diff --git a/.omni/omni-cluster-patchesyml.yml b/.omni/omni-cluster-patchesyml.yml new file mode 100644 index 0000000..d400d26 --- /dev/null +++ b/.omni/omni-cluster-patchesyml.yml @@ -0,0 +1,35 @@ +# Cluster +machine: + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + kubelet: + defaultRuntimeSeccompProfileEnabled: true + + extraMounts: + - destination: /var/openebs/local + options: + - bind + - rshared + - rw + source: /var/openebs/local + type: bind + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + op: create + path: /etc/cri/conf.d/20-customization.part + permissions: 0 +cluster: + network: + cni: + name: none + proxy: + disabled: true \ No newline at end of file diff --git a/.omni/omni-cp-patches.yml b/.omni/omni-cp-patches.yml new file mode 100644 index 0000000..8c92618 --- /dev/null +++ b/.omni/omni-cp-patches.yml @@ -0,0 +1,25 @@ +# Control Plane +cluster: + apiServer: + admissionControl: + - configuration: + exemptions: + namespaces: + - openebs-system + - security + - kyverno + - rook-ceph + - qbittorrent + name: PodSecurity + disablePodSecurityPolicy: true + extraArgs: + bind-address: 0.0.0.0 + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + scheduler: + extraArgs: + bind-address: 0.0.0.0 diff --git a/omni-template.yaml b/.omni/omni-template.yaml similarity index 99% rename from omni-template.yaml rename to .omni/omni-template.yaml index a21bd11..e84087b 100644 --- a/omni-template.yaml +++ b/.omni/omni-template.yaml @@ -113,6 +113,7 @@ patches: - security - kyverno - rook-ceph + - qbittorrent name: PodSecurity --- kind: Workers