152 lines
3.4 KiB
YAML
152 lines
3.4 KiB
YAML
|
---
|
||
|
# yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json
|
||
|
clusterName: valinor
|
||
|
|
||
|
talosVersion: v1.7.1
|
||
|
kubernetesVersion: 1.28.4
|
||
|
endpoint: "https://10.1.1.57:6443"
|
||
|
|
||
|
cniConfig:
|
||
|
name: none
|
||
|
|
||
|
additionalApiServerCertSans:
|
||
|
- 10.1.1.57
|
||
|
|
||
|
additionalMachineCertSans:
|
||
|
- 10.1.1.57
|
||
|
|
||
|
nodes:
|
||
|
- hostname: shadowfax
|
||
|
disableSearchDomain: true
|
||
|
ipAddress: 10.1.1.61
|
||
|
controlPlane: true
|
||
|
installDiskSelector:
|
||
|
busPath: /dev/nvme0n1
|
||
|
networkInterfaces:
|
||
|
- interface: eth0
|
||
|
dhcp: true
|
||
|
kernelModules:
|
||
|
- name: nvidia
|
||
|
- name: nvidia_uvm
|
||
|
- name: nvidia_drm
|
||
|
- name: nvidia_modeset
|
||
|
schematic:
|
||
|
customization:
|
||
|
systemExtensions:
|
||
|
officialExtensions:
|
||
|
- "siderolabs/amd-ucode"
|
||
|
- "siderolabs/nonfree-kmod-nvidia"
|
||
|
- "siderolabs/nvidia-container-toolkit"
|
||
|
patches:
|
||
|
- |-
|
||
|
machine:
|
||
|
sysctls:
|
||
|
net.core.bpf_jit_harden: 1
|
||
|
controlPlane:
|
||
|
patches:
|
||
|
# Disable search domain everywhere
|
||
|
- |-
|
||
|
machine:
|
||
|
network:
|
||
|
disableSearchDomain: true
|
||
|
|
||
|
# Force nameserver
|
||
|
- |-
|
||
|
machine:
|
||
|
network:
|
||
|
nameservers:
|
||
|
- 10.1.1.11
|
||
|
|
||
|
# Configure NTP
|
||
|
- |-
|
||
|
machine:
|
||
|
time:
|
||
|
disabled: false
|
||
|
servers:
|
||
|
- 10.1.1.1
|
||
|
|
||
|
# Enable KubePrism
|
||
|
- |-
|
||
|
machine:
|
||
|
features:
|
||
|
kubePrism:
|
||
|
enabled: true
|
||
|
port: 7445
|
||
|
|
||
|
# Cluster configuration
|
||
|
- |-
|
||
|
cluster:
|
||
|
allowSchedulingOnMasters: true
|
||
|
proxy:
|
||
|
disabled: true
|
||
|
|
||
|
# ETCD configuration
|
||
|
- |-
|
||
|
cluster:
|
||
|
etcd:
|
||
|
advertisedSubnets:
|
||
|
- 10.1.1.0/24
|
||
|
|
||
|
# Configure containerd
|
||
|
- |-
|
||
|
machine:
|
||
|
files:
|
||
|
- op: create
|
||
|
path: /etc/cri/conf.d/20-customization.part
|
||
|
content: |
|
||
|
[plugins]
|
||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||
|
enable_unprivileged_ports = true
|
||
|
enable_unprivileged_icmp = true
|
||
|
[plugins."io.containerd.grpc.v1.cri".containerd]
|
||
|
discard_unpacked_layers = false
|
||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||
|
discard_unpacked_layers = false
|
||
|
|
||
|
# Disable default API server admission plugins.
|
||
|
- |-
|
||
|
- op: remove
|
||
|
path: /cluster/apiServer/admissionControl
|
||
|
|
||
|
# Enable K8s Talos API Access
|
||
|
- |-
|
||
|
machine:
|
||
|
features:
|
||
|
kubernetesTalosAPIAccess:
|
||
|
enabled: true
|
||
|
allowedRoles:
|
||
|
- os:admin
|
||
|
allowedKubernetesNamespaces:
|
||
|
- system-upgrade
|
||
|
|
||
|
# Kubelet configuration
|
||
|
- |-
|
||
|
machine:
|
||
|
kubelet:
|
||
|
defaultRuntimeSeccompProfileEnabled: true
|
||
|
extraArgs:
|
||
|
rotate-server-certificates: "true"
|
||
|
extraConfig:
|
||
|
maxPods: 150
|
||
|
nodeIP:
|
||
|
validSubnets:
|
||
|
- 10.1.1.0/24
|
||
|
extraMounts:
|
||
|
- destination: /var/openebs/local
|
||
|
options:
|
||
|
- bind
|
||
|
- rshared
|
||
|
- rw
|
||
|
source: /var/openebs/local
|
||
|
type: bind
|
||
|
|
||
|
# Custom sysctls
|
||
|
- |-
|
||
|
machine:
|
||
|
sysctls:
|
||
|
fs.inotify.max_queued_events: "65536"
|
||
|
fs.inotify.max_user_instances: "8192"
|
||
|
fs.inotify.max_user_watches: "524288"
|
||
|
net.core.rmem_max: "2500000"
|
||
|
net.core.wmem_max: "2500000"
|