From b3270e72314e56682891f9f8ce2f6ca0799f9816 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sun, 19 Apr 2026 20:44:12 -0300 Subject: [PATCH] maintenance(metis): add titan-10 and titan-12 inventory profiles --- services/maintenance/kustomization.yaml | 21 ++-- services/maintenance/metis-configmap.yaml | 2 +- services/maintenance/metis-deployment.yaml | 9 +- services/maintenance/metis-inventory.yaml | 131 +++++++++++++++++++++ 4 files changed, 149 insertions(+), 14 deletions(-) create mode 100644 services/maintenance/metis-inventory.yaml diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index d8bd83f5..f2cc4064 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -6,8 +6,8 @@ resources: - image.yaml - secretproviderclass.yaml - metis-configmap.yaml - - soteria-configmap.yaml - metis-data-pvc.yaml + - soteria-configmap.yaml - vault-serviceaccount.yaml - vault-sync-deployment.yaml - ariadne-serviceaccount.yaml @@ -34,12 +34,9 @@ resources: - node-nofile-daemonset.yaml - metis-sentinel-amd64-daemonset.yaml - metis-sentinel-arm64-daemonset.yaml - - metis-k3s-token-sync-cronjob.yaml - k3s-agent-restart-daemonset.yaml - - pod-cleaner-cronjob.yaml - node-image-sweeper-serviceaccount.yaml - node-image-sweeper-daemonset.yaml - - image-sweeper-cronjob.yaml - metis-service.yaml - soteria-networkpolicy.yaml - oauth2-proxy-soteria-networkpolicy.yaml @@ -51,12 +48,18 @@ resources: - metis-ingress.yaml images: - name: registry.bstein.dev/bstein/ariadne - newTag: 0.1.0-118 # {"$imagepolicy": "maintenance:ariadne:tag"} + newTag: 0.1.0-22 # {"$imagepolicy": "maintenance:ariadne:tag"} - name: registry.bstein.dev/bstein/metis newTag: 0.1.0-9-amd64 - name: registry.bstein.dev/bstein/soteria - newTag: 0.1.0-36 # {"$imagepolicy": "maintenance:soteria:tag"} + newTag: 0.1.0-35 # {"$imagepolicy": "maintenance:soteria:tag"} configMapGenerator: + - name: metis-inventory + namespace: maintenance + files: + - inventory.yaml=metis-inventory.yaml + options: + disableNameSuffixHash: true - name: disable-k3s-traefik-script namespace: maintenance files: @@ -75,12 +78,6 @@ configMapGenerator: - node_nofile.sh=scripts/node_nofile.sh options: disableNameSuffixHash: true - - name: pod-cleaner-script - namespace: maintenance - files: - - pod_cleaner.sh=scripts/pod_cleaner.sh - options: - disableNameSuffixHash: true - name: node-image-sweeper-script namespace: maintenance files: diff --git a/services/maintenance/metis-configmap.yaml b/services/maintenance/metis-configmap.yaml index 2edcf805..15fc9f42 100644 --- a/services/maintenance/metis-configmap.yaml +++ b/services/maintenance/metis-configmap.yaml @@ -6,7 +6,7 @@ metadata: namespace: maintenance data: METIS_BIND_ADDR: :8080 - METIS_INVENTORY_PATH: /app/inventory.titan-rpi4.yaml + METIS_INVENTORY_PATH: /etc/metis/inventory.yaml METIS_DATA_DIR: /var/lib/metis METIS_DEFAULT_FLASH_HOST: titan-22 METIS_FLASH_HOSTS: titan-22,titan-24,titan-20,titan-21,titan-19,titan-17,titan-15,titan-14,titan-12,titan-11,titan-10,titan-09,titan-08,titan-07,titan-06,titan-05,titan-04,titan-0c,titan-0b,titan-0a diff --git a/services/maintenance/metis-deployment.yaml b/services/maintenance/metis-deployment.yaml index f72d965f..fd5f7459 100644 --- a/services/maintenance/metis-deployment.yaml +++ b/services/maintenance/metis-deployment.yaml @@ -18,7 +18,7 @@ spec: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" - metis.bstein.dev/config-rev: "2026-04-06-02" + metis.bstein.dev/config-rev: "2026-04-19-01" vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "maintenance" @@ -72,6 +72,9 @@ spec: periodSeconds: 5 timeoutSeconds: 2 volumeMounts: + - name: metis-inventory + mountPath: /etc/metis + readOnly: true - name: metis-data mountPath: /var/lib/metis - name: host-dev @@ -93,6 +96,10 @@ spec: privileged: true runAsUser: 0 volumes: + - name: metis-inventory + configMap: + name: metis-inventory + defaultMode: 0444 - name: metis-data persistentVolumeClaim: claimName: metis-data diff --git a/services/maintenance/metis-inventory.yaml b/services/maintenance/metis-inventory.yaml new file mode 100644 index 00000000..4087baa2 --- /dev/null +++ b/services/maintenance/metis-inventory.yaml @@ -0,0 +1,131 @@ +# services/maintenance/metis-inventory.yaml +classes: + - name: rpi5-ubuntu-worker + arch: arm64 + os: ubuntu-24.04 + image: ${METIS_IMAGE_RPI5_UBUNTU_WORKER} + checksum: ${METIS_IMAGE_RPI5_UBUNTU_WORKER_SHA256} + k3s_version: v1.33.3+k3s1 + default_labels: + hardware: rpi5 + node-role.kubernetes.io/worker: "true" + - name: rpi4-armbian-worker + arch: arm64 + os: armbian-noble + image: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN} + checksum: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN_SHA256} + k3s_version: v1.31.5+k3s1 + default_labels: + hardware: rpi4 + node-role.kubernetes.io/worker: "true" + - name: rpi4-armbian-longhorn + arch: arm64 + os: armbian-noble + image: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN} + checksum: ${METIS_IMAGE_RPI4_ARMBIAN_LONGHORN_SHA256} + k3s_version: v1.31.5+k3s1 + default_labels: + hardware: rpi4 + node-role.kubernetes.io/worker: "true" + +nodes: + - name: titan-10 + class: rpi5-ubuntu-worker + hostname: titan-10 + ip: 192.168.22.36 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: ubuntu + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + - name: titan-12 + class: rpi4-armbian-worker + hostname: titan-12 + ip: 192.168.22.40 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: atlas + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + - name: titan-13 + class: rpi4-armbian-longhorn + hostname: titan-13 + ip: 192.168.22.41 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: atlas + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + longhorn_disks: + - mountpoint: /mnt/astreae + uuid: 6031fa8b-f28c-45c3-b7bc-6133300e07c6 + fs: ext4 + - mountpoint: /mnt/asteria + uuid: cbd4989d-62b5-4741-8b2a-28fdae259cae + fs: ext4 + - name: titan-15 + class: rpi4-armbian-longhorn + hostname: titan-15 + ip: 192.168.22.43 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: atlas + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + longhorn_disks: + - mountpoint: /mnt/astreae + uuid: f3362f14-5822-449f-944b-ac570b5cd615 + fs: ext4 + - mountpoint: /mnt/asteria + uuid: 9c5316e6-f847-4884-b502-11f2d0d15d6f + fs: ext4 + - name: titan-17 + class: rpi4-armbian-longhorn + hostname: titan-17 + ip: 192.168.22.45 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: atlas + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + longhorn_disks: + - mountpoint: /mnt/astreae + uuid: 1fecdade-08b0-49cb-9ae3-be6c188b0a96 + fs: ext4 + - mountpoint: /mnt/asteria + uuid: 2fe9f613-d372-47ca-b84f-82084e4edda0 + fs: ext4 + - name: titan-19 + class: rpi4-armbian-longhorn + hostname: titan-19 + ip: 192.168.22.47 + k3s_role: agent + k3s_url: https://192.168.22.7:6443 + k3s_token: ${METIS_K3S_TOKEN} + ssh_user: atlas + ssh_authorized_keys: + - ${METIS_SSH_KEY_BRAD} + - ${METIS_SSH_KEY_ANANKE_TETHYS} + - ${METIS_SSH_KEY_ANANKE_DB} + longhorn_disks: + - mountpoint: /mnt/astreae + uuid: 4890abb9-dda2-4f4f-9c0f-081ee82849cf + fs: ext4 + - mountpoint: /mnt/asteria + uuid: 2b4ea28d-b0e6-4fa3-841b-cd7067ae9153 + fs: ext4