machine_setup

Author	SHA1	Message	Date
Tom Alexander	9751784e76	Generate certificates for the aggregation layer.	2026-05-05 22:43:42 -04:00
Tom Alexander	b6b5d5bd0f	Temporarily disable the firewall for debugging.	2026-05-05 22:43:41 -04:00
Tom Alexander	1fc4dd8f72	Enable hubble.	2026-05-05 22:43:41 -04:00
Tom Alexander	81e9386b9b	Add a custom nftables firewall config.	2026-05-05 22:43:41 -04:00
Tom Alexander	c89b5031c7	Enable the firewall. Now that we have networking working, I can enable the firewall and confirm nothing breaks.	2026-05-05 22:43:41 -04:00
Tom Alexander	646fc44d8f	More changes to try to fix coredns.	2026-05-05 22:43:40 -04:00
Tom Alexander	5d094246de	Move the kubelet yaml config into nix.	2026-05-05 22:43:40 -04:00
Tom Alexander	de5f2ec54d	Use CoreDNS for in-cluster DNS requests and caching.	2026-05-05 22:43:39 -04:00
Tom Alexander	ab179f2f49	Build the cilium manifest automatically in nix.	2026-05-05 22:43:39 -04:00
Tom Alexander	91cfb2a9c4	Allow pods to directly speak to the public internet on their own public IPv6 addresses.	2026-05-05 22:43:39 -04:00
Tom Alexander	dfd43da93a	Enable ipv4 and tunnel routing.	2026-05-05 22:43:39 -04:00
Tom Alexander	ed786cf926	Fix service cluster ip range. Kubernetes only allows a /112 for service ip range.	2026-05-05 22:43:38 -04:00
Tom Alexander	2861fddf6f	Add missing cidr declarations.	2026-05-05 22:43:38 -04:00
Tom Alexander	0e8393762d	Fix DNS resolution.	2026-05-05 22:43:38 -04:00
Tom Alexander	1f02259850	Install CoreDNS.	2026-05-05 22:43:37 -04:00
Tom Alexander	2efe37993a	Move the cluster bootstrap into the keys flake. Bootstrapping the cluster needs access to secrets, so I am moving it into the keys flake.	2026-05-05 22:43:36 -04:00
Tom Alexander	61583f9eff	Set up flux.	2026-05-05 22:43:36 -04:00
Tom Alexander	54782da612	Add a bootstrap role.	2026-05-05 22:43:36 -04:00
Tom Alexander	4d499c0210	Add a bootstrap role to load manifests into the cluster.	2026-05-05 22:43:36 -04:00
Tom Alexander	365566bf75	Fix launching of containers.	2026-05-05 22:43:36 -04:00
Tom Alexander	37de518169	Create a debugging role.	2026-05-05 22:43:35 -04:00
Tom Alexander	2bd134ab12	Some networking fixes.	2026-05-05 22:43:35 -04:00
Tom Alexander	827ef15c90	Add cilium bootstrap.	2026-05-05 22:43:35 -04:00
Tom Alexander	f7d463947d	Installing the cni plugins.	2026-05-05 22:43:35 -04:00
Tom Alexander	a389547117	Add kube-proxy.	2026-05-05 22:43:35 -04:00
Tom Alexander	3cb65e76c0	Add kubelet.	2026-05-05 22:43:35 -04:00
Tom Alexander	6c05320380	Add worker nodes.	2026-05-05 22:43:34 -04:00
Tom Alexander	d302ac96e2	Add kube-scheduler.	2026-05-05 22:43:34 -04:00
Tom Alexander	23ee194a84	Add kube-controller-manager.	2026-05-05 22:43:34 -04:00
Tom Alexander	0e111b500b	Fix launching kube-apiserver.	2026-05-05 22:43:34 -04:00
Tom Alexander	df9f526f9e	Move the encryption config into a package.	2026-05-05 22:43:34 -04:00
Tom Alexander	2ac3cff2a1	Add controller proxy certs.	2026-05-05 22:43:33 -04:00
Tom Alexander	f31260eb00	Add requestheader-client-ca.	2026-05-05 22:43:33 -04:00
Tom Alexander	38f6d3abf9	Add service account.	2026-05-05 22:43:33 -04:00
Tom Alexander	2522803300	Install kubernetes.	2026-05-05 22:43:33 -04:00
Tom Alexander	f8a40ca20e	Add additional controllers.	2026-05-05 22:43:33 -04:00
Tom Alexander	9fc2e682f4	Add configs for a new kubernetes cluster on NixOS.	2026-05-05 22:43:32 -04:00

37 Commits