more nodes!

2024-09-05 03:18:26 -05:00 · 2024-09-05 03:18:26 -05:00 · 83d2db71b3
commit 83d2db71b3
parent 2871b96407
2 changed files with 75 additions and 73 deletions
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yml
@ -1,2 +1,2 @@
 ---
-providerRegex: ^bilbo|^frodo|^sam$
+providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^shadowfax-01|^gandalf-01$
--- a/kubernetes/bootstrap/talos/talconfig.yaml
+++ b/kubernetes/bootstrap/talos/talconfig.yaml
@ -170,6 +170,73 @@ worker:
        officialExtensions:
          - siderolabs/intel-ucode
          - siderolabs/i915-ucode
  patches:
    # Configure containerd
    - &containerd |-
      machine:
        files:
          - op: create
            path: /etc/cri/conf.d/20-customization.part
            content: |
              [plugins]
                [plugins."io.containerd.grpc.v1.cri"]
                  enable_unprivileged_ports = true
                  enable_unprivileged_icmp = true
              [plugins."io.containerd.grpc.v1.cri".containerd]
                discard_unpacked_layers = false
              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
                discard_unpacked_layers = false
    # Kubelet configuration
    - &kubeletConf |-
      machine:
        kubelet:
          defaultRuntimeSeccompProfileEnabled: true
          extraArgs:
            rotate-server-certificates: "true"
          extraConfig:
            maxPods: 150
          nodeIP:
            validSubnets:
                - 10.1.1.0/24
    - &sysctls |-
      machine:
        sysctls:
          fs.inotify.max_queued_events: "65536"
          fs.inotify.max_user_instances: "8192"
          fs.inotify.max_user_watches: "524288"
          net.core.rmem_max: "2500000"
          net.core.wmem_max: "2500000"
    - &nfsMountOptions |-
      machine:
        files:
          - op: overwrite
            path: /etc/nfsmount.conf
            permissions: 0o644
            content: |
              [ NFSMount_Global_Options ]
              nfsvers=4.1
              hard=True
              noatime=True
              nodiratime=True
              rsize=131072
              wsize=131072
              nconnect=8
    - &hostDNS |-
      machine:
        features:
          hostDNS:
            enabled: true
            resolveMemberNames: true
            forwardKubeDNSToHost: false
    - &searchDomain |-
      machine:
        network:
          disableSearchDomain: true
    - &nameservers |-
      machine:
        network:
          nameservers:
            - 10.1.1.1
 controlPlane:
  schematic:
    customization:
@ -181,17 +248,10 @@ controlPlane:
          - siderolabs/i915-ucode
  patches:
    # Disable search domain everywhere
-    - |-
+    - *searchDomain
      machine:
        network:
          disableSearchDomain: true
    # Force nameserver
-    - |-
+    - *nameservers
      machine:
        network:
          nameservers:
            - 10.1.1.1
    # Configure NTP
    - |-
@ -201,22 +261,8 @@ controlPlane:
          servers:
            - time.cloudflare.com
    # Enable KubePrism
    - |-
      machine:
        features:
          kubePrism:
            enabled: true
            port: 7445
    # hostDNS configuration
-    - |-
+    - *hostDNS
      machine:
        features:
          hostDNS:
            enabled: true
            resolveMemberNames: true
            forwardKubeDNSToHost: false
    # coreDNS configuration
    - |-
@ -251,20 +297,7 @@ controlPlane:
            - 10.1.1.0/24
    # Configure containerd
-    - |-
+    - *containerd
      machine:
        files:
          - op: create
            path: /etc/cri/conf.d/20-customization.part
            content: |
              [plugins]
                [plugins."io.containerd.grpc.v1.cri"]
                  enable_unprivileged_ports = true
                  enable_unprivileged_icmp = true
              [plugins."io.containerd.grpc.v1.cri".containerd]
                discard_unpacked_layers = false
              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
                discard_unpacked_layers = false
    # Disable default API server admission plugins.
    - |-
@ -283,41 +316,10 @@ controlPlane:
              - system-upgrade
    # Kubelet configuration
-    - |-
+    - *kubeletConf
      machine:
        kubelet:
          defaultRuntimeSeccompProfileEnabled: true
          extraArgs:
            rotate-server-certificates: "true"
          extraConfig:
            maxPods: 150
          nodeIP:
            validSubnets:
                - 10.1.1.0/24
    # Custom sysctls
-    - |-
+    - *sysctls
      machine:
        sysctls:
          fs.inotify.max_queued_events: "65536"
          fs.inotify.max_user_instances: "8192"
          fs.inotify.max_user_watches: "524288"
          net.core.rmem_max: "2500000"
          net.core.wmem_max: "2500000"
    # Configure nfs mount options
-    - |-
+    - *nfsMountOptions
      machine:
        files:
          - op: overwrite
            path: /etc/nfsmount.conf
            permissions: 0o644
            content: |
              [ NFSMount_Global_Options ]
              nfsvers=4.1
              hard=True
              noatime=True
              nodiratime=True
              rsize=131072
              wsize=131072
              nconnect=8
`@ -1,2 +1,2 @@`
	`---`	`---`
	`providerRegex: ^bilbo\|^frodo\|^sam$`	`providerRegex: ^bilbo\|^frodo\|^sam\|^merry\|^pippin\|^rosie\|^shadowfax-01\|^gandalf-01$`