
chart: oci://ghcr.io/spegel-org/helm-charts/spegel
version: v0.0.22
version: v0.0.23
values:
- ../apps/kube-system/spegel/app/helm-values.yaml
needs:
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/bootstrap/talos/talconfig.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
talosVersion: v1.7.4
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: v1.30.1
kubernetesVersion: v1.30.2

clusterName: "#{ bootstrap_cluster_name | default('home-kubernetes', true) }#"
endpoint: https://#{ bootstrap_controller_vip }#:6443
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/templates/kubernetes/flux/apps.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
decryption:
provider: sops
secretRef:
Expand Down
4 changes: 2 additions & 2 deletions bootstrap/templates/kubernetes/flux/config/cluster.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: home-kubernetes
name: k8s-homelab
namespace: flux-system
spec:
interval: 30m
Expand Down Expand Up @@ -31,7 +31,7 @@ spec:
wait: false
sourceRef:
kind: GitRepository
name: home-kubernetes
name: k8s-homelab
decryption:
provider: sops
secretRef:
Expand Down
30 changes: 30 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: v1.15.0
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
installCRDs: true
dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
dns01RecursiveNameserversOnly: true
prometheus:
enabled: true
servicemonitor:
enabled: true
5 changes: 5 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
41 changes: 41 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
- "${SECRET_CH_DOMAIN}"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
- "${SECRET_CH_DOMAIN}"
Loading

0 comments on commit 55af9fb

Please sign in to comment.