Storing omni patches and template.
This commit is contained in:
parent
a419273f5b
commit
aadaaa1704
3 changed files with 61 additions and 0 deletions
35
.omni/omni-cluster-patchesyml.yml
Normal file
35
.omni/omni-cluster-patchesyml.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# Cluster
|
||||||
|
machine:
|
||||||
|
sysctls:
|
||||||
|
fs.inotify.max_queued_events: "65536"
|
||||||
|
fs.inotify.max_user_instances: "8192"
|
||||||
|
fs.inotify.max_user_watches: "524288"
|
||||||
|
kubelet:
|
||||||
|
defaultRuntimeSeccompProfileEnabled: true
|
||||||
|
|
||||||
|
extraMounts:
|
||||||
|
- destination: /var/openebs/local
|
||||||
|
options:
|
||||||
|
- bind
|
||||||
|
- rshared
|
||||||
|
- rw
|
||||||
|
source: /var/openebs/local
|
||||||
|
type: bind
|
||||||
|
files:
|
||||||
|
- content: |-
|
||||||
|
[plugins."io.containerd.grpc.v1.cri"]
|
||||||
|
enable_unprivileged_ports = true
|
||||||
|
enable_unprivileged_icmp = true
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd]
|
||||||
|
discard_unpacked_layers = false
|
||||||
|
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||||
|
discard_unpacked_layers = false
|
||||||
|
op: create
|
||||||
|
path: /etc/cri/conf.d/20-customization.part
|
||||||
|
permissions: 0
|
||||||
|
cluster:
|
||||||
|
network:
|
||||||
|
cni:
|
||||||
|
name: none
|
||||||
|
proxy:
|
||||||
|
disabled: true
|
25
.omni/omni-cp-patches.yml
Normal file
25
.omni/omni-cp-patches.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# Control Plane
|
||||||
|
cluster:
|
||||||
|
apiServer:
|
||||||
|
admissionControl:
|
||||||
|
- configuration:
|
||||||
|
exemptions:
|
||||||
|
namespaces:
|
||||||
|
- openebs-system
|
||||||
|
- security
|
||||||
|
- kyverno
|
||||||
|
- rook-ceph
|
||||||
|
- qbittorrent
|
||||||
|
name: PodSecurity
|
||||||
|
disablePodSecurityPolicy: true
|
||||||
|
extraArgs:
|
||||||
|
bind-address: 0.0.0.0
|
||||||
|
controllerManager:
|
||||||
|
extraArgs:
|
||||||
|
bind-address: 0.0.0.0
|
||||||
|
etcd:
|
||||||
|
extraArgs:
|
||||||
|
listen-metrics-urls: http://0.0.0.0:2381
|
||||||
|
scheduler:
|
||||||
|
extraArgs:
|
||||||
|
bind-address: 0.0.0.0
|
|
@ -113,6 +113,7 @@ patches:
|
||||||
- security
|
- security
|
||||||
- kyverno
|
- kyverno
|
||||||
- rook-ceph
|
- rook-ceph
|
||||||
|
- qbittorrent
|
||||||
name: PodSecurity
|
name: PodSecurity
|
||||||
---
|
---
|
||||||
kind: Workers
|
kind: Workers
|
Loading…
Reference in a new issue