kubernetes/terraform: several updates

kubernetes-kvm-terraform/kubernetes-deployments/flux.md

@@ -0,0 +1,13 @@
+```bash
+flux bootstrap gitea \
+  --owner=kacerr \
+  --repository=home-kubernetes \
+  --branch=main \
+  --path=gitops/home-kubernetes \
+  --hostname=gitea.home.hrajfrisbee.cz \
+  --personal \
+  --token-auth
+
+
+flux token: 0917566fe2c7d11cb7b46618f076003f92477352
+```

kubernetes-kvm-terraform/kubernetes-deployments/metrics-server

@@ -0,0 +1,3 @@
+```bash
+kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+```

kubernetes-kvm-terraform/kubernetes-deployments/readme.md

@@ -34,8 +34,8 @@ driver:
           targetGroupInitiatorGroup: 1
           targetGroupAuthType: "None"      
     zfs:
-      datasetParentName: "pool-6g/tank/k8s/vols"
-      detachedSnapshotsDatasetParentName: "pool-6g/tank/k8s/snaps"
+      datasetParentName: "raid-1-4g/tank/k8s/vols"
+      detachedSnapshotsDatasetParentName: "raid-1-4g/tank/k8s/snaps"
 
 storageClasses:
 - name: freenas-iscsi

kubernetes-kvm-terraform/kubernetes-deployments/values.yaml

@@ -27,8 +27,8 @@ driver:
           targetGroupInitiatorGroup: 1
           targetGroupAuthType: "None"      
     zfs:
-      datasetParentName: "pool-6g/tank/k8s/vols"
-      detachedSnapshotsDatasetParentName: "pool-6g/tank/k8s/snaps"
+      datasetParentName: "raid-1-4g/tank/k8s/vols"
+      detachedSnapshotsDatasetParentName: "raid-1-4g/tank/k8s/snaps"
 
 storageClasses:
 - name: freenas-iscsi

kubernetes-kvm-terraform/master.tf

@@ -229,9 +229,9 @@ resource "libvirt_volume" "cloudinit" {
 resource "libvirt_domain" "master" {
   provider = libvirt.kvm-homer
   name   = local.master_vm_name
-  memory = "2048"
+  memory = "4096"
   memory_unit = "MiB" 
-  vcpu   = 2
+  vcpu   = 3
   type   = "kvm"
   autostart = true
   running   = true

kubernetes-kvm-terraform/nodes-on-beelink.tf

@@ -131,7 +131,18 @@ locals {
         content: |
           alias k='kubectl'
           source <(kubectl completion bash)
-          complete -o default -F __start_kubectl k          
+          complete -o default -F __start_kubectl k
+
+      - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf
+        content: |
+          [Unit]
+          After=containerd.service
+          Requires=containerd.service
+
+          [Service]
+          ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'
+          ExecStartPre=/usr/bin/crictl info
+
 
     runcmd:
       - systemctl enable --now qemu-guest-agent
@@ -151,6 +162,16 @@ locals {
       - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
       - echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
       - apt-get update && apt-get install -y containerd.io
+      - |
+        cat > /etc/containerd/config.toml <<'CONTAINERD'
+        version = 2
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
+        [plugins."io.containerd.grpc.v1.cri".registry]
+          config_path = "/etc/containerd/certs.d"
+        CONTAINERD
       - systemctl restart containerd
 
       # kubeadm/kubelet/kubectl v1.32
@@ -215,6 +236,10 @@ resource "libvirt_domain" "node_02" {
   autostart = true
   running   = true
 
+  cpu = {
+    mode = "host-passthrough"
+  }
+
   os = {
     type         = "hvm"
     type_arch    = "x86_64"

kubernetes-kvm-terraform/nodes-on-homer.tf

@@ -131,7 +131,18 @@ locals {
         content: |
           alias k='kubectl'
           source <(kubectl completion bash)
-          complete -o default -F __start_kubectl k          
+          complete -o default -F __start_kubectl k
+
+      - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf
+        content: |
+          [Unit]
+          After=containerd.service
+          Requires=containerd.service
+
+          [Service]
+          ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'
+          ExecStartPre=/usr/bin/crictl info
+
 
     runcmd:
       - systemctl enable --now qemu-guest-agent
@@ -151,6 +162,15 @@ locals {
       - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
       - echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
       - apt-get update && apt-get install -y containerd.io
+      - cat > /etc/containerd/config.toml <<'xEOF'
+        version = 2
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          runtime_type = "io.containerd.runc.v2"
+          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+            SystemdCgroup = true
+        [plugins."io.containerd.grpc.v1.cri".registry]
+          config_path = "/etc/containerd/certs.d"
+        xEOF      
       - systemctl restart containerd
 
       # kubeadm/kubelet/kubectl v1.32
@@ -215,6 +235,9 @@ resource "libvirt_domain" "node_01" {
   autostart = true
   running   = true
 
+  cpu = {
+    mode = "host-passthrough"
+  }
   os = {
     type         = "hvm"
     type_arch    = "x86_64"