windsorcli · rmvangun · Mar 24, 2025 · Mar 24, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+# Exclude the .docker-cache directory
+.docker-cache
+
+# Exclude Git repository files
+.git
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,7 @@
 .windsor/
 .volumes/
 terraform/**/backend_override.tf
+terraform/**/provider_override.tf
 contexts/**/.terraform/
 contexts/**/.tfstate/
 contexts/**/.kube/

diff --git a/aqua.yaml b/aqua.yaml
@@ -28,3 +28,4 @@ packages:
   - name: hashicorp/vault@v1.19.0
   - name: derailed/k9s@v0.40.10
   - name: getsops/sops@v3.9.4
+  - name: 1password/cli@v2.30.3
diff --git a/contexts/colima/terraform/cluster/talos.tfvars b/contexts/colima/terraform/cluster/talos.tfvars
diff --git a/contexts/docker-desktop/terraform/cluster/talos.tfvars b/contexts/docker-desktop/terraform/cluster/talos.tfvars
diff --git a/contexts/colima/blueprint.yaml → contexts/local-colima/blueprint.yaml b/contexts/colima/blueprint.yaml → contexts/local-colima/blueprint.yaml
@@ -1,18 +1,14 @@
 kind: Blueprint
 apiVersion: blueprints.windsorcli.dev/v1alpha1
 metadata:
-  name: colima
-  description: This blueprint configures core for running in a Colima managed VM
+  name: local
+  description: This blueprint outlines resources in the local context
 repository:
   url: http://git.test/git/core
   ref:
     branch: main
   secretName: flux-system
-sources:
-- name: core
-  url: github.com/windsorcli/core
-  ref:
-    branch: main
+sources: []
 terraform:
 - path: cluster/talos
 - path: gitops/flux
@@ -29,6 +25,7 @@ kustomize:
   path: csi
   dependsOn:
   - policy-resources
+  force: true
   components:
   - openebs
   - openebs/dynamic-localpv

diff --git a/contexts/local-colima/terraform/cluster/talos.tfvars b/contexts/local-colima/terraform/cluster/talos.tfvars
@@ -0,0 +1,28 @@
+// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten.
+// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main
+
+// The external controlplane API endpoint of the kubernetes API
+cluster_endpoint = "https://controlplane-1.test:6443"
+
+// The name of the cluster
+cluster_name = "talos"
+
+// A YAML string of common config patches to apply
+common_config_patches = "\"cluster\":\n  \"apiServer\":\n    \"certSANs\":\n    - \"localhost\"\n    - \"controlplane-1.test\"\n    - \"10.5.0.2\"\n  \"extraManifests\":\n  - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n  \"certSANs\":\n  - \"localhost\"\n  - \"controlplane-1.test\"\n  - \"10.5.0.2\"\n  \"features\":\n    \"hostDNS\":\n      \"forwardKubeDNSToHost\": true\n  \"kubelet\":\n    \"extraArgs\":\n      \"rotate-server-certificates\": \"true\"\n  \"network\": {}\n  \"registries\":\n    \"mirrors\":\n      \"docker.io\":\n        \"endpoints\":\n        - \"http://registry-1.docker.test:5000\"\n      \"gcr.io\":\n        \"endpoints\":\n        - \"http://gcr.test:5000\"\n      \"ghcr.io\":\n        \"endpoints\":\n        - \"http://ghcr.test:5000\"\n      \"quay.io\":\n        \"endpoints\":\n        - \"http://quay.test:5000\"\n      \"registry.k8s.io\":\n        \"endpoints\":\n        - \"http://registry.k8s.test:5000\"\n      \"registry.test\":\n        \"endpoints\":\n        - \"http://registry.test:5000\""
+
+// Machine config details for control planes
+controlplanes = [{
+  endpoint = "controlplane-1.test"
+  hostname = "controlplane-1.test"
+  node     = "controlplane-1.test"
+}]
+
+// A YAML string of worker config patches to apply
+worker_config_patches = "\"machine\":\n  \"kubelet\":\n    \"extraMounts\":\n    - \"destination\": \"/var/local\"\n      \"options\":\n      - \"rbind\"\n      - \"rw\"\n      \"source\": \"/var/local\"\n      \"type\": \"bind\""
+
+// Machine config details for workers
+workers = [{
+  endpoint = "worker-1.test"
+  hostname = "worker-1.test"
+  node     = "worker-1.test"
+}]
diff --git a/...cker-desktop/terraform/gitops/flux.tfvars → ...local-colima/terraform/gitops/flux.tfvars b/...cker-desktop/terraform/gitops/flux.tfvars → ...local-colima/terraform/gitops/flux.tfvars
diff --git a/contexts/docker-desktop/blueprint.yaml → contexts/local-docker-desktop/blueprint.yaml b/contexts/docker-desktop/blueprint.yaml → contexts/local-docker-desktop/blueprint.yaml
@@ -1,18 +1,14 @@
 kind: Blueprint
 apiVersion: blueprints.windsorcli.dev/v1alpha1
 metadata:
-  name: docker-desktop
-  description: This blueprint configures core for running on Docker Desktop
+  name: local
+  description: This blueprint outlines resources in the local context
 repository:
   url: http://git.test/git/core
   ref:
     branch: main
   secretName: flux-system
-sources:
-- name: core
-  url: github.com/windsorcli/core
-  ref:
-    branch: main
+sources: []
 terraform:
 - path: cluster/talos
 - path: gitops/flux
@@ -29,6 +25,7 @@ kustomize:
   path: csi
   dependsOn:
   - policy-resources
+  force: true
   components:
   - openebs
   - openebs/dynamic-localpv
@@ -80,10 +77,9 @@ kustomize:
   components:
   - webhook
 - name: demo
-  path: demo
+  path: demo/bookinfo
   dependsOn:
   - ingress-base
   force: true
   components:
-  - bookinfo
-  - bookinfo/ingress
+  - ingress
diff --git a/contexts/local-docker-desktop/terraform/cluster/talos.tfvars b/contexts/local-docker-desktop/terraform/cluster/talos.tfvars
@@ -0,0 +1,28 @@
+// Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten.
+// Module source: github.com/windsorcli/core//terraform/cluster/talos?ref=main
+
+// The external controlplane API endpoint of the kubernetes API
+cluster_endpoint = "https://controlplane-1.test:6443"
+
+// The name of the cluster
+cluster_name = "talos"
+
+// A YAML string of common config patches to apply
+common_config_patches = "\"cluster\":\n  \"apiServer\":\n    \"certSANs\":\n    - \"localhost\"\n    - \"controlplane-1.test\"\n    - \"10.5.0.2\"\n  \"extraManifests\":\n  - \"https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/v0.8.7/deploy/standalone-install.yaml\"\n\"machine\":\n  \"certSANs\":\n  - \"localhost\"\n  - \"controlplane-1.test\"\n  - \"10.5.0.2\"\n  \"features\":\n    \"hostDNS\":\n      \"forwardKubeDNSToHost\": true\n  \"kubelet\":\n    \"extraArgs\":\n      \"rotate-server-certificates\": \"true\"\n  \"network\":\n    \"interfaces\":\n    - \"ignore\": true\n      \"interface\": \"eth0\"\n  \"registries\":\n    \"mirrors\":\n      \"docker.io\":\n        \"endpoints\":\n        - \"http://registry-1.docker.test:5000\"\n      \"gcr.io\":\n        \"endpoints\":\n        - \"http://gcr.test:5000\"\n      \"ghcr.io\":\n        \"endpoints\":\n        - \"http://ghcr.test:5000\"\n      \"quay.io\":\n        \"endpoints\":\n        - \"http://quay.test:5000\"\n      \"registry.k8s.io\":\n        \"endpoints\":\n        - \"http://registry.k8s.test:5000\"\n      \"registry.test\":\n        \"endpoints\":\n        - \"http://registry.test:5000\""
+
+// Machine config details for control planes
+controlplanes = [{
+  endpoint = "controlplane-1.test"
+  hostname = "controlplane-1.test"
+  node     = "controlplane-1.test"
+}]
+
+// A YAML string of worker config patches to apply
+worker_config_patches = "\"machine\":\n  \"kubelet\":\n    \"extraMounts\":\n    - \"destination\": \"/var/local\"\n      \"options\":\n      - \"rbind\"\n      - \"rw\"\n      \"source\": \"/var/local\"\n      \"type\": \"bind\""
+
+// Machine config details for workers
+workers = [{
+  endpoint = "worker-1.test"
+  hostname = "worker-1.test"
+  node     = "worker-1.test"
+}]
diff --git a/contexts/colima/terraform/gitops/flux.tfvars → ...cker-desktop/terraform/gitops/flux.tfvars b/contexts/colima/terraform/gitops/flux.tfvars → ...cker-desktop/terraform/gitops/flux.tfvars
@@ -1,5 +1,5 @@
 // Managed by Windsor CLI: This file is partially managed by the windsor CLI. Your changes will not be overwritten.
-// Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=v0.1.2
+// Module source: github.com/windsorcli/core//terraform/gitops/flux?ref=main
 
 // The git password or PAT used to authenticate with the git provider
 git_password = "local"

diff --git a/terraform/cluster/talos/.terraform.lock.hcl b/terraform/cluster/talos/.terraform.lock.hcl
diff --git a/terraform/gitops/flux/.terraform.lock.hcl b/terraform/gitops/flux/.terraform.lock.hcl
diff --git a/windsor.yaml b/windsor.yaml
@@ -1,6 +1,6 @@
 version: v1alpha1
 contexts:
-  colima:
+  local-colima:
     docker:
       enabled: true
       registries:
@@ -43,6 +43,11 @@ contexts:
         count: 1
         cpu: 4
         memory: 4
+        hostports:
+        - 8080:30080/tcp
+        - 8443:30443/tcp
+        - 9292:30292/tcp
+        - 8053:30053/udp
         volumes:
         - ${WINDSOR_PROJECT_ROOT}/.volumes:/var/local
     network:
@@ -53,9 +58,7 @@ contexts:
     dns:
       enabled: true
       domain: test
-      forward:
-      - 10.5.1.1
-  docker-desktop:
+  local-docker-desktop:
     docker:
       enabled: true
       registries:
@@ -99,8 +102,8 @@ contexts:
         cpu: 4
         memory: 4
         hostports:
-        - 80:30080/tcp
-        - 443:30443/tcp
+        - 8080:30080/tcp
+        - 8443:30443/tcp
         - 9292:30292/tcp
         - 8053:30053/udp
         volumes:
@@ -110,5 +113,3 @@ contexts:
     dns:
       enabled: true
       domain: test
-      forward:
-      - 10.5.0.1:8053