Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/isejalabs/terraform-proxmox-talos

Terraform/OpenTofu module for creating a Kubernetes cluster on based on Talos Linux running on Proxmox
https://github.com/isejalabs/terraform-proxmox-talos

cilium iac infrastructure-as-code kubernetes opentofu proxmox talos terraform terraform-module tofu

Last synced: 8 days ago
JSON representation

Terraform/OpenTofu module for creating a Kubernetes cluster on based on Talos Linux running on Proxmox

Host: GitHub
URL: https://github.com/isejalabs/terraform-proxmox-talos
Owner: isejalabs
License: mit
Created: 2024-10-31T19:02:38.000Z (3 months ago)
Default Branch: main
Last Pushed: 2025-01-25T15:38:33.000Z (9 days ago)
Last Synced: 2025-01-25T16:25:05.658Z (9 days ago)
Topics: cilium, iac, infrastructure-as-code, kubernetes, opentofu, proxmox, talos, terraform, terraform-module, tofu
Language: HCL
Homepage:
Size: 94.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 7
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md

Awesome Lists containing this project

README

        ## About

A `terraform`/`tofu` module for creating a [Kubernetes](https://kubernetes.io/) cluster on [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment), using [Talos Linux](https://talos.dev) as the governing declarative K8S OS.

## What's in the pocket

You will get:

- [Kubernetes](https://kubernetes.io/) cluster based on

- [Talos Linux](https://talos.dev) (a secure, immutable, and minimal

  distribution, explecitely designed for K8S) with

- [Cilium](https://cilium.io) as a [CNI](https://www.cni.dev)

and

   [IngressController](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/),

- [Gateway API](https://gateway-api.sigs.k8s.io/) as next-generation

   Kubernetes Ingress,

- [Proxmox CSI Plugin](https://github.com/sergelogvinov/proxmox-csi-plugin) for providing storage,

- [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) providing a safe store for your [`Secrets`](https://kubernetes.io/docs/concepts/configuration/secret/) – even inside a public repository –,

- all running as QEMU/KVM VMs on [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment).

Everything is set up with a simple `terragrunt apply` command.

## Usage

For seeing an example usage of the module, please be referred to the [author](https://github.com/sebiklamar/)'s implementation of the module in [isejalab/homelab](https://github.com/isejalabs/homelab).  You will see this module being used in a multi-environment (e.g. dev, qa, prod), not only leveraging [Terragrunt](https://terragrunt.gruntwork.io/) as a DRY-style wrapper for `terraform`/`tofu`.  Copious amounts of [YAML](https://yaml.org/) using [kustomize](https://kustomize.io/) and its [transformer](https://github.com/kubernetes-sigs/kustomize/blob/master/examples/transformerconfigs/README.md), patches and components features will provide more [DRY](https://de.wikipedia.org/wiki/Don%E2%80%99t_repeat_yourself) capabilities.

    

## Roadmap and more features

This module is designed for being minimalistic by bootstrapping a Kubernetes cluster with core intrastructure CNI, CSI and Secrets.  Of course, you can add more Kubernetes features, e.g. [Argo CD](https://argo-cd.readthedocs.io/en/stable/) and [Cert-manager](https://cert-manager.io/), by defining [kustomize](https://kustomize.io/) YAML code on-top.

If you think a feature is worth being implemented inside this terraform/tofu module, feel free starting a community [discussion](https://github.com/isejalabs/terraform-proxmox-talos/discussions).

## Requirements

1. **Required**: You need to have one or more

    [**Proxmox**](https://www.proxmox.com/en/proxmox-virtual-environment) nodes to run the VMs on.  A Proxmox cluster is required in the case of multiple nodes.

2. **Free Choice**: The module is tested to running well with

   [**OpenTofu**](https://opentofu.org/), while it should be compatible with [**Terraform**](https://www.terraform.io/) as well.

3. **Recommended**: It's recommended using

   [**Terragrunt**](https://terragrunt.gruntwork.io/) as a wrapper when aiming for multiple incarnations of the module.  Plain `terraform`/`tofu` calling without using `terragrunt` as a wrapper should also work.

4. **Recommended**: It's recommended using [**SOPS**](https://getsops.io/)

   for encrypting your Terraform credentials (e.g. Proxmox login).  This allows storing all your Terraform configuration in version control.

6. **Recommended**: For daily operations of the cluster you should have

   K8S **CLI tools** such als `kubectl`, `kustomize`, `cilium`, and `kubeseal`.

5. **Optional**: You could have CLI tool `talosctl` for checking your

   Talos cluster.  It's not really needed because even upgrades are done using declarative IaC – in a good and bad manner (see siderolabs/terraform-provider-talos#140).

   

   Upgrades are handled setting the `nodes.[].update` variable to `true`, subsequently for all nodes.

## Credits

This module would not exist without [**Vegard Stenhjem Hagen**](https://github.com/vehagn)'s excellent work on his [@vehagn/homelab/tofu/kubernets](https://github.com/vehagn/homelab/tree/140fbc249b26c622c0e2ab413c3aca9eb5014f8e) implementation.  Besides variables and releases/tags, some other small changes got added, making this terraform module more usable in different environments.  See the [Changelog](CHANGELOG.md) for a full list of changes. And don't miss out checking Vegard's helpful [blog](https://blog.stonegarden.dev/), where he's giving brilliant explainations on Kubernetes topics, and of course his [homelab implementation](https://github.com/vehagn/homelab).