Docs
Micro Cloud

Micro Cloud

Micro Cloud

This page shows a talos OS deployment on a dell wyse 5070 with 16 GB RAM. I call it the micro cloud because it contains the following components:

  • declarative deployment with talos OS
  • cilium as CNI, gateway API and ingress
  • local storage provider
  • argocd for resource deployment
  • cert-manager for certificate management
  • harbor as container registry
  • tekton for CI/CD

Cilium Helm Template

The following code block shows the cilium helm values for the helm template generation.

kubeProxyReplacement: true
securityContext:
  capabilities:
    ciliumAgent: ['CHOWN', 'KILL', 'NET_ADMIN', 'NET_RAW', 'IPC_LOCK', 'SYS_ADMIN', 'SYS_RESOURCE', 'DAC_OVERRIDE', 'FOWNER', 'SETGID', 'SETUID']
    cleanCiliumState: ['NET_ADMIN', 'SYS_ADMIN', 'SYS_RESOURCE']
cgroup:
  autoMount:
    enabled: false
  hostRoot: "/sys/fs/cgroup"
ingressController:
  enabled: true
  default: true
  loadbalancerMode: shared
  service:
    type: LoadBalancer
    annotations:
      io.cilium/lb-ipam-ips: 192.168.20.81
operator:
  replicas: 1
gatewayAPI:
  enabled: true
  enableAlpn: true
  enableAppProtocol: true
  service:
    type: LoadBalancer
    annotations:
      io.cilium/lb-ipam-ips: 192.168.20.82
k8sServiceHost: localhost
k8sServicePort: 7445
ipam:
  mode: kubernetes
l2announcements:
  enabled: true
externalIPs:
  enabled: true
hubble:
  enabled: true
  relay:
    enabled: true
  ui:
    enabled: true

To be able to manager cilium with helm later on we can take ownership of the cilium deployment:

helm upgrade --install cilium cilium/cilium -f deployments/helm/cilium/values.yaml --version 1.19.1 --namespace kube-system --create-namespace --take-ownership

Talos OS 

Store your node IP addresses in a variable:
export CONTROL_PLANE_IP=192.168.20.80

Learn about your installation disks:
talosctl get disks --insecure --nodes $CONTROL_PLANE_IP

Generate Helm Template for cilium:
helm template cilium cilium/cilium -f values.yaml --version 1.19.1 --namespace kube-system > cilium-helm-template.yaml

Generate cluster configuration:
export CLUSTER_NAME=farrak
export DISK_NAME=sdb
talosctl gen config $CLUSTER_NAME https://$CONTROL_PLANE_IP:6443 --install-disk /dev/$DISK_NAME --config-patch @patch.yaml --config-patch @volume.yaml  --install-image factory.talos.dev/metal-installer/22a73b21ea2e27057f17a22b56fdf89e09868979c10d22f10a9b7e9c1e988a60:v1.12.5

Apply configurations:
talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file controlplane.yaml

Set your endpoints:
talosctl --talosconfig=./talosconfig config endpoints $CONTROL_PLANE_IP

Bootstrap your etcd cluster:
talosctl bootstrap --nodes $CONTROL_PLANE_IP --talosconfig=./talosconfig

Get Kubernetes access:
talosctl kubeconfig --nodes $CONTROL_PLANE_IP --talosconfig=./talosconfig
talosctl kubeconfig dell-kubeconfig --nodes $CONTROL_PLANE_IP --talosconfig=./talosconfig
export KUBECONFIG=./dell-kubeconfig

Check cluster health:
talosctl --nodes $CONTROL_PLANE_IP --talosconfig=./talosconfig health

Verify node registration:
kubectl get nodes

ArgoCD 

helm upgrade --install argo-cd argo/argo-cd -f ./deployments/helm/argocd/argocd-values.yaml --namespace argocd --create-namespace
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

ArgoCD Application

For ArgoCD i created a separat repository with all the applications that should be deployed. The structure is similar to the example repo for argo:

├── apps
│   ├── Chart.yaml
│   ├── templates
│   │   └── applications.yaml
│   └── values.yaml
├── base
│   ├── cert-manager
│   │   ├── Chart.yaml
│   │   └── values.yaml
│   ├── cilium-gateway-api
│   │   ├── cilium-shared-gateway.yaml
│   │   └── cloudflare-issuer.yaml
│   ├── harbor
│   │   ├── Chart.yaml
│   │   └── values.yaml
│   └── local-path-provisioner
│       └── kustomization.yaml
└── README.md

Basically there is one argo application definition inside the apps folder that references the deployments inside the base folder. To apply this application i ran these commands:

argocd admin initial-password -n argocd
argocd login argocd.farrak.thorados.com:80
argocd repo add git@github.com:thorados/argocd-micro-cloud.git --ssh-private-key-path ~/.ssh/argocd.ed25519
argocd app create apps \
    --dest-namespace argocd \
    --dest-server https://kubernetes.default.svc \
    --repo git@github.com:thorados/argocd-micro-cloud.git \
    --path apps
argocd app sync apps
Flatcar Container Linux