{"id":15650569,"url":"https://github.com/rgl/terraform-libvirt-talos","last_synced_at":"2025-08-21T10:32:13.757Z","repository":{"id":139753330,"uuid":"586307325","full_name":"rgl/terraform-libvirt-talos","owner":"rgl","description":"example Talos Linux Kubernetes cluster in libvirt QEMU/KVM Virtual Machines using terraform","archived":false,"fork":false,"pushed_at":"2024-12-18T19:48:03.000Z","size":288,"stargazers_count":45,"open_issues_count":0,"forks_count":10,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-18T20:34:48.239Z","etag":null,"topics":["argo-cd","argocd","drbd","k8s","kubernetes","kubernetes-persistent-volume","kvm","libvirt","linstor","lvm","piraeus","spin","talos","terraform","wasm","webassembly"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-07T17:13:26.000Z","updated_at":"2024-12-18T19:48:07.000Z","dependencies_parsed_at":"2023-10-05T04:58:19.854Z","dependency_job_id":"35ffd05e-b984-43a8-b9b8-b4f128e44f1f","html_url":"https://github.com/rgl/terraform-libvirt-talos","commit_stats":{"total_commits":292,"total_committers":1,"mean_commits":292.0,"dds":0.0,"last_synced_commit":"51cfdf9010ae35055646156855b1ccdab01135bc"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fterraform-libvirt-talos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fterraform-libvirt-talos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fterraform-libvirt-talos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fterraform-libvirt-talos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/terraform-libvirt-talos/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230507051,"owners_count":18236944,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argo-cd","argocd","drbd","k8s","kubernetes","kubernetes-persistent-volume","kvm","libvirt","linstor","lvm","piraeus","spin","talos","terraform","wasm","webassembly"],"created_at":"2024-10-03T12:35:07.420Z","updated_at":"2025-08-21T10:32:13.707Z","avatar_url":"https://github.com/rgl.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# About\n\n[![Lint](https://github.com/rgl/terraform-libvirt-talos/actions/workflows/lint.yml/badge.svg)](https://github.com/rgl/terraform-libvirt-talos/actions/workflows/lint.yml)\n\nAn example [Talos Linux](https://www.talos.dev) Kubernetes cluster in libvirt QEMU/KVM Virtual Machines using terraform.\n\n[Cilium](https://cilium.io) is used to augment the Networking (e.g. the [`LoadBalancer`](https://cilium.io/use-cases/load-balancer/) and [`Ingress`](https://docs.cilium.io/en/stable/network/servicemesh/ingress/) controllers), Observability (e.g. [Service Map](https://cilium.io/use-cases/service-map/)), and Security (e.g. [Network Policy](https://cilium.io/use-cases/network-policy/)).\n\n[LVM](https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)), [DRBD](https://linbit.com/drbd/), [LINSTOR](https://github.com/LINBIT/linstor-server), and the [Piraeus Operator](https://github.com/piraeusdatastore/piraeus-operator), are used for providing persistent storage volumes.\n\nThe [spin extension](https://github.com/siderolabs/extensions/tree/main/container-runtime/spin), which installs [containerd-shim-spin](https://github.com/spinkube/containerd-shim-spin), is used to provide the ability to run [Spin Applications](https://developer.fermyon.com/spin/v2/index) ([WebAssembly/Wasm](https://webassembly.org/)).\n\n[Zot](https://github.com/project-zot/zot) is used as the in-cluster container registry. It stores and manages container images and other OCI artifacts.\n\n[Gitea](https://github.com/go-gitea/gitea) is used as the in-cluster git repository manager.\n\n[Argo CD](https://github.com/argoproj/argo-cd) is used as the in-cluster continuous delivery tool (aka gitops).\n\n# Usage (Ubuntu 22.04 host)\n\nInstall libvirt:\n\n```bash\n# install libvirt et al.\napt-get install -y virt-manager\n# configure the security_driver to prevent errors alike (when using terraform):\n#   Could not open '/var/lib/libvirt/images/terraform_talos_example_c0.img': Permission denied'\nsed -i -E 's,#?(security_driver)\\s*=.*,\\1 = \"none\",g' /etc/libvirt/qemu.conf\nsystemctl restart libvirtd\n# let the current user manage libvirtd.\n# see /usr/share/polkit-1/rules.d/60-libvirt.rules\nusermod -aG libvirt $USER\n# restart the shell.\nexit\n```\n\nInstall Terraform:\n\n```bash\n# see https://github.com/hashicorp/terraform/releases\n# renovate: datasource=github-releases depName=hashicorp/terraform\nterraform_version='1.12.2'\nwget \"https://releases.hashicorp.com/terraform/$terraform_version/terraform_${$terraform_version}_linux_amd64.zip\"\nunzip \"terraform_${$terraform_version}_linux_amd64.zip\"\nsudo install terraform /usr/local/bin\nrm terraform terraform_*_linux_amd64.zip\n```\n\nInstall cilium cli:\n\n```bash\n# see https://github.com/cilium/cilium-cli/releases\n# renovate: datasource=github-releases depName=cilium/cilium-cli\ncilium_version='0.18.6'\ncilium_url=\"https://github.com/cilium/cilium-cli/releases/download/v$cilium_version/cilium-linux-amd64.tar.gz\"\nwget -O- \"$cilium_url\" | tar xzf - cilium\nsudo install cilium /usr/local/bin/cilium\nrm cilium\n```\n\nInstall cilium hubble:\n\n```bash\n# see https://github.com/cilium/hubble/releases\n# renovate: datasource=github-releases depName=cilium/hubble\nhubble_version='1.17.5'\nhubble_url=\"https://github.com/cilium/hubble/releases/download/v$hubble_version/hubble-linux-amd64.tar.gz\"\nwget -O- \"$hubble_url\" | tar xzf - hubble\nsudo install hubble /usr/local/bin/hubble\nrm hubble\n```\n\nInstall kubectl-linstor:\n\n```bash\n# NB kubectl linstor storage-pool list is equivalent to:\n#    kubectl -n piraeus-datastore exec deploy/linstor-controller -- linstor storage-pool list\n# see https://github.com/piraeusdatastore/kubectl-linstor/releases\n# renovate: datasource=github-releases depName=piraeusdatastore/kubectl-linstor\nkubectl_linstor_version='0.3.2'\nkubectl_linstor_url=\"https://github.com/piraeusdatastore/kubectl-linstor/releases/download/v${kubectl_linstor_version}/kubectl-linstor_v${kubectl_linstor_version}_linux_amd64.tar.gz\"\nwget -O- \"$kubectl_linstor_url\" | tar xzf - kubectl-linstor\nsudo install kubectl-linstor /usr/local/bin/kubectl-linstor\nrm kubectl-linstor\n```\n\nInstall talosctl:\n\n```bash\n# see https://github.com/siderolabs/talos/releases\n# renovate: datasource=github-releases depName=siderolabs/talos\ntalos_version='1.10.6'\nwget https://github.com/siderolabs/talos/releases/download/v$talos_version/talosctl-linux-amd64\nsudo install talosctl-linux-amd64 /usr/local/bin/talosctl\nrm talosctl-linux-amd64\n```\n\nInstall the talos image into libvirt, and initialize terraform:\n\n```bash\n./do init\n```\n\nCreate the infrastructure:\n\n```bash\ntime ./do plan-apply\n```\n\nShow talos information:\n\n```bash\nexport TALOSCONFIG=$PWD/talosconfig.yml\ncontrollers=\"$(terraform output -raw controllers)\"\nworkers=\"$(terraform output -raw workers)\"\nall=\"$controllers,$workers\"\nc0=\"$(echo $controllers | cut -d , -f 1)\"\nw0=\"$(echo $workers | cut -d , -f 1)\"\ntalosctl -n $all version\ntalosctl -n $all dashboard\n```\n\nShow kubernetes information:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nkubectl cluster-info\nkubectl get nodes -o wide\n```\n\nShow Cilium information:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\ncilium status --wait\nkubectl -n kube-system exec ds/cilium -- cilium-dbg status --verbose\n```\n\nIn another shell, open the Hubble UI:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\ncilium hubble ui\n```\n\nExecute an example workload:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nkubectl apply -f example.yml\nkubectl rollout status deployment/example\nkubectl get ingresses,services,pods,deployments\nexample_ip=\"$(kubectl get ingress/example -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nexample_fqdn=\"$(kubectl get ingress/example -o json | jq -r .spec.rules[0].host)\"\nexample_url=\"http://$example_fqdn\"\ncurl --resolve \"$example_fqdn:80:$example_ip\" \"$example_url\"\necho \"$example_ip $example_fqdn\" | sudo tee -a /etc/hosts\ncurl \"$example_url\"\nxdg-open \"$example_url\"\nkubectl delete -f example.yml\n```\n\nExecute the [example hello-etcd stateful application](https://github.com/rgl/hello-etcd):\n\n```bash\n# see https://github.com/rgl/hello-etcd/tags\n# renovate: datasource=github-tags depName=rgl/hello-etcd\nhello_etcd_version='0.0.5'\nrm -rf tmp/hello-etcd\ninstall -d tmp/hello-etcd\npushd tmp/hello-etcd\nwget -qO- \"https://raw.githubusercontent.com/rgl/hello-etcd/v$hello_etcd_version/manifest.yml\" \\\n  | perl -pe 's,(storageClassName:).+,$1 linstor-lvm-r1,g' \\\n  | perl -pe 's,(storage:).+,$1 1Gi,g' \\\n  \u003e manifest.yml\nkubectl apply -f manifest.yml\nkubectl rollout status deployment hello-etcd\nkubectl rollout status statefulset hello-etcd-etcd\nkubectl get service,statefulset,pod,pvc,pv,sc\nkubectl linstor volume list\n```\n\nAccess the `hello-etcd` service from a [kubectl port-forward local port](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/):\n\n```bash\nkubectl port-forward service/hello-etcd 6789:web \u0026\nsleep 3\nwget -qO- http://localhost:6789 # Hello World #1!\nwget -qO- http://localhost:6789 # Hello World #2!\nwget -qO- http://localhost:6789 # Hello World #3!\n```\n\nDelete the etcd pod:\n\n```bash\n# NB the used StorageClass is configured with ReclaimPolicy set to Delete. this\n#    means that, when we delete the application PersistentVolumeClaim, the\n#    volume will be deleted from the linstor storage-pool. please note that\n#    this will only happen when the pvc finalizers list is empty. since the\n#    pvc is created by the statefulset (due to having\n#    persistentVolumeClaimRetentionPolicy set to Retain), and it adds the\n#    kubernetes.io/pvc-protection finalizer, which means, the pvc will only be\n#    deleted when you explicitly delete it (and nothing is using it as noted by\n#    an empty finalizers list)\n# NB although we delete the pod, the StatefulSet will create a fresh pod to\n#    replace it. using the same persistent volume as the old one.\nkubectl delete pod/hello-etcd-etcd-0\nkubectl get pod/hello-etcd-etcd-0 # NB its age should be in the seconds range.\nkubectl rollout status deployment hello-etcd\nkubectl rollout status statefulset hello-etcd-etcd\nkubectl get pvc,pv\nkubectl linstor volume list\n```\n\nAccess the application, and notice that the counter continues after the previously returned value, which means that although the etcd instance is different, it picked up the same persistent volume:\n\n```bash\nwget -qO- http://localhost:6789 # Hello World #4!\nwget -qO- http://localhost:6789 # Hello World #5!\nwget -qO- http://localhost:6789 # Hello World #6!\n```\n\nDelete everything:\n\n```bash\nkubectl delete -f manifest.yml\nkill %1 \u0026\u0026 sleep 1 # kill the kubectl port-forward background command execution.\n# NB the pvc will not be automatically deleted because it has the\n#    kubernetes.io/pvc-protection finalizer (set by the statefulset, due to\n#    having persistentVolumeClaimRetentionPolicy set to Retain), which prevents\n#    it from being automatically deleted.\nkubectl get pvc,pv\nkubectl linstor volume list\n# delete the pvc (which will also trigger the pv (persistent volume) deletion\n# because the associated storageclass reclaim policy is set to delete).\nkubectl delete pvc/etcd-data-hello-etcd-etcd-0\n# NB you should wait until its actually deleted.\nkubectl get pvc,pv\nkubectl linstor volume list\npopd\n```\n\nExecute an [example WebAssembly (Wasm) Spin workload](https://github.com/rgl/spin-http-rust-example):\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nkubectl apply -f example-spin.yml\nkubectl rollout status deployment/example-spin\nkubectl get ingresses,services,pods,deployments\nexample_spin_ip=\"$(kubectl get ingress/example-spin -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nexample_spin_fqdn=\"$(kubectl get ingress/example-spin -o json | jq -r .spec.rules[0].host)\"\nexample_spin_url=\"http://$example_spin_fqdn\"\ncurl --resolve \"$example_spin_fqdn:80:$example_spin_ip\" \"$example_spin_url\"\necho \"$example_spin_ip $example_spin_fqdn\" | sudo tee -a /etc/hosts\ncurl \"$example_spin_url\"\nxdg-open \"$example_spin_url\"\nkubectl delete -f example-spin.yml\n```\n\nAccess Zot:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nexport SSL_CERT_FILE=\"$PWD/kubernetes-ingress-ca-crt.pem\"\nzot_ip=\"$(kubectl get -n zot ingress/zot -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nzot_fqdn=\"$(kubectl get -n zot ingress/zot -o json | jq -r .spec.rules[0].host)\"\nzot_url=\"https://$zot_fqdn\"\necho \"zot_url: $zot_url\"\necho \"zot_username: admin\"\necho \"zot_password: admin\"\ncurl --resolve \"$zot_fqdn:443:$zot_ip\" \"$zot_url\"\necho \"$zot_ip $zot_fqdn\" | sudo tee -a /etc/hosts\nxdg-open \"$zot_url\"\n```\n\nUpload the `kubernetes-hello` example image:\n\n```bash\nskopeo login \\\n  --username admin \\\n  --password-stdin \\\n  \"$zot_fqdn\" \\\n  \u003c\u003c\u003c\"admin\"\nskopeo copy \\\n  --format oci \\\n  docker://docker.io/ruilopes/kubernetes-hello:v0.0.202408161942 \\\n  \"docker://$zot_fqdn/ruilopes/kubernetes-hello:v0.0.202408161942\"\nskopeo logout \"$zot_fqdn\"\n```\n\nInspect the `kubernetes-hello` example image:\n\n```bash\nskopeo login \\\n  --username talos \\\n  --password-stdin \\\n  \"$zot_fqdn\" \\\n  \u003c\u003c\u003c\"talos\"\nskopeo list-tags \"docker://$zot_fqdn/ruilopes/kubernetes-hello\"\nskopeo inspect \"docker://$zot_fqdn/ruilopes/kubernetes-hello:v0.0.202408161942\"\nskopeo inspect \"docker://$zot_fqdn/ruilopes/kubernetes-hello:v0.0.202408161942\" \\\n  --raw | jq\nskopeo logout \"$zot_fqdn\"\n```\n\nLaunch a Pod using the example image:\n\n```bash\nkubectl apply -f kubernetes-hello.yml\nkubectl rollout status deployment/kubernetes-hello\nkubectl get ingresses,services,pods,deployments\nkubernetes_hello_ip=\"$(kubectl get ingress/kubernetes-hello -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nkubernetes_hello_fqdn=\"$(kubectl get ingress/kubernetes-hello -o json | jq -r .spec.rules[0].host)\"\nkubernetes_hello_url=\"http://$kubernetes_hello_fqdn\"\necho \"kubernetes_hello_url: $kubernetes_hello_url\"\ncurl --resolve \"$kubernetes_hello_fqdn:80:$kubernetes_hello_ip\" \"$kubernetes_hello_url\"\necho \"$kubernetes_hello_ip $kubernetes_hello_fqdn\" | sudo tee -a /etc/hosts\nxdg-open \"$kubernetes_hello_url\"\n```\n\nDelete the example Pod:\n\n```bash\nkubectl delete -f kubernetes-hello.yml\n```\n\nAccess Gitea:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nexport SSL_CERT_FILE=\"$PWD/kubernetes-ingress-ca-crt.pem\"\ngitea_ip=\"$(kubectl get -n gitea ingress/gitea -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\ngitea_fqdn=\"$(kubectl get -n gitea ingress/gitea -o json | jq -r .spec.rules[0].host)\"\ngitea_url=\"https://$gitea_fqdn\"\necho \"gitea_url: $gitea_url\"\necho \"gitea_username: gitea\"\necho \"gitea_password: gitea\"\ncurl --resolve \"$gitea_fqdn:443:$gitea_ip\" --silent \"$gitea_url\" | grep -P '\u003ctitle\u003e'\necho \"$gitea_ip $gitea_fqdn\" | sudo tee -a /etc/hosts\nxdg-open \"$gitea_url\"\n```\n\nAccess Argo CD:\n\n```bash\nexport KUBECONFIG=$PWD/kubeconfig.yml\nargocd_server_ip=\"$(kubectl get -n argocd ingress/argocd-server -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nargocd_server_fqdn=\"$(kubectl get -n argocd ingress/argocd-server -o json | jq -r .spec.rules[0].host)\"\nargocd_server_url=\"https://$argocd_server_fqdn\"\nargocd_server_admin_password=\"$(\n  kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath=\"{.data.password}\" \\\n    | base64 --decode)\"\necho \"argocd_server_url: $argocd_server_url\"\necho \"argocd_server_admin_password: $argocd_server_admin_password\"\necho \"$argocd_server_ip $argocd_server_fqdn\" | sudo tee -a /etc/hosts\nxdg-open \"$argocd_server_url\"\n```\n\nIf the Argo CD UI is showing these kind of errors:\n\n\u003e Unable to load data: permission denied\n\u003e Unable to load data: error getting cached app managed resources: NOAUTH Authentication required.\n\u003e Unable to load data: error getting cached app managed resources: cache: key is missing\n\u003e Unable to load data: error getting cached app managed resources: InvalidSpecError: Application referencing project default which does not exist\n\nTry restarting some of the Argo CD components, and after restarting them, the\nArgo CD UI should start working after a few minutes (e.g. at the next sync\ninterval, which defaults to 3m):\n\n```bash\nkubectl -n argocd rollout restart statefulset argocd-application-controller\nkubectl -n argocd rollout status statefulset argocd-application-controller --watch\nkubectl -n argocd rollout restart deployment argocd-server\nkubectl -n argocd rollout status deployment argocd-server --watch\n```\n\nCreate the `argocd-example` repository:\n\n```bash\nexport SSL_CERT_FILE=\"$PWD/kubernetes-ingress-ca-crt.pem\"\nexport GIT_SSL_CAINFO=\"$SSL_CERT_FILE\"\ncurl \\\n  --silent \\\n  --show-error \\\n  --fail-with-body \\\n  -u gitea:gitea \\\n  -X POST \\\n  -H 'Accept: application/json' \\\n  -H 'Content-Type: application/json' \\\n  -d '{\n    \"name\": \"argocd-example\",\n    \"private\": true\n  }' \\\n  https://gitea.example.test/api/v1/user/repos \\\n  | jq\nrm -rf tmp/argocd-example\ngit init tmp/argocd-example\npushd tmp/argocd-example\ngit branch -m main\ncp ../../example.yml .\ngit add .\ngit commit -m init\ngit remote add origin https://gitea.example.test/gitea/argocd-example.git\ngit push -u origin main\npopd\n```\n\nCreate the `argocd-example` argocd application:\n\n```bash\nargocd login \\\n  \"$argocd_server_fqdn\" \\\n  --username admin \\\n  --password \"$argocd_server_admin_password\"\nargocd cluster list\n# NB we have to access gitea thru the internal cluster service because the\n#    external/ingress domains does not resolve inside the cluster.\n# NB if git repository was hosted outside of the cluster, we might have\n#    needed to execute the following to trust the certificate.\n#     argocd cert add-tls gitea.example.test --from \"$SSL_CERT_FILE\"\n#     argocd cert list --cert-type https\nargocd repo add \\\n  http://gitea-http.gitea.svc:3000/gitea/argocd-example.git \\\n  --username gitea \\\n  --password gitea\nargocd app create \\\n  argocd-example \\\n  --dest-name in-cluster \\\n  --dest-namespace default \\\n  --project default \\\n  --auto-prune \\\n  --self-heal \\\n  --sync-policy automatic \\\n  --repo http://gitea-http.gitea.svc:3000/gitea/argocd-example.git \\\n  --path .\nargocd app list\nargocd app wait argocd-example --health --timeout 300\nkubectl get crd | grep argoproj.io\nkubectl -n argocd get applications\nkubectl -n argocd get application/argocd-example -o yaml\n```\n\nAccess the example application:\n\n```bash\nkubectl rollout status deployment/example\nkubectl get ingresses,services,pods,deployments\nexample_ip=\"$(kubectl get ingress/example -o json | jq -r .status.loadBalancer.ingress[0].ip)\"\nexample_fqdn=\"$(kubectl get ingress/example -o json | jq -r .spec.rules[0].host)\"\nexample_url=\"http://$example_fqdn\"\ncurl --resolve \"$example_fqdn:80:$example_ip\" \"$example_url\"\necho \"$example_ip $example_fqdn\" | sudo tee -a /etc/hosts\ncurl \"$example_url\"\nxdg-open \"$example_url\"\n```\n\nModify the example application, by bumping the number of replicas:\n\n```bash\npushd tmp/argocd-example\nsed -i -E 's,(replicas:) .+,\\1 3,g' example.yml\ngit diff\ngit add .\ngit commit -m 'bump replicas'\ngit push -u origin main\npopd\n```\n\nThen go the Argo CD UI, and wait for it to eventually sync the example argocd\napplication, or click `Refresh` to sync it immediately.\n\nDelete the example argocd application and repository:\n\n```bash\nargocd app delete \\\n  argocd-example \\\n  --yes\nargocd repo rm \\\n  http://gitea-http.gitea.svc:3000/gitea/argocd-example.git\ncurl \\\n  --silent \\\n  --show-error \\\n  --fail-with-body \\\n  -u gitea:gitea \\\n  -X DELETE \\\n  -H 'Accept: application/json' \\\n  \"$gitea_url/api/v1/repos/gitea/argocd-example\" \\\n  | jq\n```\n\nDestroy the infrastructure:\n\n```bash\ntime ./do destroy\n```\n\nList this repository dependencies (and which have newer versions):\n\n```bash\nGITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN' ./renovate.sh\n```\n\nUpdate the talos extensions to match the talos version:\n\n```bash\n./do update-talos-extensions\n```\n\n# Troubleshoot\n\nTalos:\n\n```bash\n# see https://www.talos.dev/v1.10/advanced/troubleshooting-control-plane/\ntalosctl -n $all support \u0026\u0026 rm -rf support \u0026\u0026 7z x -osupport support.zip \u0026\u0026 code support\ntalosctl -n $c0 service ext-qemu-guest-agent status\ntalosctl -n $c0 service etcd status\ntalosctl -n $c0 etcd status\ntalosctl -n $c0 etcd alarm list\ntalosctl -n $c0 etcd members\n# NB talosctl get members requires the talos discovery service, which we disable\n#    by default, so this will not return anything.\n#    see talos.tf.\ntalosctl -n $c0 get members\ntalosctl -n $c0 health --control-plane-nodes $controllers --worker-nodes $workers\ntalosctl -n $c0 inspect dependencies | dot -Tsvg \u003ec0.svg \u0026\u0026 xdg-open c0.svg\ntalosctl -n $c0 dashboard\ntalosctl -n $c0 logs controller-runtime\ntalosctl -n $c0 logs kubelet\ntalosctl -n $c0 mounts | sort\ntalosctl -n $c0 get blockdevices\ntalosctl -n $c0 get disks\ntalosctl -n $c0 get systemdisk\ntalosctl -n $c0 get resourcedefinitions\ntalosctl -n $c0 get machineconfigs -o yaml\ntalosctl -n $c0 get staticpods -o yaml\ntalosctl -n $c0 get staticpodstatus\ntalosctl -n $c0 get manifests\ntalosctl -n $c0 get services\ntalosctl -n $c0 get extensions\ntalosctl -n $c0 get addresses\ntalosctl -n $c0 get nodeaddresses\ntalosctl -n $c0 netstat --extend --programs --pods --listening\ntalosctl -n $c0 list -l -r -t f /etc\ntalosctl -n $c0 list -l -r -t f /system\ntalosctl -n $c0 list -l -r -t f /var\ntalosctl -n $c0 list -l -r /dev\ntalosctl -n $c0 list -l /sys/fs/cgroup\ntalosctl -n $c0 read /proc/cmdline | tr ' ' '\\n'\ntalosctl -n $c0 read /proc/mounts | sort\ntalosctl -n $w0 read /proc/modules | sort\ntalosctl -n $w0 read /sys/module/drbd/parameters/usermode_helper\ntalosctl -n $c0 read /etc/os-release\ntalosctl -n $c0 read /etc/resolv.conf\ntalosctl -n $c0 read /etc/containerd/config.toml\ntalosctl -n $c0 read /etc/cri/containerd.toml\ntalosctl -n $c0 read /etc/cri/conf.d/cri.toml\ntalosctl -n $c0 read /etc/kubernetes/kubelet.yaml\ntalosctl -n $c0 read /etc/kubernetes/kubeconfig-kubelet\ntalosctl -n $c0 read /etc/kubernetes/bootstrap-kubeconfig\ntalosctl -n $c0 ps\ntalosctl -n $c0 containers -k\n```\n\nCilium:\n\n```bash\ncilium status --wait\nkubectl -n kube-system exec ds/cilium -- cilium-dbg status --verbose\ncilium config view\ncilium hubble ui\n# **NB** cilium connectivity test is not working out-of-the-box in the default\n# test namespaces and using it in kube-system namespace will leave garbage\n# behind.\n#cilium connectivity test --test-namespace kube-system\nkubectl -n kube-system get leases | grep cilium-l2announce-\n```\n\nKubernetes:\n\n```bash\nkubectl get events --all-namespaces --watch\nkubectl --namespace kube-system get events --watch\nkubectl --namespace kube-system debug node/w0 --stdin --tty --image=busybox:1.36 -- cat /host/etc/resolv.conf\nkubectl --namespace kube-system get configmaps coredns --output yaml\npod_name=\"$(kubectl --namespace kube-system get pods --selector k8s-app=kube-dns --output json | jq -r '.items[0].metadata.name')\"\nkubectl --namespace kube-system debug $pod_name --stdin --tty --image=busybox:1.36 --target=coredns -- sh -c 'cat /proc/$(pgrep coredns)/root/etc/resolv.conf'\nkubectl --namespace kube-system run busybox -it --rm --restart=Never --image=busybox:1.36 -- nslookup -type=a talos.dev\nkubectl get crds\nkubectl api-resources\n```\n\nStorage (lvm/drbd/linstor/piraeus):\n\n```bash\n# NB kubectl linstor node list is equivalent to:\n#    kubectl -n piraeus-datastore exec deploy/linstor-controller -- linstor node list\nkubectl linstor node list\nkubectl linstor storage-pool list\nkubectl linstor volume list\nkubectl -n piraeus-datastore exec daemonset/linstor-satellite.w0 -- drbdadm status\nkubectl -n piraeus-datastore exec daemonset/linstor-satellite.w0 -- lvdisplay\nkubectl -n piraeus-datastore exec daemonset/linstor-satellite.w0 -- vgdisplay\nkubectl -n piraeus-datastore exec daemonset/linstor-satellite.w0 -- pvdisplay\nw0_csi_node_pod_name=\"$(\n  kubectl -n piraeus-datastore get pods \\\n    --field-selector spec.nodeName=w0 \\\n    --selector app.kubernetes.io/component=linstor-csi-node \\\n    --output 'jsonpath={.items[*].metadata.name}')\"\nkubectl -n piraeus-datastore exec \"pod/$w0_csi_node_pod_name\" -- lsblk\nkubectl -n piraeus-datastore exec \"pod/$w0_csi_node_pod_name\" -- bash -c 'mount | grep /dev/drbd'\nkubectl -n piraeus-datastore exec \"pod/$w0_csi_node_pod_name\" -- bash -c 'df -h | grep -P \"Filesystem|/dev/drbd\"'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fterraform-libvirt-talos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fterraform-libvirt-talos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fterraform-libvirt-talos/lists"}