last state before restart

README.md

@@ -1,5 +1,30 @@
 # TALOS Linux Tests
 
+## Install Kubectl
+
+Follow the installation guide at [kubernetes.io](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/).
+
+```bash
+$ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+$ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
+$ echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check
+$ chmod +x kubectl
+$ mv kubectl ~/.local/bin/
+```
+
+## Install Helm
+
+Follow [official documentation](https://helm.sh/docs/intro/install/). The way for Debian based distros:
+
+```bash
+curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
+sudo apt-get install apt-transport-https --yes
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+sudo apt-get update
+sudo apt-get install helm
+```
+
+
 ## Install Talos Linux CLI
 
 On Ubuntu 22.04:
@@ -17,18 +42,6 @@ talosctl completion zsh > ~/.oh-my-zsh/custom/plugins/talosctl/_talosctl
 
 Add ``talosctl`` to ``plugins`` within your ``~/.zshrc``.
 
-### Install Kubectl
-
-Follow the installation guide at [kubernetes.io](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/).
-
-```bash
-$ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-$ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
-$ echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check
-$ chmod +x kubectl
-$ mv kubectl ~/.local/bin/
-```
-
 ## Install Talos from ISO
 
 > **WARNING**: At least until v1.9.0 use IPv4 for creating the cluster. Clusters build up on IPv6 show several errors starting from etcd not starting and so on.
@@ -183,4 +196,14 @@ $ talosctl apply-config --nodes 10.51.10.101 --endpoints 10.51.10.101 --taloscon
 
 ```bash
 $ talosctl --nodes 10.51.10.101 --endpoints 10.51.10.101 --talosconfig=./talosconfig get address
+```
+
+## Install Cilium
+
+- [Documentation for Cilium on TALOS Linux](https://www.talos.dev/v1.9/kubernetes-guides/network/deploying-cilium/#method-2-helm-manifests-install)
+
+- Add Cilium helm repo:
+```bash
+helm repo add cilium https://helm.cilium.io/
+helm repo update
 ```

apply_all.sh

@@ -23,6 +23,7 @@ for i in ctl-1 ctl-2 ctl-3; do
         -p @patches/10_control_plane.yaml \
         -p @patches/machines/$i.yaml \
         --output transient/$i.yaml
+        # -p @patches/11_cilium.yaml \
     talosctl apply-config \
         --nodes $i \
         --endpoints $ENDPOINTS \
@@ -30,18 +31,18 @@ for i in ctl-1 ctl-2 ctl-3; do
         --file transient/$i.yaml
 done
 
-for i in node-1 node-2 node-3; do
-    echo "Configuring WORKER host $i"
-        talosctl machineconfig patch \
-        worker.yaml \
-        -p @patches/00_all.yaml \
-        -p @patches/20_worker.yaml \
-        -p @patches/machines/$i.yaml \
-        --output transient/$i.yaml
+# for i in node-1 node-2 node-3; do
+#     echo "Configuring WORKER host $i"
+#     talosctl machineconfig patch \
+#         worker.yaml \
+#         -p @patches/00_all.yaml \
+#         -p @patches/20_worker.yaml \
+#         -p @patches/machines/$i.yaml \
+#         --output transient/$i.yaml
     
-    talosctl apply-config \
-        --nodes $i \
-        --endpoints $ENDPOINTS \
-        --talosconfig=./talosconfig \
-        --file transient/$i.yaml
-done
+#     # talosctl apply-config \
+#     #     --nodes $i \
+#     #     --endpoints $ENDPOINTS \
+#     #     --talosconfig=./talosconfig \
+#     #     --file transient/$i.yaml
+# done

boot-assets.yml

@@ -0,0 +1,15 @@
+customization:
+    systemExtensions:
+        officialExtensions:
+            - siderolabs/amd-ucode
+            - siderolabs/amdgpu
+            - siderolabs/fuse3
+            - siderolabs/intel-ice-firmware
+            - siderolabs/intel-ucode
+            - siderolabs/iscsi-tools
+            - siderolabs/lldpd
+            - siderolabs/nonfree-kmod-nvidia-lts
+            - siderolabs/nvidia-container-toolkit-lts
+            - siderolabs/nvidia-open-gpu-kernel-modules-lts
+            - siderolabs/nvme-cli
+            - siderolabs/qemu-guest-agent

cluster_state.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+NODES="-n 10.51.10.101 -n 10.51.10.103 -n 10.51.10.102"
+ENDPOINTS="--endpoints 10.51.10.101"
+
+PARAMETERS="${NODES} ${ENDPOINTS} --talosconfig=./talosconfig"
+echo "   === Talos Cluster Members ==="
+talosctl ${PARAMETERS} get members
+echo
+echo "   === etcd status ==="
+talosctl ${PARAMETERS} etcd status

controlplane.yaml

@@ -454,7 +454,8 @@ cluster:
         image: registry.k8s.io/kube-apiserver:v1.32.0 # The container image used in the API server manifest.
         # Extra certificate subject alternative names for the API server's certificate.
         certSANs:
-            - ctl.prod.k8.eis-mk8.de.s5b.org
+            - ctl.prod.k8.eis-mk8.de.
+            - 2a13:fc80:1:a:ffff::0
         disablePodSecurityPolicy: true # Disable PodSecurityPolicy in the API server and default manifests.
         # Configure the API server admission plugins.
         admissionControl:

patches/00_all.yaml

@@ -1,5 +1,11 @@
 # Cluster level patches for all machines
 machine:
+  install:
+      disk: /dev/sda # The disk used for installations.
+      # image: ghcr.io/siderolabs/installer:v1.9.1
+      image: factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.2
+      wipe: false # Indicates if the installation disk should be wiped at installation time.
+
   kubelet:
     nodeIP:
       validSubnets:
@@ -26,17 +32,19 @@ cluster:
   
   # Provides cluster specific network configuration options.
   network:
-    cni:
-      name: none
+    # cni:
+    #   name: none
 
     dnsDomain: cluster.local # The domain used by Kubernetes DNS.
     # The pod subnet CIDR.
     podSubnets:
       - 10.244.0.0/16
+      - 2a13:fc80:0001:d200::/64
     # The service subnet CIDR.
     serviceSubnets:
       - 10.96.0.0/12
+      - 2a13:fc80:0001:d201::/64
 
-  # kube-proxy
-  proxy:
-    disabled: true # we are using Cillium for all networking stuff
+  # # kube-proxy
+  # proxy:
+  #   disabled: false # we are using Cillium for all networking stuff

patches/machines/ctl-1.yaml

@@ -7,6 +7,8 @@ machine:
         addresses:
           - 10.51.10.101/23
           - 2a13:fc80:1:a:ffff::1/64
+        vip:
+          ip: 2a13:fc80:1:a:ffff::0
         mtu: 9000
         routes:
           - network: 0.0.0.0/0

patches/machines/ctl-2.yaml

@@ -7,6 +7,8 @@ machine:
         addresses:
           - 10.51.10.102/23
           - 2a13:fc80:1:a:ffff::2/64
+        vip:
+          ip: 2a13:fc80:1:a:ffff::0
         mtu: 9000
         routes:
           - network: 0.0.0.0/0

patches/machines/ctl-3.yaml

@@ -7,6 +7,8 @@ machine:
         addresses:
           - 10.51.10.103/23
           - 2a13:fc80:1:a:ffff::3/64
+        vip:
+          ip: 2a13:fc80:1:a:ffff::0
         mtu: 9000
         routes:
           - network: 0.0.0.0/0

worker.yaml

@@ -189,7 +189,7 @@ machine:
     # Used to provide instructions for installations.
     install:
         disk: /dev/sda # The disk used for installations.
-        image: factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.2
+        image: ghcr.io/siderolabs/installer:v1.9.1
         wipe: false # Indicates if the installation disk should be wiped at installation time.
         
         # # Look up disk using disk attributes like model, size, serial and others.

xx.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/bash
+
+helm template \
+    cilium \
+    cilium/cilium \
+    --version 1.16.5 \
+    --namespace kube-system \
+    --set bgpControlPlane.enabled=true \
+    --set hubble.preferIpv6=true \
+    --set ipv6.enabled=true \
+    --set ipam.mode=kubernetes \
+    --set kubeProxyReplacement=true \
+    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+    --set cgroup.autoMount.enabled=false \
+    --set cgroup.hostRoot=/sys/fs/cgroup \
+    --set k8sServiceHost=localhost \
+    --set k8sServicePort=7445 \
+    --set gatewayAPI.enabled=true \
+    --set gatewayAPI.enableAlpn=true \
+    --set gatewayAPI.enableAppProtocol=true \
+    > cilium.yaml