Skip to content

Latest commit

 

History

History
69 lines (63 loc) · 2.97 KB

README.md

File metadata and controls

69 lines (63 loc) · 2.97 KB
Raw

terraform-talos-modules

Modules in this repository help provision and maintain multi-region kubernetes clusters on hetzner.

features

  • talos with kubespan, kubeprism and hostdns
  • ipv6-only connectivity, with optional ipv4 private networks and load balancers (cilium requires additional configuration)
  • single-stack, ipv6 internals (dual-stack possible with additional patches)
  • cilium - direct routing (veth), bigtcp and bbr
  • talos-ccm - handles cluster certificates and ipam (CloudAllocator)
  • hcloud-csi - storage
  • gcp-wif-webhook - links kubernetes and gcp service accounts

modules

  1. hcloud-pool - allocates public ipv6 /64 blocks for all defined nodes and optionally private network and a load balancer
  2. talos-cluster - forms a talos cluster from previously defined node pools
  3. hcloud-apply - provisions servers with talos configs and sets up firewalls
  4. talos-apply - bootstraps the cluster and handles all future config changes
  5. gcp-wif - optional, manages gcp workload identity pool, service accounts and a bucket, it also generates talos config patch
  6. gcp-wif-apply - optional, downloads oidc files from the running cluster and stores them in the previously created bucket

examples

See examples folder.

diagram

The following mermaid flowchart outlines the order of operations between different modules for a cluster, spanning two regions.

%%{init: {'theme': 'neutral' } }%%
graph TD
    WIF[/gcp-wif/]
    HPN[/hcloud-pool nbg/]
    HPH[/hcloud-pool hel/]
    TC[talos-cluster]
    HAN[hcloud-apply nbg]
    HAH[hcloud-apply hel]
    TA[talos-apply]
    WIFA[gcp-wif-apply]
    HPN --> TC
    HPN --> HAN
    HPH --> TC
    TC --> HAN
    TC --> TA
    TC --> HAH
    HPH --> HAH
    TC --> WIFA
    TA --> WIFA
    WIF --> WIFA
    WIF --> TC
Loading

try it out

  1. clone the repo
  2. navigate to dev folder and run just to deploy the cluster
  3. navigate to base folder, open talos dashboard and wait for [talos] created messages
> TALOSCONFIG=talos-config talosctl -n c1 dashboard
  1. run just to generate all necessary yaml files
  2. apply them individually, talos-ccm and cilium are required
> KUBECONFIG=kube-config kubectl apply --server-side=true -f talos-ccm.yaml
> KUBECONFIG=kube-config kubectl apply --server-side=true -f cilium.yaml
...
  1. open talos dashboard again and wait for the message [talos] machine is running and ready.
  2. to verify, open k9s
> KUBECONFIG=kube-config k9s