fix: static ip node ep

infrastructure/talos/hegira/talconfig.yaml

@@ -1,7 +1,7 @@
 clusterName: hegira
-talosVersion: v1.4.4
-kubernetesVersion: 1.26.4
-endpoint: https://hegira.${DOMAINNAME}:6443
+talosVersion: v1.6.6
+kubernetesVersion: 1.27.7
+endpoint: https://10.8.20.30:6443
 allowSchedulingOnMasters: true
 cniConfig:
   name: none
@@ -21,6 +21,8 @@ nodes:
       - interface: eth0
         mtu: 0
         dhcp: true
+        vip:
+          ip: 10.8.20.30
   - hostname: shodan.${DOMAINNAME}
     ipAddress: 10.8.20.42
     controlPlane: true
@@ -30,6 +32,8 @@ nodes:
       - interface: eth0
         mtu: 0
         dhcp: true
+        vip:
+          ip: 10.8.20.30
   - hostname: icarus.${DOMAINNAME}
     ipAddress: 10.8.20.44
     controlPlane: true
@@ -39,6 +43,8 @@ nodes:
       - interface: eth0
         mtu: 0
         dhcp: true
+        vip:
+          ip: 10.8.20.30
 controlPlane:
   inlinePatch:
     cluster:
@@ -50,7 +56,6 @@ controlPlane:
         admissionControl: []
         certSANs:
           - ${CLUSTERENDPOINTIP}
-          - heigra.${DOMAINNAME}
         extraArgs:
           feature-gates: MixedProtocolLBService=true,EphemeralContainers=True
       ca:
@@ -89,7 +94,6 @@ controlPlane:
         key: ${MACHINECERTKEY}
       certSANs:
         - ${CLUSTERENDPOINTIP}
-        - hegira.${DOMAINNAME}
       files:
         - content: |
             [plugins."io.containerd.grpc.v1.cri"]

kubernetes/apps/kube-system/cilium/app/helmrelease.yaml

@@ -41,7 +41,7 @@ spec:
     kubeProxyReplacement: "strict"
     kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256
     ipv4NativeRoutingCIDR: ${NETWORK_K8S_POD_CIDR}
-    k8sServiceHost: "hegira.${INTERNAL_DOMAIN}"
+    k8sServiceHost: "10.8.20.30"
     k8sServicePort: 6443
     loadBalancer:
       algorithm: "maglev"

kubernetes/bootstrap/cilium.yaml

@@ -163,7 +163,6 @@ data:
 ---
 # Source: cilium/templates/cilium-agent/clusterrole.yaml
 
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -270,7 +269,6 @@ rules:
 ---
 # Source: cilium/templates/cilium-operator/clusterrole.yaml
 
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -378,7 +376,6 @@ rules:
 ---
 # Source: cilium/templates/cilium-agent/clusterrolebinding.yaml
 
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -399,7 +396,6 @@ subjects:
 ---
 # Source: cilium/templates/cilium-operator/clusterrolebinding.yaml
 
-
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -420,7 +416,6 @@ subjects:
 ---
 # Source: cilium/templates/cilium-agent/daemonset.yaml
 
-
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -546,7 +541,7 @@ spec:
                   key: custom-cni-conf
                   optional: true
             - name: KUBERNETES_SERVICE_HOST
-              value: "hegira.natallan.com"
+              value: "10.8.20.30"
             - name: KUBERNETES_SERVICE_PORT
               value: "6443"
           lifecycle:
@@ -634,7 +629,7 @@ spec:
                   key: clean-cilium-bpf-state
                   optional: true
             - name: KUBERNETES_SERVICE_HOST
-              value: "hegira.natallan.com"
+              value: "10.8.20.30"
             - name: KUBERNETES_SERVICE_PORT
               value: "6443"
           securityContext:
@@ -713,7 +708,6 @@ spec:
 ---
 # Source: cilium/templates/cilium-operator/deployment.yaml
 
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -785,7 +779,7 @@ spec:
                   name: cilium-config
                   optional: true
             - name: KUBERNETES_SERVICE_HOST
-              value: "hegira.natallan.com"
+              value: "10.8.20.30"
             - name: KUBERNETES_SERVICE_PORT
               value: "6443"
           livenessProbe: