From 306d7e763eff49d3787464dc7099366a8bd56dc0 Mon Sep 17 00:00:00 2001 From: Pramod Date: Wed, 23 Aug 2023 17:40:17 +0530 Subject: [PATCH 1/2] Add azure V1 --- azure/talos/main.tf | 149 +++++++++++++++++++------ azure/talos/manifests/.DS_Store | Bin 0 -> 6148 bytes azure/talos/scripts/talos-image-gen.sh | 27 ++--- azure/talos/values.tfvars | 6 + azure/talos/vars.tf | 8 ++ 5 files changed, 143 insertions(+), 47 deletions(-) create mode 100644 azure/talos/manifests/.DS_Store create mode 100644 azure/talos/values.tfvars diff --git a/azure/talos/main.tf b/azure/talos/main.tf index 81fb4ca..2e16d78 100644 --- a/azure/talos/main.tf +++ b/azure/talos/main.tf @@ -19,16 +19,17 @@ resource "azurerm_resource_group" "storagerg" { resource "azurerm_storage_account" "talosimagesa" { name = "talosimagesa" - resource_group_name = "${azurerm_resource_group.testrg.name}" + resource_group_name = "${azurerm_resource_group.storagerg.name}" location = var.region account_tier = "Standard" account_replication_type = "GRS" - tags { + tags = { environment = "talosaz" } } + resource "azurerm_storage_container" "talosimagecont" { name = "talosimagecont" storage_account_name = azurerm_storage_account.talosimagesa.name @@ -45,6 +46,27 @@ resource "null_resource" "talosimagecreate" { ] } +#resource "azurerm_storage_blob" "talosimageblob" { +# name = "talosimageblob" +# storage_account_name = azurerm_storage_account.talosimagesa.name +# storage_container_name = azurerm_storage_container.talosimagecont.name +# source = "manifests/image/talos/azure-amd64.vhd" +# type = "Block" + +#} + +resource "azurerm_image" "talosimage" { + name = "talos-azure" + location = var.region + resource_group_name = azurerm_resource_group.storagerg.name + + os_disk { + os_type = "Linux" + os_state = "Generalized" + blob_uri = "https://${azurerm_storage_account.talosimagesa.name}.blob.core.windows.net/${azurerm_storage_container.talosimagecont.name}/talos-azure.vhd" + } +} + resource "azurerm_resource_group" "talosrg" { name = "talosrg" location = var.region @@ -62,22 +84,28 @@ resource "azurerm_subnet" "talossubnet" { name = "talossubnet" resource_group_name = azurerm_resource_group.talosrg.name virtual_network_name = azurerm_virtual_network.talosnet.name - address_prefixes = "10.0.1.0/24" + address_prefixes = [ "10.0.1.0/24" ] } resource "azurerm_network_security_group" "talossg" { name = "talossg" resource_group_name = azurerm_resource_group.talosrg.name - + location = var.region } resource "azurerm_network_security_rule" "apid" { name = "apid" network_security_group_name = azurerm_network_security_group.talossg.name priority = "1001" + source_port_range = "*" destination_port_ranges = [ "50000" ] - direction = "inbound" + source_address_prefix = "*" + destination_address_prefix = "*" + direction = "Inbound" + access = "Allow" + resource_group_name = azurerm_resource_group.talosrg.name + protocol = "Tcp" } @@ -85,8 +113,14 @@ resource "azurerm_network_security_rule" "trustd" { name = "trustd" network_security_group_name = azurerm_network_security_group.talossg.name priority = "1002" + source_port_range = "*" destination_port_ranges = [ "50001" ] - direction = "inbound" + source_address_prefix = "*" + destination_address_prefix = "*" + direction = "Inbound" + access = "Allow" + resource_group_name = azurerm_resource_group.talosrg.name + protocol = "Tcp" } @@ -94,8 +128,14 @@ resource "azurerm_network_security_rule" "etcd" { name = "etcd" network_security_group_name = azurerm_network_security_group.talossg.name priority = "1003" + source_port_range = "*" destination_port_ranges = [ "2379-2380" ] - direction = "inbound" + source_address_prefix = "*" + destination_address_prefix = "*" + direction = "Inbound" + access = "Allow" + resource_group_name = azurerm_resource_group.talosrg.name + protocol = "Tcp" } @@ -103,34 +143,50 @@ resource "azurerm_network_security_rule" "kube" { name = "kube" network_security_group_name = azurerm_network_security_group.talossg.name priority = "1004" + source_port_range = "*" destination_port_ranges = [ "6443" ] - direction = "inbound" + source_address_prefix = "*" + destination_address_prefix = "*" + direction = "Inbound" + access = "Allow" + resource_group_name = azurerm_resource_group.talosrg.name + protocol = "Tcp" } resource "azurerm_public_ip" "talos-public-ip" { - name = "talos-public-ip" - resource_group_name = azurerm_network_security_group.talossg.name - allocation_method = "static" + count = var.mastercount + name = element(concat(var.publicipname, [""]), count.index) + resource_group_name = azurerm_resource_group.talosrg.name + allocation_method = "Static" + location = var.region + +} + +resource "azurerm_public_ip" "talos-public-ip-lb" { + name = "talos-public-ip-lb" + resource_group_name = azurerm_resource_group.talosrg.name + allocation_method = "Static" + location = var.region } resource "azurerm_lb" "taloslb" { name = "taloslb" - resource_group_name = azurerm_network_security_group.talossg.name + resource_group_name = azurerm_resource_group.talosrg.name location = var.region frontend_ip_configuration { name = "talosfe" - public_ip_address_id = azurerm_public_ip.talos-public-ip.id + public_ip_address_id = azurerm_public_ip.talos-public-ip-lb.id } } -data "azurerm_lb_backend_address_pool" "talosbe" { - name = "talosbe" - loadbalancer_id = azurerm_lb.taloslb.id -} +#data "azurerm_lb_backend_address_pool" "talosbe" { +# name = "talosbe" +# loadbalancer_id = azurerm_lb.taloslb.id +#} resource "azurerm_lb_probe" "talos-lb-health" { loadbalancer_id = azurerm_lb.taloslb.id @@ -146,24 +202,22 @@ resource "azurerm_lb_rule" "talos-6443" { frontend_port = 6443 backend_port = 6443 frontend_ip_configuration_name = "talosfe" - backend_address_pool_ids = [ azurerm_lb_backend_address_pool.talosbe.ID ] +# backend_address_pool_ids = [ data.azurerm_lb_backend_address_pool.talosbe.id ] + probe_id = azurerm_lb_probe.talos-lb-health.id - resource_group_name = azurerm_resource_group.talosrg.name - } resource "azurerm_network_interface" "nics" { count = length(var.nics) name = "nic-${count.index}" - location = azurerm_resource_group.group.location - resource_group_name = azurerm_resource_group.group.name - network_security_group_name = azurerm_network_security_group.talossg.name - loadbalancer_id = azurerm_lb.taloslb.ID - virtual_network_name = azurerm_virtual_network.talosnet.name + location = var.region + resource_group_name = azurerm_resource_group.talosrg.name + ip_configuration { + private_ip_address_allocation = "Dynamic" name = "config-${count.index}" - subnet_id = element(azurerm_subnet.subnets[*].id, count.index % 4) + subnet_id = azurerm_subnet.talossubnet.id private_ip_address = element(var.nics, count.index) public_ip_address_id = element(azurerm_public_ip.talos-public-ip[*].id, count.index % 4) @@ -175,12 +229,13 @@ resource "azurerm_availability_set" "talosas" { location = azurerm_resource_group.talosrg.location resource_group_name = azurerm_resource_group.talosrg.name + } resource "null_resource" "createtalosconfig" { provisioner "local-exec" { - command = "/bin/bash talosctl gen config talos-k8s-azure-tutorial https://${azurerm_lb.taloslb.public_ip}:6443 " + command = "talosctl gen config talos-k8s https://${azurerm_public_ip.talos-public-ip-lb.ip_address}:6443 " } @@ -201,22 +256,35 @@ data "local_file" "workerfile" { resource "azurerm_virtual_machine" "talosmaster" { count = var.mastercount name = "talosmaster" - image = "talos" resource_group_name = azurerm_resource_group.talosrg.name + location = var.region + vm_size = var.instancetype boot_diagnostics { + enabled = true storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint } os_profile { + computer_name = "talos" admin_username = "talos" - custom_data = data.local_file.controllerfile + custom_data = data.local_file.controllerfile.content } storage_data_disk { + name = "talosstoragedata" disk_size_gb = "20" + lun = "1" + create_option = "Attach" + } + + storage_os_disk { + name = "talososdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" } - network_interface_ids = [ element( azurerm_network_interface.nics[*].ID, count.index ) ] + network_interface_ids = [ element( azurerm_network_interface.nics[*].id, count.index ) ] availability_set_id = azurerm_availability_set.talosas.id @@ -226,22 +294,35 @@ resource "azurerm_virtual_machine" "talosmaster" { resource "azurerm_virtual_machine" "talosworker" { count = var.workercount name = "talosworker" - image = "talos" resource_group_name = azurerm_resource_group.talosrg.name + location = var.region + vm_size = var.instancetype boot_diagnostics { + enabled = true storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint } os_profile { + computer_name = "talos" admin_username = "talos" - custom_data = data.local_file.workerfile + custom_data = data.local_file.workerfile.content } storage_data_disk { + name = "talosstoragedata" disk_size_gb = "20" + lun = "1" + create_option = "Attach" + } + + storage_os_disk { + name = "talososdisk1" + caching = "ReadWrite" + create_option = "FromImage" + managed_disk_type = "Standard_LRS" } - availability_set_id = azurerm_availability_set.talosas.id + network_interface_ids = [ element( azurerm_network_interface.nics[*].id, count.index ) ] @@ -249,7 +330,7 @@ resource "azurerm_virtual_machine" "talosworker" { resource "null_resource" "bootstrap_etcd" { provisioner "local-exec" { - command = "/bin/bash scripts/bootstrapetcd.sh ${azurerm_virtual_machine.talosmaster.0.public_ip}" + command = "/bin/bash scripts/bootstrapetcd.sh ${azurerm_lb.taloslb.frontend_ip_configuration[0].public_ip_address_id}" } depends_on = [ azurerm_virtual_machine.talosmaster ] diff --git a/azure/talos/manifests/.DS_Store b/azure/talos/manifests/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..cbf9ce2f5606f2ec8e9da4a923b1306d7d64d602 GIT binary patch literal 6148 zcmeH~O>P1)427Qyl`3_^l4Uj=pf`vRJpmWsSEv#d3&cK0=h^Xwq3dddo+anSPCP%~ zVloC`%iG}#m;v~pyJF$Pz>M)be(;MePB Date: Sun, 27 Aug 2023 01:15:20 +0530 Subject: [PATCH 2/2] Azure fixes --- azure/talos/main.tf | 105 +++++++++++++++++--------- azure/talos/scripts/bootstrapetcd.sh | 38 ++++++++++ azure/talos/scripts/controlplane.yaml | 0 azure/talos/scripts/patch.yaml | 23 ++++++ azure/talos/scripts/talosconfiggen.sh | 58 ++++++++++++++ azure/talos/scripts/worker.yaml | 0 azure/talos/values.tfvars | 9 ++- azure/talos/vars.tf | 5 ++ 8 files changed, 200 insertions(+), 38 deletions(-) create mode 100644 azure/talos/scripts/controlplane.yaml create mode 100644 azure/talos/scripts/patch.yaml create mode 100644 azure/talos/scripts/talosconfiggen.sh create mode 100644 azure/talos/scripts/worker.yaml diff --git a/azure/talos/main.tf b/azure/talos/main.tf index 2e16d78..5f1abc4 100644 --- a/azure/talos/main.tf +++ b/azure/talos/main.tf @@ -155,8 +155,8 @@ resource "azurerm_network_security_rule" "kube" { } resource "azurerm_public_ip" "talos-public-ip" { - count = var.mastercount - name = element(concat(var.publicipname, [""]), count.index) + count = length(var.publicipname) + name = "publicip-${count.index}" resource_group_name = azurerm_resource_group.talosrg.name allocation_method = "Static" location = var.region @@ -224,10 +224,27 @@ resource "azurerm_network_interface" "nics" { } } +resource "azurerm_network_interface" "workernics" { + count = length(var.workernics) + name = "workernic-${count.index}" + location = var.region + resource_group_name = azurerm_resource_group.talosrg.name + + + ip_configuration { + private_ip_address_allocation = "Dynamic" + name = "config-${count.index}" + subnet_id = azurerm_subnet.talossubnet.id + private_ip_address = element(var.nics, count.index) + + } +} + resource "azurerm_availability_set" "talosas" { name = "talosas" location = azurerm_resource_group.talosrg.location resource_group_name = azurerm_resource_group.talosrg.name + managed = true } @@ -235,7 +252,7 @@ resource "azurerm_availability_set" "talosas" { resource "null_resource" "createtalosconfig" { provisioner "local-exec" { - command = "talosctl gen config talos-k8s https://${azurerm_public_ip.talos-public-ip-lb.ip_address}:6443 " + command = "/bin/bash scripts/talosconfiggen.sh -h ${azurerm_public_ip.talos-public-ip-lb.ip_address} -p 443" } @@ -244,87 +261,107 @@ resource "null_resource" "createtalosconfig" { } data "local_file" "controllerfile" { - filename = "./controlplane.yaml" + filename = "scripts/controlplane.yaml" depends_on = [ null_resource.createtalosconfig ] } data "local_file" "workerfile" { - filename = "./worker.yaml" + filename = "scripts/worker.yaml" depends_on = [ null_resource.createtalosconfig ] } resource "azurerm_virtual_machine" "talosmaster" { - count = var.mastercount - name = "talosmaster" + count = length(var.mastercount) + name = "talosmaster-${count.index}" resource_group_name = azurerm_resource_group.talosrg.name location = var.region vm_size = var.instancetype - boot_diagnostics { - enabled = true - storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint - } +# boot_diagnostics { +# enabled = true +# storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint +# } os_profile { computer_name = "talos" admin_username = "talos" + admin_password = "Talos@1234" custom_data = data.local_file.controllerfile.content } - storage_data_disk { - name = "talosstoragedata" - disk_size_gb = "20" - lun = "1" - create_option = "Attach" - } +# storage_data_disk { +# name = "talosstoragedata" +# disk_size_gb = "20" +# lun = "1" +# create_option = "Empty" +# } + storage_image_reference { + id = "/subscriptions/7bccafd3-c548-4b45-837d-fb7dc81167b6/resourceGroups/StorageRG/providers/Microsoft.Compute/images/talos-azure" + } storage_os_disk { - name = "talososdisk1" + name = "talosmaster-${count.index}" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" + disk_size_gb = "20" + } + + os_profile_linux_config { + disable_password_authentication = false } network_interface_ids = [ element( azurerm_network_interface.nics[*].id, count.index ) ] availability_set_id = azurerm_availability_set.talosas.id + depends_on = [ azurerm_availability_set.talosas ] + } resource "azurerm_virtual_machine" "talosworker" { - count = var.workercount - name = "talosworker" + count = length(var.workercount) + name = "talosworker-${count.index}" resource_group_name = azurerm_resource_group.talosrg.name location = var.region vm_size = var.instancetype - boot_diagnostics { - enabled = true - storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint - } - +# boot_diagnostics { +# enabled = true +# storage_uri = azurerm_storage_account.talosimagesa.primary_web_endpoint +# } + os_profile { computer_name = "talos" admin_username = "talos" + admin_password = "Talos@1234" custom_data = data.local_file.workerfile.content } - storage_data_disk { - name = "talosstoragedata" - disk_size_gb = "20" - lun = "1" - create_option = "Attach" +# storage_data_disk { +# name = "talosstoragedata" +# disk_size_gb = "20" +# lun = "1" +# create_option = "Empty" +# } + storage_image_reference { + id = "/subscriptions/7bccafd3-c548-4b45-837d-fb7dc81167b6/resourceGroups/StorageRG/providers/Microsoft.Compute/images/talos-azure" } - + storage_os_disk { - name = "talososdisk1" + name = "talosworker-${count.index}" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" + disk_size_gb = "20" } availability_set_id = azurerm_availability_set.talosas.id - network_interface_ids = [ element( azurerm_network_interface.nics[*].id, count.index ) ] - + network_interface_ids = [ element(azurerm_network_interface.workernics[*].id, count.index ) ] + os_profile_linux_config { + disable_password_authentication = false + } + + depends_on = [ azurerm_availability_set.talosas ] } diff --git a/azure/talos/scripts/bootstrapetcd.sh b/azure/talos/scripts/bootstrapetcd.sh index e69de29..eefda4a 100644 --- a/azure/talos/scripts/bootstrapetcd.sh +++ b/azure/talos/scripts/bootstrapetcd.sh @@ -0,0 +1,38 @@ +#!/bin/bash + + +TALOS_API_IP = 50000 + +if [ "$#" -ne 1 ] +then + echo "Usage: $0 nodeipaddress" +fi + +echo "node ip address is:" +echo "$1" + +remoteip="$1" +count=0 + +while [ "$count" -ge 20 ] +do + echo "Waiting for Talos API to be up...." + nc -zv "$remoteip" "$TALOS_API_IP" + if [ "$?" -eq 0 ] + then + echo "Talos API is up bootstrapping etcd" + talosctl --talosconfig out/talosconfig config endpoint "$remoteip" + talosctl --talosconfig out/talosconfig config node "$remoteip" + talosctl --talosconfig out/talosconfig bootstrap "$remoteip" + break + fi + sleep 30 + count += 1 +done + +if [ "$count" -ge 20 ] +then + echo "ERROR: Talos API is not up " +fi + +echo "ETCD bootstrap Finished" diff --git a/azure/talos/scripts/controlplane.yaml b/azure/talos/scripts/controlplane.yaml new file mode 100644 index 0000000..e69de29 diff --git a/azure/talos/scripts/patch.yaml b/azure/talos/scripts/patch.yaml new file mode 100644 index 0000000..fceb8e1 --- /dev/null +++ b/azure/talos/scripts/patch.yaml @@ -0,0 +1,23 @@ +- op: add + path: /machine/install/extensions + value: + - image: ghcr.io/siderolabs/iscsi-tools:v0.1.1 +- op: add + path: /machine/install/image + value: ghcr.io/siderolabs/installer:v1.3.3 +- op: add + path: /machine/kubelet/extraMounts + value: + - destination: /var/openebs/local + type: bind + source: /var/openebs/local + options: + - bind + - rshared + - rw +- op: add + path: /cluster/network/cni + value: + name: custom + urls: + - https://docs.projectcalico.org/archive/v3.25/manifests/canal.yaml diff --git a/azure/talos/scripts/talosconfiggen.sh b/azure/talos/scripts/talosconfiggen.sh new file mode 100644 index 0000000..fe7c57b --- /dev/null +++ b/azure/talos/scripts/talosconfiggen.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +if [ $# -ne 2 ] +then + echo "Usage: $0 dnsname port" +fi + +while getopts "h:p" OPTION; +do + case "${OPTION}" in + h) + dnsname="$OPTARG" + ;; + p) + port="$OPTARG" + ;; + esac +done +if ! command -v talosctl &> /dev/null +then + echo "Installing talos cli" + curl -sL https://talos.dev/install | sh +else + echo "talosctl is already installed skipping.." +fi + +if [ -f scripts/controlplane.yaml ] +then + rm -f scripts/controlplane.yaml +fi + +if [ -f scripts/wokrer.yaml ] +then + rm -f scripts/worker.yaml +fi + +if [ -f scripts/talosconfig ] +then + rm -f scripts/talosconfig +fi + +echo ${dnsname} +echo ${4} +talosctl gen config talosconfig-userdata https://${dnsname}:${4} --with-examples=false --with-docs=false --output-dir scripts/ --config-patch @scripts/patch.yaml --force +talosctl validate --config scripts/controlplane.yaml --mode cloud +if [ $? -eq 1 ] +then + echo "scripts/controlplane.yaml is invalid" + exit +fi + +talosctl validate --config scripts/worker.yaml --mode cloud + +if [ $? -eq 1 ] +then + echo "scripts/worker.yaml is invalid" + exit +fi diff --git a/azure/talos/scripts/worker.yaml b/azure/talos/scripts/worker.yaml new file mode 100644 index 0000000..e69de29 diff --git a/azure/talos/values.tfvars b/azure/talos/values.tfvars index d2872a2..de7cafd 100644 --- a/azure/talos/values.tfvars +++ b/azure/talos/values.tfvars @@ -1,6 +1,7 @@ region="centralindia" -mastercount= 3 -workercount= 3 -nics= [ "talos-nic-master1" , "talos-nic-master2", "talos-nic-master3", "talos-nic-worker1", "talos-nic-worker2", "talos-nic-worker3"] +mastercount= [ "talos-master1" , "talos-master2", "talos-master3" ] +workercount= [ "talos-worker1" , "talos-worker2", "talos-worker3" ] +nics= [ "talos-nic-master1" , "talos-nic-master2", "talos-nic-master3" ] +workernics= ["talos-nic-worker1", "talos-nic-worker2", "talos-nic-worker3"] instancetype = "Standard_DS1_v2" -publicipname = "talos-public-ip" +publicipname = [ "talos-public-ip-1", "talos-public-ip-2", "talos-public-ip-3" ] diff --git a/azure/talos/vars.tf b/azure/talos/vars.tf index 51905e7..37c1bfb 100644 --- a/azure/talos/vars.tf +++ b/azure/talos/vars.tf @@ -16,10 +16,15 @@ variable "nics" { description = "nics name" } +variable "workernics" { + description = "nics name" +} + variable "instancetype" { description = "instancetype of virtual machines" } variable "publicipname" { + type = list description = "public ip name" }