From cbbe87f3f7c1fb285dcbc1cdc38c7412e656250c Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Fri, 16 Feb 2024 18:32:35 -0500 Subject: [PATCH] feat: do not make a master node a worker node :cry: Signed-off-by: Devin Buhl --- .taskfiles/Talos/Taskfile.yaml | 17 +++++++++++++++++ .taskfiles/VolSync/Taskfile.yaml | 4 ++-- .../cloudnative-pg/cluster/cluster16.yaml | 4 ++-- .../main/apps/database/kustomization.yaml | 2 +- .../default/zwave-js-ui/app/helmrelease.yaml | 2 ++ .../kube-system/smarter-device-manager/ks.yaml | 2 +- .../rook-ceph/cluster/helmrelease.yaml | 13 ++++++------- .../main/apps/system-upgrade/kustomization.yaml | 2 +- .../matchbox/assets/controller.secret.sops.yaml | 10 ++++++++-- .../matchbox/assets/worker.secret.sops.yaml | 10 ++++++++-- 10 files changed, 48 insertions(+), 18 deletions(-) diff --git a/.taskfiles/Talos/Taskfile.yaml b/.taskfiles/Talos/Taskfile.yaml index 0fb6f25777a13..1f04661ae59a0 100644 --- a/.taskfiles/Talos/Taskfile.yaml +++ b/.taskfiles/Talos/Taskfile.yaml @@ -84,6 +84,23 @@ tasks: preconditions: - talosctl config get-contexts | grep {{.cluster}} + apply-config: + desc: Apply Talos configuration to a node + dir: "{{.KUBERNETES_DIR}}/{{.cluster}}/bootstrap/talos/matchbox/assets" + cmd: | + sops -d {{.role | replace "controlplane" "controller"}}.secret.sops.yaml | \ + envsubst | \ + talosctl --context {{.cluster}} apply-config --nodes {{.node}} --file /dev/stdin + env: + TALOS_VERSION: "{{.TALOS_VERSION}}" + TALOS_SCHEMATIC_ID: "{{.TALOS_SCHEMATIC_ID}}" + KUBERNETES_VERSION: "{{.KUBERNETES_VERSION}}" + vars: + role: + sh: talosctl --context {{.cluster}} --nodes {{.node}} get mc -o yaml | yq .spec.machine.type + requires: + vars: ["cluster", "node"] + sync-matchbox: desc: Sync required Matchbox configuration to Vyos for PXE Boot dir: "{{.KUBERNETES_DIR}}/{{.cluster}}/bootstrap/talos/matchbox" diff --git a/.taskfiles/VolSync/Taskfile.yaml b/.taskfiles/VolSync/Taskfile.yaml index 88e1a49125c36..7b5fd3e3f6386 100644 --- a/.taskfiles/VolSync/Taskfile.yaml +++ b/.taskfiles/VolSync/Taskfile.yaml @@ -31,8 +31,8 @@ tasks: cluster: Cluster to run command against (required) cmds: - flux --context {{.cluster}} suspend ks volsync - - flux --context {{.cluster}} suspend hr -n storage volsync - - kubectl --context {{.cluster}} -n storage scale deployment volsync --replicas 0 + - flux --context {{.cluster}} suspend hr -n volsync-system volsync + - kubectl --context {{.cluster}} -n volsync-system scale deployment volsync --replicas 0 env: *env requires: vars: ["cluster"] diff --git a/kubernetes/main/apps/database/cloudnative-pg/cluster/cluster16.yaml b/kubernetes/main/apps/database/cloudnative-pg/cluster/cluster16.yaml index 4b8b5d6c87e36..b8d32ab77c289 100644 --- a/kubernetes/main/apps/database/cloudnative-pg/cluster/cluster16.yaml +++ b/kubernetes/main/apps/database/cloudnative-pg/cluster/cluster16.yaml @@ -41,7 +41,7 @@ spec: endpointURL: https://s3.turbo.ac # Note: serverName version needs to be inclemented # when recovering from an existing cnpg cluster - serverName: ¤tCluster postgres16-v3 + serverName: ¤tCluster postgres16-v4 s3Credentials: accessKeyId: name: cloudnative-pg-secret @@ -53,7 +53,7 @@ spec: # cluster when recovering from an existing cnpg cluster bootstrap: recovery: - source: &previousCluster postgres16-v2 + source: &previousCluster postgres16-v3 # Note: externalClusters is needed when recovering from an existing cnpg cluster externalClusters: - name: *previousCluster diff --git a/kubernetes/main/apps/database/kustomization.yaml b/kubernetes/main/apps/database/kustomization.yaml index d283929a194e1..b520abe49e5fd 100644 --- a/kubernetes/main/apps/database/kustomization.yaml +++ b/kubernetes/main/apps/database/kustomization.yaml @@ -8,5 +8,5 @@ resources: - ./notifications.yaml # Flux-Kustomizations - ./cloudnative-pg/ks.yaml - - ./crunchy-pgo/ks.yaml + # - ./crunchy-pgo/ks.yaml - ./redis/ks.yaml diff --git a/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml b/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml index c6495be4bfb0e..da224c4ae36a7 100644 --- a/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/zwave-js-ui/app/helmrelease.yaml @@ -26,6 +26,8 @@ spec: dependsOn: - name: rook-ceph-cluster namespace: rook-ceph + - name: smarter-device-manager + namespace: kube-system - name: volsync namespace: volsync-system values: diff --git a/kubernetes/main/apps/kube-system/smarter-device-manager/ks.yaml b/kubernetes/main/apps/kube-system/smarter-device-manager/ks.yaml index 0f5486805fab0..5b43daa325a33 100644 --- a/kubernetes/main/apps/kube-system/smarter-device-manager/ks.yaml +++ b/kubernetes/main/apps/kube-system/smarter-device-manager/ks.yaml @@ -15,7 +15,7 @@ spec: sourceRef: kind: GitRepository name: home-kubernetes - wait: true + wait: false interval: 30m retryInterval: 1m timeout: 5m diff --git a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 019fbcdf23f97..17a8906d4ff83 100644 --- a/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -51,7 +51,6 @@ spec: bluefs_buffered_io = false cephClusterSpec: network: - provider: host connections: requireMsgr2: true resources: @@ -105,7 +104,7 @@ spec: spec: failureDomain: host replicated: - size: 6 + size: 3 storageClass: enabled: true name: ceph-block @@ -133,11 +132,11 @@ spec: spec: metadataPool: replicated: - size: 6 + size: 3 dataPools: - failureDomain: host replicated: - size: 6 + size: 3 name: data0 metadataServer: activeCount: 1 @@ -176,12 +175,12 @@ spec: metadataPool: failureDomain: host replicated: - size: 6 + size: 3 dataPool: failureDomain: host erasureCoded: - dataChunks: 4 - codingChunks: 2 + dataChunks: 2 + codingChunks: 1 preservePoolsOnDelete: true gateway: port: 80 diff --git a/kubernetes/main/apps/system-upgrade/kustomization.yaml b/kubernetes/main/apps/system-upgrade/kustomization.yaml index 005f94342008c..3b8ee6e75f454 100644 --- a/kubernetes/main/apps/system-upgrade/kustomization.yaml +++ b/kubernetes/main/apps/system-upgrade/kustomization.yaml @@ -7,4 +7,4 @@ resources: - ./namespace.yaml - ./notifications.yaml # Flux-Kustomizations - - ./system-upgrade-controller/ks.yaml + # - ./system-upgrade-controller/ks.yaml diff --git a/kubernetes/main/bootstrap/talos/matchbox/assets/controller.secret.sops.yaml b/kubernetes/main/bootstrap/talos/matchbox/assets/controller.secret.sops.yaml index 95465213e8ee7..9ca65664fd6a6 100644 --- a/kubernetes/main/bootstrap/talos/matchbox/assets/controller.secret.sops.yaml +++ b/kubernetes/main/bootstrap/talos/matchbox/assets/controller.secret.sops.yaml @@ -101,6 +101,12 @@ machine: - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" - KERNEL=="ttyACM[0-9]", GROUP="20", MODE="0660" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660", SYMLINK+="coral" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660", SYMLINK+="coral" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="20", MODE="0660", SYMLINK+="rtl2838" + nodeLabels: + topology.kubernetes.io/region: main + topology.kubernetes.io/zone: m cluster: id: ENC[AES256_GCM,data:9tHCrMfXP7lhgTgOC8pgZ+nfowxhzICdrdEGXUniD0VvF3OGsk3xk7C05tg=,iv:aiAJ/rRXrTeJHgynGJy1jCk84WoJd1wpgWTKUYtu4dQ=,tag:ljRZvhMeOZtN2nnZqojHBQ==,type:str] secret: ENC[AES256_GCM,data:O4YhpNgibu+GTdCFBtycLili2lZxkVW1QD4StkBZPIL11yezCgbLv4VqkyE=,iv:Dg+xHyZepVsCQwxhFRakJxJJx8hCbjlpndBSbjJfKA8=,tag:tvd9cX+5iYNx+v+dQylUEg==,type:str] @@ -178,8 +184,8 @@ sops: R0p5RXZuMUNXVnFyZVNDTmVWRXorR0EKImMXF7/XlFtGimJcBL+Z4y4EgAEJnEpD WzSiMe8hB7pzjCXC8PGcRRkGYV46QQRw8yk2p/2bV6ycXkJ+6GKSHg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-16T14:17:22Z" - mac: ENC[AES256_GCM,data:XJeBi4b8OVOC/e9qEv7gY6zIxlGAYwaDFfmU7yGZGkJghQVLYmNURf1A/nA1gWG+ZAaR8RU/1z6NQOoritstD+eqsNYRqrjkeZweA7Y+sPjJYwlWefSnY/KATn43avo4pqFvD6yhOqcnDEq8MnBdf4XYSf47lbd/LizgOrsEYrE=,iv:ri1WnzeMLkOAxRQ/3TleEx6Bq9S2Uk6J37jM+SF7q2k=,tag:zwokDVUdUVWxSNrxya8Tzg==,type:str] + lastmodified: "2024-02-16T22:51:33Z" + mac: ENC[AES256_GCM,data:1XbF4P6HI84X4F8IWMyLAX35aYBQI6nbsaOfroA7IfQ7cgrt4E3j/sl6nV7Rnr60bGdaBUevu5k2DMRlasG/DmSzZQ6gI21DAv0fKbKUjViSxyRYSu0bX42tEppEaBF4ViTIC6sQdftAZ1nhsi++dsWsLf4oOEHg42TaCkhVvI8=,iv:T9YLnw8ZmSmKKWxAunB38TGED0iBpp5u42BEQIAMTXs=,tag:1gYQVeEcYpkn05eoTLuL+Q==,type:str] pgp: [] encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ version: 3.8.1 diff --git a/kubernetes/main/bootstrap/talos/matchbox/assets/worker.secret.sops.yaml b/kubernetes/main/bootstrap/talos/matchbox/assets/worker.secret.sops.yaml index b0719c846d31a..4dadd5cd6943a 100644 --- a/kubernetes/main/bootstrap/talos/matchbox/assets/worker.secret.sops.yaml +++ b/kubernetes/main/bootstrap/talos/matchbox/assets/worker.secret.sops.yaml @@ -93,6 +93,12 @@ machine: - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" - KERNEL=="ttyACM[0-9]", GROUP="20", MODE="0660" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660", SYMLINK+="coral" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660", SYMLINK+="coral" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="20", MODE="0660", SYMLINK+="rtl2838" + nodeLabels: + topology.kubernetes.io/region: main + topology.kubernetes.io/zone: w cluster: id: ENC[AES256_GCM,data:u5KvmMaSJ/BdO+7eXUQA9f9iMsct9YLUDFRkas4Ply/QTfQ1Ob5znCX2osg=,iv:WvZvnZ7qFEazttbhwgqBvLsWJSLBf7pYzAGlScqtzTU=,tag:gPyzvv8b5K6/Xn1AyPo9nQ==,type:str] secret: ENC[AES256_GCM,data:lu2AHn9BywIQuu6giKi+5SRBXdXZWDN6Mgs5mv1qMNoWDl99MMrJmf6kIyM=,iv:oUO4x3YPmOX2ArkS2WyvHwNY21cSQBn3x5RQ+LvYN/Y=,tag:9envg2g12VA9hxkSRbTtuQ==,type:str] @@ -132,8 +138,8 @@ sops: QUE4UkZiRDRJRGRHTTNCemdIYllvTmsKZBAn5SbfQDL1yrU8VUUfJUV/yADU3oVU Vn/pmwdPNfcwgucnZVUQVWXzCdZlgvs3vOpgf58NEBrQs36MMlNBJQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-16T14:11:15Z" - mac: ENC[AES256_GCM,data:DezUbiSffBrvhvY/iLCxPga3sXeDYgMzIH1NCdMi7Yvw2Soe2pFbYVpU+qjvAfmYM/Gfu4qwGKVSSgE+vvttrf0nxA5+WuTMjAF2kOl8ykBtmSK4AiyiTpIaw1N03P2V8XfxaiNJDsrV7PavSheGvkMr+XDvEvyneTBqK0DKXoQ=,iv:NnlriUtwoQ+qgyP4U7WbLgTCd7mg/AJQG9SNJLUyEIM=,tag:gj1Z+gJQs/6nuoaV0m3x3A==,type:str] + lastmodified: "2024-02-16T22:50:34Z" + mac: ENC[AES256_GCM,data:HEfFiR57kgXzDzwLV71f+Fn+Zvc7rQMHEV9/+h0qy7Om36N+dp5f7MpZ+A//2IQMkQ+7svsElJpBn41n0I9ryn6TuVGFq22jfYTI+yWMk4VAEsWdu5oQKet5UejueHfDFvYKW7rRWQXL28dZukReoJ55Hm8JwdxP9Z+nKVx/qsg=,iv:Y/khGKun/eeZEka/qZBuOrdWpoaCkkvAohHQu2Ri17s=,tag:jlGiNnfKmQ2q+oECnxhBeQ==,type:str] pgp: [] encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ version: 3.8.1