This PR migrates to Talos Linux for all environments.
The Terraform configuration is simplified to a single base module in modules/base
It uses three t3a.small instances for sandbox and t3a.medium instances for staging and production.
It adds a GitHub OIDC provider to allow GitHub to request session tokens and removes the need to store AWS credentials in GitHub secrets.
IAM roles are attached to an EC2 instance profile to allow EC2 instances to pull images from ECR and use S3 static storage without AWS access credentials. It achieves this by using an ECR credential helper in Talos. S3 access is not fully working yet and requires connection of the cluster OIDC config to AWS as per https://nikogura.com/TalosAWSOIDC.html
Finally, it installs ArgoCD in the cluster and bootstraps the cluster using the app of apps pattern.
Note that even though the base module installs Talos Linux, it has been structured to make it easy to drop an alternative AMI image.
This PR migrates to Talos Linux for all environments.
Note that even though the base module installs Talos Linux, it has been structured to make it easy to drop an alternative AMI image.