chore(bootstrap): make it a little easier

buroa · Jan 16, 2025 · f47b97a · f47b97a
1 parent 6123539
commit f47b97a
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 97 deletions.
diff --git a/.taskfiles/bootstrap/Taskfile.yaml b/.taskfiles/bootstrap/Taskfile.yaml
@@ -17,25 +17,39 @@ tasks:
       - which talosctl
 
   apps:
-    desc: Bootstrap Kubernetes Apps [ROOK_DISK=SAMSUNG_MZQL23T8HCLS-00A07]
+    desc: Bootstrap Kubernetes Apps [MODEL=SAMSUNG MZQL23T8HCLS-00A07]
     prompt: Bootstrap Kubernetes Apps ...?
     cmds:
+      - for: { var: NODES }
+        task: wipe-rook
+        vars:
+          MODEL: '{{.MODEL}}'
+          NODE: '{{.ITEM}}'
       - until kubectl wait nodes --for=condition=Ready=False --all --timeout=10m; do sleep 5; done
-      - op run --env-file {{.KUBERNETES_DIR}}/bootstrap/bootstrap.env --no-masking -- minijinja-cli {{.KUBERNETES_DIR}}/bootstrap/templates/resources.yaml.j2 | kubectl apply --server-side --filename -
+      - op inject --in-file {{.KUBERNETES_DIR}}/bootstrap/templates/resources.yaml.tpl | kubectl apply --server-side --filename -
       - helmfile --quiet --file {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml apply --skip-diff-on-install --suppress-diff
-      - helmfile --quiet --file {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml destroy --selector name=wipe-rook
     vars:
-      ROOK_DISK: '{{.ROOK_DISK | default "SAMSUNG_MZQL23T8HCLS-00A07"}}'
+      MODEL: '{{.MODEL | default "SAMSUNG MZQL23T8HCLS-00A07"}}'
+      NODES:
+        sh: talosctl config info --output json | jq --join-output '[.nodes[]] | join(" ")'
     env:
-      NODE_COUNT:
-        sh: talosctl config info --output json | jq --raw-output '.nodes | length'
-      ROOK_DISK: '{{.ROOK_DISK}}'
       VAULT: K8s
     preconditions:
       - op user get --me
       - talosctl config info
-      - test -f {{.KUBERNETES_DIR}}/bootstrap/bootstrap.env
       - test -f {{.KUBERNETES_DIR}}/bootstrap/helmfile.yaml
-      - test -f {{.KUBERNETES_DIR}}/bootstrap/templates/resources.yaml.j2
-      - test -f {{.KUBERNETES_DIR}}/bootstrap/templates/wipe-rook.yaml.gotmpl
-      - which curl jq helmfile kubectl op talosctl
+      - test -f {{.KUBERNETES_DIR}}/bootstrap/templates/resources.yaml.tpl
+      - which jq helmfile kubectl op talosctl
+
+  wipe-rook:
+    internal: true
+    cmd: talosctl -n {{.NODE}} wipe disk {{.BLOCK}}
+    vars:
+      BLOCK:
+        sh: talosctl -n {{.NODE}} get disks -o json | jq --raw-output 'select(.spec.model == "{{.MODEL}}") | .metadata.id'
+    requires:
+      vars: [MODEL, NODE]
+    preconditions:
+      - talosctl config info
+      - talosctl --nodes {{.NODE}} get machineconfig
+      - which talosctl jq
diff --git a/.taskfiles/workstation/Taskfile.yaml b/.taskfiles/workstation/Taskfile.yaml
@@ -8,8 +8,7 @@ tasks:
 
   brew:
     desc: Set up Homebrew tools
-    cmds:
-      - brew bundle --file {{.WORKSTATION_RESOURCES_DIR}}/Brewfile
+    cmd: brew bundle --file {{.WORKSTATION_RESOURCES_DIR}}/Brewfile
     sources:
       - '{{.WORKSTATION_RESOURCES_DIR}}/Brewfile'
     generates:
@@ -21,8 +20,7 @@ tasks:
   krew:
     desc: Set up Krew tools
     deps: [brew]
-    cmds:
-      - kubectl krew install cert-manager cnpg browse-pvc node-shell rook-ceph view-secret
+    cmd: kubectl krew install cert-manager cnpg browse-pvc node-shell rook-ceph view-secret
     preconditions:
       - kubectl krew version
       - which kubectl
diff --git a/kubernetes/bootstrap/bootstrap.env b/kubernetes/bootstrap/bootstrap.env
diff --git a/kubernetes/bootstrap/helmfile.yaml b/kubernetes/bootstrap/helmfile.yaml
@@ -8,6 +8,7 @@ helmDefaults:
 repositories:
   - name: cilium
     url: https://helm.cilium.io
+
   - name: coredns
     url: https://coredns.github.io/helm
 
@@ -23,39 +24,35 @@ releases:
     version: 1.16.5
     values:
       - ../apps/kube-system/cilium/app/resources/values.yaml
-    needs: ["monitoring/prometheus-operator-crds"]
+    needs:
+      - monitoring/prometheus-operator-crds
 
   - name: coredns
     namespace: kube-system
     chart: coredns/coredns
     version: 1.37.1
     values:
       - ../apps/kube-system/coredns/app/resources/values.yaml
-    needs: ["kube-system/cilium"]
+    needs:
+      - kube-system/cilium
 
   - name: spegel
     namespace: kube-system
     chart: oci://ghcr.io/spegel-org/helm-charts/spegel
     version: v0.0.29
     values:
       - ../apps/kube-system/spegel/app/resources/values.yaml
-    needs: ["kube-system/coredns"]
-
-  - name: wipe-rook
-    namespace: kube-system
-    chart: oci://ghcr.io/bjw-s/helm/app-template
-    version: 3.6.1
-    values:
-      - ./templates/wipe-rook.yaml.gotmpl
-    needs: ["kube-system/spegel"]
+    needs:
+      - kube-system/coredns
 
   - name: flux-operator
     namespace: flux-system
     chart: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator
     version: 0.13.0
     values:
       - ../apps/flux-system/flux-operator/app/resources/values.yaml
-    needs: ["kube-system/wipe-rook"]
+    needs:
+      - kube-system/spegel
 
   - name: flux-instance
     namespace: flux-system
@@ -64,4 +61,5 @@ releases:
     wait: false
     values:
       - ../apps/flux-system/flux-operator/instance/resources/values.yaml
-    needs: ["flux-system/flux-operator"]
+    needs:
+      - flux-system/flux-operator
diff --git a/...tes/bootstrap/templates/resources.yaml.j2 → ...es/bootstrap/templates/resources.yaml.tpl b/...tes/bootstrap/templates/resources.yaml.j2 → ...es/bootstrap/templates/resources.yaml.tpl
@@ -10,5 +10,5 @@ metadata:
   name: onepassword-connect-secret
   namespace: external-secrets
 stringData:
-  1password-credentials.json: {{ ENV.ONEPASSWORD_CREDENTIALS }}
-  token: {{ ENV.ONEPASSWORD_CONNECT_TOKEN }}
+  1password-credentials.json: op://$VAULT/1password/OP_CREDENTIALS_JSON
+  token: op://$VAULT/1password/OP_CONNECT_TOKEN
diff --git a/kubernetes/bootstrap/templates/wipe-rook.yaml.gotmpl b/kubernetes/bootstrap/templates/wipe-rook.yaml.gotmpl
diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml
@@ -14,8 +14,8 @@ talosVersion: v1.9.2
 kubernetesVersion: v1.32.1
 
 additionalApiServerCertSans: &sans
-  - 192.168.10.200
   - k8s.internal
+  - 192.168.10.100
   - 127.0.0.1
 
 additionalMachineCertSans: *sans
@@ -55,7 +55,7 @@ nodes:
               - network: 0.0.0.0/0
                 gateway: 192.168.10.1
             vip:
-              ip: 192.168.10.200
+              ip: 192.168.10.100
           - vlanId: 20
             dhcp: false
             mtu: 1500
@@ -112,7 +112,7 @@ nodes:
               - network: 0.0.0.0/0
                 gateway: 192.168.10.1
             vip:
-              ip: 192.168.10.200
+              ip: 192.168.10.100
           - vlanId: 20
             dhcp: false
             mtu: 1500
@@ -169,7 +169,7 @@ nodes:
               - network: 0.0.0.0/0
                 gateway: 192.168.10.1
             vip:
-              ip: 192.168.10.200
+              ip: 192.168.10.100
           - vlanId: 20
             dhcp: false
             mtu: 1500
@@ -216,6 +216,9 @@ controlPlane:
         - mitigations=off
         - net.ifnames=0
         - security=none
+        - ip=bond0.10:dhcp     # Initial DHCP
+        - bond=bond0:eth2,eth3 # Initial DHCP
+        - vlan=bond0.10:bond0  # Initial DHCP
 
       systemExtensions:
         officialExtensions: