Files
auricom-home-cluster/kubernetes/talos/cluster-0/talconfig.yaml
auricom 25af3c5090 ⬆️ talos v1.6.4
2024-02-05 20:50:53 +01:00

136 lines
3.2 KiB
YAML

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
#
# Image URL rendered on https://factory.talos.dev
# talhelper genurl installer
clusterName: cluster-0
# renovate: depName=ghcr.io/siderolabs/installer datasource=docker extractVersion=^(?<version>.*)$
talosVersion: v1.6.4
# renovate: depName=kubernetes/kubernetes datasource=github-releases extractVersion=^v(?<version>.*)$
kubernetesVersion: v1.29.1
endpoint: https://cluster-0.${domainName}:6443
cniConfig:
name: none
additionalApiServerCertSans: &san
- ${clusterEndpointIP}
- https://cluster-0.${domainName}:6443
- "127.0.0.1" # KubePrism
additionalMachineCertSans: *san
nodes:
# - hostname: talos-node-1
# ipAddress: 192.168.9.101
# controlPlane: true
# installDisk: /dev/nvme0n1
- hostname: talos-node-2
ipAddress: 192.168.9.102
controlPlane: true
installDisk: /dev/nvme0n1
- hostname: talos-node-3
ipAddress: 192.168.9.103
controlPlane: true
installDisk: /dev/nvme0n1
- hostname: talos-node-4
ipAddress: 192.168.9.104
controlPlane: true
installDisk: /dev/nvme0n1
controlPlane:
schematic:
customization:
extraKernelArgs:
- net.ifnames=0
systemExtensions:
officialExtensions:
- siderolabs/intel-ucode
- siderolabs/i915-ucode
patches:
# Disable search domain everywhere
- |-
machine:
network:
disableSearchDomain: true
# Configure NTP
- |-
machine:
time:
disabled: false
servers:
- 192.168.8.1
# Enable KubePrism
- |-
machine:
features:
kubePrism:
enabled: true
port: 7445
# Configure cluster loopback
- |-
machine:
network:
extraHostEntries:
- ip: ${clusterEndpointIP}
aliases:
- cluster-0.${domainName}
# Cluster configuration
- |-
cluster:
allowSchedulingOnMasters: true
proxy:
disabled: true
# Configure containerd
- |-
machine:
files:
- op: create
path: /etc/cri/conf.d/20-customization.part
content: |
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
# Disable default API server admission plugins.
- |-
- op: remove
path: /cluster/apiServer/admissionControl
# Kubelet configuration
- |-
machine:
kubelet:
extraArgs:
feature-gates: GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false
rotate-server-certificates: "true"
extraConfig:
maxPods: 150
# Custom sysctls
- |-
machine:
sysctls:
fs.inotify.max_user_watches: "1048576"
fs.inotify.max_user_instances: "8192"
# Redirect logs
- |-
machine:
install:
extraKernelArgs:
- "talos.logging.kernel=udp://192.168.169.108:6050/"
logging:
destinations:
- endpoint: "udp://192.168.169.108:6051/"
format: json_lines