argodent/turbo-mothership
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Turbo Mothership bare metal management cluster

Browse Source 
- k0s bootstrap with Cilium and OpenEBS
- ArgoCD apps for infra, CAPI, Tinkerbell, and Netris
- Ansible playbooks for virtual baremetal lab and Netris switches
- CAPI provider manifests for k0smotron and Tinkerbell
This commit is contained in:
Pavel Basov
2025-12-15 19:59:58 +01:00
commit df9937f0c3
39 changed files with 1961 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
apps/bm/tinkerbell.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tinkerbell
namespace: argo
spec:
project: default
source:
repoURL: ghcr.io/tinkerbell/charts
targetRevision: v0.22.0
chart: tinkerbell
helm:
values: |
publicIP: 172.16.81.254
artifactsFileServer: http://172.16.81.254:7173
trustedProxies:
- 10.244.0.0/24
deployment:
init:
sourceInterface: br-mgmt
hostNetwork: true
strategy:
type: Recreate
rollingUpdate: null
envs:
rufio:
metricsAddr: 172.16.81.254:9090
probeAddr: 172.16.81.254:9091
smee:
dhcpBindInterface: br-mgmt
ipxeHttpScriptBindAddr: 172.16.81.254
syslogBindAddr: 172.16.81.254
tftpServerBindAddr: 172.16.81.254
tinkController:
metricsAddr: 172.16.81.254:9092
probeAddr: 172.16.81.254:9093
tinkServer:
bindAddr: 172.16.81.254
metricsAddr: 172.16.81.254:9094
probeAddr: 172.16.81.254:9095
tootles:
bindAddr: 172.16.81.254
secondstar:
bindAddr: 172.16.81.254
destination:
server: https://kubernetes.default.svc
namespace: tinkerbell
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

25
apps/capi/cluster-api-operator.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-api-operator
namespace: argo
spec:
project: default
source:
repoURL: https://kubernetes-sigs.github.io/cluster-api-operator
targetRevision: 0.15.1
chart: cluster-api-operator
helm:
values: |
cert-manager:
enabled: false
destination:
server: https://kubernetes.default.svc
namespace: capi
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

23
apps/capi/cluster-api-providers.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: capi-providers
namespace: argo
spec:
project: default
source:
path: manifests/capi-stack
repoURL: "ssh://git@git.weystrom.dev:2222/pbhv/apps.git"
targetRevision: HEAD
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: capi
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

24
apps/infra-apps.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: infra
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://git.weystrom.dev/argodent/turbo-mothership.git
path: apps/infra
targetRevision: HEAD
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

57
apps/infra/argocd.yaml Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd
targetRevision: "9.1.6"
helm:
releaseName: turbo
valuesObject:
fullnameOverride: turbo-argocd
global:
domain: argo.turbo.weystrom.dev
configs:
params:
server.insecure: true
cm:
admin.enabled: true
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
extraTls:
- hosts:
- argo.turbo.weystrom.dev
secretName: argocd-ingress-http
ingressGrpc:
enabled: true
ingressClassName: nginx
hostname: argo-grpc.turbo.weystrom.dev
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
extraTls:
- hosts:
- argo-grpc.turbo.weystrom.dev
secretName: argocd-ingress-grpc
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

33
apps/infra/cert-manager.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: "1.19.2"
helm:
releaseName: turbo
valuesObject:
fullnameOverride: turbo-certmgr
crds:
enabled: true
ingressShim:
defaultIssuerName: letsencrypt-prod
defaultIssuerKind: ClusterIssuer
defaultIssuerGroup: cert-manager.io
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

35
apps/infra/cilium.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cilium
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://helm.cilium.io/
chart: cilium
targetRevision: "1.18.4"
helm:
releaseName: cilium
valuesObject:
cluster:
name: local
k8sServiceHost: 65.109.94.180
k8sServicePort: 6443
kubeProxyReplacement: true
operator:
replicas: 1
routingMode: tunnel
tunnelProtocol: vxlan
destination:
server: https://kubernetes.default.svc
namespace: kube-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=false
- ServerSideApply=true

34
apps/infra/ingress-nginx.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx
targetRevision: "4.14.1"
helm:
releaseName: turbo
valuesObject:
fullnameOverride: turbo-ingress
controller:
admissionWebhooks:
enabled: false
service:
externalIPs:
- 65.109.94.180
type: ClusterIP
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

48
apps/infra/openebs.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: openebs
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://openebs.github.io/openebs
chart: openebs
targetRevision: "4.2.0"
helm:
releaseName: openebs
valuesObject:
preUpgradeHook:
enabled: false
localpv-provisioner:
localpv:
basePath: /var/openebs/local
engines:
replicated:
mayastor:
enabled: false
local:
zfs:
enabled: false
rawfile:
enabled: false
lvm:
enabled: false
loki:
enabled: false
minio:
enabled: false
alloy:
enabled: false
destination:
server: https://kubernetes.default.svc
namespace: openebs
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

27
apps/infra/sealed-secrets.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sealed-secrets
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://bitnami-labs.github.io/sealed-secrets
chart: sealed-secrets
targetRevision: "2.17.9"
helm:
releaseName: turbo
valuesObject:
fullnameOverride: turbo-sealedsecrets
destination:
server: https://kubernetes.default.svc
namespace: kube-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=false
- ServerSideApply=true

24
apps/netris-apps.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: netris
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://git.weystrom.dev/argodent/turbo-mothership.git
path: apps/netris
targetRevision: HEAD
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

37
apps/netris/netris-controller.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: netris-controller
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://netrisai.github.io/charts
chart: netris-controller
targetRevision: "*"
helm:
releaseName: netris-controller
valuesObject:
ingress:
hosts:
- netris.turbo.weystrom.dev
tls:
- secretName: netris-tls
hosts:
- netris.turbo.weystrom.dev
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
haproxy:
enabled: false
destination:
server: https://kubernetes.default.svc
namespace: netris-controller
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

31
apps/netris/netris-operator.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: netris-operator
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://netrisai.github.io/charts
chart: netris-operator
targetRevision: "*"
helm:
releaseName: netris-operator
valuesObject:
controller:
host: https://netris.turbo.weystrom.dev
login: netris
password: newNet0ps
insecure: false
destination:
server: https://kubernetes.default.svc
namespace: netris-operator
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true