diff --git a/aws/main.tf b/aws/main.tf deleted file mode 100644 index 62a622c..0000000 --- a/aws/main.tf +++ /dev/null @@ -1,192 +0,0 @@ -provider "aws" { - region = var.region - access_key = var.AWS_ACCESS_KEY - secret_key = var.AWS_SECRET_KEY -} - -data "aws_ami" "talos"{ - most_recent = true - name_regex = "^talos-v1.1.1*" - owners = ["540036508848"] - - filter { - name = "architecture" - values = ["x86_64"] - } - -} - - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - - name = var.vpcname - cidr = var.vpccidr - - azs = ["${var.region}a", "${var.region}b", "${var.region}c"] - private_subnets = [ var.privatesubnet ] - create_igw = true -} - -resource "aws_internet_gateway" "ig" { - vpc_id = "${module.vpc.vpc_id}" - tags = { - Name = "${var.vpcname}-igw" - } -} - -resource "aws_route" "igwroute" { - route_table_id = module.vpc.vpc_main_route_table_id - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.ig.id -} - -resource "aws_route" "privateigwroute" { - route_table_id = module.vpc.private_route_table_ids[0] - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.ig.id -} - -module "security_group" { - source = "terraform-aws-modules/security-group/aws" - - name = var.securitygroupname - description = "Security group for VPC" - vpc_id = module.vpc.vpc_id - - - ingress_cidr_blocks = ["0.0.0.0/0"] - ingress_rules = ["http-80-tcp", "all-all"] - - egress_rules = ["all-all"] - -} - -module "alb" { - source = "terraform-aws-modules/alb/aws" - - name = var.albname - - load_balancer_type = "network" - - vpc_id = module.vpc.vpc_id - - subnets = [ "${element(module.vpc.private_subnets, 0)}","${element(module.vpc.private_subnets, 1)}" ] - -} - - -resource "null_resource" "createtalosconfig" { - provisioner "local-exec" { - - command = "/bin/bash scripts/talosconfiggen.sh -h ${module.alb.lb_dns_name} -p 443" - - } - - depends_on = [ module.alb ] - -} - -data "local_file" "controllerfile" { - filename = "scripts/controlplane.yaml" - depends_on = [ null_resource.createtalosconfig ] -} - -data "local_file" "workerfile" { - filename = "scripts/worker.yaml" - depends_on = [ null_resource.createtalosconfig ] -} - -resource "aws_instance" talos_master_instance { - - count = var.mastercount - - ami = data.aws_ami.talos.id - instance_type = var.instance_type - monitoring = var.nodemonitoringenabled - vpc_security_group_ids = [ module.security_group.security_group_id ] - subnet_id = "${element(module.vpc.private_subnets, 0)}" - - user_data = data.local_file.controllerfile.content - associate_public_ip_address = true - - depends_on = [ data.local_file.controllerfile ] - - tags = { - Name = "talosmaster" - } - - -} -resource "aws_instance" talos_worker_instance { - - count = var.workercount - - ami = data.aws_ami.talos.id - instance_type = var.instance_type - monitoring = var.nodemonitoringenabled - vpc_security_group_ids = [ module.security_group.security_group_id ] - subnet_id = "${element(module.vpc.private_subnets, 0)}" - - user_data = data.local_file.workerfile.content - associate_public_ip_address = true - - depends_on = [ data.local_file.workerfile ] - - tags = { - Name = "talosworker" - } - - -} - - -resource "aws_lb_target_group" "talos-tg" { - name = "talos-tg" - port = 6443 - protocol = "TCP" - target_type = "ip" - vpc_id = module.vpc.vpc_id - -} - -resource "aws_lb_target_group_attachment" "registertarget" { - - count = var.mastercount - target_group_arn = aws_lb_target_group.talos-tg.arn - target_id = "${element(split(",", join(",", aws_instance.talos_master_instance.*.private_ip)), count.index)}" - depends_on = [ aws_instance.talos_master_instance ] - -} - - -resource "aws_alb_listener" "talos-listener" { - load_balancer_arn = module.alb.lb_arn - port = 443 - protocol = "TCP" - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.talos-tg.arn - } - -} - -resource "null_resource" "bootstrap_etcd" { - provisioner "local-exec" { - command = "talosctl --talosconfig scripts/talosconfig config endpoint ${aws_instance.talos_master_instance.0.public_ip}" - - } - provisioner "local-exec" { - command = "talosctl --talosconfig scripts/talosconfig config node ${aws_instance.talos_master_instance.0.public_ip}" - - } - provisioner "local-exec" { - command = "sleep 60; talosctl --talosconfig scripts/talosconfig bootstrap" - } - - provisioner "local-exec" { - command = "talosctl --talosconfig scripts/talosconfig kubeconfig ." - } - depends_on = [ aws_instance.talos_master_instance ] - -} diff --git a/aws/scripts/talosconfiggen.sh b/aws/scripts/talosconfiggen.sh deleted file mode 100644 index b8e6c9a..0000000 --- a/aws/scripts/talosconfiggen.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -if [ $# -ne 2 ] -then - echo "Usage: $0 dnsname port" -fi - -while getopts "h:p" OPTION; -do - case "${OPTION}" in - h) - dnsname="$OPTARG" - ;; - p) - port="$OPTARG" - ;; - esac -done -if ! command -v talosctl &> /dev/null -then - echo "Installing talos cli" - curl -Lo /usr/local/bin/talosctl https://github.com/siderolabs/talos/releases/download/v1.1.1/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-amd64 - chmod +x /usr/local/bin/talosctl -else - echo "talosctl is already installed skipping.." -fi - -echo ${dnsname} -echo ${4} -talosctl gen config talosconfig-userdata https://${dnsname}:${4} --with-examples=false --with-docs=false --output-dir scripts/ -talosctl validate --config scripts/controlplane.yaml --mode cloud -if [ $? -eq 1 ] -then - echo "scripts/controlplane.yaml is invalid" - exit -fi - -talosctl validate --config scripts/worker.yaml --mode cloud - -if [ $? -eq 1 ] -then - echo "scripts/worker.yaml is invalid" - exit -fi diff --git a/aws/talos/main.tf b/aws/talos/main.tf old mode 100755 new mode 100644 index 3ccc2fd..361e1f6 --- a/aws/talos/main.tf +++ b/aws/talos/main.tf @@ -6,7 +6,7 @@ provider "aws" { data "aws_ami" "talos"{ most_recent = true - name_regex = "^talos-v1.1.1-ap-south-1*" + name_regex = "^talos-v1.1.1*" owners = ["540036508848"] filter { @@ -16,6 +16,7 @@ data "aws_ami" "talos"{ } + module "vpc" { source = "terraform-aws-modules/vpc/aws" @@ -28,13 +29,12 @@ module "vpc" { } resource "aws_internet_gateway" "ig" { - vpc_id = module.vpc.vpc_id + vpc_id = "${module.vpc.vpc_id}" tags = { Name = "${var.vpcname}-igw" } } - resource "aws_route" "igwroute" { route_table_id = module.vpc.vpc_main_route_table_id destination_cidr_block = "0.0.0.0/0" @@ -56,15 +56,12 @@ module "security_group" { ingress_cidr_blocks = ["0.0.0.0/0"] - ingress_rules = [ "k8s-apiserver" ] - - rules = { "k8s-apiserver" : [ 6443 , 6443 , "tcp" , "Apiserver" ] , "all-all": [ -1, -1, "icmp", "All protocols" ]} - + ingress_rules = ["http-80-tcp", "all-all"] + egress_rules = ["all-all"] } - module "alb" { source = "terraform-aws-modules/alb/aws" @@ -74,10 +71,11 @@ module "alb" { vpc_id = module.vpc.vpc_id - subnets = [ element(module.vpc.private_subnets, 0),element(module.vpc.private_subnets, 1) ] + subnets = [ "${element(module.vpc.private_subnets, 0)}","${element(module.vpc.private_subnets, 1)}" ] } + resource "null_resource" "createtalosconfig" { provisioner "local-exec" { @@ -107,24 +105,19 @@ resource "aws_instance" talos_master_instance { instance_type = var.instance_type monitoring = var.nodemonitoringenabled vpc_security_group_ids = [ module.security_group.security_group_id ] - subnet_id = element(module.vpc.private_subnets, 0) + subnet_id = "${element(module.vpc.private_subnets, 0)}" user_data = data.local_file.controllerfile.content associate_public_ip_address = true depends_on = [ data.local_file.controllerfile ] - metadata_options { - http_tokens = "required" - } - tags = { Name = "talosmaster" } } - resource "aws_instance" talos_worker_instance { count = var.workercount @@ -133,17 +126,13 @@ resource "aws_instance" talos_worker_instance { instance_type = var.instance_type monitoring = var.nodemonitoringenabled vpc_security_group_ids = [ module.security_group.security_group_id ] - subnet_id = element(module.vpc.private_subnets, 0) + subnet_id = "${element(module.vpc.private_subnets, 0)}" user_data = data.local_file.workerfile.content - associate_public_ip_address = false + associate_public_ip_address = true depends_on = [ data.local_file.workerfile ] - metadata_options { - http_tokens = "required" - } - tags = { Name = "talosworker" } @@ -161,12 +150,11 @@ resource "aws_lb_target_group" "talos-tg" { } - resource "aws_lb_target_group_attachment" "registertarget" { count = var.mastercount target_group_arn = aws_lb_target_group.talos-tg.arn - target_id = element(split(",", join(",", aws_instance.talos_master_instance.*.private_ip)), count.index) + target_id = "${element(split(",", join(",", aws_instance.talos_master_instance.*.private_ip)), count.index)}" depends_on = [ aws_instance.talos_master_instance ] } @@ -175,7 +163,7 @@ resource "aws_lb_target_group_attachment" "registertarget" { resource "aws_alb_listener" "talos-listener" { load_balancer_arn = module.alb.lb_arn port = 443 - protocol = "HTTPS" + protocol = "TCP" default_action { type = "forward" target_group_arn = aws_lb_target_group.talos-tg.arn @@ -185,9 +173,20 @@ resource "aws_alb_listener" "talos-listener" { resource "null_resource" "bootstrap_etcd" { provisioner "local-exec" { - command = "/bin/bash scripts/bootstrapetcd.sh ${aws_instance.talos_master_instance.0.public_ip}" + command = "./talosctl --talosconfig scripts/talosconfig config endpoint ${aws_instance.talos_master_instance.0.public_ip}" } + provisioner "local-exec" { + command = "./talosctl --talosconfig scripts/talosconfig config node ${aws_instance.talos_master_instance.0.public_ip}" + + } + provisioner "local-exec" { + command = "sleep 60; ./talosctl --talosconfig scripts/talosconfig bootstrap" + } + + provisioner "local-exec" { + command = "./talosctl --talosconfig scripts/talosconfig kubeconfig ." + } depends_on = [ aws_instance.talos_master_instance ] } diff --git a/aws/talos/scripts/bootstrapetcd.sh b/aws/talos/scripts/bootstrapetcd.sh deleted file mode 100755 index c9a7c7a..0000000 --- a/aws/talos/scripts/bootstrapetcd.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - - -TALOS_API_IP = 50000 - -if [ "$#" -ne 1 ] -then - echo "Usage: $0 nodeipaddress" -fi - -echo "node ip address is:" -echo "$1" - -remoteip="$1" -count=0 - -while [ "$count" -ge 20 ] -do - echo "Waiting for Talos API to be up...." - nc -zv "$remoteip" "$TALOS_API_IP" - if [ "$?" -eq 0 ] - then - echo "Talos API is up bootstrapping etcd" - talosctl --talosconfig out/talosconfig config endpoint "$remoteip" - talosctl --talosconfig out/talosconfig config node "$remoteip" - talosctl --talosconfig out/talosconfig bootstrap "$remoteip" - break - fi - sleep 30 - count += 1 -done - -if [ "$count" -ge 20 ] -then - echo "ERROR: Talos API is not up " -fi - -echo "ETCD bootstrap Finished" - diff --git a/aws/talos/scripts/controlplane.yaml b/aws/talos/scripts/controlplane.yaml new file mode 100644 index 0000000..c175f7a --- /dev/null +++ b/aws/talos/scripts/controlplane.yaml @@ -0,0 +1,79 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: controlplane + token: bz4dqv.tf8l78efhakz3wxu + ca: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBbm83Ui9HUnhtRGVDTlB2Y3lWMTlVREFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qTXdNVEl5TVRVd09UTTBXaGNOTXpNd01URTVNVFV3T1RNMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQU1pSER1QXR5R08yV2J6QmVLeXRtSWtpNlNGWFZIUjNkWVJSCmM4VU9CbWJpbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkxCMTYwR1VCMVFIb0RNaApJTU9LZUxTb0xHcHRNQVVHQXl0bGNBTkJBT2hoMDFXQ2E5QTZGOWNHV29RQ2xma0xqTnFJR01IQ2F6UTlkTnBvCmVROXNmbVErNkRhbklHbTl2THZHdlMxKzJQNzlJUE9vV3pZbldVK3Y3MG00MEF3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJRE1tMERhNWtIb3JneHoxT29ER1ZhK0NuTU9BT09nL3FaUm9oQXVWTTIwRgotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K + certSANs: [] + kubelet: + image: ghcr.io/siderolabs/kubelet:v1.24.2 + network: {} + install: + disk: /dev/sda + image: ghcr.io/siderolabs/installer:v1.1.1 + bootloader: true + wipe: false + features: + rbac: true +cluster: + id: yEawz8mN3_tlUIr3cbrxQcjsEN7XBLinNqecfZZYfmI= + secret: SAnpOmaqcjzDBOp0doCYarmLOZ6JZWwvfrTH19kgQv8= + controlPlane: + endpoint: https://talosalb-dd32977ffa789a3c.elb.us-west-1.amazonaws.com:443 + clusterName: talosconfig-userdata + network: + dnsDomain: cluster.local + podSubnets: + - 10.244.0.0/16 + serviceSubnets: + - 10.96.0.0/12 + token: qluiz2.x0n0yf76g8cs2leg + aescbcEncryptionSecret: Q1yYJEpLKrOPJ6SBFgu/RAQBYFDEGlbh3MX2OpufoH0= + ca: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQUxZUFJHcERxSHdQZUo5aThIQlpUeDR3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlNekF4TWpJeE5UQTVNelJhRncwek16QXhNVGt4TlRBNQpNelJhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVIwbnNQTHlkUWVaWXBEVUxUa1NWWEs1WkFNY2c5OWo5TnM4N2M5dnZQbGJxQTYxZndIVVJiL2Npd2QKWFliZGtDcitobi9Ydmx5Z25aMGFrT0JMd0pUeG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGQkVEUnpRSSs1TCtaVS9Xam1aV3NYMElMRVoyTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFEK0ZlaTQKODlFUDFVWFhZeDBidkxhNFIyeTgyS3ZhUFM0TVNyRkxDKzBnWXdJZ1pPeWhtbmN4NmNFV0xDZ0wxVjVBRkJVcApiVGVqcGRBQzhtdHpIdFlpUDJnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUY1cFQ1aDZ1UHhjUGozRUgyb0h4SEJ0a3djZ0ZRMGdpZDR1ZlFsdVdWbW9vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFZEo3RHk4blVIbVdLUTFDMDVFbFZ5dVdRREhJUGZZL1RiUE8zUGI3ejVXNmdPdFg4QjFFVwovM0lzSFYyRzNaQXEvb1ovMTc1Y29KMmRHcERnUzhDVThRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + aggregatorCA: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZRENDQVFXZ0F3SUJBZ0lRWDJUQ2F0UHhKcFMwQW5KUUJ2RlZKREFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJek1ERXlNakUxTURrek5Gb1hEVE16TURFeE9URTFNRGt6TkZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCTmtTRnFGblJ5U0pzUW9FUlRwcE1HZENQQklPckJDb28yWmlncGc4VEJXRDMxbjIyR01DCmV0MFhnUHhaNCs4NlBoNzNGSXNPSVlIQy8xeHI0RmhTcGZlallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVTanB1cUNhTHdZSXFmeXNmakVYRTZzMkFJQTB3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loCkFOVnROOUpBRlJrSzhHbTdybGtEM3R1WXVPL0NXMXdlQjR0Y0EzK3ZzemlHQWlFQW1MeW9rb3FtME9EUHVXZ0QKdDRmUnpUMVFyTjEvd1FKK3VjTTJBR21DT2IwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBaMUVMZnRYU2pFOFpERFg2eVp0MEdhM3R5TEI2VG5SQ3JCeHpQK0VjSG1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMlJJV29XZEhKSW14Q2dSRk9ta3daMEk4RWc2c0VLaWpabUtDbUR4TUZZUGZXZmJZWXdKNgozUmVBL0Zuajd6bytIdmNVaXc0aGdjTC9YR3ZnV0ZLbDl3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + serviceAccount: + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpXMmNGdTNMUC9ZZ0dkempMZ05UT3cyZWxlN1I1cUJKRytPaE1TNWdiUVNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFbkd1UlVOOU5odmF4RVBydzIyZ09HRUJzd3haMzZCOUUyT2RBT05BRVFkbElGc2NYR24vZgpib3k3aTFPSkdaeXU4dE1KaWNOZytweGdHVjliSkFNaWJRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + apiServer: + image: k8s.gcr.io/kube-apiserver:v1.24.2 + certSANs: + - talosalb-dd32977ffa789a3c.elb.us-west-1.amazonaws.com + disablePodSecurityPolicy: true + admissionControl: + - name: PodSecurity + configuration: + apiVersion: pod-security.admission.config.k8s.io/v1alpha1 + defaults: + audit: restricted + audit-version: latest + enforce: baseline + enforce-version: latest + warn: restricted + warn-version: latest + exemptions: + namespaces: + - kube-system + runtimeClasses: [] + usernames: [] + kind: PodSecurityConfiguration + controllerManager: + image: k8s.gcr.io/kube-controller-manager:v1.24.2 + proxy: + image: k8s.gcr.io/kube-proxy:v1.24.2 + scheduler: + image: k8s.gcr.io/kube-scheduler:v1.24.2 + discovery: + enabled: true + registries: + kubernetes: {} + service: {} + etcd: + ca: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNTZ0F3SUJBZ0lSQU5OZi9BYk4yY1hEUG1XZTc4Sk9mQzR3Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TXpBeE1qSXhOVEE1TXpSYUZ3MHpNekF4TVRreE5UQTVNelJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFUZ0VVMkhEZ0JkCmROMkQ2R2hYa2pWQXo0RzczcVpFUFNFNFRoSzEwU2xabGJ1V09pQ1Mrb2E4bTF0QnNTbkNMb0FtN3RHQVQvMHMKWVlJSzJObUhoTk9qbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkE5bmg1R0lGQ3ErCmF3MnZyQUdqazg3cE1qdGhNQW9HQ0NxR1NNNDlCQU1DQTBjQU1FUUNJRjFrN2dyQmJrMmpCRWlPaGFZak9qWDkKTGV5T25wOHh2VEVUajRwYXNDR1ZBaUI3aWJ1TS82WTN4RGdkWTRSN1N5cldQYVBHZWgyQWpIdTZBZkw0NUl2cgpJQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSOSs4aWhMNGY2Q2Q0c1hTZnNEVGRpSDVYd05Jd2tqM0hKWUluSWUyb21vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNEJGTmh3NEFYWFRkZytob1Y1STFRTStCdTk2bVJEMGhPRTRTdGRFcFdaVzdsam9na3ZxRwp2SnRiUWJFcHdpNkFKdTdSZ0UvOUxHR0NDdGpaaDRUVG93PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/aws/talos/scripts/talosconfig b/aws/talos/scripts/talosconfig new file mode 100644 index 0000000..263b068 --- /dev/null +++ b/aws/talos/scripts/talosconfig @@ -0,0 +1,10 @@ +context: talosconfig-userdata +contexts: + talosconfig-userdata: + endpoints: + - 13.57.237.140 + nodes: + - 13.57.237.140 + ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBbm83Ui9HUnhtRGVDTlB2Y3lWMTlVREFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qTXdNVEl5TVRVd09UTTBXaGNOTXpNd01URTVNVFV3T1RNMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQU1pSER1QXR5R08yV2J6QmVLeXRtSWtpNlNGWFZIUjNkWVJSCmM4VU9CbWJpbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkxCMTYwR1VCMVFIb0RNaApJTU9LZUxTb0xHcHRNQVVHQXl0bGNBTkJBT2hoMDFXQ2E5QTZGOWNHV29RQ2xma0xqTnFJR01IQ2F6UTlkTnBvCmVROXNmbVErNkRhbklHbTl2THZHdlMxKzJQNzlJUE9vV3pZbldVK3Y3MG00MEF3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJNakNCNWFBREFnRUNBaEF5bG5mSjU2aTJuYW5qczkzUGxVWi9NQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU16QXhNakl4TlRBNU16UmFGdzB6TXpBeE1Ua3hOVEE1TXpSYU1CTXhFVEFQQmdOVgpCQW9UQ0c5ek9tRmtiV2x1TUNvd0JRWURLMlZ3QXlFQTBId2NIeVlwdWRIMWFmbG1zR01xSnNyc01kVk9BeUVoClFMUm1JbjJNV1NDalVqQlFNQTRHQTFVZER3RUIvd1FFQXdJSGdEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0QKQVFZSUt3WUJCUVVIQXdJd0h3WURWUjBqQkJnd0ZvQVVzSFhyUVpRSFZBZWdNeUVndzRwNHRLZ3NhbTB3QlFZRApLMlZ3QTBFQXNwWWgxWEx5UlhIMXJ1MnlhNmk4Y0FmVnpDbzlNM0NsTUh4b2pNOUhmbXNKcEdKTDZXanRPTHR4ClN5QWRrM3AvMzJ2UjJDalMyMFZEYjJWOWlLcFZBZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJQnJWZVlLdUlISUlHMzZvZ0dES3ExOWxRVklneTcrRzg2Tld6RXVMV3ZjdAotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K diff --git a/aws/talos/scripts/talosconfiggen.sh b/aws/talos/scripts/talosconfiggen.sh old mode 100755 new mode 100644 index 1ee02fb..f1d62cd --- a/aws/talos/scripts/talosconfiggen.sh +++ b/aws/talos/scripts/talosconfiggen.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ "$#" -ne 2 ] +if [ $# -ne 2 ] then echo "Usage: $0 dnsname port" fi @@ -8,7 +8,7 @@ fi while getopts "h:p" OPTION; do case "${OPTION}" in - h) + h) dnsname="$OPTARG" ;; p) @@ -16,29 +16,28 @@ do ;; esac done -if ! command -v talosctl &> /dev/null +if ! command -v ./talosctl &> /dev/null then echo "Installing talos cli" - curl -Lo /usr/local/bin/talosctl https://github.com/siderolabs/talos/releases/download/v1.1.1/talosctl-"$(uname -s | tr "[:upper:]" "[:lower:]")"-amd64 - chmod +x /usr/local/bin/talosctl + curl -Lo talosctl https://github.com/siderolabs/talos/releases/download/v1.1.1/talosctl-$(uname -s | tr "[:upper:]" "[:lower:]")-arm64 + chmod +x ./talosctl else echo "talosctl is already installed skipping.." fi -echo "${dnsname}" -echo "${4}" -echo "${port}" -talosctl gen config talosconfig-userdata https://"${dnsname}":"${4}" --with-examples=false --with-docs=false --output-dir scripts/ -talosctl validate --config scripts/controlplane.yaml --mode cloud -if [ "$?" -eq 1 ] +echo ${dnsname} +echo ${4} +./talosctl gen config talosconfig-userdata https://${dnsname}:${4} --with-examples=false --with-docs=false --output-dir scripts/ +./talosctl validate --config scripts/controlplane.yaml --mode cloud +if [ $? -eq 1 ] then echo "scripts/controlplane.yaml is invalid" exit fi -talosctl validate --config scripts/worker.yaml --mode cloud +./talosctl validate --config scripts/worker.yaml --mode cloud -if [ "$?" -eq 1 ] +if [ $? -eq 1 ] then echo "scripts/worker.yaml is invalid" exit diff --git a/aws/talos/scripts/worker.yaml b/aws/talos/scripts/worker.yaml new file mode 100644 index 0000000..c47be85 --- /dev/null +++ b/aws/talos/scripts/worker.yaml @@ -0,0 +1,41 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: worker + token: bz4dqv.tf8l78efhakz3wxu + ca: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBbm83Ui9HUnhtRGVDTlB2Y3lWMTlVREFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qTXdNVEl5TVRVd09UTTBXaGNOTXpNd01URTVNVFV3T1RNMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQU1pSER1QXR5R08yV2J6QmVLeXRtSWtpNlNGWFZIUjNkWVJSCmM4VU9CbWJpbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkxCMTYwR1VCMVFIb0RNaApJTU9LZUxTb0xHcHRNQVVHQXl0bGNBTkJBT2hoMDFXQ2E5QTZGOWNHV29RQ2xma0xqTnFJR01IQ2F6UTlkTnBvCmVROXNmbVErNkRhbklHbTl2THZHdlMxKzJQNzlJUE9vV3pZbldVK3Y3MG00MEF3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: "" + certSANs: [] + kubelet: + image: ghcr.io/siderolabs/kubelet:v1.24.2 + network: {} + install: + disk: /dev/sda + image: ghcr.io/siderolabs/installer:v1.1.1 + bootloader: true + wipe: false + features: + rbac: true +cluster: + id: yEawz8mN3_tlUIr3cbrxQcjsEN7XBLinNqecfZZYfmI= + secret: SAnpOmaqcjzDBOp0doCYarmLOZ6JZWwvfrTH19kgQv8= + controlPlane: + endpoint: https://talosalb-dd32977ffa789a3c.elb.us-west-1.amazonaws.com:443 + network: + dnsDomain: cluster.local + podSubnets: + - 10.244.0.0/16 + serviceSubnets: + - 10.96.0.0/12 + token: qluiz2.x0n0yf76g8cs2leg + aescbcEncryptionSecret: "" + ca: + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQUxZUFJHcERxSHdQZUo5aThIQlpUeDR3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlNekF4TWpJeE5UQTVNelJhRncwek16QXhNVGt4TlRBNQpNelJhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVIwbnNQTHlkUWVaWXBEVUxUa1NWWEs1WkFNY2c5OWo5TnM4N2M5dnZQbGJxQTYxZndIVVJiL2Npd2QKWFliZGtDcitobi9Ydmx5Z25aMGFrT0JMd0pUeG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGQkVEUnpRSSs1TCtaVS9Xam1aV3NYMElMRVoyTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFEK0ZlaTQKODlFUDFVWFhZeDBidkxhNFIyeTgyS3ZhUFM0TVNyRkxDKzBnWXdJZ1pPeWhtbmN4NmNFV0xDZ0wxVjVBRkJVcApiVGVqcGRBQzhtdHpIdFlpUDJnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: "" + discovery: + enabled: true + registries: + kubernetes: {} + service: {} diff --git a/aws/talos/values.tfvars b/aws/talos/values.tfvars old mode 100755 new mode 100644 index 23f9c06..9103282 --- a/aws/talos/values.tfvars +++ b/aws/talos/values.tfvars @@ -1,12 +1,12 @@ -AWS_ACCESS_KEY = -AWS_SECRET_KEY = -albname = -privatesubnet = -region = -securitygroupname = -vpccidr = -vpcname = -instance_type = -nodemonitoringenabled = -mastercount = 3 -workercount = +AWS_ACCESS_KEY = "AKIA27MWJ7NIZT2WY4WF" +AWS_SECRET_KEY = "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" +albname = "talosalb" +privatesubnet = "10.0.1.0/24" +region = "us-west-1" +securitygroupname = "talossg" +vpccidr = "10.0.0.0/16" +vpcname = "talosvpc" +instance_type = "t2.medium" +nodemonitoringenabled = "false" +mastercount = "3" +workercount = "3" \ No newline at end of file diff --git a/aws/talos/vars.tf b/aws/talos/vars.tf old mode 100755 new mode 100644 diff --git a/aws/values.tfvars b/aws/values.tfvars deleted file mode 100644 index 5b09d71..0000000 --- a/aws/values.tfvars +++ /dev/null @@ -1,12 +0,0 @@ -AWS_ACCESS_KEY = "" -AWS_SECRET_KEY = "" -albname = "talosalb" -privatesubnet = "10.0.1.0/24" -region = "us-west-1" -securitygroupname = "talossg" -vpccidr = "10.0.0.0/16" -vpcname = "talosvpc" -instance_type = "t3.small" -nodemonitoringenabled = "false" -mastercount = 3 -workercount = 3 diff --git a/aws/vars.tf b/aws/vars.tf deleted file mode 100644 index 2ffbfb8..0000000 --- a/aws/vars.tf +++ /dev/null @@ -1,50 +0,0 @@ -variable "AWS_ACCESS_KEY" { - description = "AWS Access key" -} - -variable "AWS_SECRET_KEY" { - description = "AWS Secret key" -} - -variable "region" { - description = "AWS Region to deploy the resources" -} - -variable "privatesubnet" { - description = "vpc private subnet cidr" -} - -variable "vpcname" { - description = "Name of the VPC to be created" -} - -variable "vpccidr" { - description = "VPC cidr to be used while creating VPC" -} - -variable "securitygroupname" { - description = "Security group name to be created " - -} - -variable "albname" { - description = "AWS loadbalancer name" - -} - -variable "instance_type" { - description = "aws instance type to be used" -} - -variable "nodemonitoringenabled" { - description = "aws monitoring enabled/disabled mark true/false" -} - -variable "mastercount" { - description = "talos master node count" -} - -variable "workercount" { - description = "talos worker node count" -} -