Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cilium and local-path-provider for talos as timoni bundle to arkade #9739

Open
datapedd opened this issue Nov 17, 2024 · 3 comments
Open

Add cilium and local-path-provider for talos as timoni bundle to arkade #9739

datapedd opened this issue Nov 17, 2024 · 3 comments

Comments

@datapedd
Copy link

datapedd commented Nov 17, 2024
edited
Loading

Feature Request

Add cilium and local-path-provider for Talos as Timoni bundles to Arkade. Timoni bundles are really nice and, in my view, the successor of Helm charts (also fully backward compatible).

I have a Terraform deployment that sets up an OpenStack environment with Talos Linux (no CNI) and then installs flux-aio automatically. This approach is very easy and efficient. It would be great if Talos had its own preconfigured Timoni bundle to simplify deployment for users (including the addition of the privileged label to namespaces).

Description

This is the current Timoni bundle for flux-aio and local-path-provisioner:

// Combined bundle for using with Talos
bundle: {
	apiVersion: "v1alpha1"
	name:       "talos-bundles"
	instances: {
		"flux": {
			module: {
				url:     "oci://ghcr.io/stefanprodan/modules/flux-aio"
				version: "latest"
			}
			namespace: "flux-system"
			values: {
                controllers: {
                    helm: enabled:         true
                    kustomize: enabled:    true
                    notification: enabled: true
                }
				hostNetwork:     true
				securityProfile: "privileged"
				env: {
					"KUBERNETES_SERVICE_HOST": "localhost"
					"KUBERNETES_SERVICE_PORT": "7445"
				}
			}
		}
		"cilium-hr": {
			module: {
				url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
				version: "latest"
			}
			namespace: "flux-system"
			values: {
				repository: url: "https://helm.cilium.io/"
				chart: {
					name:     "cilium"
					version:  "*"
				}
				helmValues: {
					ipam: mode:               "kubernetes"
					kubeProxyReplacement:     true
					securityContext: capabilities: {
						ciliumAgent: [
							"CHOWN",
							"KILL",
							"NET_ADMIN",
							"NET_RAW",
							"IPC_LOCK",
							"SYS_ADMIN",
							"SYS_RESOURCE",
							"DAC_OVERRIDE",
							"FOWNER",
							"SETGID",
							"SETUID",
						]
						cleanCiliumState: [
							"NET_ADMIN",
							"SYS_ADMIN",
							"SYS_RESOURCE",
						]
					}
					cgroup: {
						autoMount: enabled: false
						hostRoot:           "/sys/fs/cgroup"
					}
					k8sServiceHost: "localhost"
					k8sServicePort: 7445
                    l2announcements: {
                        enabled: true
                    }
                    envoy: {
                        enabled: true
                    }
                    hubble: {
                        relay: {
                            enabled: true
                        }
                        ui: {
                            enabled: true
                        }
                    }
                    gatewayAPI: {
                        enabled: true
                        controllers: {
                            enabled: true
                        }
                    }
				}
                sync: targetNamespace: "kube-system"
			}
		}
        "local-path-provisioner": {
            module: {
                url:     "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
                version: "latest"
            }
            namespace: "local-path-storage"
            values: {
                repository: {
                    url: "https://charts.containeroo.ch"
                }
                chart: {
                    name:    "local-path-provisioner"
                    version: "0.0.31"
                }
                helmValues: {
                    nodePathMap: [
                        {
                            node:  "DEFAULT_PATH_FOR_NON_LISTED_NODES"
                            paths: ["/var/local-path-provisioner"]
                        }
                    ]
                    storageClass: {
                        name:         "local-path"
                        defaultClass: true
                    }
                }
            }
        }
	}
}
@smira
Copy link
Member

smira commented Nov 18, 2024

Thank you, that looks really nice, I'm not sure where we can put that (besides documentation?)

@datapedd
Copy link
Author

yes to cilium docs. As the my preferred way is now to deploy a bare talos without cni (with terraform) and flux-aio (that installs cilium and all other bundles automatically)

@smira
Copy link
Member

smira commented Nov 21, 2024

If you could make a PR to Talos docs, that would be perfect, probably it might be a separate page on using Timoni as an example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smira @datapedd