Talos Ansible Role

interfaces.yaml.j2

- interface: {{ 'bond0' if hostvars[item].bond_interfaces | length > 0 else 'eth0' }}
  dhcp: false
  addresses:
    - {{ hostvars[item].ip }}
  routes:
    - network: 0.0.0.0/0
      gateway: {{ hostvars[item].ip | ipaddr('1') | ipaddr('address') }}
{% if hostvars[item].bond_interfaces | length > 0 %}
  bond:
    interfaces: {{ hostvars[item].bond_interfaces }}
    mode: 802.3ad
    xmitHashPolicy: layer3+4
    lacpRate: fast
    miimon: 100
    updelay: 200
    downdelay: 200
{% endif %}

inventory.yaml

all:
  vars:
    kube_service_addresses: 10.252.0.0/18
    kube_pods_subnet: 10.252.64.0/18
    cluster_name: gcore-msk

  hosts:
    m1-gcore-msk:
      ip: 123.123.123.123/24
      bond_interfaces: []
    s1-gcore-msk:
      ip: 222.222.222.22/29
      bond_interfaces:
        - eth2
        - eth3
  children:
    controlplane:
      hosts:
        m1-gcore-msk:
    worker:
      hosts:
        s1-gcore-msk:

tasks-main.yaml

---
- name: Prepare and show static IP kernel arg
  tags:
    - ip-config
  loop: "{{ groups['all'] }}"
  debug:
    msg: ip={{ hostvars[item].ip | ipaddr('address') }}::{{ hostvars[item].ip | ipaddr('1') | ipaddr('address') }}:{{ hostvars[item].ip | ipaddr('netmask') }}:{{ item }}:{{ hostvars[item].bond_interfaces | first | default('eth0') }}::1.1.1.1:8.8.8.8

- name: Create directory for cluster configs
  file:
    path: "./talos/{{ cluster_name }}"
    state: directory

- name: Check if secrets file exists
  stat:
    path: ./talos/{{ cluster_name }}/secrets.yaml
  register: talos_secrets

- name: Generate secrets if not exists
  ansible.builtin.shell: |
    talosctl gen secrets -o ./talos/{{ cluster_name }}/secrets.yaml
  when: talos_secrets.stat.exists == false

- name: Generate temporary configs
  ansible.builtin.shell: |
    cd talos

    talosctl gen config {{ cluster_name }} "https://{{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}:6443" \
      -o {{ cluster_name }} \
      --with-secrets {{ cluster_name }}/secrets.yaml \
      --with-docs=false \
      --with-examples=false \
      --with-kubespan=false \
      --with-cluster-discovery=false \
      --kubernetes-version {{ kubernetes_version }} \
      --talos-version v{{ talos_version }} \
      --install-image ghcr.io/siderolabs/installer:v{{ talos_installer_version }} \
      --config-patch @patches/common.yaml \
      --config-patch-control-plane @patches/controlplane.yaml \
      --config-patch-worker @patches/worker.yaml

- name: Generate controlplane configs for each node
  copy:
    dest: "./talos/{{ cluster_name }}/{{ item }}.yaml"
    content: "{{ dict | combine(changes, recursive=True) | to_nice_yaml }}"
  loop: "{{ groups['controlplane'] }}"
  vars:
    dict: "{{ lookup('file', './talos/{{ cluster_name }}/controlplane.yaml') | from_yaml }}"
    changes:
      cluster:
        network:
          podSubnets:
            - "{{ kube_pods_subnet }}"
          serviceSubnets:
            - "{{ kube_service_addresses }}"
      machine:
        network:
          hostname: "{{ item }}"
          interfaces: "{{ lookup('template', 'interfaces.yaml.j2') | from_yaml }}"

- name: Generate worker configs for each node
  copy:
    dest: "./talos/{{ cluster_name }}/{{ item }}.yaml"
    content: "{{ dict | combine(changes, recursive=True) | to_nice_yaml }}"
  loop: "{{ groups['worker'] }}"
  vars:
    dict: "{{ lookup('file', './talos/{{ cluster_name }}/worker.yaml') | from_yaml }}"
    changes:
      cluster:
        network:
          podSubnets:
            - "{{ kube_pods_subnet }}"
          serviceSubnets:
            - "{{ kube_service_addresses }}"
      machine:
        network:
          hostname: "{{ item }}"
          interfaces: "{{ lookup('template', 'interfaces.yaml.j2') | from_yaml }}"

- name: Delete temporary configs
  file:
    path: "./talos/{{ cluster_name }}/{{ item }}.yaml"
    state: absent
  with_items:
    - worker
    - controlplane

- name: Set endpoint in talosconfig
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl --talosconfig ./talosconfig config endpoint {{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}

- name: Merge talosconfig with local one
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl config merge ./talosconfig

- name: Check if initial configuration needed
  ignore_errors: true
  register: talosctl_config_status
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl time \
      --talosconfig ./talosconfig \
      --nodes {{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}

- name: Apply config
  loop: "{{ groups['all'] }}"
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl apply-config \
      --talosconfig ./talosconfig \
      --insecure={{ talosctl_config_status.rc != 0 }} \
      --nodes {{ hostvars[item].ip | ipaddr('address') }} \
      --endpoints {{ hostvars[item].ip | ipaddr('address') }} \
      --file {{ item }}.yaml

- name: Bootstrap etcd
  retries: 60
  delay: 3
  register: result
  failed_when: 'result.rc != 0 and "etcd data directory is not empty" not in result.stderr'
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl bootstrap \
      --talosconfig ./talosconfig \
      --nodes {{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}

- name: Generate kubeconfig
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl kubeconfig . \
      --talosconfig ./talosconfig \
      --force-context-name {{ cluster_name }} \
      --force \
      --nodes {{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}

- name: Merge kubeconfig with local one
  ansible.builtin.shell: |
    cd talos/{{ cluster_name }}
    talosctl kubeconfig \
      --talosconfig ./talosconfig \
      --force-context-name {{ cluster_name }} \
      --force \
      --merge \
      --nodes {{ hostvars[groups['controlplane'][0]].ip | ipaddr('address') }}