---
# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
#
# Image URL rendered on https://factory.talos.dev
# talhelper genurl installer

clusterName: cluster-0

# renovate: depName=ghcr.io/siderolabs/installer datasource=docker extractVersion=^(?<version>.*)$
talosVersion: v1.6.5
# renovate: depName=kubernetes/kubernetes datasource=github-releases extractVersion=^v(?<version>.*)$
kubernetesVersion: v1.29.2
endpoint: https://cluster-0.${domainName}:6443

cniConfig:
  name: none

additionalApiServerCertSans: &san
  - ${clusterEndpointIP}
  - https://cluster-0.${domainName}:6443
  - "127.0.0.1" # KubePrism

additionalMachineCertSans: *san

nodes:
  - hostname: talos-node-1
    ipAddress: 192.168.9.101
    controlPlane: false
    installDisk: /dev/nvme0n1
  - hostname: talos-node-2
    ipAddress: 192.168.9.102
    controlPlane: true
    installDisk: /dev/nvme0n1
  - hostname: talos-node-3
    ipAddress: 192.168.9.103
    controlPlane: true
    installDisk: /dev/nvme0n1
  - hostname: talos-node-4
    ipAddress: 192.168.9.104
    controlPlane: true
    installDisk: /dev/nvme0n1

controlPlane:
  schematic:
    customization:
      extraKernelArgs:
        - net.ifnames=0
      systemExtensions:
        officialExtensions:
          - siderolabs/intel-ucode
          - siderolabs/i915-ucode

  patches:
    # Disable search domain everywhere
    - |-
      machine:
        network:
          disableSearchDomain: true

    # Configure NTP
    - |-
      machine:
        time:
          disabled: false
          servers:
            - 192.168.8.1

    # Enable KubePrism
    - |-
      machine:
        features:
          kubePrism:
            enabled: true
            port: 7445

    # Configure cluster loopback
    - |-
      machine:
        network:
          extraHostEntries:
            - ip: ${clusterEndpointIP}
              aliases:
                - cluster-0.${domainName}

    # Cluster configuration
    - |-
      cluster:
        allowSchedulingOnMasters: true
        proxy:
          disabled: true

    # Configure containerd
    - |-
      machine:
        files:
          - op: create
            path: /etc/cri/conf.d/20-customization.part
            content: |
              [plugins]
                [plugins."io.containerd.grpc.v1.cri"]
                  enable_unprivileged_ports = true
                  enable_unprivileged_icmp = true

    # Disable default API server admission plugins.
    - |-
      - op: remove
        path: /cluster/apiServer/admissionControl

    # Kubelet configuration
    - |-
      machine:
        kubelet:
          extraArgs:
            feature-gates: GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false
            rotate-server-certificates: "true"
          extraConfig:
            maxPods: 150

    # Custom sysctls
    - |-
      machine:
        sysctls:
          fs.inotify.max_user_watches: "1048576"
          fs.inotify.max_user_instances: "8192"

    # Redirect logs
    - |-
      machine:
        install:
          extraKernelArgs:
            - "talos.logging.kernel=udp://192.168.169.108:6050/"
        logging:
          destinations:
            - endpoint: "udp://192.168.169.108:6051/"
              format: json_lines