feat: added talos image + extensions

2025-05-08 22:56:50 +02:00 · 2025-05-08 22:56:50 +02:00 · 114e64c309
commit 114e64c309
parent 5c9b55e8f9
2 changed files with 45 additions and 24 deletions
--- a/talos/README.md
+++ b/talos/README.md
@ -90,6 +90,8 @@ Vist the website https://factory.talos.dev
 4. System Extensions:
   1. siderolabs/i915 (intel gpu drivers)
   2. siderolabs/intel-ucode (intel microcode)
+   3. siderolabs/iscsi-tools (necessary for longhorn)
+   4. siderolabs/util-linux-tools (necessary for longhorn)
 5. Customization: skip
 6. Schematic Ready: Download the iso

@ -98,7 +100,7 @@ Vist the website https://factory.talos.dev
 # Cluster bootstrap
 ```bash
 talosctl apply-config --insecure -n 10.10.10.3 --file clusterconfig/home-cluster-talos-01.yaml
-talosctl bootstrap -n 10.10.10.4 -e 10.10.10.4 --talosconfig talosconfig
+talosctl bootstrap -n 10.10.10.3 -e 10.10.10.3 --talosconfig talosconfig
 ```

 # Cilium CNI
@ -111,16 +113,23 @@ helm repo add cilium https://helm.cilium.io/
 helm repo update 

 helm install \
-    cilium \
-    cilium/cilium \
-    --version 1.17.3 \
-    --namespace kube-system \
-    --set ipam.mode=kubernetes \
-    --set kubeProxyReplacement=true \
-    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
-    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set cgroup.autoMount.enabled=false \
-    --set cgroup.hostRoot=/sys/fs/cgroup \
-    --set k8sServiceHost=localhost \
-    --set k8sServicePort=7445
+  cilium \
+  cilium/cilium \
+  --version 1.17.3 \
+  --namespace kube-system \
+  --set ipam.mode=kubernetes \
+  --set kubeProxyReplacement=true \
+  --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+  --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+  --set cgroup.autoMount.enabled=false \
+  --set cgroup.hostRoot=/sys/fs/cgroup \
+  --set k8sServiceHost=localhost \
+  --set k8sServicePort=7445 \
+  --set operator.replicas=1
+```
+
+```bash
+# Enable and disable hubble 
+cilium hubble enable --ui
+cilium hubble disable
 ```
--- a/talos/talconfig.yaml
+++ b/talos/talconfig.yaml
@ -1,10 +1,10 @@
 clusterName: home-cluster

-talosVersion: 1.10.0
+talosVersion: 1.10.1
 kubernetesVersion: 1.33.0

-endpoint: https://10.10.10.4:6443
-domain: ${myDomainName}
+endpoint: https://10.10.10.3:6443
+#domain: ${myDomainName}

 additionalMachineCertSans:
  - 10.10.10.3
@ -27,14 +27,15 @@ nodes:
    nameservers:
      - 10.10.10.2
    installDisk: /dev/nvme0n1
-    userVolumes:
-      - name: local-storage
-        provisioning:
-          diskSelector:
-            match: disk.transport == "nvme"
-          maxSize: 500GiB
-        filesystem:
-          type: xfs
+    talosImageURL: factory.talos.dev/metal-installer/249d9135de54962744e917cfe654117000cba369f9152fbab9d055a00aa3664f
+    #userVolumes:
+    #  - name: longhorn-block
+    #    provisioning:
+    #      diskSelector:
+    #        match: disk.transport == "nvme"
+    #      maxSize: 500GiB
+    #    filesystem:
+    #      type: xfs
    machineSpec:
      mode: metal
      arch: amd64
@ -48,10 +49,21 @@ controlPlane:
        officialExtensions:
          - siderolabs/intel-ucode
          - siderolabs/i915
+          - siderolabs/iscsi-tools
+          - siderolabs/util-linux-tools

  patches:
    - |-
      machine:
+        kubelet:
+          extraMounts:
+            - destination: /var/mnt/longhorn
+              type: bind
+              source: /var/mnt/longhorn
+              options:
+                - bind
+                - rshared
+                - rw
        time:
          servers:
            - 10.10.10.1