Skip to content

Commit 858e781

Browse files
mlinares1998mlinares1998
committed
refactor: deduplicate talos machine config patches
1 parent 0c36be2 commit 858e781

File tree

1 file changed

+106
-149
lines changed

1 file changed

+106
-149
lines changed

talos_manifest_machineconfig.tf

Lines changed: 106 additions & 149 deletions
Original file line numberDiff line numberDiff line change
@@ -96,14 +96,57 @@ locals {
9696
}
9797
}
9898

99+
# Shared Talos Configuration
100+
talos_config_install = {
101+
image = local.talos_installer_image_url
102+
extraKernelArgs = var.talos_extra_kernel_args
103+
}
104+
105+
talos_config_sysctls = merge(
106+
{
107+
"net.core.somaxconn" = "65535"
108+
"net.core.netdev_max_backlog" = "4096"
109+
"net.ipv6.conf.default.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
110+
"net.ipv6.conf.all.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
111+
},
112+
var.talos_sysctls_extra_args
113+
)
114+
115+
talos_config_kubelet_args = merge(
116+
{
117+
"cloud-provider" = "external"
118+
"rotate-server-certificates" = true
119+
},
120+
var.kubernetes_kubelet_extra_args
121+
)
122+
123+
talos_config_kubelet_extra_config_base = {
124+
shutdownGracePeriod = "90s"
125+
shutdownGracePeriodCriticalPods = "15s"
126+
}
127+
128+
talos_config_kubelet_nodeip = {
129+
validSubnets = [local.network_node_ipv4_cidr]
130+
}
131+
132+
talos_config_cluster_base = {
133+
network = {
134+
dnsDomain = var.cluster_domain
135+
podSubnets = [local.network_pod_ipv4_cidr]
136+
serviceSubnets = [local.network_service_ipv4_cidr]
137+
cni = { name = "none" }
138+
}
139+
proxy = {
140+
disabled = var.cilium_kube_proxy_replacement_enabled
141+
}
142+
discovery = local.talos_discovery
143+
}
144+
99145
# Control Plane Config
100146
control_plane_talos_config_patch = {
101147
for node in hcloud_server.control_plane : node.name => {
102148
machine = {
103-
install = {
104-
image = local.talos_installer_image_url
105-
extraKernelArgs = var.talos_extra_kernel_args
106-
}
149+
install = local.talos_config_install
107150
nodeLabels = merge(
108151
local.talos_allow_scheduling_on_control_planes ? { "node.kubernetes.io/exclude-from-external-load-balancers" = { "$patch" = "delete" } } : {},
109152
local.control_plane_nodepools_map[node.labels.nodepool].labels,
@@ -115,18 +158,11 @@ locals {
115158
}
116159
certSANs = local.talos_certificate_san
117160
kubelet = {
118-
extraArgs = merge(
119-
{
120-
"cloud-provider" = "external"
121-
"rotate-server-certificates" = true
122-
},
123-
var.kubernetes_kubelet_extra_args
124-
)
161+
extraArgs = local.talos_config_kubelet_args
125162
extraConfig = merge(
163+
local.talos_config_kubelet_extra_config_base,
126164
{
127-
shutdownGracePeriod = "90s"
128-
shutdownGracePeriodCriticalPods = "15s"
129-
registerWithTaints = local.control_plane_nodepools_map[node.labels.nodepool].taints
165+
registerWithTaints = local.control_plane_nodepools_map[node.labels.nodepool].taints
130166
systemReserved = {
131167
cpu = "250m"
132168
memory = "300Mi"
@@ -141,22 +177,12 @@ locals {
141177
var.kubernetes_kubelet_extra_config
142178
)
143179
extraMounts = local.talos_kubelet_extra_mounts
144-
nodeIP = {
145-
validSubnets = [local.network_node_ipv4_cidr]
146-
}
180+
nodeIP = local.talos_config_kubelet_nodeip
147181
}
148182
kernel = {
149183
modules = var.talos_kernel_modules
150184
}
151-
sysctls = merge(
152-
{
153-
"net.core.somaxconn" = "65535",
154-
"net.core.netdev_max_backlog" = "4096",
155-
"net.ipv6.conf.default.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}",
156-
"net.ipv6.conf.all.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
157-
},
158-
var.talos_sysctls_extra_args
159-
)
185+
sysctls = local.talos_config_sysctls
160186
registries = var.talos_registries
161187
features = {
162188
kubernetesTalosAPIAccess = {
@@ -173,86 +199,69 @@ locals {
173199
destinations = var.talos_logging_destinations
174200
}
175201
}
176-
cluster = {
177-
allowSchedulingOnControlPlanes = local.talos_allow_scheduling_on_control_planes
178-
network = {
179-
dnsDomain = var.cluster_domain
180-
podSubnets = [local.network_pod_ipv4_cidr]
181-
serviceSubnets = [local.network_service_ipv4_cidr]
182-
cni = { name = "none" }
183-
}
184-
coreDNS = {
185-
disabled = !var.talos_coredns_enabled
186-
}
187-
proxy = {
188-
disabled = var.cilium_kube_proxy_replacement_enabled
189-
}
190-
apiServer = {
191-
admissionControl = var.kube_api_admission_control
192-
certSANs = local.talos_certificate_san,
193-
extraArgs = merge(
194-
{ "enable-aggregator-routing" = true },
195-
local.talos_kube_oidc_configuration,
196-
var.kube_api_extra_args
197-
)
198-
}
199-
controllerManager = {
200-
extraArgs = {
201-
"cloud-provider" = "external"
202-
"bind-address" = "0.0.0.0"
202+
cluster = merge(
203+
local.talos_config_cluster_base,
204+
{
205+
allowSchedulingOnControlPlanes = local.talos_allow_scheduling_on_control_planes
206+
coreDNS = {
207+
disabled = !var.talos_coredns_enabled
203208
}
204-
}
205-
discovery = local.talos_discovery
206-
etcd = {
207-
advertisedSubnets = [hcloud_network_subnet.control_plane.ip_range]
208-
extraArgs = {
209-
"listen-metrics-urls" = "http://0.0.0.0:2381"
209+
apiServer = {
210+
admissionControl = var.kube_api_admission_control
211+
certSANs = local.talos_certificate_san,
212+
extraArgs = merge(
213+
{ "enable-aggregator-routing" = true },
214+
local.talos_kube_oidc_configuration,
215+
var.kube_api_extra_args
216+
)
210217
}
211-
}
212-
scheduler = {
213-
extraArgs = {
214-
"bind-address" = "0.0.0.0"
218+
controllerManager = {
219+
extraArgs = {
220+
"cloud-provider" = "external"
221+
"bind-address" = "0.0.0.0"
222+
}
223+
}
224+
etcd = {
225+
advertisedSubnets = [hcloud_network_subnet.control_plane.ip_range]
226+
extraArgs = {
227+
"listen-metrics-urls" = "http://0.0.0.0:2381"
228+
}
229+
}
230+
scheduler = {
231+
extraArgs = {
232+
"bind-address" = "0.0.0.0"
233+
}
234+
}
235+
adminKubeconfig = {
236+
certLifetime = "87600h"
237+
}
238+
inlineManifests = local.talos_inline_manifests
239+
externalCloudProvider = {
240+
enabled = true,
241+
manifests = local.talos_remote_manifests
215242
}
216243
}
217-
adminKubeconfig = {
218-
certLifetime = "87600h"
219-
}
220-
inlineManifests = local.talos_inline_manifests
221-
externalCloudProvider = {
222-
enabled = true,
223-
manifests = local.talos_remote_manifests
224-
}
225-
}
244+
)
226245
}
227246
}
228247

229248
# Worker Config
230249
worker_talos_config_patch = {
231250
for node in hcloud_server.worker : node.name => {
232251
machine = {
233-
install = {
234-
image = local.talos_installer_image_url
235-
extraKernelArgs = var.talos_extra_kernel_args
236-
}
252+
install = local.talos_config_install
237253
nodeLabels = merge(
238254
local.worker_nodepools_map[node.labels.nodepool].labels,
239255
{ "nodeid" = tostring(node.id) }
240256
)
241257
nodeAnnotations = local.worker_nodepools_map[node.labels.nodepool].annotations
242258
certSANs = local.talos_certificate_san
243259
kubelet = {
244-
extraArgs = merge(
245-
{
246-
"cloud-provider" = "external",
247-
"rotate-server-certificates" = true
248-
},
249-
var.kubernetes_kubelet_extra_args
250-
)
260+
extraArgs = local.talos_config_kubelet_args
251261
extraConfig = merge(
262+
local.talos_config_kubelet_extra_config_base,
252263
{
253-
shutdownGracePeriod = "90s"
254-
shutdownGracePeriodCriticalPods = "15s"
255-
registerWithTaints = local.worker_nodepools_map[node.labels.nodepool].taints
264+
registerWithTaints = local.worker_nodepools_map[node.labels.nodepool].taints
256265
systemReserved = {
257266
cpu = "100m"
258267
memory = "300Mi"
@@ -267,22 +276,12 @@ locals {
267276
var.kubernetes_kubelet_extra_config
268277
)
269278
extraMounts = local.talos_kubelet_extra_mounts
270-
nodeIP = {
271-
validSubnets = [local.network_node_ipv4_cidr]
272-
}
279+
nodeIP = local.talos_config_kubelet_nodeip
273280
}
274281
kernel = {
275282
modules = var.talos_kernel_modules
276283
}
277-
sysctls = merge(
278-
{
279-
"net.core.somaxconn" = "65535"
280-
"net.core.netdev_max_backlog" = "4096"
281-
"net.ipv6.conf.default.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
282-
"net.ipv6.conf.all.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
283-
},
284-
var.talos_sysctls_extra_args
285-
)
284+
sysctls = local.talos_config_sysctls
286285
registries = var.talos_registries
287286
features = {
288287
hostDNS = local.talos_host_dns
@@ -291,45 +290,24 @@ locals {
291290
destinations = var.talos_logging_destinations
292291
}
293292
}
294-
cluster = {
295-
network = {
296-
dnsDomain = var.cluster_domain
297-
podSubnets = [local.network_pod_ipv4_cidr]
298-
serviceSubnets = [local.network_service_ipv4_cidr]
299-
cni = { name = "none" }
300-
}
301-
proxy = {
302-
disabled = var.cilium_kube_proxy_replacement_enabled
303-
}
304-
discovery = local.talos_discovery
305-
}
293+
cluster = local.talos_config_cluster_base
306294
}
307295
}
308296

309297
# Autoscaler Config
310298
autoscaler_talos_config_patch = {
311299
for nodepool in local.cluster_autoscaler_nodepools : nodepool.name => {
312300
machine = {
313-
install = {
314-
image = local.talos_installer_image_url
315-
extraKernelArgs = var.talos_extra_kernel_args
316-
}
301+
install = local.talos_config_install
317302
nodeLabels = nodepool.labels
318303
nodeAnnotations = nodepool.annotations
319304
certSANs = local.talos_certificate_san
320305
kubelet = {
321-
extraArgs = merge(
322-
{
323-
"cloud-provider" = "external"
324-
"rotate-server-certificates" = true
325-
},
326-
var.kubernetes_kubelet_extra_args
327-
)
306+
extraArgs = local.talos_config_kubelet_args
328307
extraConfig = merge(
308+
local.talos_config_kubelet_extra_config_base,
329309
{
330-
shutdownGracePeriod = "90s"
331-
shutdownGracePeriodCriticalPods = "15s"
332-
registerWithTaints = nodepool.taints
310+
registerWithTaints = nodepool.taints
333311
systemReserved = {
334312
cpu = "100m"
335313
memory = "300Mi"
@@ -344,22 +322,12 @@ locals {
344322
var.kubernetes_kubelet_extra_config
345323
)
346324
extraMounts = local.talos_kubelet_extra_mounts
347-
nodeIP = {
348-
validSubnets = [local.network_node_ipv4_cidr]
349-
}
325+
nodeIP = local.talos_config_kubelet_nodeip
350326
}
351327
kernel = {
352328
modules = var.talos_kernel_modules
353329
}
354-
sysctls = merge(
355-
{
356-
"net.core.somaxconn" = "65535"
357-
"net.core.netdev_max_backlog" = "4096"
358-
"net.ipv6.conf.default.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
359-
"net.ipv6.conf.all.disable_ipv6" = "${var.talos_ipv6_enabled ? 0 : 1}"
360-
},
361-
var.talos_sysctls_extra_args
362-
)
330+
sysctls = local.talos_config_sysctls
363331
registries = var.talos_registries
364332
features = {
365333
hostDNS = local.talos_host_dns
@@ -368,18 +336,7 @@ locals {
368336
destinations = var.talos_logging_destinations
369337
}
370338
}
371-
cluster = {
372-
network = {
373-
dnsDomain = var.cluster_domain
374-
podSubnets = [local.network_pod_ipv4_cidr]
375-
serviceSubnets = [local.network_service_ipv4_cidr]
376-
cni = { name = "none" }
377-
}
378-
proxy = {
379-
disabled = var.cilium_kube_proxy_replacement_enabled
380-
}
381-
discovery = local.talos_discovery
382-
}
339+
cluster = local.talos_config_cluster_base
383340
}
384341
}
385-
}
342+
}

0 commit comments

Comments
 (0)