@highstate/talos 0.4.4 → 0.4.5

package/dist/cluster/index.js

@@ -1,9 +1,57 @@
-import { readFileSync } from 'node:fs';
-import { forUnit, output, interpolate, all } from '@highstate/pulumi';
+import { forUnit, readResolvedPackageFileSync, output, interpolate, all } from '@highstate/pulumi';
 import { talos } from '@highstate/library';
 import { machine, cluster } from '@pulumiverse/talos';
+import { text } from '@highstate/contract';
+import { local } from '@pulumi/command';
+import { resolveChartPath } from '@highstate/k8s';
 
 const { name, args, inputs, outputs } = forUnit(talos.cluster);
+const cni = args.cni ?? "cilium";
+const csi = args.csi ?? "local-path-provisioner";
+const inlineManifests = [];
+const extraMounts = [];
+if (cni === "cilium") {
+  const ciliumManifestCommand = new local.Command("cilium-manifest", {
+    create: [
+      "helm template",
+      resolveChartPath("@highstate/cilium", "cilium", import.meta.url),
+      "--namespace kube-system",
+      "--set ipam.mode=kubernetes",
+      "--set kubeProxyReplacement=true",
+      "--set operator.replicas=1",
+      "--set hubble.relay.enabled=true",
+      "--set hubble.ui.enabled=true",
+      '--set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"',
+      '--set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"',
+      "--set cgroup.autoMount.enabled=false",
+      "--set cgroup.hostRoot=/sys/fs/cgroup",
+      "--set k8sServiceHost=localhost",
+      "--set k8sServicePort=7445",
+      "--set bpf.lbExternalClusterIP=true"
+    ].join(" "),
+    logging: "stderr"
+  });
+  inlineManifests.push({
+    name: "cilium",
+    contents: ciliumManifestCommand.stdout
+  });
+}
+if (csi === "local-path-provisioner") {
+  extraMounts.push({
+    destination: "/var/lib/local-path-provisioner",
+    type: "bind",
+    source: "/var/lib/local-path-provisioner",
+    options: ["bind", "rshared", "rw"]
+  });
+  inlineManifests.push({
+    name: "local-path-provisioner",
+    contents: readResolvedPackageFileSync(
+      "@highstate/talos/cluster",
+      "assets/local-path-provisioner.yaml",
+      import.meta.url
+    )
+  });
+}
 const clusterName = args.clusterName ?? name;
 const globalConfigPatch = output({
   machine: {
@@ -11,29 +59,17 @@ const globalConfigPatch = output({
       image: "ghcr.io/siderolabs/installer:v1.8.3",
       extensions: [{ image: "ghcr.io/siderolabs/qemu-guest-agent:9.1.0" }]
     },
-    sysctls: {
-      "net.ipv4.ip_forward": "1",
-      "net.ipv4.conf.all.src_valid_mark": "1"
+    kubelet: {
+      extraMounts
     }
   },
   cluster: {
     allowSchedulingOnMasters: inputs.workers.length.apply(
       (length) => length === 0 || args.scheduleOnMasters
     ),
-    inlineManifests: [
-      {
-        name: "cilium",
-        contents: readFileSync("../../assets/manifests/cilium.yaml", "utf-8")
-      }
-    ],
-    network: {
-      cni: {
-        name: "none"
-      }
-    },
-    proxy: {
-      disabled: true
-    }
+    inlineManifests,
+    network: cni !== "flannel" ? { cni: { name: "none" } } : void 0,
+    proxy: cni === "cilium" ? { disabled: true } : void 0
   }
 }).apply(JSON.stringify);
 const secrets = new machine.Secrets("secrets", { talosVersion: "v1.8.3" });
@@ -126,27 +162,38 @@ function getConfigurationApplyArgs(node, machineConfiguration) {
 }
 var index = outputs({
   k8sCluster: {
-    kubeconfig
+    name: clusterName,
+    kubeconfig,
+    cni: cni === "none" ? "unknown" : cni
   },
   talosCluster: {
     clientConfiguration,
     machineSecrets
   },
-  egress: {
-    someField: "hi"
-  },
-  $terminal: {
-    image: "ghcr.io/exeteres/highstate/terminal-talos",
-    command: ["/bin/bash"],
-    cwd: "/cluster",
-    files: {
-      "/cluster/kubeconfig": kubeconfig,
-      "/cluster/talosconfig": clientConfiguration,
-      "/cluster/secrets": machineSecrets
-    },
-    env: {
-      KUBECONFIG: "/cluster/kubeconfig",
-      TALOSCONFIG: "/cluster/talosconfig"
+  $terminals: {
+    management: {
+      title: "Cluster Management",
+      image: "ghcr.io/exeteres/highstate/terminal-talosctl",
+      command: ["bash", "/welcome.sh"],
+      files: {
+        "/kubeconfig": kubeconfig,
+        "/talosconfig": clientConfiguration,
+        "/secrets": machineSecrets,
+        "/welcome.sh": text`
+        echo "Connecting to the cluster..."
+        kubectl cluster-info
+
+        echo "Use 'kubectl' and 'helm' to manage the cluster."
+        echo "Use 'talosctl' to manage the Talos side of the cluster."
+        echo
+
+        exec script -q -c bash /dev/null
+      `
+      },
+      env: {
+        KUBECONFIG: "/kubeconfig",
+        TALOSCONFIG: "/talosconfig"
+      }
     }
   }
 });

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@highstate/talos",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "type": "module",
   "files": [
-    "assets",
+    "assets/manifests",
     "dist"
   ],
   "exports": {
@@ -14,17 +14,22 @@
   },
   "scripts": {
     "build": "pkgroll --tsconfig=tsconfig.build.json",
-    "generate-cilium": "bash ./scripts/generate-cilium.sh"
+    "generate-local-path-provisioner": "bash ./scripts/generate-local-path-provisioner.sh"
   },
   "dependencies": {
-    "@highstate/pulumi": "^0.4.4",
+    "@highstate/cilium": "^0.4.5",
+    "@highstate/common": "^0.4.5",
+    "@highstate/contract": "^0.4.5",
+    "@highstate/k8s": "^0.4.5",
+    "@highstate/pulumi": "^0.4.5",
+    "@pulumi/command": "^1.0.2",
     "@pulumiverse/talos": "^0.4.1"
   },
   "peerDependencies": {
-    "@highstate/library": "workspace:^"
+    "@highstate/library": "workspace:^0.4.4"
   },
   "devDependencies": {
     "pkgroll": "^2.5.1"
   },
-  "gitHead": "58a1b969cca5dad233f885f2e67185a0384ea1aa"
+  "gitHead": "afd601fdade1bcf31af58072eea3c08ee26349b8"
 }