Big infrastructure changes

- Switch to .lan everywhere for Kubernetes - Updates on providers and images - Update docker machine to directly work with SwarmCD - Add docker provider for Terraform to install SwarmCD
2025-12-19 04:26:04 +00:00 · 2025-09-16 18:33:52 +02:00
parent cfb1e54ca2
commit d5a7de4037
6 changed files with 102 additions and 202 deletions
--- a/infra/pve/docker.tf
+++ b/infra/pve/docker.tf
@@ -2,6 +2,14 @@
 * Docker machine terraform file
 */

+resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" {
+  content_type = "iso"
+  datastore_id = "local"
+  file_name = "debian-12-generic-amd64.qcow2.img"
+  node_name = "pve"
+  url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
+}
+
 resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
  content_type = "snippets"
  datastore_id = "local"
@@ -18,6 +26,7 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
      - curl
      - gnupg2
      - qemu-guest-agent
+      - nfs-common
    runcmd:
      - systemctl enable --now qemu-guest-agent
      - install -m 0755 -d /etc/apt/keyrings
@@ -27,6 +36,10 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
      - apt-get update
      - apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
      - docker swarm init
+      - git clone https://github.com/vhaudiquet/homeprod /root/homeprod
+      - mkdir /app
+      - echo "truenas.local:/mnt/fast_app_data/docker-homeprod      /app     nfs     defaults,_netdev    0 0" >>/etc/fstab
+      - mount -t nfs truenas.local:/mnt/fast_app_data/docker-homeprod /app
    EOF
    file_name = "docker-machine-cloud-config.yaml"
  }
@@ -44,7 +57,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
  tags = ["debian", "debian-latest", "docker", "terraform"]

  cpu {
-    type = "kvm64"
+    type = "host"
    cores = 4
    sockets = 1
    flags = []
@@ -76,16 +89,17 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
  boot_order = ["scsi0"]
  scsi_hardware = "virtio-scsi-single"

+  vga {
+    type = "serial0"
+  }
+
  disk {
    interface = "scsi0"
    iothread = true
    datastore_id = "local-lvm"
-    size = 8
+    size = 128
    discard = "ignore"
-  }
-
-  clone {
-    vm_id = data.proxmox_virtual_environment_vms.debian_vm_template.vms[0].vm_id
+    file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id
  }

  vm_id = 701
@@ -93,6 +107,30 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
  initialization {
    datastore_id = "local-lvm"
    interface = "ide2"
+    
+    ip_config {
+      ipv4 {
+        address = "10.1.2.175/24"
+        gateway = "10.1.2.1"
+      }
+    }
+
+    user_account {
+      keys = [trimspace(var.ssh_public_key)]
+      password = var.machine_root_password
+      username = "root"
+    }
+
    vendor_data_file_id = proxmox_virtual_environment_file.docker-machine-cloud-config.id
  }
+
+  operating_system {
+    type = "l26"
+  }
+
+  tpm_state {
+    version = "v2.0"
+  }
+
+  serial_device {}
 }
--- a/infra/pve/docker/main.tf
+++ b/infra/pve/docker/main.tf
@@ -0,0 +1,39 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.6.2"
+    }
+  }
+}
+
+# Docker configuration
+provider "docker" {
+  host = "ssh://root@docker-machine.lan"
+}
+
+resource "docker_image" "swarm-cd" {
+  name = "ghcr.io/m-adawi/swarm-cd:latest"
+}
+
+resource "docker_container" "swarm-cd" {
+  name  = "swarm-cd"
+  image = docker_image.swarm-cd.image_id
+  volumes {
+      host_path = "/var/run/docker.sock"
+      container_path = "/var/run/docker.sock"
+      read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/repos.yaml"
+    container_path = "/app/repos.yaml"
+    read_only = true
+  }
+  volumes {
+    host_path = "/root/homeprod/.swarmcd/stacks.yaml"
+    container_path = "/app/stacks.yaml"
+    read_only = true
+  }
+
+  depends_on = [ docker_image.swarm-cd ]
+}
--- a/infra/pve/kube.tf
+++ b/infra/pve/kube.tf
@@ -5,9 +5,9 @@
 resource "proxmox_virtual_environment_download_file" "talos-cloudimg" {
  content_type = "iso"
  datastore_id = "local"
-  file_name = "talos-v1.9.4-nocloud-amd64.iso"
+  file_name = "talos-v1.11.1-nocloud-amd64.iso"
  node_name = "pve"
-  url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.9.4/nocloud-amd64.iso"
+  url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso"
 }

 resource "proxmox_virtual_environment_vm" "kube" {
@@ -16,7 +16,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
  tags = ["kubernetes", "talos", "terraform"]

  node_name = "pve"
-  vm_id = 702
+  vm_id = 703
  machine = "q35"
  keyboard_layout = "fr"

@@ -39,7 +39,6 @@ resource "proxmox_virtual_environment_vm" "kube" {
  scsi_hardware = "virtio-scsi-single"

  cdrom {
-    enabled = true
    file_id = proxmox_virtual_environment_download_file.talos-cloudimg.id
    interface = "ide0"
  }
@@ -48,7 +47,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
    interface = "scsi0"
    iothread = true
    datastore_id = "local-lvm"
-    size = 64
+    size = 128
    discard = "ignore"
    file_format = "raw"
  }
@@ -63,7 +62,8 @@ resource "proxmox_virtual_environment_vm" "kube" {

    ip_config {
      ipv4 {
-        address = "dhcp"
+        address = "10.1.2.187/24"
+        gateway = "10.1.2.1"
      }
    }

@@ -83,7 +83,6 @@ resource "proxmox_virtual_environment_vm" "kube" {
  network_device {
    bridge = "vmbr0"
    model = "virtio"
-    mac_address = "BC:24:11:F6:E1:C9"
    vlan_id = 2
  }

@@ -103,13 +102,13 @@ resource "talos_machine_secrets" "kube" {}
 data "talos_machine_configuration" "kube" {
  cluster_name = "kube"
  machine_type = "controlplane"
-  cluster_endpoint = "https://kube-talos.local:6443"
+  cluster_endpoint = "https://kube-talos.lan:6443"
  machine_secrets = talos_machine_secrets.kube.machine_secrets
  config_patches = [
    yamlencode({
      machine = {
        install = {
-          image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.4"
+          image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
        }
        network = {
          nameservers = [
@@ -121,11 +120,11 @@ data "talos_machine_configuration" "kube" {
        allowSchedulingOnControlPlanes = true
        apiServer = {
          certSANs = [
-            "kube-talos.local"
+            "kube-talos.lan"
          ]
        }
        network = {
-          dnsDomain = "kube-talos.local"
+          dnsDomain = "kube-talos.lan"
          cni = {
            name: "none"
          }
@@ -141,13 +140,13 @@ data "talos_machine_configuration" "kube" {
 data "talos_client_configuration" "kube" {
  cluster_name = "kube"
  client_configuration = talos_machine_secrets.kube.client_configuration
-  nodes = ["kube-talos.local"]
+  nodes = ["kube-talos"]
 }

 resource "talos_machine_configuration_apply" "kube" {
  client_configuration = talos_machine_secrets.kube.client_configuration
  machine_configuration_input = data.talos_machine_configuration.kube.machine_configuration
-  node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
+  node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
  depends_on = [ proxmox_virtual_environment_vm.kube ]
  lifecycle {
    replace_triggered_by = [ proxmox_virtual_environment_vm.kube ]
@@ -155,7 +154,7 @@ resource "talos_machine_configuration_apply" "kube" {
 }

 resource "talos_machine_bootstrap" "kube" {
-  node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
+  node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
  client_configuration = talos_machine_secrets.kube.client_configuration
  depends_on = [ talos_machine_configuration_apply.kube ]
  lifecycle {
@@ -235,7 +234,7 @@ resource "helm_release" "cilium" {
  }
  set {
    name = "etcd.clusterDomain"
-    value = "kube-talos.local"
+    value = "kube-talos.lan"
  }
  set {
    name = "hubble.relay.enabled"
--- a/infra/pve/main.tf
+++ b/infra/pve/main.tf
@@ -3,15 +3,15 @@ terraform {
  required_providers {
    proxmox = {
      source = "bpg/proxmox"
-      version = "0.69.1"
+      version = "0.83.2"
    }
    talos = {
      source  = "siderolabs/talos"
-      version = "0.7.1"
+      version = "0.9.0"
    }
    kubernetes = {
      source = "hashicorp/kubernetes"
-      version = "2.36.0"
+      version = "2.38.0"
    }
    helm = {
      source = "hashicorp/helm"
@@ -22,7 +22,7 @@ terraform {

 # Proxmox configuration
 provider "proxmox" {
-  endpoint = "https://pve.local:8006/"
+  endpoint = "https://pve.lan:8006/"
  api_token = var.api_token
  insecure = true
  ssh {
@@ -44,9 +44,3 @@ provider "helm" {
    config_path = "${path.module}/kubeconfig"
  }
 }
-
-# debian-latest vm template(s), cloned to make other vms
-data "proxmox_virtual_environment_vms" "debian_vm_template" {
-    node_name = "pve"
-    tags = ["template", "debian-latest"]
-}
--- a/infra/pve/template.tf
+++ b/infra/pve/template.tf
@@ -1,170 +0,0 @@
-/*
-* Terraform Proxmox templates
-* VM and container templates, used to derive others
-*/
-
-# Debian Latest CLOUD disk image
-resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" {
-  content_type = "iso"
-  datastore_id = "local"
-  file_name = "debian-12-generic-amd64.qcow2.img"
-  node_name = "pve"
-  url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
-}
-
-# Base cloud-config ('vendor') file for VM templates
-resource "proxmox_virtual_environment_file" "cloud_config" {
-  content_type = "snippets"
-  datastore_id = "local"
-  node_name    = "pve"
-
-  source_raw {
-    data = <<-EOF
-    #cloud-config
-    package_update: true
-    packages:
-      - git
-      - ca-certificates
-      - wget
-      - curl
-      - gnupg2
-      - qemu-guest-agent
-    runcmd:
-      - systemctl enable --now qemu-guest-agent
-    EOF
-    file_name = "cloud-config.yaml"
-  }
-}
-
-# Debian Latest VM template
-resource "proxmox_virtual_environment_vm" "debian-latest-template" {
-  name = "debian-latest-template"
-  description = "Debian latest template VM from Terraform"
-  tags = ["debian", "debian-latest", "template", "terraform"]
-
-  node_name = "pve"
-  vm_id = 9002
-  template = true
-  machine = "q35"
-  keyboard_layout = "fr"
-
-  agent {
-    enabled = true
-  }
-  stop_on_destroy = true
-
-  cpu {
-    cores = 2
-    type = "x86-64-v2-AES"
-  }
-
-  memory {
-    dedicated = 2048
-    floating = 2048
-  }
-
-  disk {
-    datastore_id = "local-lvm"
-    file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id
-    interface = "scsi0"
-  }
-
-  vga {
-    type = "serial0"
-  }
-
-  initialization {
-    datastore_id = "local-lvm"
-    interface = "ide2"
-
-    ip_config {
-      ipv4 {
-        address = "dhcp"
-      }
-    }
-
-    user_account {
-      keys = [trimspace(var.ssh_public_key)]
-      password = var.machine_root_password
-      username = "root"
-    }
-
-    vendor_data_file_id = proxmox_virtual_environment_file.cloud_config.id
-  }
-
-  lifecycle {
-    ignore_changes = [ 
-      ipv4_addresses, ipv6_addresses, network_interface_names
-     ]
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    vlan_id = 2
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  tpm_state {
-    version = "v2.0"
-  }
-
-  serial_device {}
-}
-
-# Debian Latest LXC container image
-resource "proxmox_virtual_environment_download_file" "debian-latest-lxc-img" {
-  content_type = "vztmpl"
-  datastore_id = "local"
-  node_name    = "pve"
-  url = "http://download.proxmox.com/images/system/debian-12-standard_12.7-1_amd64.tar.zst"
-}
-
-# Debian Latest LXC container template
-resource "proxmox_virtual_environment_container" "debian-latest-container-template" {
-  description = "Debian latest template container from Terraform"
-
-  node_name = "pve"
-  vm_id = 9003
-  template = true
-
-  cpu {
-    cores = 2
-  }
-
-  memory {
-    dedicated = 512
-  }
-
-  disk {
-    datastore_id = "local-lvm"
-    size = 4 # 4 Gigabytes
-  }
-
-  initialization {
-    hostname = "debian-latest-container-template"
-
-    ip_config {
-      ipv4 {
-        address = "dhcp"
-      }
-    }
-
-    user_account {
-      keys = [trimspace(var.ssh_public_key)]
-      password = var.machine_root_password
-    }
-  }
-
-  network_interface {
-    name = "veth0"
-    vlan_id = 2
-  }
-
-  operating_system {
-    template_file_id = proxmox_virtual_environment_download_file.debian-latest-lxc-img.id
-    type = "debian"
-  }
-}
--- a/infra/pve/values/components.yaml
+++ b/infra/pve/values/components.yaml
@@ -10,7 +10,7 @@ instance:
    type: kubernetes
    multitenant: false
    networkPolicy: true
-    domain: "kube-talos.local"
+    domain: "kube-talos.lan"
  kustomize:
    patches:
      - target: