easylinux/proxmox-tofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Cilium as CNI

Browse Source
This commit is contained in:
Max Pfeiffer
2025-09-16 08:15:45 +02:00
parent c3a4273100
commit a8254f4f5c
6 changed files with 101 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
proxmox/.terraform.lock.hcl generated
View File

@@ -1,21 +1,21 @@
# This file is maintained automatically by "tofu init". # This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.opentofu.org/hashicorp/local" { provider "registry.opentofu.org/hashicorp/helm" {
version = "2.5.3" version = "3.0.2"
constraints = "2.5.3" constraints = "3.0.2"
hashes = [ hashes = [
"h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=", "h1:GMW0C0TkkYmURt4OZIlwcLdvREL08PDbsSn5sfH4/TU=",
"zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", "zh:100f75a700074568cfaee7884e4477c50b5468e086db5bb95d7d519581b65621",
"zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", "zh:578d09c7319d0dd0fee03a7fcb48bf68ac978c1fefaa0752cfcb9ecfb0a56a4e",
"zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", "zh:64e7cce303362b4bf132d1c61858ef0ada221af4a2ea0fdfd16ec43e562d459c",
"zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", "zh:7a64933e70733aeec44bf9b9b6ea3617fd075acb346b082197ded993cfa7d2be",
"zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", "zh:7caf4655a5bf72e6d212209ad5ea5c619269eca6e0d9930c85b59bbbdf57ce28",
"zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", "zh:a1e0208423445e2443516e52a4d72c556b1303705c90aaeb139fbb64a10d7c1c",
"zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", "zh:ac9e4417e9e0486bc60f6796da06356b59161c9923c56a7a5c9b4900a46ee52d",
"zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", "zh:b9588da386c17456b242bd18122836baeccdce3227aac4752e189ec9ad218da7",
"zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", "zh:d5b6ac3b0b6beb3d94886f45a5a96eb6d78ca2b657efd62b8e0650d8097ee60f",
"zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", "zh:db6761e7cf86825f13628e8f4e32818683efff61b0d909211e1096cc6ad84f83",
] ]
} }

54
proxmox/helm_templates.tf Normal file
View File

@@ -0,0 +1,54 @@
data "helm_template" "cilium" {
name = "cilium"
namespace = "kube-system"
repository = "https://helm.cilium.io"
chart = "cilium"
version = "1.18.1"
kube_version = var.kubernetes_version
set = [
{
name = "ipam.mode"
value = "kubernetes"
},
{
name = "kubeProxyReplacement"
value = "true"
},
{
name = "securityContext.capabilities.ciliumAgent"
value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
},
{
name = "securityContext.capabilities.cleanCiliumState"
value = "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
},
{
name = "cgroup.autoMount.enabled"
value = "false"
},
{
name = "cgroup.hostRoot"
value = "/sys/fs/cgroup"
},
{
name = "k8sServiceHost"
value = "localhost"
},
{
name = "k8sServicePort"
value = "7445"
},
{
name = "gatewayAPI.enabled"
value = "true"
},
{
name = "gatewayAPI.enableAlpn"
value = "true"
},
{
name = "gatewayAPI.enableAppProtocol"
value = "true"
},
]
}

8
proxmox/providers.tf
View File

@@ -1,9 +1,5 @@
terraform { terraform {
required_providers { required_providers {
local = {
source = "hashicorp/local"
version = "2.5.3"
}
proxmox = { proxmox = {
source = "telmate/proxmox" source = "telmate/proxmox"
version = "3.0.2-rc04" version = "3.0.2-rc04"
@@ -12,6 +8,10 @@ terraform {
source = "siderolabs/talos" source = "siderolabs/talos"
version = "0.9.0" version = "0.9.0"
} }
helm = {
source = "hashicorp/helm"
version = "3.0.2"
}
} }
} }

23
proxmox/talos_linux.tf
View File

@@ -1,19 +1,21 @@
resource "talos_machine_secrets" "this" {} resource "talos_machine_secrets" "this" {}
data "talos_machine_configuration" "controlplane" { data "talos_machine_configuration" "controlplane" {
cluster_name = var.cluster_name cluster_name = var.cluster_name
cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443" cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443"
machine_type = "controlplane" machine_type = "controlplane"
machine_secrets = talos_machine_secrets.this.machine_secrets machine_secrets = talos_machine_secrets.this.machine_secrets
talos_version = var.talos_version talos_version = var.talos_version
kubernetes_version = var.kubernetes_version
} }
data "talos_machine_configuration" "worker" { data "talos_machine_configuration" "worker" {
cluster_name = var.cluster_name cluster_name = var.cluster_name
cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443" cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443"
machine_type = "worker" machine_type = "worker"
machine_secrets = talos_machine_secrets.this.machine_secrets machine_secrets = talos_machine_secrets.this.machine_secrets
talos_version = var.talos_version talos_version = var.talos_version
kubernetes_version = var.kubernetes_version
} }
data "talos_client_configuration" "this" { data "talos_client_configuration" "this" {
@@ -37,6 +39,7 @@ resource "talos_machine_configuration_apply" "controlplane" {
network = var.network network = var.network
network_gateway = var.network_gateway network_gateway = var.network_gateway
vip_shared_ip = var.cluster_vip_shared_ip vip_shared_ip = var.cluster_vip_shared_ip
cilium_manifest = data.helm_template.cilium.manifest
}), }),
] ]
} }

9
proxmox/templates/machine_config_patches_controlplane.tftpl
View File

@@ -16,3 +16,12 @@ machine:
ip: ${vip_shared_ip} ip: ${vip_shared_ip}
cluster: cluster:
allowSchedulingOnControlPlanes: false allowSchedulingOnControlPlanes: false
network:
cni:
name: none
proxy:
disabled: true
inlineManifests:
- name: cilium
contents: |
${indent(8, cilium_manifest)}

7
proxmox/variables.tf
View File

@@ -25,6 +25,11 @@ variable "talos_version" {
default = "1.11.1" default = "1.11.1"
} }
variable "kubernetes_version" {
type = string
default = "1.34.0"
}
variable "talos_linux_iso_image_url" { variable "talos_linux_iso_image_url" {
description = "URL of the Talos ISO image for initially booting the VM" description = "URL of the Talos ISO image for initially booting the VM"
type = string type = string
@@ -40,7 +45,7 @@ variable "talos_linux_iso_image_filename" {
variable "cluster_name" { variable "cluster_name" {
description = "A name to provide for the Talos cluster" description = "A name to provide for the Talos cluster"
type = string type = string
default = "talos" default = "talos"
} }
variable "cluster_vip_shared_ip" { variable "cluster_vip_shared_ip" {