From 351c3f0c193328d0de5fbb3092c41d10e6c681d7 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 14 Jan 2025 15:39:04 +0300 Subject: [PATCH] Update talos to version 1.9.1 and add selinux workaround --- ephemeral/instance.tf | 2 +- .../kubevirt/app/disable-selinux.yml | 41 +++++++++++++++++++ .../components/kubevirt/app/kustomization.yml | 1 + terraform-modules/talos/talos.tf | 4 +- .../talos/templates/controlplane_patch.yml | 2 +- 5 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 flux/components/kubevirt/app/disable-selinux.yml diff --git a/ephemeral/instance.tf b/ephemeral/instance.tf index aeb81861..90a6a8af 100644 --- a/ephemeral/instance.tf +++ b/ephemeral/instance.tf @@ -12,7 +12,7 @@ resource "digitalocean_ssh_key" "spectrum" { } data "digitalocean_image" "talos" { - name = "talos-v1.8.4" + name = "talos-v1.9.1" } resource "digitalocean_droplet" "talos" { diff --git a/flux/components/kubevirt/app/disable-selinux.yml b/flux/components/kubevirt/app/disable-selinux.yml new file mode 100644 index 00000000..742ca4d8 --- /dev/null +++ b/flux/components/kubevirt/app/disable-selinux.yml @@ -0,0 +1,41 @@ +# See: +# - https://github.com/siderolabs/talos/issues/10083 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: disable-selinux + namespace: kube-system + labels: + app: disable-selinux +spec: + selector: + matchLabels: + app: disable-selinux + template: + metadata: + labels: + app: disable-selinux + spec: + containers: + - command: + - sh + - -exc + - test -f /host/sys/fs/selinux/enforce && mount -t tmpfs tmpfs /host/sys/fs/selinux; sleep infinity + image: docker.io/library/alpine + name: mount + securityContext: + privileged: true + volumeMounts: + - mountPath: /host + mountPropagation: Bidirectional + name: host-root + hostIPC: true + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + volumes: + - hostPath: + path: / + name: host-root diff --git a/flux/components/kubevirt/app/kustomization.yml b/flux/components/kubevirt/app/kustomization.yml index 7d6ce346..a943593f 100644 --- a/flux/components/kubevirt/app/kustomization.yml +++ b/flux/components/kubevirt/app/kustomization.yml @@ -5,6 +5,7 @@ resources: - https://github.com/kubevirt/kubevirt/releases/download/v1.4.0/kubevirt-cr.yaml - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-operator.yaml - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-cr.yaml + - disable-selinux.yml patches: - target: kind: Deployment diff --git a/terraform-modules/talos/talos.tf b/terraform-modules/talos/talos.tf index f576d070..d566aa88 100644 --- a/terraform-modules/talos/talos.tf +++ b/terraform-modules/talos/talos.tf @@ -1,5 +1,5 @@ resource "talos_machine_secrets" "this" { - talos_version = "v1.8" + talos_version = "v1.9" } data "talos_machine_configuration" "this" { @@ -7,7 +7,7 @@ data "talos_machine_configuration" "this" { machine_type = "controlplane" cluster_endpoint = "https://${var.server_ip}:6443" machine_secrets = talos_machine_secrets.this.machine_secrets - talos_version = "v1.8" + talos_version = "v1.9" config_patches = [ templatefile("${path.module}/templates/controlplane_patch.yml", {}) ] diff --git a/terraform-modules/talos/templates/controlplane_patch.yml b/terraform-modules/talos/templates/controlplane_patch.yml index 05fdf74e..50517246 100644 --- a/terraform-modules/talos/templates/controlplane_patch.yml +++ b/terraform-modules/talos/templates/controlplane_patch.yml @@ -5,7 +5,7 @@ machine: install: diskSelector: size: '>= 100GB' - image: ghcr.io/siderolabs/installer:v1.8.4 + image: ghcr.io/siderolabs/installer:v1.9.1 bootloader: true wipe: true kubelet: