From bb857c43c251421e4d828c2793b52e3693d154b0 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 30 Dec 2024 07:34:35 +0300
Subject: [PATCH] Talos v1.9.1 (#31)

* Talos v1.9.1

---------

Co-authored-by: Fedor Batonogov <f.batonogov@yandex.ru>
---
 .gitignore        |  2 +-
 talos/README.md   | 17 +++++------------
 talos/cilium.yaml | 27 +++++++++++++++++++++++++++
 talos/patch.yaml  | 14 ++++++++++++++
 4 files changed, 47 insertions(+), 13 deletions(-)
 create mode 100644 talos/cilium.yaml
 create mode 100644 talos/patch.yaml

diff --git a/.gitignore b/.gitignore
index d2dd82d..4b269c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -80,5 +80,5 @@ go.work
 .DS_Store
 ansible/secrets
 main
-talos/*.yaml
+talos/{controlplane,worker}.yaml
 talosconfig
diff --git a/talos/README.md b/talos/README.md
index f1be815..eb88d84 100644
--- a/talos/README.md
+++ b/talos/README.md
@@ -36,13 +36,13 @@ export TALOS_CONTROL_PLANE_IP=192.168.1.48
 Вот так можно посмотреть список дисков на узле:
 
 ```sh
-talosctl -n $TALOS_CONTROL_PLANE_IP disks --insecure
+talosctl -n $TALOS_CONTROL_PLANE_IP get disks --insecure
 ```
 
 Генерируем конфиг
 
 ```sh
-talosctl gen config --kubernetes-version 1.31.1 talos https://$TALOS_CONTROL_PLANE_IP:6443 --config-patch @patch.yaml
+talosctl gen config --kubernetes-version 1.32.0 talos https://$TALOS_CONTROL_PLANE_IP:6443 --config-patch @patch.yaml
 ```
 
 Применяем конфигурацию
@@ -86,16 +86,9 @@ helm upgrade \
     --install \
     cilium \
     cilium/cilium \
-    --version 1.16.3 \
+    --version 1.16.5 \
     --namespace kube-system \
-    --set ipam.mode=kubernetes \
-    --set kubeProxyReplacement=true \
-    --set securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
-    --set securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
-    --set cgroup.autoMount.enabled=false \
-    --set cgroup.hostRoot=/sys/fs/cgroup \
-    --set k8sServiceHost=localhost \
-    --set k8sServicePort=7445
+    --values cilium.yaml
 ```
 
 ## Metrics Server
@@ -110,5 +103,5 @@ helm upgrade \
 ```
 
 ```sh
-talosctl upgrade-k8s --nodes $TALOS_CONTROL_PLANE_IP --to 1.31.2
+talosctl upgrade-k8s --nodes $TALOS_CONTROL_PLANE_IP --to 1.32.1
 ```
diff --git a/talos/cilium.yaml b/talos/cilium.yaml
new file mode 100644
index 0000000..5f0225d
--- /dev/null
+++ b/talos/cilium.yaml
@@ -0,0 +1,27 @@
+ipam:
+  mode: kubernetes
+kubeProxyReplacement: true
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+k8sServiceHost: localhost
+k8sServicePort: 7445
diff --git a/talos/patch.yaml b/talos/patch.yaml
new file mode 100644
index 0000000..3cfc2cf
--- /dev/null
+++ b/talos/patch.yaml
@@ -0,0 +1,14 @@
+machine:
+  install:
+    disk: /dev/nvme0n1
+  time:
+    servers:
+      - 1.ru.pool.ntp.org
+      - 2.ru.pool.ntp.org
+      - 3.ru.pool.ntp.org
+cluster:
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true