add source code and readme

2025-12-24 14:35:17 +01:00
parent 7c92e1e610
commit 74324d5a1b
331 changed files with 39272 additions and 1 deletions
--- a/.cursor/rules/talos-config-template.yaml
+++ b/.cursor/rules/talos-config-template.yaml
@@ -0,0 +1,96 @@
+# Talos Configuration Templates
+# Machine configurations and Talos-specific patterns
+
+# Custom Talos Factory Image
+# Uses factory image with Longhorn extension pre-installed
+TALOS_FACTORY_IMAGE: "613e1592b2da41ae5e265e8789429f22e121aab91cb4deb6bc3c0b6262961245:v1.10.4"
+
+# Network Interface Configuration
+---
+apiVersion: v1alpha1
+kind: MachineConfig
+metadata:
+  name: node-config
+spec:
+  machine:
+    network:
+      interfaces:
+      # Public interface (DHCP + static configuration)
+      - interface: enp7s0
+        dhcp: true
+        addresses:
+        - 152.53.107.24/24  # Example for n1
+        routes:
+        - network: 0.0.0.0/0
+          gateway: 152.53.107.1
+          
+      # Private VLAN interface (static configuration)  
+      - interface: enp9s0
+        addresses:
+        - 10.132.0.10/24    # Example for n1 (VLAN 1004963)
+        vip:
+          ip: 10.132.0.5     # Shared VIP for control plane HA
+
+  # Node IP Configuration
+  machine:
+    kubelet:
+      extraArgs:
+        node-ip: 152.53.107.24  # Use public IP for node reporting
+
+# Node IP Mappings (NetCup Cloud vLAN 1004963)
+# All nodes are control plane nodes with shared VIP for HA
+# n1: Public 152.53.107.24 + Private 10.132.0.10/24 (Control plane)
+# n2: Public 152.53.105.81 + Private 10.132.0.20/24 (Control plane)  
+# n3: Public 152.53.200.111 + Private 10.132.0.30/24 (Control plane)
+# VIP: 10.132.0.5 (shared VIP, nodes elect primary)
+
+# Cluster Configuration
+---
+apiVersion: v1alpha1
+kind: ClusterConfig
+metadata:
+  name: keyboardvagabond
+spec:
+  clusterName: keyboardvagabond.com
+  controlPlane:
+    endpoint: https://10.132.0.5:6443  # VIP endpoint for HA
+  
+  # Allow workloads on control plane
+  allowSchedulingOnControlPlanes: true
+  
+  # CNI Configuration (Cilium)
+  network:
+    cni:
+      name: none  # Cilium installed via Helm
+    dnsDomain: cluster.local  # Standard domain for compatibility
+    
+  # API Server Configuration
+  apiServer:
+    extraArgs:
+      # Enable aggregation layer for metrics
+      enable-aggregator-routing: "true"
+
+# Volume Configuration
+# System disk: /dev/vda with 2-50GB ephemeral storage
+# Longhorn storage: 400GB minimum on system disk at /var/lib/longhorn
+
+# Administrative Access Commands
+# Recommended: Use VIP endpoint for HA
+# talosctl config endpoint 10.132.0.5  # VIP endpoint
+# talosctl config node 10.132.0.5
+# talosctl health
+# talosctl dashboard (via Tailscale VPN only)
+
+# Alternative: Individual node endpoints
+# talosctl config endpoint 10.132.0.10 10.132.0.20 10.132.0.30
+# talosctl config node 10.132.0.10
+
+# kubectl Contexts:
+# - admin@keyboardvagabond-tailscale (VIP: 10.132.0.5:6443 or node IPs) - ACTIVE
+# - admin@keyboardvagabond.com (blocked by firewall, Tailscale-only access)
+
+# Security Notes:
+# - API access restricted to Tailscale CGNAT range (100.64.0.0/10)
+# - Cilium host firewall blocks world access to ports 6443, 50000-50010
+# - All administrative access requires Tailscale mesh VPN connection
+# - Backup kubeconfig available as SOPS-encrypted portable configuration