Storing omni patches and template.

This commit is contained in:
Joseph Hanson 2024-02-25 10:40:07 -06:00
parent a419273f5b
commit aadaaa1704
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 61 additions and 0 deletions

View file

@ -0,0 +1,35 @@
# Cluster
machine:
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
kubelet:
defaultRuntimeSeccompProfileEnabled: true
extraMounts:
- destination: /var/openebs/local
options:
- bind
- rshared
- rw
source: /var/openebs/local
type: bind
files:
- content: |-
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
op: create
path: /etc/cri/conf.d/20-customization.part
permissions: 0
cluster:
network:
cni:
name: none
proxy:
disabled: true

25
.omni/omni-cp-patches.yml Normal file
View file

@ -0,0 +1,25 @@
# Control Plane
cluster:
apiServer:
admissionControl:
- configuration:
exemptions:
namespaces:
- openebs-system
- security
- kyverno
- rook-ceph
- qbittorrent
name: PodSecurity
disablePodSecurityPolicy: true
extraArgs:
bind-address: 0.0.0.0
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0

View file

@ -113,6 +113,7 @@ patches:
- security - security
- kyverno - kyverno
- rook-ceph - rook-ceph
- qbittorrent
name: PodSecurity name: PodSecurity
--- ---
kind: Workers kind: Workers