diff --git a/infra/pve/docker.tf b/infra/pve/docker.tf index 1c9baf4..ebe861c 100644 --- a/infra/pve/docker.tf +++ b/infra/pve/docker.tf @@ -2,6 +2,14 @@ * Docker machine terraform file */ +resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" { + content_type = "iso" + datastore_id = "local" + file_name = "debian-12-generic-amd64.qcow2.img" + node_name = "pve" + url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2" +} + resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" { content_type = "snippets" datastore_id = "local" @@ -18,6 +26,7 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" { - curl - gnupg2 - qemu-guest-agent + - nfs-common runcmd: - systemctl enable --now qemu-guest-agent - install -m 0755 -d /etc/apt/keyrings @@ -27,6 +36,10 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" { - apt-get update - apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - docker swarm init + - git clone https://github.com/vhaudiquet/homeprod /root/homeprod + - mkdir /app + - echo "truenas.local:/mnt/fast_app_data/docker-homeprod /app nfs defaults,_netdev 0 0" >>/etc/fstab + - mount -t nfs truenas.local:/mnt/fast_app_data/docker-homeprod /app EOF file_name = "docker-machine-cloud-config.yaml" } @@ -44,7 +57,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" { tags = ["debian", "debian-latest", "docker", "terraform"] cpu { - type = "kvm64" + type = "host" cores = 4 sockets = 1 flags = [] @@ -76,16 +89,17 @@ resource "proxmox_virtual_environment_vm" "docker-machine" { boot_order = ["scsi0"] scsi_hardware = "virtio-scsi-single" + vga { + type = "serial0" + } + disk { interface = "scsi0" iothread = true datastore_id = "local-lvm" - size = 8 + size = 128 discard = "ignore" - } - - clone { - vm_id = data.proxmox_virtual_environment_vms.debian_vm_template.vms[0].vm_id + file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id } vm_id = 701 @@ -93,6 +107,30 @@ resource "proxmox_virtual_environment_vm" "docker-machine" { initialization { datastore_id = "local-lvm" interface = "ide2" + + ip_config { + ipv4 { + address = "10.1.2.175/24" + gateway = "10.1.2.1" + } + } + + user_account { + keys = [trimspace(var.ssh_public_key)] + password = var.machine_root_password + username = "root" + } + vendor_data_file_id = proxmox_virtual_environment_file.docker-machine-cloud-config.id } + + operating_system { + type = "l26" + } + + tpm_state { + version = "v2.0" + } + + serial_device {} } diff --git a/infra/pve/docker/main.tf b/infra/pve/docker/main.tf new file mode 100644 index 0000000..09bba3f --- /dev/null +++ b/infra/pve/docker/main.tf @@ -0,0 +1,39 @@ +terraform { + required_providers { + docker = { + source = "kreuzwerker/docker" + version = "3.6.2" + } + } +} + +# Docker configuration +provider "docker" { + host = "ssh://root@docker-machine.lan" +} + +resource "docker_image" "swarm-cd" { + name = "ghcr.io/m-adawi/swarm-cd:latest" +} + +resource "docker_container" "swarm-cd" { + name = "swarm-cd" + image = docker_image.swarm-cd.image_id + volumes { + host_path = "/var/run/docker.sock" + container_path = "/var/run/docker.sock" + read_only = true + } + volumes { + host_path = "/root/homeprod/.swarmcd/repos.yaml" + container_path = "/app/repos.yaml" + read_only = true + } + volumes { + host_path = "/root/homeprod/.swarmcd/stacks.yaml" + container_path = "/app/stacks.yaml" + read_only = true + } + + depends_on = [ docker_image.swarm-cd ] +} diff --git a/infra/pve/kube.tf b/infra/pve/kube.tf index 0bff71c..8fb3386 100644 --- a/infra/pve/kube.tf +++ b/infra/pve/kube.tf @@ -5,9 +5,9 @@ resource "proxmox_virtual_environment_download_file" "talos-cloudimg" { content_type = "iso" datastore_id = "local" - file_name = "talos-v1.9.4-nocloud-amd64.iso" + file_name = "talos-v1.11.1-nocloud-amd64.iso" node_name = "pve" - url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.9.4/nocloud-amd64.iso" + url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso" } resource "proxmox_virtual_environment_vm" "kube" { @@ -16,7 +16,7 @@ resource "proxmox_virtual_environment_vm" "kube" { tags = ["kubernetes", "talos", "terraform"] node_name = "pve" - vm_id = 702 + vm_id = 703 machine = "q35" keyboard_layout = "fr" @@ -39,7 +39,6 @@ resource "proxmox_virtual_environment_vm" "kube" { scsi_hardware = "virtio-scsi-single" cdrom { - enabled = true file_id = proxmox_virtual_environment_download_file.talos-cloudimg.id interface = "ide0" } @@ -48,7 +47,7 @@ resource "proxmox_virtual_environment_vm" "kube" { interface = "scsi0" iothread = true datastore_id = "local-lvm" - size = 64 + size = 128 discard = "ignore" file_format = "raw" } @@ -63,7 +62,8 @@ resource "proxmox_virtual_environment_vm" "kube" { ip_config { ipv4 { - address = "dhcp" + address = "10.1.2.187/24" + gateway = "10.1.2.1" } } @@ -83,7 +83,6 @@ resource "proxmox_virtual_environment_vm" "kube" { network_device { bridge = "vmbr0" model = "virtio" - mac_address = "BC:24:11:F6:E1:C9" vlan_id = 2 } @@ -103,13 +102,13 @@ resource "talos_machine_secrets" "kube" {} data "talos_machine_configuration" "kube" { cluster_name = "kube" machine_type = "controlplane" - cluster_endpoint = "https://kube-talos.local:6443" + cluster_endpoint = "https://kube-talos.lan:6443" machine_secrets = talos_machine_secrets.kube.machine_secrets config_patches = [ yamlencode({ machine = { install = { - image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.4" + image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1" } network = { nameservers = [ @@ -121,11 +120,11 @@ data "talos_machine_configuration" "kube" { allowSchedulingOnControlPlanes = true apiServer = { certSANs = [ - "kube-talos.local" + "kube-talos.lan" ] } network = { - dnsDomain = "kube-talos.local" + dnsDomain = "kube-talos.lan" cni = { name: "none" } @@ -141,13 +140,13 @@ data "talos_machine_configuration" "kube" { data "talos_client_configuration" "kube" { cluster_name = "kube" client_configuration = talos_machine_secrets.kube.client_configuration - nodes = ["kube-talos.local"] + nodes = ["kube-talos"] } resource "talos_machine_configuration_apply" "kube" { client_configuration = talos_machine_secrets.kube.client_configuration machine_configuration_input = data.talos_machine_configuration.kube.machine_configuration - node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 + node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 depends_on = [ proxmox_virtual_environment_vm.kube ] lifecycle { replace_triggered_by = [ proxmox_virtual_environment_vm.kube ] @@ -155,7 +154,7 @@ resource "talos_machine_configuration_apply" "kube" { } resource "talos_machine_bootstrap" "kube" { - node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 + node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 client_configuration = talos_machine_secrets.kube.client_configuration depends_on = [ talos_machine_configuration_apply.kube ] lifecycle { @@ -235,7 +234,7 @@ resource "helm_release" "cilium" { } set { name = "etcd.clusterDomain" - value = "kube-talos.local" + value = "kube-talos.lan" } set { name = "hubble.relay.enabled" diff --git a/infra/pve/main.tf b/infra/pve/main.tf index e1e9cdb..7f749d3 100644 --- a/infra/pve/main.tf +++ b/infra/pve/main.tf @@ -3,15 +3,15 @@ terraform { required_providers { proxmox = { source = "bpg/proxmox" - version = "0.69.1" + version = "0.83.2" } talos = { source = "siderolabs/talos" - version = "0.7.1" + version = "0.9.0" } kubernetes = { source = "hashicorp/kubernetes" - version = "2.36.0" + version = "2.38.0" } helm = { source = "hashicorp/helm" @@ -22,7 +22,7 @@ terraform { # Proxmox configuration provider "proxmox" { - endpoint = "https://pve.local:8006/" + endpoint = "https://pve.lan:8006/" api_token = var.api_token insecure = true ssh { @@ -44,9 +44,3 @@ provider "helm" { config_path = "${path.module}/kubeconfig" } } - -# debian-latest vm template(s), cloned to make other vms -data "proxmox_virtual_environment_vms" "debian_vm_template" { - node_name = "pve" - tags = ["template", "debian-latest"] -} diff --git a/infra/pve/template.tf b/infra/pve/template.tf deleted file mode 100644 index 7fa1bce..0000000 --- a/infra/pve/template.tf +++ /dev/null @@ -1,170 +0,0 @@ -/* -* Terraform Proxmox templates -* VM and container templates, used to derive others -*/ - -# Debian Latest CLOUD disk image -resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" { - content_type = "iso" - datastore_id = "local" - file_name = "debian-12-generic-amd64.qcow2.img" - node_name = "pve" - url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2" -} - -# Base cloud-config ('vendor') file for VM templates -resource "proxmox_virtual_environment_file" "cloud_config" { - content_type = "snippets" - datastore_id = "local" - node_name = "pve" - - source_raw { - data = <<-EOF - #cloud-config - package_update: true - packages: - - git - - ca-certificates - - wget - - curl - - gnupg2 - - qemu-guest-agent - runcmd: - - systemctl enable --now qemu-guest-agent - EOF - file_name = "cloud-config.yaml" - } -} - -# Debian Latest VM template -resource "proxmox_virtual_environment_vm" "debian-latest-template" { - name = "debian-latest-template" - description = "Debian latest template VM from Terraform" - tags = ["debian", "debian-latest", "template", "terraform"] - - node_name = "pve" - vm_id = 9002 - template = true - machine = "q35" - keyboard_layout = "fr" - - agent { - enabled = true - } - stop_on_destroy = true - - cpu { - cores = 2 - type = "x86-64-v2-AES" - } - - memory { - dedicated = 2048 - floating = 2048 - } - - disk { - datastore_id = "local-lvm" - file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id - interface = "scsi0" - } - - vga { - type = "serial0" - } - - initialization { - datastore_id = "local-lvm" - interface = "ide2" - - ip_config { - ipv4 { - address = "dhcp" - } - } - - user_account { - keys = [trimspace(var.ssh_public_key)] - password = var.machine_root_password - username = "root" - } - - vendor_data_file_id = proxmox_virtual_environment_file.cloud_config.id - } - - lifecycle { - ignore_changes = [ - ipv4_addresses, ipv6_addresses, network_interface_names - ] - } - - network_device { - bridge = "vmbr0" - vlan_id = 2 - } - - operating_system { - type = "l26" - } - - tpm_state { - version = "v2.0" - } - - serial_device {} -} - -# Debian Latest LXC container image -resource "proxmox_virtual_environment_download_file" "debian-latest-lxc-img" { - content_type = "vztmpl" - datastore_id = "local" - node_name = "pve" - url = "http://download.proxmox.com/images/system/debian-12-standard_12.7-1_amd64.tar.zst" -} - -# Debian Latest LXC container template -resource "proxmox_virtual_environment_container" "debian-latest-container-template" { - description = "Debian latest template container from Terraform" - - node_name = "pve" - vm_id = 9003 - template = true - - cpu { - cores = 2 - } - - memory { - dedicated = 512 - } - - disk { - datastore_id = "local-lvm" - size = 4 # 4 Gigabytes - } - - initialization { - hostname = "debian-latest-container-template" - - ip_config { - ipv4 { - address = "dhcp" - } - } - - user_account { - keys = [trimspace(var.ssh_public_key)] - password = var.machine_root_password - } - } - - network_interface { - name = "veth0" - vlan_id = 2 - } - - operating_system { - template_file_id = proxmox_virtual_environment_download_file.debian-latest-lxc-img.id - type = "debian" - } -} diff --git a/infra/pve/values/components.yaml b/infra/pve/values/components.yaml index 4441709..aba0eed 100644 --- a/infra/pve/values/components.yaml +++ b/infra/pve/values/components.yaml @@ -10,7 +10,7 @@ instance: type: kubernetes multitenant: false networkPolicy: true - domain: "kube-talos.local" + domain: "kube-talos.lan" kustomize: patches: - target: