---
# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
#
# Image URL rendered on https://factory.talos.dev
# talhelper genurl installer

clusterName: cluster-0

# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
talosVersion: v1.8.1
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: v1.31.1
endpoint: https://cluster-0.${internalDomain}:6443
allowSchedulingOnMasters: true
cniConfig:
  name: none

additionalApiServerCertSans: &san
  - ${clusterEndpointIP}
  - https://cluster-0.${internalDomain}:6443
  - 127.0.0.1 # KubePrism

additionalMachineCertSans: *san

patches:
  - |-
    machine:
      kubelet:
        extraMounts:
          - destination: /var/openebs/local
            type: bind
            source: /var/openebs/local
            options:
              - rbind
              - rshared
              - rw

nodes:
  - hostname: talos-node-1
    ipAddress: 192.168.9.101
    controlPlane: false
    installDisk: /dev/nvme0n1
  - hostname: talos-node-2
    ipAddress: 192.168.9.102
    controlPlane: true
    installDisk: /dev/nvme0n1
  - hostname: talos-node-3
    ipAddress: 192.168.9.103
    controlPlane: true
    installDisk: /dev/nvme0n1
  - hostname: talos-node-4
    ipAddress: 192.168.9.104
    controlPlane: true
    installDisk: /dev/nvme0n1

controlPlane:
  schematic:
    customization:
      extraKernelArgs:
        - net.ifnames=0
      systemExtensions:
        officialExtensions:
          - siderolabs/i915-ucode
          - siderolabs/intel-ucode
          - siderolabs/mei

  patches:
    # Disable search domain everywhere
    - |-
      machine:
        network:
          disableSearchDomain: true

    # Disable Host DNS
    - |-
      machine:
        features:
          hostDNS:
            enabled: true
            resolveMemberNames: true
            forwardKubeDNSToHost: false

    # Configure NTP
    - |-
      machine:
        time:
          disabled: false
          servers:
            - 192.168.8.1

    # Enable KubePrism
    - |-
      machine:
        features:
          kubePrism:
            enabled: true
            port: 7445

    # Configure cluster loopback
    - |-
      machine:
        network:
          extraHostEntries:
            - ip: ${clusterEndpointIP}
              aliases:
                - cluster-0.${internalDomain}

    # Cluster configuration
    - |-
      cluster:
        allowSchedulingOnMasters: true
        proxy:
          disabled: true

    # Configure containerd
    - |-
      machine:
        files:
          - op: create
            path: /etc/cri/conf.d/20-customization.part
            content: |
              [plugins]
                [plugins."io.containerd.grpc.v1.cri"]
                  enable_unprivileged_ports = true
                  enable_unprivileged_icmp = true

    # Disable default API server admission plugins.
    - |-
      - op: remove
        path: /cluster/apiServer/admissionControl

    # Kubelet configuration
    - |-
      machine:
        kubelet:
          extraArgs:
            rotate-server-certificates: "true"
          extraConfig:
            maxPods: 150

    # Custom sysctls
    - |-
      machine:
        sysctls:
          fs.inotify.max_queued_events: "65536"
          fs.inotify.max_user_instances: "8192"
          fs.inotify.max_user_watches: "524288"
          net.core.rmem_max: "7500000"
          net.core.wmem_max: "7500000"

    # Redirect logs
    # - |-
    #   machine:
    #     install:
    #       extraKernelArgs:
    #         - "talos.logging.kernel=udp://192.168.169.108:6050/"
    #     logging:
    #       destinations:
    #         - endpoint: "udp://192.168.169.108:6051/"
    #           format: json_lines