feat: do not make a master node a worker node 😢

Signed-off-by: Devin Buhl <[email protected]>

.taskfiles/Talos/Taskfile.yaml

@@ -84,6 +84,23 @@ tasks:
     preconditions:
       - talosctl config get-contexts | grep {{.cluster}}
 
+  apply-config:
+    desc: Apply Talos configuration to a node
+    dir: "{{.KUBERNETES_DIR}}/{{.cluster}}/bootstrap/talos/matchbox/assets"
+    cmd: |
+      sops -d {{.role | replace "controlplane" "controller"}}.secret.sops.yaml | \
+          envsubst | \
+              talosctl --context {{.cluster}} apply-config --nodes {{.node}} --file /dev/stdin
+    env:
+      TALOS_VERSION: "{{.TALOS_VERSION}}"
+      TALOS_SCHEMATIC_ID: "{{.TALOS_SCHEMATIC_ID}}"
+      KUBERNETES_VERSION: "{{.KUBERNETES_VERSION}}"
+    vars:
+      role:
+        sh: talosctl --context {{.cluster}} --nodes {{.node}} get mc -o yaml | yq .spec.machine.type
+    requires:
+      vars: ["cluster", "node"]
+
   sync-matchbox:
     desc: Sync required Matchbox configuration to Vyos for PXE Boot
     dir: "{{.KUBERNETES_DIR}}/{{.cluster}}/bootstrap/talos/matchbox"

.taskfiles/VolSync/Taskfile.yaml

@@ -31,8 +31,8 @@ tasks:
         cluster: Cluster to run command against (required)
     cmds:
       - flux --context {{.cluster}} suspend ks volsync
-      - flux --context {{.cluster}} suspend hr -n storage volsync
-      - kubectl --context {{.cluster}} -n storage scale deployment volsync --replicas 0
+      - flux --context {{.cluster}} suspend hr -n volsync-system volsync
+      - kubectl --context {{.cluster}} -n volsync-system scale deployment volsync --replicas 0
     env: *env
     requires:
       vars: ["cluster"]

kubernetes/main/apps/database/cloudnative-pg/cluster/cluster16.yaml

@@ -41,7 +41,7 @@ spec:
       endpointURL: https://s3.turbo.ac
       # Note: serverName version needs to be inclemented
       # when recovering from an existing cnpg cluster
-      serverName: &currentCluster postgres16-v3
+      serverName: &currentCluster postgres16-v4
       s3Credentials:
         accessKeyId:
           name: cloudnative-pg-secret
@@ -53,7 +53,7 @@ spec:
   # cluster when recovering from an existing cnpg cluster
   bootstrap:
     recovery:
-      source: &previousCluster postgres16-v2
+      source: &previousCluster postgres16-v3
   # Note: externalClusters is needed when recovering from an existing cnpg cluster
   externalClusters:
     - name: *previousCluster

kubernetes/main/apps/database/kustomization.yaml

@@ -8,5 +8,5 @@ resources:
   - ./notifications.yaml
   # Flux-Kustomizations
   - ./cloudnative-pg/ks.yaml
-  - ./crunchy-pgo/ks.yaml
+  # - ./crunchy-pgo/ks.yaml
   - ./redis/ks.yaml

kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml

@@ -26,6 +26,8 @@ spec:
   dependsOn:
     - name: rook-ceph-cluster
       namespace: rook-ceph
+    - name: smarter-device-manager
+      namespace: kube-system
     - name: volsync
       namespace: volsync-system
   values:

kubernetes/main/apps/kube-system/smarter-device-manager/ks.yaml

@@ -15,7 +15,7 @@ spec:
   sourceRef:
     kind: GitRepository
     name: home-kubernetes
-  wait: true
+  wait: false
   interval: 30m
   retryInterval: 1m
   timeout: 5m

kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml

@@ -51,7 +51,6 @@ spec:
       bluefs_buffered_io = false
     cephClusterSpec:
       network:
-        provider: host
         connections:
           requireMsgr2: true
       resources:
@@ -105,7 +104,7 @@ spec:
         spec:
           failureDomain: host
           replicated:
-            size: 6
+            size: 3
         storageClass:
           enabled: true
           name: ceph-block
@@ -133,11 +132,11 @@ spec:
         spec:
           metadataPool:
             replicated:
-              size: 6
+              size: 3
           dataPools:
             - failureDomain: host
               replicated:
-                size: 6
+                size: 3
               name: data0
           metadataServer:
             activeCount: 1
@@ -176,12 +175,12 @@ spec:
           metadataPool:
             failureDomain: host
             replicated:
-              size: 6
+              size: 3
           dataPool:
             failureDomain: host
             erasureCoded:
-              dataChunks: 4
-              codingChunks: 2
+              dataChunks: 2
+              codingChunks: 1
           preservePoolsOnDelete: true
           gateway:
             port: 80

kubernetes/main/apps/system-upgrade/kustomization.yaml

@@ -7,4 +7,4 @@ resources:
   - ./namespace.yaml
   - ./notifications.yaml
   # Flux-Kustomizations
-  - ./system-upgrade-controller/ks.yaml
+  # - ./system-upgrade-controller/ks.yaml

kubernetes/main/bootstrap/talos/matchbox/assets/controller.secret.sops.yaml

@@ -101,6 +101,12 @@ machine:
             - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
             - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
             - KERNEL=="ttyACM[0-9]", GROUP="20", MODE="0660"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660", SYMLINK+="coral"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660", SYMLINK+="coral"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="20", MODE="0660", SYMLINK+="rtl2838"
+    nodeLabels:
+        topology.kubernetes.io/region: main
+        topology.kubernetes.io/zone: m
 cluster:
     id: ENC[AES256_GCM,data:9tHCrMfXP7lhgTgOC8pgZ+nfowxhzICdrdEGXUniD0VvF3OGsk3xk7C05tg=,iv:aiAJ/rRXrTeJHgynGJy1jCk84WoJd1wpgWTKUYtu4dQ=,tag:ljRZvhMeOZtN2nnZqojHBQ==,type:str]
     secret: ENC[AES256_GCM,data:O4YhpNgibu+GTdCFBtycLili2lZxkVW1QD4StkBZPIL11yezCgbLv4VqkyE=,iv:Dg+xHyZepVsCQwxhFRakJxJJx8hCbjlpndBSbjJfKA8=,tag:tvd9cX+5iYNx+v+dQylUEg==,type:str]
@@ -178,8 +184,8 @@ sops:
             R0p5RXZuMUNXVnFyZVNDTmVWRXorR0EKImMXF7/XlFtGimJcBL+Z4y4EgAEJnEpD
             WzSiMe8hB7pzjCXC8PGcRRkGYV46QQRw8yk2p/2bV6ycXkJ+6GKSHg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-16T14:17:22Z"
-    mac: ENC[AES256_GCM,data:XJeBi4b8OVOC/e9qEv7gY6zIxlGAYwaDFfmU7yGZGkJghQVLYmNURf1A/nA1gWG+ZAaR8RU/1z6NQOoritstD+eqsNYRqrjkeZweA7Y+sPjJYwlWefSnY/KATn43avo4pqFvD6yhOqcnDEq8MnBdf4XYSf47lbd/LizgOrsEYrE=,iv:ri1WnzeMLkOAxRQ/3TleEx6Bq9S2Uk6J37jM+SF7q2k=,tag:zwokDVUdUVWxSNrxya8Tzg==,type:str]
+    lastmodified: "2024-02-16T22:51:33Z"
+    mac: ENC[AES256_GCM,data:1XbF4P6HI84X4F8IWMyLAX35aYBQI6nbsaOfroA7IfQ7cgrt4E3j/sl6nV7Rnr60bGdaBUevu5k2DMRlasG/DmSzZQ6gI21DAv0fKbKUjViSxyRYSu0bX42tEppEaBF4ViTIC6sQdftAZ1nhsi++dsWsLf4oOEHg42TaCkhVvI8=,iv:T9YLnw8ZmSmKKWxAunB38TGED0iBpp5u42BEQIAMTXs=,tag:1gYQVeEcYpkn05eoTLuL+Q==,type:str]
     pgp: []
     encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$
     version: 3.8.1

kubernetes/main/bootstrap/talos/matchbox/assets/worker.secret.sops.yaml

@@ -93,6 +93,12 @@ machine:
             - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
             - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
             - KERNEL=="ttyACM[0-9]", GROUP="20", MODE="0660"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660", SYMLINK+="coral"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660", SYMLINK+="coral"
+            - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="20", MODE="0660", SYMLINK+="rtl2838"
+    nodeLabels:
+        topology.kubernetes.io/region: main
+        topology.kubernetes.io/zone: w
 cluster:
     id: ENC[AES256_GCM,data:u5KvmMaSJ/BdO+7eXUQA9f9iMsct9YLUDFRkas4Ply/QTfQ1Ob5znCX2osg=,iv:WvZvnZ7qFEazttbhwgqBvLsWJSLBf7pYzAGlScqtzTU=,tag:gPyzvv8b5K6/Xn1AyPo9nQ==,type:str]
     secret: ENC[AES256_GCM,data:lu2AHn9BywIQuu6giKi+5SRBXdXZWDN6Mgs5mv1qMNoWDl99MMrJmf6kIyM=,iv:oUO4x3YPmOX2ArkS2WyvHwNY21cSQBn3x5RQ+LvYN/Y=,tag:9envg2g12VA9hxkSRbTtuQ==,type:str]
@@ -132,8 +138,8 @@ sops:
             QUE4UkZiRDRJRGRHTTNCemdIYllvTmsKZBAn5SbfQDL1yrU8VUUfJUV/yADU3oVU
             Vn/pmwdPNfcwgucnZVUQVWXzCdZlgvs3vOpgf58NEBrQs36MMlNBJQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-16T14:11:15Z"
-    mac: ENC[AES256_GCM,data:DezUbiSffBrvhvY/iLCxPga3sXeDYgMzIH1NCdMi7Yvw2Soe2pFbYVpU+qjvAfmYM/Gfu4qwGKVSSgE+vvttrf0nxA5+WuTMjAF2kOl8ykBtmSK4AiyiTpIaw1N03P2V8XfxaiNJDsrV7PavSheGvkMr+XDvEvyneTBqK0DKXoQ=,iv:NnlriUtwoQ+qgyP4U7WbLgTCd7mg/AJQG9SNJLUyEIM=,tag:gj1Z+gJQs/6nuoaV0m3x3A==,type:str]
+    lastmodified: "2024-02-16T22:50:34Z"
+    mac: ENC[AES256_GCM,data:HEfFiR57kgXzDzwLV71f+Fn+Zvc7rQMHEV9/+h0qy7Om36N+dp5f7MpZ+A//2IQMkQ+7svsElJpBn41n0I9ryn6TuVGFq22jfYTI+yWMk4VAEsWdu5oQKet5UejueHfDFvYKW7rRWQXL28dZukReoJ55Hm8JwdxP9Z+nKVx/qsg=,iv:Y/khGKun/eeZEka/qZBuOrdWpoaCkkvAohHQu2Ri17s=,tag:jlGiNnfKmQ2q+oECnxhBeQ==,type:str]
     pgp: []
     encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$
     version: 3.8.1