machine_setup

Author	SHA1	Message	Date
Tom Alexander	9c8c17f028	Add secrets for archive-box, webhook-bridge, and tekton.	2026-06-14 10:21:52 -04:00
Tom Alexander	fe5465f2d8	Allow node-to-node communication.	2026-06-14 10:21:52 -04:00
Tom Alexander	c7502af7e8	Enable the firewall.	2026-06-14 10:21:48 -04:00
Tom Alexander	0429f19364	Fix network for updated nix.	2026-06-14 08:47:16 -04:00
Tom Alexander	8054db8cfb	Generate certificates for the aggregation layer.	2026-06-14 08:47:16 -04:00
Tom Alexander	d611f0fe5a	Temporarily disable the firewall for debugging.	2026-06-14 08:47:16 -04:00
Tom Alexander	4c59dfd8b2	Enable hubble.	2026-06-14 08:47:15 -04:00
Tom Alexander	53fe030d97	Add a custom nftables firewall config.	2026-06-14 08:47:15 -04:00
Tom Alexander	724c05f03a	Enable the firewall. Now that we have networking working, I can enable the firewall and confirm nothing breaks.	2026-06-14 08:47:15 -04:00
Tom Alexander	1528ae0764	More changes to try to fix coredns.	2026-06-14 08:47:14 -04:00
Tom Alexander	30f817dfe8	Move the kubelet yaml config into nix.	2026-06-14 08:47:14 -04:00
Tom Alexander	e55ece9dad	Use CoreDNS for in-cluster DNS requests and caching.	2026-06-14 08:47:14 -04:00
Tom Alexander	43633597fc	Build the cilium manifest automatically in nix.	2026-06-14 08:47:13 -04:00
Tom Alexander	90c88adb73	Allow pods to directly speak to the public internet on their own public IPv6 addresses.	2026-06-14 08:47:13 -04:00
Tom Alexander	cd78dc4680	Enable ipv4 and tunnel routing.	2026-06-14 08:47:13 -04:00
Tom Alexander	1da8e20d5b	Fix service cluster ip range. Kubernetes only allows a /112 for service ip range.	2026-06-14 08:47:13 -04:00
Tom Alexander	ebe4505a6f	Add missing cidr declarations.	2026-06-14 08:47:12 -04:00
Tom Alexander	f962c679ca	Fix DNS resolution.	2026-06-14 08:47:12 -04:00
Tom Alexander	2e0c97bbf9	Install CoreDNS.	2026-06-14 08:47:11 -04:00
Tom Alexander	dbeb98112b	Move the cluster bootstrap into the keys flake. Bootstrapping the cluster needs access to secrets, so I am moving it into the keys flake.	2026-06-14 08:47:10 -04:00
Tom Alexander	958ae2b694	Set up flux.	2026-06-14 08:47:10 -04:00
Tom Alexander	925eb99406	Add a bootstrap role.	2026-06-14 08:47:10 -04:00
Tom Alexander	3cdaf980b5	Add a bootstrap role to load manifests into the cluster.	2026-06-14 08:47:10 -04:00
Tom Alexander	c4caf5d103	Fix launching of containers.	2026-06-14 08:47:10 -04:00
Tom Alexander	eab42023a9	Create a debugging role.	2026-06-14 08:47:10 -04:00
Tom Alexander	fe6056cee7	Some networking fixes.	2026-06-14 08:47:10 -04:00
Tom Alexander	64ad4430bb	Add cilium bootstrap.	2026-06-14 08:47:09 -04:00
Tom Alexander	dd2d0b23e4	Installing the cni plugins.	2026-06-14 08:47:09 -04:00
Tom Alexander	eb82e8e5e3	Add kube-proxy.	2026-06-14 08:47:09 -04:00
Tom Alexander	f1382cfbb7	Add kubelet.	2026-06-14 08:47:09 -04:00
Tom Alexander	43df118e4f	Add worker nodes.	2026-06-14 08:47:09 -04:00
Tom Alexander	f3797b5c42	Add kube-scheduler.	2026-06-14 08:47:09 -04:00
Tom Alexander	593929598a	Add kube-controller-manager.	2026-06-14 08:47:08 -04:00
Tom Alexander	3a8569b0de	Fix launching kube-apiserver.	2026-06-14 08:47:08 -04:00
Tom Alexander	84738f7266	Move the encryption config into a package.	2026-06-14 08:47:08 -04:00
Tom Alexander	c863bfe136	Add controller proxy certs.	2026-06-14 08:47:08 -04:00
Tom Alexander	98a0d78e45	Add requestheader-client-ca.	2026-06-14 08:47:08 -04:00
Tom Alexander	87312b19fa	Add service account.	2026-06-14 08:47:07 -04:00
Tom Alexander	cb312752ba	Install kubernetes.	2026-06-14 08:47:07 -04:00
Tom Alexander	321d215a57	Add additional controllers.	2026-06-14 08:47:07 -04:00
Tom Alexander	21d5002e7f	Add configs for a new kubernetes cluster on NixOS.	2026-06-14 08:47:05 -04:00

41 Commits