2024-05-06 08:53:47 -05:00
|
|
|
---
|
2024-07-20 10:43:02 -05:00
|
|
|
# yaml-language-server: $schema=https://ks.hsn.dev/talhelper-schema.json
|
2024-05-06 09:46:03 -05:00
|
|
|
clusterName: homelab
|
2024-05-06 08:53:47 -05:00
|
|
|
|
2024-07-20 13:00:50 -05:00
|
|
|
talosVersion: v1.8.0-alpha.1
|
2024-07-04 11:33:24 -05:00
|
|
|
kubernetesVersion: 1.30.2
|
2024-08-08 10:39:19 -05:00
|
|
|
endpoint: "https://${clusterEndpointIP}:6443"
|
2024-05-06 08:53:47 -05:00
|
|
|
|
2024-08-08 10:39:19 -05:00
|
|
|
additionalApiServerCertSans: &san
|
|
|
|
- ${clusterEndpointIP}
|
|
|
|
- "127.0.0.1" # KubePrism
|
2024-05-06 08:53:47 -05:00
|
|
|
|
2024-08-08 10:39:19 -05:00
|
|
|
additionalMachineCertSans: *san
|
2024-05-06 08:53:47 -05:00
|
|
|
|
|
|
|
nodes:
|
|
|
|
- hostname: shadowfax
|
|
|
|
disableSearchDomain: true
|
|
|
|
ipAddress: 10.1.1.61
|
|
|
|
controlPlane: true
|
|
|
|
installDiskSelector:
|
2024-05-07 19:05:31 -05:00
|
|
|
busPath: /pci0000:20/0000:20:01.2/0000:2c:00.0/nvme/nvme4/nvme4n1
|
2024-07-11 16:09:49 -05:00
|
|
|
machineDisks:
|
2024-07-11 20:52:32 -05:00
|
|
|
- device: /dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C
|
2024-07-11 16:09:49 -05:00
|
|
|
partitions:
|
|
|
|
- mountpoint: /var/mnt/nvme1
|
2024-05-06 08:53:47 -05:00
|
|
|
networkInterfaces:
|
2024-08-08 10:39:19 -05:00
|
|
|
- interface: bond0
|
2024-08-29 06:28:28 -05:00
|
|
|
dhcp: false
|
|
|
|
addresses:
|
|
|
|
- 10.1.1.61
|
2024-08-08 10:39:19 -05:00
|
|
|
bond:
|
2024-09-01 22:36:01 -05:00
|
|
|
mode: active-backup
|
2024-08-08 10:39:19 -05:00
|
|
|
lacpRate: fast
|
|
|
|
miimon: 100
|
|
|
|
deviceSelectors:
|
|
|
|
- hardwareAddr: 04:42:1a:ef:35:74
|
|
|
|
driver: ixgbe
|
|
|
|
- hardwareAddr: 04:42:1a:ef:35:75
|
|
|
|
driver: ixgbe
|
|
|
|
vlans:
|
|
|
|
- &vlan-iot
|
|
|
|
vlanId: 30
|
|
|
|
mtu: 1500
|
|
|
|
dhcp: true
|
|
|
|
dhcpOptions:
|
|
|
|
routeMetric: 4096
|
2024-05-06 08:53:47 -05:00
|
|
|
kernelModules:
|
|
|
|
- name: nvidia
|
|
|
|
- name: nvidia_uvm
|
|
|
|
- name: nvidia_drm
|
|
|
|
- name: nvidia_modeset
|
|
|
|
schematic:
|
|
|
|
customization:
|
|
|
|
systemExtensions:
|
|
|
|
officialExtensions:
|
2024-05-07 19:05:31 -05:00
|
|
|
- siderolabs/amd-ucode
|
|
|
|
- siderolabs/nonfree-kmod-nvidia
|
|
|
|
- siderolabs/nvidia-container-toolkit
|
2024-07-08 10:25:04 -05:00
|
|
|
# Need talos 1.8 for nvidia and zfs to coexist
|
|
|
|
# https://github.com/siderolabs/extensions/issues/380
|
2024-07-20 13:00:50 -05:00
|
|
|
- siderolabs/zfs
|
2024-05-07 19:05:31 -05:00
|
|
|
|
2024-05-06 08:53:47 -05:00
|
|
|
patches:
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
sysctls:
|
|
|
|
net.core.bpf_jit_harden: 1
|
2024-07-11 16:09:49 -05:00
|
|
|
vm.nr_hugepages: "1024"
|
|
|
|
- &kubelet_extra_mounts |-
|
|
|
|
machine:
|
|
|
|
kubelet:
|
|
|
|
extraMounts:
|
|
|
|
- destination: /var/mnt/nvme1
|
|
|
|
type: bind
|
|
|
|
source: /var/mnt/nvme1
|
|
|
|
options:
|
|
|
|
- rbind
|
|
|
|
- rshared
|
|
|
|
- rw
|
2024-08-08 12:50:06 -05:00
|
|
|
# disables new feature that forwards kube-dns to host-dns 10.96.0.10 --> 10.96.0.9
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
features:
|
|
|
|
hostDNS:
|
|
|
|
enabled: true
|
|
|
|
forwardKubeDNSToHost: false
|
|
|
|
|
2024-05-06 08:53:47 -05:00
|
|
|
controlPlane:
|
|
|
|
patches:
|
|
|
|
# Disable search domain everywhere
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
network:
|
|
|
|
disableSearchDomain: true
|
|
|
|
|
|
|
|
# Force nameserver
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
network:
|
|
|
|
nameservers:
|
2024-05-06 14:01:09 -05:00
|
|
|
- 10.1.1.1
|
2024-05-06 08:53:47 -05:00
|
|
|
|
|
|
|
# Configure NTP
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
time:
|
|
|
|
disabled: false
|
|
|
|
servers:
|
2024-09-01 21:16:41 -05:00
|
|
|
- time.cloudflare.com
|
2024-05-06 08:53:47 -05:00
|
|
|
|
|
|
|
# Enable KubePrism
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
features:
|
|
|
|
kubePrism:
|
|
|
|
enabled: true
|
|
|
|
port: 7445
|
|
|
|
|
|
|
|
# Cluster configuration
|
|
|
|
- |-
|
|
|
|
cluster:
|
|
|
|
allowSchedulingOnMasters: true
|
|
|
|
proxy:
|
|
|
|
disabled: true
|
2024-05-06 14:01:09 -05:00
|
|
|
network:
|
|
|
|
cni:
|
|
|
|
name: none
|
2024-05-14 08:56:38 -05:00
|
|
|
controllerManager:
|
|
|
|
extraArgs:
|
|
|
|
bind-address: 0.0.0.0
|
|
|
|
etcd:
|
|
|
|
extraArgs:
|
|
|
|
listen-metrics-urls: http://0.0.0.0:2381
|
|
|
|
scheduler:
|
|
|
|
extraArgs:
|
|
|
|
bind-address: 0.0.0.0
|
2024-05-06 08:53:47 -05:00
|
|
|
|
|
|
|
# ETCD configuration
|
|
|
|
- |-
|
|
|
|
cluster:
|
|
|
|
etcd:
|
|
|
|
advertisedSubnets:
|
|
|
|
- 10.1.1.0/24
|
|
|
|
|
|
|
|
# Disable default API server admission plugins.
|
|
|
|
- |-
|
|
|
|
- op: remove
|
|
|
|
path: /cluster/apiServer/admissionControl
|
|
|
|
|
|
|
|
# Enable K8s Talos API Access
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
features:
|
|
|
|
kubernetesTalosAPIAccess:
|
|
|
|
enabled: true
|
|
|
|
allowedRoles:
|
|
|
|
- os:admin
|
|
|
|
allowedKubernetesNamespaces:
|
|
|
|
- system-upgrade
|
|
|
|
|
|
|
|
# Kubelet configuration
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
kubelet:
|
|
|
|
defaultRuntimeSeccompProfileEnabled: true
|
|
|
|
extraArgs:
|
|
|
|
rotate-server-certificates: "true"
|
|
|
|
extraConfig:
|
|
|
|
maxPods: 150
|
|
|
|
nodeIP:
|
|
|
|
validSubnets:
|
|
|
|
- 10.1.1.0/24
|
|
|
|
extraMounts:
|
2024-05-07 19:05:31 -05:00
|
|
|
- destination: /var/openebs/keys
|
2024-07-08 10:25:04 -05:00
|
|
|
type: bind
|
|
|
|
source: /var/openebs/keys
|
2024-05-06 08:53:47 -05:00
|
|
|
options:
|
|
|
|
- bind
|
|
|
|
- rshared
|
|
|
|
- rw
|
2024-07-08 10:25:04 -05:00
|
|
|
- destination: /var/openebs/local
|
2024-05-06 08:53:47 -05:00
|
|
|
type: bind
|
2024-07-08 10:25:04 -05:00
|
|
|
source: /var/openebs/local
|
|
|
|
options:
|
|
|
|
- bind
|
|
|
|
- rshared
|
|
|
|
- rw
|
2024-05-06 08:53:47 -05:00
|
|
|
|
|
|
|
# Custom sysctls
|
|
|
|
- |-
|
|
|
|
machine:
|
|
|
|
sysctls:
|
|
|
|
fs.inotify.max_queued_events: "65536"
|
|
|
|
fs.inotify.max_user_instances: "8192"
|
|
|
|
fs.inotify.max_user_watches: "524288"
|
|
|
|
net.core.rmem_max: "2500000"
|
|
|
|
net.core.wmem_max: "2500000"
|
2024-07-03 11:22:17 -05:00
|
|
|
|
|
|
|
# Configure nfs mount options
|
2024-07-23 23:48:58 -05:00
|
|
|
- |
|
2024-07-03 11:22:17 -05:00
|
|
|
machine:
|
|
|
|
files:
|
|
|
|
- op: overwrite
|
|
|
|
path: /etc/nfsmount.conf
|
|
|
|
permissions: 0o644
|
|
|
|
content: |
|
|
|
|
[ NFSMount_Global_Options ]
|
2024-07-04 14:34:08 -05:00
|
|
|
nfsvers=4.1
|
2024-07-03 11:22:17 -05:00
|
|
|
hard=True
|
|
|
|
noatime=True
|
|
|
|
nodiratime=True
|
|
|
|
rsize=131072
|
|
|
|
wsize=131072
|
|
|
|
nconnect=8
|