vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2025-12-19 12:36:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Big infrastructure changes

Browse Source 
- Switch to .lan everywhere for Kubernetes
- Updates on providers and images
- Update docker machine to directly work with SwarmCD
- Add docker provider for Terraform to install SwarmCD
This commit is contained in:
Valentin Haudiquet
2025-09-16 18:33:52 +02:00
parent cfb1e54ca2
commit d5a7de4037
6 changed files with 102 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
infra/pve/docker.tf
View File

@@ -2,6 +2,14 @@
* Docker machine terraform file * Docker machine terraform file
*/ */
resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" {
content_type = "iso"
datastore_id = "local"
file_name = "debian-12-generic-amd64.qcow2.img"
node_name = "pve"
url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
}
resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" { resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
content_type = "snippets" content_type = "snippets"
datastore_id = "local" datastore_id = "local"
@@ -18,6 +26,7 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
- curl - curl
- gnupg2 - gnupg2
- qemu-guest-agent - qemu-guest-agent
- nfs-common
runcmd: runcmd:
- systemctl enable --now qemu-guest-agent - systemctl enable --now qemu-guest-agent
- install -m 0755 -d /etc/apt/keyrings - install -m 0755 -d /etc/apt/keyrings
@@ -27,6 +36,10 @@ resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
- apt-get update - apt-get update
- apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- docker swarm init - docker swarm init
- git clone https://github.com/vhaudiquet/homeprod /root/homeprod
- mkdir /app
- echo "truenas.local:/mnt/fast_app_data/docker-homeprod /app nfs defaults,_netdev 0 0" >>/etc/fstab
- mount -t nfs truenas.local:/mnt/fast_app_data/docker-homeprod /app
EOF EOF
file_name = "docker-machine-cloud-config.yaml" file_name = "docker-machine-cloud-config.yaml"
} }
@@ -44,7 +57,7 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
tags = ["debian", "debian-latest", "docker", "terraform"] tags = ["debian", "debian-latest", "docker", "terraform"]
cpu { cpu {
type = "kvm64" type = "host"
cores = 4 cores = 4
sockets = 1 sockets = 1
flags = [] flags = []
@@ -76,16 +89,17 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
boot_order = ["scsi0"] boot_order = ["scsi0"]
scsi_hardware = "virtio-scsi-single" scsi_hardware = "virtio-scsi-single"
vga {
type = "serial0"
}
disk { disk {
interface = "scsi0" interface = "scsi0"
iothread = true iothread = true
datastore_id = "local-lvm" datastore_id = "local-lvm"
size = 8 size = 128
discard = "ignore" discard = "ignore"
} file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id
clone {
vm_id = data.proxmox_virtual_environment_vms.debian_vm_template.vms[0].vm_id
} }
vm_id = 701 vm_id = 701
@@ -93,6 +107,30 @@ resource "proxmox_virtual_environment_vm" "docker-machine" {
initialization { initialization {
datastore_id = "local-lvm" datastore_id = "local-lvm"
interface = "ide2" interface = "ide2"
ip_config {
ipv4 {
address = "10.1.2.175/24"
gateway = "10.1.2.1"
}
}
user_account {
keys = [trimspace(var.ssh_public_key)]
password = var.machine_root_password
username = "root"
}
vendor_data_file_id = proxmox_virtual_environment_file.docker-machine-cloud-config.id vendor_data_file_id = proxmox_virtual_environment_file.docker-machine-cloud-config.id
} }
operating_system {
type = "l26"
}
tpm_state {
version = "v2.0"
}
serial_device {}
} }

39
infra/pve/docker/main.tf Normal file
View File

@@ -0,0 +1,39 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.6.2"
}
}
}
# Docker configuration
provider "docker" {
host = "ssh://root@docker-machine.lan"
}
resource "docker_image" "swarm-cd" {
name = "ghcr.io/m-adawi/swarm-cd:latest"
}
resource "docker_container" "swarm-cd" {
name = "swarm-cd"
image = docker_image.swarm-cd.image_id
volumes {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"
read_only = true
}
volumes {
host_path = "/root/homeprod/.swarmcd/repos.yaml"
container_path = "/app/repos.yaml"
read_only = true
}
volumes {
host_path = "/root/homeprod/.swarmcd/stacks.yaml"
container_path = "/app/stacks.yaml"
read_only = true
}
depends_on = [ docker_image.swarm-cd ]
}

29
infra/pve/kube.tf
View File

@@ -5,9 +5,9 @@
resource "proxmox_virtual_environment_download_file" "talos-cloudimg" { resource "proxmox_virtual_environment_download_file" "talos-cloudimg" {
content_type = "iso" content_type = "iso"
datastore_id = "local" datastore_id = "local"
file_name = "talos-v1.9.4-nocloud-amd64.iso" file_name = "talos-v1.11.1-nocloud-amd64.iso"
node_name = "pve" node_name = "pve"
url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.9.4/nocloud-amd64.iso" url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso"
} }
resource "proxmox_virtual_environment_vm" "kube" { resource "proxmox_virtual_environment_vm" "kube" {
@@ -16,7 +16,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
tags = ["kubernetes", "talos", "terraform"] tags = ["kubernetes", "talos", "terraform"]
node_name = "pve" node_name = "pve"
vm_id = 702 vm_id = 703
machine = "q35" machine = "q35"
keyboard_layout = "fr" keyboard_layout = "fr"
@@ -39,7 +39,6 @@ resource "proxmox_virtual_environment_vm" "kube" {
scsi_hardware = "virtio-scsi-single" scsi_hardware = "virtio-scsi-single"
cdrom { cdrom {
enabled = true
file_id = proxmox_virtual_environment_download_file.talos-cloudimg.id file_id = proxmox_virtual_environment_download_file.talos-cloudimg.id
interface = "ide0" interface = "ide0"
} }
@@ -48,7 +47,7 @@ resource "proxmox_virtual_environment_vm" "kube" {
interface = "scsi0" interface = "scsi0"
iothread = true iothread = true
datastore_id = "local-lvm" datastore_id = "local-lvm"
size = 64 size = 128
discard = "ignore" discard = "ignore"
file_format = "raw" file_format = "raw"
} }
@@ -63,7 +62,8 @@ resource "proxmox_virtual_environment_vm" "kube" {
ip_config { ip_config {
ipv4 { ipv4 {
address = "dhcp" address = "10.1.2.187/24"
gateway = "10.1.2.1"
} }
} }
@@ -83,7 +83,6 @@ resource "proxmox_virtual_environment_vm" "kube" {
network_device { network_device {
bridge = "vmbr0" bridge = "vmbr0"
model = "virtio" model = "virtio"
mac_address = "BC:24:11:F6:E1:C9"
vlan_id = 2 vlan_id = 2
} }
@@ -103,13 +102,13 @@ resource "talos_machine_secrets" "kube" {}
data "talos_machine_configuration" "kube" { data "talos_machine_configuration" "kube" {
cluster_name = "kube" cluster_name = "kube"
machine_type = "controlplane" machine_type = "controlplane"
cluster_endpoint = "https://kube-talos.local:6443" cluster_endpoint = "https://kube-talos.lan:6443"
machine_secrets = talos_machine_secrets.kube.machine_secrets machine_secrets = talos_machine_secrets.kube.machine_secrets
config_patches = [ config_patches = [
yamlencode({ yamlencode({
machine = { machine = {
install = { install = {
image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.4" image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
} }
network = { network = {
nameservers = [ nameservers = [
@@ -121,11 +120,11 @@ data "talos_machine_configuration" "kube" {
allowSchedulingOnControlPlanes = true allowSchedulingOnControlPlanes = true
apiServer = { apiServer = {
certSANs = [ certSANs = [
"kube-talos.local" "kube-talos.lan"
] ]
} }
network = { network = {
dnsDomain = "kube-talos.local" dnsDomain = "kube-talos.lan"
cni = { cni = {
name: "none" name: "none"
} }
@@ -141,13 +140,13 @@ data "talos_machine_configuration" "kube" {
data "talos_client_configuration" "kube" { data "talos_client_configuration" "kube" {
cluster_name = "kube" cluster_name = "kube"
client_configuration = talos_machine_secrets.kube.client_configuration client_configuration = talos_machine_secrets.kube.client_configuration
nodes = ["kube-talos.local"] nodes = ["kube-talos"]
} }
resource "talos_machine_configuration_apply" "kube" { resource "talos_machine_configuration_apply" "kube" {
client_configuration = talos_machine_secrets.kube.client_configuration client_configuration = talos_machine_secrets.kube.client_configuration
machine_configuration_input = data.talos_machine_configuration.kube.machine_configuration machine_configuration_input = data.talos_machine_configuration.kube.machine_configuration
node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
depends_on = [ proxmox_virtual_environment_vm.kube ] depends_on = [ proxmox_virtual_environment_vm.kube ]
lifecycle { lifecycle {
replace_triggered_by = [ proxmox_virtual_environment_vm.kube ] replace_triggered_by = [ proxmox_virtual_environment_vm.kube ]
@@ -155,7 +154,7 @@ resource "talos_machine_configuration_apply" "kube" {
} }
resource "talos_machine_bootstrap" "kube" { resource "talos_machine_bootstrap" "kube" {
node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0 node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
client_configuration = talos_machine_secrets.kube.client_configuration client_configuration = talos_machine_secrets.kube.client_configuration
depends_on = [ talos_machine_configuration_apply.kube ] depends_on = [ talos_machine_configuration_apply.kube ]
lifecycle { lifecycle {
@@ -235,7 +234,7 @@ resource "helm_release" "cilium" {
} }
set { set {
name = "etcd.clusterDomain" name = "etcd.clusterDomain"
value = "kube-talos.local" value = "kube-talos.lan"
} }
set { set {
name = "hubble.relay.enabled" name = "hubble.relay.enabled"

14
infra/pve/main.tf
View File

@@ -3,15 +3,15 @@ terraform {
required_providers { required_providers {
proxmox = { proxmox = {
source = "bpg/proxmox" source = "bpg/proxmox"
version = "0.69.1" version = "0.83.2"
} }
talos = { talos = {
source = "siderolabs/talos" source = "siderolabs/talos"
version = "0.7.1" version = "0.9.0"
} }
kubernetes = { kubernetes = {
source = "hashicorp/kubernetes" source = "hashicorp/kubernetes"
version = "2.36.0" version = "2.38.0"
} }
helm = { helm = {
source = "hashicorp/helm" source = "hashicorp/helm"
@@ -22,7 +22,7 @@ terraform {
# Proxmox configuration # Proxmox configuration
provider "proxmox" { provider "proxmox" {
endpoint = "https://pve.local:8006/" endpoint = "https://pve.lan:8006/"
api_token = var.api_token api_token = var.api_token
insecure = true insecure = true
ssh { ssh {
@@ -44,9 +44,3 @@ provider "helm" {
config_path = "${path.module}/kubeconfig" config_path = "${path.module}/kubeconfig"
} }
} }
# debian-latest vm template(s), cloned to make other vms
data "proxmox_virtual_environment_vms" "debian_vm_template" {
node_name = "pve"
tags = ["template", "debian-latest"]
}

170
infra/pve/template.tf
View File

@@ -1,170 +0,0 @@
/*
* Terraform Proxmox templates
* VM and container templates, used to derive others
*/
# Debian Latest CLOUD disk image
resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" {
content_type = "iso"
datastore_id = "local"
file_name = "debian-12-generic-amd64.qcow2.img"
node_name = "pve"
url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
}
# Base cloud-config ('vendor') file for VM templates
resource "proxmox_virtual_environment_file" "cloud_config" {
content_type = "snippets"
datastore_id = "local"
node_name = "pve"
source_raw {
data = <<-EOF
#cloud-config
package_update: true
packages:
- git
- ca-certificates
- wget
- curl
- gnupg2
- qemu-guest-agent
runcmd:
- systemctl enable --now qemu-guest-agent
EOF
file_name = "cloud-config.yaml"
}
}
# Debian Latest VM template
resource "proxmox_virtual_environment_vm" "debian-latest-template" {
name = "debian-latest-template"
description = "Debian latest template VM from Terraform"
tags = ["debian", "debian-latest", "template", "terraform"]
node_name = "pve"
vm_id = 9002
template = true
machine = "q35"
keyboard_layout = "fr"
agent {
enabled = true
}
stop_on_destroy = true
cpu {
cores = 2
type = "x86-64-v2-AES"
}
memory {
dedicated = 2048
floating = 2048
}
disk {
datastore_id = "local-lvm"
file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id
interface = "scsi0"
}
vga {
type = "serial0"
}
initialization {
datastore_id = "local-lvm"
interface = "ide2"
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {
keys = [trimspace(var.ssh_public_key)]
password = var.machine_root_password
username = "root"
}
vendor_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
lifecycle {
ignore_changes = [
ipv4_addresses, ipv6_addresses, network_interface_names
]
}
network_device {
bridge = "vmbr0"
vlan_id = 2
}
operating_system {
type = "l26"
}
tpm_state {
version = "v2.0"
}
serial_device {}
}
# Debian Latest LXC container image
resource "proxmox_virtual_environment_download_file" "debian-latest-lxc-img" {
content_type = "vztmpl"
datastore_id = "local"
node_name = "pve"
url = "http://download.proxmox.com/images/system/debian-12-standard_12.7-1_amd64.tar.zst"
}
# Debian Latest LXC container template
resource "proxmox_virtual_environment_container" "debian-latest-container-template" {
description = "Debian latest template container from Terraform"
node_name = "pve"
vm_id = 9003
template = true
cpu {
cores = 2
}
memory {
dedicated = 512
}
disk {
datastore_id = "local-lvm"
size = 4 # 4 Gigabytes
}
initialization {
hostname = "debian-latest-container-template"
ip_config {
ipv4 {
address = "dhcp"
}
}
user_account {
keys = [trimspace(var.ssh_public_key)]
password = var.machine_root_password
}
}
network_interface {
name = "veth0"
vlan_id = 2
}
operating_system {
template_file_id = proxmox_virtual_environment_download_file.debian-latest-lxc-img.id
type = "debian"
}
}

2
infra/pve/values/components.yaml
View File

@@ -10,7 +10,7 @@ instance:
type: kubernetes type: kubernetes
multitenant: false multitenant: false
networkPolicy: true networkPolicy: true
domain: "kube-talos.local" domain: "kube-talos.lan"
kustomize: kustomize:
patches: patches:
- target: - target: