From 724092279c59da0b3ff384dd4bd2f3124ecea03c Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 20 Feb 2024 11:29:28 -0600 Subject: [PATCH] Add omni template for my cluster. --- .gitignore | 1 - omni-template.yaml | 140 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 omni-template.yaml diff --git a/.gitignore b/.gitignore index 7b420f1..6cc61eb 100644 --- a/.gitignore +++ b/.gitignore @@ -12,5 +12,4 @@ Thumbs.db kubeconfig* talosconfig.yaml omniconfig.yaml -omni-template.yaml config.xml diff --git a/omni-template.yaml b/omni-template.yaml new file mode 100644 index 0000000..a21bd11 --- /dev/null +++ b/omni-template.yaml @@ -0,0 +1,140 @@ +kind: Cluster +name: homelab +kubernetes: + version: v1.29.2 +talos: + version: v1.6.4 +features: + backupConfiguration: + interval: 1h0m0s +patches: + - idOverride: 500-2f051f5c-7177-4cbb-b3c9-801e5eb556b1 + annotations: + name: increase fs events + inline: + machine: + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + - idOverride: 500-602f425a-d488-4ecd-a528-68118bfc6cb1 + annotations: + name: openebs local mounts + inline: + machine: + kubelet: + extraMounts: + - destination: /var/openebs/local + options: + - bind + - rshared + - rw + source: /var/openebs/local + type: bind + - idOverride: 500-63fc2c84-33e5-42ae-b79e-e48928d8ef9a + annotations: + description: Disables flannel and kube-proxy to make way for cilium. + name: disable-cni + inline: + cluster: + network: + cni: + name: none + proxy: + disabled: true + - idOverride: 500-a6b7ecdb-884f-44b1-8eee-709a4b4d99a1 + annotations: + description: Patch for spegel to work with containerd + name: spegel-containerd + inline: + machine: + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + op: create + path: /etc/cri/conf.d/20-customization.part + permissions: 0 + - idOverride: 500-b9b199c3-030b-48d2-a34b-dc47fa07372b + annotations: + name: default seccomp + inline: + machine: + kubelet: + defaultRuntimeSeccompProfileEnabled: true +--- +kind: ControlPlane +machines: + - 4c4c4544-0038-4810-8057-b5c04f513232 + - 4c4c4544-0047-3010-804a-b2c04f4d3232 + - 4c4c4544-0047-4c10-8056-b7c04f513232 +patches: + - idOverride: 500-0b228a5c-62b8-4f22-9908-2e98dcd82559 + annotations: + description: Enable several monitoring services on the control planes + name: monitoring + inline: + cluster: + apiServer: + extraArgs: + bind-address: 0.0.0.0 + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - idOverride: 500-c714a4d2-d205-4bc2-924b-aa1a4c174d9a + annotations: + name: disable pod security + inline: + cluster: + apiServer: + disablePodSecurityPolicy: true + - idOverride: 500-f7275be8-0f4a-40f0-8da8-d2dcaa93e575 + annotations: + name: remove admission contollers + inline: + cluster: + apiServer: + admissionControl: + - configuration: + exemptions: + namespaces: + - openebs-system + - security + - kyverno + - rook-ceph + name: PodSecurity +--- +kind: Workers +machines: + - 325dfcd5-a5fa-d714-5037-8df713d9f4f1 + - 4968005b-9579-5c15-6d32-7b58e850a7d9 + - 95d6c80f-d76e-42c2-7e77-c9938b5b52bf +--- +kind: Machine +name: 325dfcd5-a5fa-d714-5037-8df713d9f4f1 +--- +kind: Machine +name: 4968005b-9579-5c15-6d32-7b58e850a7d9 +--- +kind: Machine +name: 4c4c4544-0038-4810-8057-b5c04f513232 +--- +kind: Machine +name: 4c4c4544-0047-3010-804a-b2c04f4d3232 +--- +kind: Machine +name: 4c4c4544-0047-4c10-8056-b7c04f513232 +--- +kind: Machine +name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf