Initial commit: Turbo Mothership bare metal management cluster

- k0s bootstrap with Cilium and OpenEBS - ArgoCD apps for infra, CAPI, Tinkerbell, and Netris - Ansible playbooks for virtual baremetal lab and Netris switches - CAPI provider manifests for k0smotron and Tinkerbell
2025-12-15 19:59:58 +01:00
commit df9937f0c3
39 changed files with 1961 additions and 0 deletions
--- a/apps/infra/argocd.yaml
+++ b/apps/infra/argocd.yaml
@@ -0,0 +1,57 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://argoproj.github.io/argo-helm
+    chart: argo-cd
+    targetRevision: "9.1.6"
+    helm:
+      releaseName: turbo
+      valuesObject:
+        fullnameOverride: turbo-argocd
+        global:
+          domain: argo.turbo.weystrom.dev
+        configs:
+          params:
+            server.insecure: true
+          cm:
+            admin.enabled: true
+        server:
+          ingress:
+            enabled: true
+            ingressClassName: nginx
+            annotations:
+              nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+              nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+            extraTls:
+              - hosts:
+                  - argo.turbo.weystrom.dev
+                secretName: argocd-ingress-http
+          ingressGrpc:
+            enabled: true
+            ingressClassName: nginx
+            hostname: argo-grpc.turbo.weystrom.dev
+            annotations:
+              nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+            extraTls:
+              - hosts:
+                  - argo-grpc.turbo.weystrom.dev
+                secretName: argocd-ingress-grpc
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
--- a/apps/infra/cert-manager.yaml
+++ b/apps/infra/cert-manager.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://charts.jetstack.io
+    chart: cert-manager
+    targetRevision: "1.19.2"
+    helm:
+      releaseName: turbo
+      valuesObject:
+        fullnameOverride: turbo-certmgr
+        crds:
+          enabled: true
+        ingressShim:
+          defaultIssuerName: letsencrypt-prod
+          defaultIssuerKind: ClusterIssuer
+          defaultIssuerGroup: cert-manager.io
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
--- a/apps/infra/cilium.yaml
+++ b/apps/infra/cilium.yaml
@@ -0,0 +1,35 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cilium
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://helm.cilium.io/
+    chart: cilium
+    targetRevision: "1.18.4"
+    helm:
+      releaseName: cilium
+      valuesObject:
+        cluster:
+          name: local
+        k8sServiceHost: 65.109.94.180
+        k8sServicePort: 6443
+        kubeProxyReplacement: true
+        operator:
+          replicas: 1
+        routingMode: tunnel
+        tunnelProtocol: vxlan
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: kube-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ServerSideApply=true
--- a/apps/infra/ingress-nginx.yaml
+++ b/apps/infra/ingress-nginx.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://kubernetes.github.io/ingress-nginx
+    chart: ingress-nginx
+    targetRevision: "4.14.1"
+    helm:
+      releaseName: turbo
+      valuesObject:
+        fullnameOverride: turbo-ingress
+        controller:
+          admissionWebhooks:
+            enabled: false
+          service:
+            externalIPs:
+              - 65.109.94.180
+            type: ClusterIP
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ingress-nginx
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
--- a/apps/infra/openebs.yaml
+++ b/apps/infra/openebs.yaml
@@ -0,0 +1,48 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: openebs
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://openebs.github.io/openebs
+    chart: openebs
+    targetRevision: "4.2.0"
+    helm:
+      releaseName: openebs
+      valuesObject:
+        preUpgradeHook:
+          enabled: false
+        localpv-provisioner:
+          localpv:
+            basePath: /var/openebs/local
+        engines:
+          replicated:
+            mayastor:
+              enabled: false
+          local:
+            zfs:
+              enabled: false
+            rawfile:
+              enabled: false
+            lvm:
+              enabled: false
+        loki:
+          enabled: false
+        minio:
+          enabled: false
+        alloy:
+          enabled: false
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: openebs
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
--- a/apps/infra/sealed-secrets.yaml
+++ b/apps/infra/sealed-secrets.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secrets
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://bitnami-labs.github.io/sealed-secrets
+    chart: sealed-secrets
+    targetRevision: "2.17.9"
+    helm:
+      releaseName: turbo
+      valuesObject:
+        fullnameOverride: turbo-sealedsecrets
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: kube-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ServerSideApply=true