infra

a Flux + Terraform infrastructure repo

Todo

• [x] add Flux for cluster repo
• [x] get talosconfig
• [ ] access Kubernetes APIServer
• [ ] verify Ceph disk allocation

Prerequisites

Install OpenTofu

brew install opentofu

Usage

vars:

• rfc2136_server
• rfc2136_tsig_keyname
• rfc2136_tsig_key
• equinix_metal_project_id
• equinix_metal_auth_token (DO NOT WRITE THIS DISK)

keep in values.tfvars (as HCL); example:

rfc2136_server       = "123.253.176.253"
rfc2136_tsig_keyname = "cloudnative.coop."
rfc2136_tsig_key     = "[VALUE HERE]"
equinix_metal_project_id = "82b5c425-8dd4-429e-ae0d-d32f265c63e4"

init

read METAL_AUTH_TOKEN && export METAL_AUTH_TOKEN

mkdir -p ./tmp/
CLUSTER_NAME=cloudnative-coop
touch ./tmp/"$CLUSTER_NAME"-kubeconfig
tofu init -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)" --upgrade

plan

tofu plan -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"

apply

tofu apply -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"

get talosconfig

CLUSTER_NAME=cloudnative-coop
tofu output -raw "$CLUSTER_NAME"-talosconfig > ~/.talos/config-"$CLUSTER_NAME"

get kubeconfig

CLUSTER_NAME=cloudnative-coop
tofu output -raw "$CLUSTER_NAME"-kubeconfig > ~/.kube/config-"$CLUSTER_NAME"

Flux usage

force a reconciliation

CLUSTER_NAME=cloudnative-coop
flux --kubeconfig ~/.kube/config-"$CLUSTER_NAME" reconcile source git flux-system

Force tear down

tofu state list | grep -E 'talos|flux|manifests|kubernetes_manifest' | xargs -I{} tofu state rm {}
tofu destroy -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"

Notes

• Equinix Metal Cloud Provider 401 error regarding IP allocation and assigning