#1: Initialised cluster 4546B.

Signed-off-by: Wim de Groot <[email protected]>

README.md

@@ -0,0 +1,3 @@
+# 4546B
+
+

apps/argocd/argocd/bootstrap-app-set.yaml

@@ -0,0 +1,70 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: bootstrap
+spec:
+  generators:
+    - matrix:
+        generators:
+          - list:
+              elements:
+                - repoURL: https://github.com/wim-de-groot/4546B.git
+                  revision: HEAD
+                  repoPath: apps/*/*
+          - git:
+              repoURL: '{{ repoURL }}'
+              revision: '{{ revision }}'
+              directories:
+                - path: '{{ repoPath }}'
+  syncPolicy:
+    preserveResourcesOnDeletion: true
+  template:
+    metadata:
+      name: '{{ path[1] }}-{{ path.basenameNormalized }}'
+      namespace: argocd
+    spec:
+      project: default
+      source:
+        repoURL: '{{ repoURL }}'
+        targetRevision: '{{ revision }}'
+        path: '{{ path }}'
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: '{{ path[1] }}'
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true
+          - ServerSideApply=true
+          - RespectIgnoreDifferences=true
+          - SkipDryRunOnMissingResource=true
+        retry:
+          limit: -1 # Infinite retries
+          backoff:
+            duration: 30s
+            factor: 2
+            maxDuration: 5m
+      ignoreDifferences:
+        # Cilium generated certs
+        - name: cilium-ca
+          kind: Secret
+          namespace: kube-system
+          jsonPointers:
+            - /data/ca.crt
+            - /data/ca.key
+        - name: hubble-server-certs
+          kind: Secret
+          namespace: kube-system
+          jsonPointers:
+            - /data/ca.crt
+            - /data/tls.crt
+            - /data/tls.key
+        - name: hubble-relay-client-certs
+          kind: Secret
+          namespace: kube-system
+          jsonPointers:
+            - /data/ca.crt
+            - /data/tls.crt
+            - /data/tls.key

apps/argocd/argocd/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  ingressClassName: cilium
+  rules:
+    - host: argocd.home.lab 
+      http:
+        paths:
+        - pathType: Prefix
+          path: "/"
+          backend:
+            service:
+              name: argocd-server
+              port:
+                number: 80

apps/argocd/argocd/kustomization.yaml

@@ -0,0 +1,8 @@
+namespace: argocd
+
+resources:
+  - namespace.yaml
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.9.3
+  - bootstrap-app-set.yaml
+  - ingress.yaml
+

apps/argocd/argocd/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd

apps/kube-system/address-pool/advertisement.yaml

@@ -0,0 +1,6 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: kube-system
+spec: {}

apps/kube-system/address-pool/ip-address-pool.yaml

@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  addresses:
+  - 10.0.0.245-10.0.0.250

apps/kube-system/address-pool/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+  - ip-address-pool.yaml

apps/kube-system/cilium/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: cilium
+version: v1.14.5
+dependencies:
+  - name: cilium
+    version: v1.14.5
+    repository: https://helm.cilium.io

apps/kube-system/cilium/values.yaml

@@ -0,0 +1,41 @@
+cilium:
+  kubeProxyReplacement: true
+  ipam:
+    mode: kubernetes
+  securityContext:
+    capabilities:
+      ciliumAgent:
+        - CHOWN
+        - KILL
+        - NET_ADMIN
+        - NET_RAW
+        - IPC_LOCK
+        - SYS_ADMIN
+        - SYS_RESOURCE
+        - DAC_OVERRIDE
+        - FOWNER
+        - SETUID
+        - SETGID
+      cleanCiliumState:
+        - NET_ADMIN
+        - SYS_ADMIN
+        - SYS_RESOURCE
+  cgroup:
+    hostRoot: /sys/fs/cgroup
+    autoMount:
+      enabled: false
+  # Enable Cilium Ingress Controller
+  ingressController:
+    enabled: true
+    loadbalancerMode: shared
+    allocateLoadBalancerNodePorts: false
+  # Use KubePrism to access cluster API
+  k8sServiceHost: localhost
+  k8sServicePort: 7445
+  # Enable Hubble
+  hubble:
+    relay:
+      enabled: true
+    ui:
+      enabled: true
+

apps/kube-system/metallb/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: metallb
+version: 5.0.2
+dependencies:
+  - name: metallb
+    version: 5.0.2
+    repository: https://charts.bitnami.com/bitnami

infra/cluster-template.yaml

@@ -0,0 +1,31 @@
+kind: Cluster
+name: 4546B 
+talos:
+  version: v1.6.1
+kubernetes:
+  version: 1.28.6
+features:
+  enableWorkloadProxy: false 
+patches:
+  - name: cni
+    file: infra/patches/cni.yaml
+---
+kind: ControlPlane
+machineClass:
+  name: controlplane
+  size: 3
+patches:
+  - name: scheduling
+    file: infra/patches/scheduling.yaml
+  - name: cilium
+    file: infra/patches/cilium.yaml
+  - name: argocd
+    file: infra/patches/argocd.yaml
+  - name: monitoring
+    file: infra/patches/monitoring.yaml
+---
+kind: Workers
+name: workers
+machineClass:
+  name: worker
+  size: unlimited

infra/patches/cni.yaml

@@ -0,0 +1,6 @@
+cluster:
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true

infra/patches/monitoring.yaml

@@ -0,0 +1,13 @@
+cluster:
+  apiServer:
+    extraArgs:
+      bind-address: 0.0.0.0
+  controllerManager:
+    extraArgs:
+      bind-address: 0.0.0.0
+  etcd:
+    extraArgs:
+      listen-metrics-urls: http://0.0.0.0:2381
+  scheduler:
+    extraArgs:
+      bind-address: 0.0.0.0

infra/patches/scheduling.yaml

@@ -0,0 +1,2 @@
+cluster:
+  allowSchedulingOnControlPlanes: true