maintenance(metis): add titan-10 and titan-12 inventory profiles

2026-04-19 20:44:12 -03:00 · 2026-04-19 20:44:12 -03:00 · b3270e7231
commit b3270e7231
parent 1dce63fb9b
4 changed files with 149 additions and 14 deletions
--- a/services/maintenance/kustomization.yaml
+++ b/services/maintenance/kustomization.yaml
@ -6,8 +6,8 @@ resources:
  - image.yaml
  - secretproviderclass.yaml
  - metis-configmap.yaml
-  - soteria-configmap.yaml
  - metis-data-pvc.yaml
+  - soteria-configmap.yaml
  - vault-serviceaccount.yaml
  - vault-sync-deployment.yaml
  - ariadne-serviceaccount.yaml
@ -34,12 +34,9 @@ resources:
  - node-nofile-daemonset.yaml
  - metis-sentinel-amd64-daemonset.yaml
  - metis-sentinel-arm64-daemonset.yaml
-  - metis-k3s-token-sync-cronjob.yaml
  - k3s-agent-restart-daemonset.yaml
-  - pod-cleaner-cronjob.yaml
  - node-image-sweeper-serviceaccount.yaml
  - node-image-sweeper-daemonset.yaml
-  - image-sweeper-cronjob.yaml
  - metis-service.yaml
  - soteria-networkpolicy.yaml
  - oauth2-proxy-soteria-networkpolicy.yaml
@ -51,12 +48,18 @@ resources:
  - metis-ingress.yaml
 images:
  - name: registry.bstein.dev/bstein/ariadne
-    newTag: 0.1.0-118 # {"$imagepolicy": "maintenance:ariadne:tag"}
+    newTag: 0.1.0-22 # {"$imagepolicy": "maintenance:ariadne:tag"}
  - name: registry.bstein.dev/bstein/metis
    newTag: 0.1.0-9-amd64
  - name: registry.bstein.dev/bstein/soteria
-    newTag: 0.1.0-36 # {"$imagepolicy": "maintenance:soteria:tag"}
+    newTag: 0.1.0-35 # {"$imagepolicy": "maintenance:soteria:tag"}
 configMapGenerator:
+  - name: metis-inventory
+    namespace: maintenance
+    files:
+      - inventory.yaml=metis-inventory.yaml
+    options:
+      disableNameSuffixHash: true
  - name: disable-k3s-traefik-script
    namespace: maintenance
    files:
@ -75,12 +78,6 @@ configMapGenerator:
      - node_nofile.sh=scripts/node_nofile.sh
    options:
      disableNameSuffixHash: true
-  - name: pod-cleaner-script
-    namespace: maintenance
-    files:
-      - pod_cleaner.sh=scripts/pod_cleaner.sh
-    options:
-      disableNameSuffixHash: true
  - name: node-image-sweeper-script
    namespace: maintenance
    files:
--- a/services/maintenance/metis-configmap.yaml
+++ b/services/maintenance/metis-configmap.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: maintenance
 data:
  METIS_BIND_ADDR: :8080
-  METIS_INVENTORY_PATH: /app/inventory.titan-rpi4.yaml
+  METIS_INVENTORY_PATH: /etc/metis/inventory.yaml
  METIS_DATA_DIR: /var/lib/metis
  METIS_DEFAULT_FLASH_HOST: titan-22
  METIS_FLASH_HOSTS: titan-22,titan-24,titan-20,titan-21,titan-19,titan-17,titan-15,titan-14,titan-12,titan-11,titan-10,titan-09,titan-08,titan-07,titan-06,titan-05,titan-04,titan-0c,titan-0b,titan-0a
--- a/services/maintenance/metis-deployment.yaml
+++ b/services/maintenance/metis-deployment.yaml
@ -18,7 +18,7 @@ spec:
        prometheus.io/scrape: "true"
        prometheus.io/port: "8080"
        prometheus.io/path: "/metrics"
-        metis.bstein.dev/config-rev: "2026-04-06-02"
+        metis.bstein.dev/config-rev: "2026-04-19-01"
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/role: "maintenance"
@ -72,6 +72,9 @@ spec:
            periodSeconds: 5
            timeoutSeconds: 2
          volumeMounts:
+            - name: metis-inventory
+              mountPath: /etc/metis
+              readOnly: true
            - name: metis-data
              mountPath: /var/lib/metis
            - name: host-dev
@ -93,6 +96,10 @@ spec:
            privileged: true
            runAsUser: 0
      volumes:
+        - name: metis-inventory
+          configMap:
+            name: metis-inventory
+            defaultMode: 0444
        - name: metis-data
          persistentVolumeClaim:
            claimName: metis-data
--- a/services/maintenance/metis-inventory.yaml
+++ b/services/maintenance/metis-inventory.yaml
@ -0,0 +1,131 @@
+# services/maintenance/metis-inventory.yaml
+classes:
+  - name: rpi5-ubuntu-worker
+    arch: arm64
+    os: ubuntu-24.04
+    image: ${METIS_IMAGE_RPI5_UBUNTU_WORKER}
+    checksum: ${METIS_IMAGE_RPI5_UBUNTU_WORKER_SHA256}
+    k3s_version: v1.33.3+k3s1
+    default_labels:
+      hardware: rpi5
+      node-role.kubernetes.io/worker: "true"
+  - name: rpi4-armbian-worker
+    arch: arm64
+    os: armbian-noble
+    image: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN}
+    checksum: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN_SHA256}
+    k3s_version: v1.31.5+k3s1
+    default_labels:
+      hardware: rpi4
+      node-role.kubernetes.io/worker: "true"
+  - name: rpi4-armbian-longhorn
+    arch: arm64
+    os: armbian-noble
+    image: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN}
+    checksum: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN_SHA256}
+    k3s_version: v1.31.5+k3s1
+    default_labels:
+      hardware: rpi4
+      node-role.kubernetes.io/worker: "true"
+
+nodes:
+  - name: titan-10
+    class: rpi5-ubuntu-worker
+    hostname: titan-10
+    ip: 192.168.22.36
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: ubuntu
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+  - name: titan-12
+    class: rpi4-armbian-worker
+    hostname: titan-12
+    ip: 192.168.22.40
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+  - name: titan-13
+    class: rpi4-armbian-longhorn
+    hostname: titan-13
+    ip: 192.168.22.41
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+    longhorn_disks:
+      - mountpoint: /mnt/astreae
+        uuid: 6031fa8b-f28c-45c3-b7bc-6133300e07c6
+        fs: ext4
+      - mountpoint: /mnt/asteria
+        uuid: cbd4989d-62b5-4741-8b2a-28fdae259cae
+        fs: ext4
+  - name: titan-15
+    class: rpi4-armbian-longhorn
+    hostname: titan-15
+    ip: 192.168.22.43
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+    longhorn_disks:
+      - mountpoint: /mnt/astreae
+        uuid: f3362f14-5822-449f-944b-ac570b5cd615
+        fs: ext4
+      - mountpoint: /mnt/asteria
+        uuid: 9c5316e6-f847-4884-b502-11f2d0d15d6f
+        fs: ext4
+  - name: titan-17
+    class: rpi4-armbian-longhorn
+    hostname: titan-17
+    ip: 192.168.22.45
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+    longhorn_disks:
+      - mountpoint: /mnt/astreae
+        uuid: 1fecdade-08b0-49cb-9ae3-be6c188b0a96
+        fs: ext4
+      - mountpoint: /mnt/asteria
+        uuid: 2fe9f613-d372-47ca-b84f-82084e4edda0
+        fs: ext4
+  - name: titan-19
+    class: rpi4-armbian-longhorn
+    hostname: titan-19
+    ip: 192.168.22.47
+    k3s_role: agent
+    k3s_url: https://192.168.22.7:6443
+    k3s_token: ${METIS_K3S_TOKEN}
+    ssh_user: atlas
+    ssh_authorized_keys:
+      - ${METIS_SSH_KEY_BRAD}
+      - ${METIS_SSH_KEY_ANANKE_TETHYS}
+      - ${METIS_SSH_KEY_ANANKE_DB}
+    longhorn_disks:
+      - mountpoint: /mnt/astreae
+        uuid: 4890abb9-dda2-4f4f-9c0f-081ee82849cf
+        fs: ext4
+      - mountpoint: /mnt/asteria
+        uuid: 2b4ea28d-b0e6-4fa3-841b-cd7067ae9153
+        fs: ext4