jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Add omni template for my cluster.

Browse source
This commit is contained in:
Joseph Hanson 2024-02-20 11:29:28 -06:00
parent f5bc72fff7
commit 724092279c
2 changed files with 140 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -12,5 +12,4 @@ Thumbs.db
kubeconfig*
talosconfig.yaml
omniconfig.yaml
omni-template.yaml
config.xml

140
omni-template.yaml Normal file
View file

@ -0,0 +1,140 @@
kind: Cluster
name: homelab
kubernetes:
version: v1.29.2
talos:
version: v1.6.4
features:
backupConfiguration:
interval: 1h0m0s
patches:
- idOverride: 500-2f051f5c-7177-4cbb-b3c9-801e5eb556b1
annotations:
name: increase fs events
inline:
machine:
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
- idOverride: 500-602f425a-d488-4ecd-a528-68118bfc6cb1
annotations:
name: openebs local mounts
inline:
machine:
kubelet:
extraMounts:
- destination: /var/openebs/local
options:
- bind
- rshared
- rw
source: /var/openebs/local
type: bind
- idOverride: 500-63fc2c84-33e5-42ae-b79e-e48928d8ef9a
annotations:
description: Disables flannel and kube-proxy to make way for cilium.
name: disable-cni
inline:
cluster:
network:
cni:
name: none
proxy:
disabled: true
- idOverride: 500-a6b7ecdb-884f-44b1-8eee-709a4b4d99a1
annotations:
description: Patch for spegel to work with containerd
name: spegel-containerd
inline:
machine:
files:
- content: |-
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
op: create
path: /etc/cri/conf.d/20-customization.part
permissions: 0
- idOverride: 500-b9b199c3-030b-48d2-a34b-dc47fa07372b
annotations:
name: default seccomp
inline:
machine:
kubelet:
defaultRuntimeSeccompProfileEnabled: true
---
kind: ControlPlane
machines:
- 4c4c4544-0038-4810-8057-b5c04f513232
- 4c4c4544-0047-3010-804a-b2c04f4d3232
- 4c4c4544-0047-4c10-8056-b7c04f513232
patches:
- idOverride: 500-0b228a5c-62b8-4f22-9908-2e98dcd82559
annotations:
description: Enable several monitoring services on the control planes
name: monitoring
inline:
cluster:
apiServer:
extraArgs:
bind-address: 0.0.0.0
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0
- idOverride: 500-c714a4d2-d205-4bc2-924b-aa1a4c174d9a
annotations:
name: disable pod security
inline:
cluster:
apiServer:
disablePodSecurityPolicy: true
- idOverride: 500-f7275be8-0f4a-40f0-8da8-d2dcaa93e575
annotations:
name: remove admission contollers
inline:
cluster:
apiServer:
admissionControl:
- configuration:
exemptions:
namespaces:
- openebs-system
- security
- kyverno
- rook-ceph
name: PodSecurity
---
kind: Workers
machines:
- 325dfcd5-a5fa-d714-5037-8df713d9f4f1
- 4968005b-9579-5c15-6d32-7b58e850a7d9
- 95d6c80f-d76e-42c2-7e77-c9938b5b52bf
---
kind: Machine
name: 325dfcd5-a5fa-d714-5037-8df713d9f4f1
---
kind: Machine
name: 4968005b-9579-5c15-6d32-7b58e850a7d9
---
kind: Machine
name: 4c4c4544-0038-4810-8057-b5c04f513232
---
kind: Machine
name: 4c4c4544-0047-3010-804a-b2c04f4d3232
---
kind: Machine
name: 4c4c4544-0047-4c10-8056-b7c04f513232
---
kind: Machine
name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf