talos config generation

ifd3f · Apr 18, 2024 · ef7942f · ef7942f
1 parent 584274b
commit ef7942f
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,7 @@ result-*
 *.tar.bz2
 *.qcow2
 .DS_Store
+secrets.yaml
 
 # Root Makefile for rapid Vim prototyping
 /Makefile

diff --git a/docs/ipam.sexp b/docs/ipam.sexp
@@ -11,10 +11,25 @@
       (attr vlan 300)
     )
 
-    (net CA7DC-K8S fca7:b01:f00d:c00b::/64
-      (description "Kubernetes cluster inter-node IP space")
-      (attr trust-level TRUSTED)
-      (attr vlan 100)
+    (net CA7DC-K8S fca7:b01:f00d:4000::/52
+      (description "Kubernetes cluster IPs")
+
+      (net CA7DC-K8S-SERVICES fca7:b01:f00d:4000::/64
+        (description "Kubernetes cluster services")
+      )
+      (net CA7DC-K8S-PODS fca7:b01:f00d:4001::/64
+        (description "Kubernetes cluster pods")
+      )
+      (net CA7DC-K8S-CONTROL-PLANE fca7:b01:f00d:4800::/64
+        (description "Kubernetes cluster control plane")
+        (attr vlan 180)
+
+        (net CA7DC-K8S-CONTROL-PLANE-VIP fca7:b01:f00d:4800::1/128)
+      )
+      (net CA7DC-K8S-WORKERS fca7:b01:f00d:4801::/64
+        (description "Kubernetes cluster workers")
+        (attr vlan 181)
+      )
     )
 
     (net CA7DC-SERVICE fca7:b01:f00d:cafe::/64

diff --git a/k8s/talos/common.nix b/k8s/talos/common.nix
@@ -0,0 +1,26 @@
+rec {
+  controlPlaneVIP = "fca7:b01:f00d:4800::1";
+
+  clusterBase = {
+    controlPlane.endpoint = "https://[${controlPlaneVIP}]:6443";
+    clusterNetwork = {
+      dnsDomain = "k8s.nya.haus";
+      podSubnets = [ "fca7:b01:f00d:4001::/64" ];
+      serviceSubnets = [ "fca7:b01:f00d:4000::/64" ];
+    };
+
+    # control plane will only do control plane stuff
+    allowSchedulingOnControlPlanes = false;
+  };
+
+  machineBase = {
+    install = {
+      disk = "/dev/vda";
+      wipe = true;
+    };
+
+    # All hosts only have one interface. This will pick the interface 
+    # https://www.talos.dev/v1.6/talos-guides/network/predictable-interface-names/#single-network-interface
+    network.interfaces = [{ deviceSelector.busPath = "0*"; }];
+  };
+}
diff --git a/k8s/talos/controlplane.nix b/k8s/talos/controlplane.nix
@@ -0,0 +1,8 @@
+let common = import ./common.nix;
+in {
+  cluster = common.clusterBase // {
+    apiServer = { certSANs = [ common.controlPlaneVIP ]; };
+    clusterName = "ca7dc";
+  };
+  machine = common.machineBase;
+}
diff --git a/k8s/talos/worker.nix b/k8s/talos/worker.nix
@@ -0,0 +1,5 @@
+let common = import ./common.nix;
+in {
+  cluster = common.clusterBase;
+  machine = common.machineBase;
+}
diff --git a/machines/boop/net.nix b/machines/boop/net.nix
@@ -81,15 +81,15 @@ in {
       };
     };
 
-    netdevs."40-k8sbr" = {
+    netdevs."40-brk8s" = {
       netdevConfig = {
-        Name = "k8sbr";
+        Name = "brk8s";
         Kind = "bridge";
         Description = "Bridge for Kubernetes VMs";
       };
     };
-    networks."40-k8sbr" = {
-      name = "k8sbr";
+    networks."40-brk8s" = {
+      name = "brk8s";
       matchConfig.Type = "bridge";
       networkConfig = unaddressedNetwork // {
         Description = "Bridge for Kubernetes VMs";