more nodes!

2024-09-05 03:18:26 -05:00 · 2024-09-05 03:18:26 -05:00 · 83d2db71b3
commit 83d2db71b3
parent 2871b96407
2 changed files with 75 additions and 73 deletions
--- a/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yml
+++ b/kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yml
@ -1,2 +1,2 @@
 ---
-providerRegex: ^bilbo|^frodo|^sam$
+providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^shadowfax-01|^gandalf-01$
--- a/kubernetes/bootstrap/talos/talconfig.yaml
+++ b/kubernetes/bootstrap/talos/talconfig.yaml
@ -170,6 +170,73 @@ worker:
        officialExtensions:
          - siderolabs/intel-ucode
          - siderolabs/i915-ucode
+  patches:
+    # Configure containerd
+    - &containerd |-
+      machine:
+        files:
+          - op: create
+            path: /etc/cri/conf.d/20-customization.part
+            content: |
+              [plugins]
+                [plugins."io.containerd.grpc.v1.cri"]
+                  enable_unprivileged_ports = true
+                  enable_unprivileged_icmp = true
+              [plugins."io.containerd.grpc.v1.cri".containerd]
+                discard_unpacked_layers = false
+              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+                discard_unpacked_layers = false
+    # Kubelet configuration
+    - &kubeletConf |-
+      machine:
+        kubelet:
+          defaultRuntimeSeccompProfileEnabled: true
+          extraArgs:
+            rotate-server-certificates: "true"
+          extraConfig:
+            maxPods: 150
+          nodeIP:
+            validSubnets:
+                - 10.1.1.0/24
+    - &sysctls |-
+      machine:
+        sysctls:
+          fs.inotify.max_queued_events: "65536"
+          fs.inotify.max_user_instances: "8192"
+          fs.inotify.max_user_watches: "524288"
+          net.core.rmem_max: "2500000"
+          net.core.wmem_max: "2500000"
+    - &nfsMountOptions |-
+      machine:
+        files:
+          - op: overwrite
+            path: /etc/nfsmount.conf
+            permissions: 0o644
+            content: |
+              [ NFSMount_Global_Options ]
+              nfsvers=4.1
+              hard=True
+              noatime=True
+              nodiratime=True
+              rsize=131072
+              wsize=131072
+              nconnect=8
+    - &hostDNS |-
+      machine:
+        features:
+          hostDNS:
+            enabled: true
+            resolveMemberNames: true
+            forwardKubeDNSToHost: false
+    - &searchDomain |-
+      machine:
+        network:
+          disableSearchDomain: true
+    - &nameservers |-
+      machine:
+        network:
+          nameservers:
+            - 10.1.1.1
 controlPlane:
  schematic:
    customization:
@ -181,17 +248,10 @@ controlPlane:
          - siderolabs/i915-ucode
  patches:
    # Disable search domain everywhere
-    - |-
-      machine:
-        network:
-          disableSearchDomain: true
+    - *searchDomain

    # Force nameserver
-    - |-
-      machine:
-        network:
-          nameservers:
-            - 10.1.1.1
+    - *nameservers

    # Configure NTP
    - |-
@ -201,22 +261,8 @@ controlPlane:
          servers:
            - time.cloudflare.com

-    # Enable KubePrism
-    - |-
-      machine:
-        features:
-          kubePrism:
-            enabled: true
-            port: 7445
-
    # hostDNS configuration
-    - |-
-      machine:
-        features:
-          hostDNS:
-            enabled: true
-            resolveMemberNames: true
-            forwardKubeDNSToHost: false
+    - *hostDNS

    # coreDNS configuration
    - |-
@ -251,20 +297,7 @@ controlPlane:
            - 10.1.1.0/24

    # Configure containerd
-    - |-
-      machine:
-        files:
-          - op: create
-            path: /etc/cri/conf.d/20-customization.part
-            content: |
-              [plugins]
-                [plugins."io.containerd.grpc.v1.cri"]
-                  enable_unprivileged_ports = true
-                  enable_unprivileged_icmp = true
-              [plugins."io.containerd.grpc.v1.cri".containerd]
-                discard_unpacked_layers = false
-              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-                discard_unpacked_layers = false
+    - *containerd

    # Disable default API server admission plugins.
    - |-
@ -283,41 +316,10 @@ controlPlane:
              - system-upgrade

    # Kubelet configuration
-    - |-
-      machine:
-        kubelet:
-          defaultRuntimeSeccompProfileEnabled: true
-          extraArgs:
-            rotate-server-certificates: "true"
-          extraConfig:
-            maxPods: 150
-          nodeIP:
-            validSubnets:
-                - 10.1.1.0/24
+    - *kubeletConf

    # Custom sysctls
-    - |-
-      machine:
-        sysctls:
-          fs.inotify.max_queued_events: "65536"
-          fs.inotify.max_user_instances: "8192"
-          fs.inotify.max_user_watches: "524288"
-          net.core.rmem_max: "2500000"
-          net.core.wmem_max: "2500000"
+    - *sysctls

    # Configure nfs mount options
-    - |-
-      machine:
-        files:
-          - op: overwrite
-            path: /etc/nfsmount.conf
-            permissions: 0o644
-            content: |
-              [ NFSMount_Global_Options ]
-              nfsvers=4.1
-              hard=True
-              noatime=True
-              nodiratime=True
-              rsize=131072
-              wsize=131072
-              nconnect=8
+    - *nfsMountOptions