Skip to content

injunweb/k8s-bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
bootstrap/talos
bootstrap/talos
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Talos Linux Kubernetes Cluster Bootstrap

1. Bootstrap Cluster

VIP="10.0.203.100"
CONTROLPLANE_NODES=(
  10.0.203.11
  10.0.203.12
  10.0.203.13
)
WORKER_NODES=(
  10.0.203.21
  10.0.203.22
  10.0.203.23
)

talosctl gen config talos-cluster https://${VIP}:6443 --output-dir _out

for node in "${CONTROLPLANE_NODES[@]}"; do
  talosctl apply-config --insecure --nodes $node \
    --file _out/controlplane.yaml --config-patch @bootstrap/talos/controlplane.yaml
done

for node in "${WORKER_NODES[@]}"; do
  talosctl apply-config --insecure --nodes $node \
    --file _out/worker.yaml --config-patch @bootstrap/talos/worker.yaml
done

export TALOSCONFIG="_out/talosconfig"
talosctl config endpoint ${CONTROLPLANE_NODES[0]}
talosctl bootstrap --nodes ${CONTROLPLANE_NODES[0]}
talosctl kubeconfig _out/kubeconfig --nodes ${CONTROLPLANE_NODES[0]}

export KUBECONFIG="_out/kubeconfig"

kubectl get csr -o name | xargs kubectl certificate approve

2. Install Cilium CNI

helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.18.5 \
  --namespace kube-system \
  --set ipam.mode=kubernetes \
  --set kubeProxyReplacement=true \
  --set l2announcements.enabled=true \
  --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
  --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
  --set cgroup.autoMount.enabled=false \
  --set cgroup.hostRoot=/sys/fs/cgroup \
  --set k8sServiceHost=localhost \
  --set k8sServicePort=7445 \
  --set gatewayAPI.enabled=true

3. Deploy ArgoCD App of Apps

helm repo add argo https://argoproj.github.io/argo-helm
helm repo update argo
helm install argocd argo/argo-cd --version 9.2.2 \
  --namespace argocd --create-namespace \
  --set configs.params."server\.insecure"=true

kubectl apply -f - <<EOF
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-of-apps
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/injunweb/app-of-apps.git
    targetRevision: HEAD
    path: .
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
EOF

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •