talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity
1,314 Commits 9 Branches 0 Tags
70773fd4f3f01b2b49d4aca466c85e45061b8ab0
Commit Graph

79 Commits

Author SHA1 Message Date
Tom Alexander
70773fd4f3 Add secret for homepage-staging. 2026-06-14 10:21:53 -04:00
Tom Alexander
407bc13bc2 Add a secret for the harbor webhooks to flux. 2026-06-14 10:21:53 -04:00
Tom Alexander
9db4b0ea5c Update flux and install the image automation controller. 2026-06-14 10:21:53 -04:00
Tom Alexander
6d44d6e6c9 Add IP addresses to worker certs for the metrics server. 2026-06-14 10:21:52 -04:00
Tom Alexander
87aca6ef61 Delete images after 24 hours of being unused. 2026-06-14 10:21:52 -04:00
Tom Alexander
b302a14893 Set up containerd use harbor.fizz.buzz. 2026-06-14 10:21:52 -04:00
Tom Alexander
9c8c17f028 Add secrets for archive-box, webhook-bridge, and tekton. 2026-06-14 10:21:52 -04:00
Tom Alexander
fe5465f2d8 Allow node-to-node communication. 2026-06-14 10:21:52 -04:00
Tom Alexander
914d6b071e Use numbers for folder order. 2026-06-14 10:21:52 -04:00
Tom Alexander
aadcf13442 Add harbor secrets. 2026-06-14 10:21:51 -04:00
Tom Alexander
b2f9889b0c Switch to the experimental gateway CRDs for TCPRoute support. 2026-06-14 10:21:51 -04:00
Tom Alexander
b444e37e3c Add oauth2 proxy secrets. 2026-06-14 10:21:51 -04:00
Tom Alexander
54b097ae69 Add dex secrets. 2026-06-14 10:21:51 -04:00
Tom Alexander
c7502af7e8 Enable the firewall. 2026-06-14 10:21:48 -04:00
Tom Alexander
f5da063952 Add gitea secrets. 2026-06-14 08:47:17 -04:00
Tom Alexander
3b1b78c0b5 Add generation for in-repo secrets. 2026-06-14 08:47:17 -04:00
Tom Alexander
8dfd4f27f6 Enforce cilium network policies. 2026-06-14 08:47:17 -04:00
Tom Alexander
6d4550c93a Downgrade to gateway 1.4.1. 
1.5 came out recently, so no gateway providers support it.
 2026-06-14 08:47:17 -04:00
Tom Alexander
cf72a26942 Update packages in kubernetes/keys. 2026-06-14 08:47:17 -04:00
Tom Alexander
0429f19364 Fix network for updated nix. 2026-06-14 08:47:16 -04:00
Tom Alexander
2a70d24603 Fix proxy auth tls 2026-06-14 08:47:16 -04:00
Tom Alexander
8054db8cfb Generate certificates for the aggregation layer. 2026-06-14 08:47:16 -04:00
Tom Alexander
4b4934b4c4 Add a note for the cilium connectivity test. 2026-06-14 08:47:16 -04:00
Tom Alexander
d611f0fe5a Temporarily disable the firewall for debugging. 2026-06-14 08:47:16 -04:00
Tom Alexander
a665cae379 Enable gateway support. 2026-06-14 08:47:16 -04:00
Tom Alexander
4c59dfd8b2 Enable hubble. 2026-06-14 08:47:15 -04:00
Tom Alexander
8a08714522 Temporarily drop flux interval to 1 minute during early development. 
This is to reduce waiting time.
 2026-06-14 08:47:15 -04:00
Tom Alexander
8c35971357 Install deferred manifests. 2026-06-14 08:47:15 -04:00
Tom Alexander
53fe030d97 Add a custom nftables firewall config. 2026-06-14 08:47:15 -04:00
Tom Alexander
724c05f03a Enable the firewall. 
Now that we have networking working, I can enable the firewall and confirm nothing breaks.
 2026-06-14 08:47:15 -04:00
Tom Alexander
8b2916189b Fix CoreDNS IPv4 connectivity. 2026-06-14 08:47:15 -04:00
Tom Alexander
a95f24af0d Increase timeout for coredns cache. 2026-06-14 08:47:14 -04:00
Tom Alexander
1528ae0764 More changes to try to fix coredns. 2026-06-14 08:47:14 -04:00
Tom Alexander
30f817dfe8 Move the kubelet yaml config into nix. 2026-06-14 08:47:14 -04:00
Tom Alexander
efd21f715f Implement a generic helm templater package. 2026-06-14 08:47:14 -04:00
Tom Alexander
23372d763f Switch to generating the coredns manifests via nix. 2026-06-14 08:47:14 -04:00
Tom Alexander
e55ece9dad Use CoreDNS for in-cluster DNS requests and caching. 2026-06-14 08:47:14 -04:00
Tom Alexander
05f1c518fd Enable native routing. 2026-06-14 08:47:13 -04:00
Tom Alexander
43633597fc Build the cilium manifest automatically in nix. 2026-06-14 08:47:13 -04:00
Tom Alexander
90c88adb73 Allow pods to directly speak to the public internet on their own public IPv6 addresses. 2026-06-14 08:47:13 -04:00
Tom Alexander
cd78dc4680 Enable ipv4 and tunnel routing. 2026-06-14 08:47:13 -04:00
Tom Alexander
c37723ca81 Switch to kubernetes ipam mode. 2026-06-14 08:47:13 -04:00
Tom Alexander
1da8e20d5b Fix service cluster ip range. 
Kubernetes only allows a /112 for service ip range.
 2026-06-14 08:47:13 -04:00
Tom Alexander
8584577327 Fix trailing line break in kubernetes encryption config. 2026-06-14 08:47:13 -04:00
Tom Alexander
a3afb104cd Move the yaml functions to their own file. 2026-06-14 08:47:12 -04:00
Tom Alexander
d4620e8ac9 Introduce functions to generate yaml. 
The toYAML function is just an alias to toJSON which is technically fine since YAML is a superset of JSON, but these new functions will generate actual YAML.
 2026-06-14 08:47:12 -04:00
Tom Alexander
ebe4505a6f Add missing cidr declarations. 2026-06-14 08:47:12 -04:00
Tom Alexander
f962c679ca Fix DNS resolution. 2026-06-14 08:47:12 -04:00
Tom Alexander
4fe58c4d6c Apply the git repo to the cluster. 2026-06-14 08:47:12 -04:00
Tom Alexander
570424f5b1 Trust flux's ssh key in the yaml git repo. 2026-06-14 08:47:12 -04:00