Storing omni patches and template.

.omni/omni-cluster-patchesyml.yml

@@ -0,0 +1,35 @@
+# Cluster
+machine:
+  sysctls:
+    fs.inotify.max_queued_events: "65536"
+    fs.inotify.max_user_instances: "8192"
+    fs.inotify.max_user_watches: "524288"
+  kubelet:
+    defaultRuntimeSeccompProfileEnabled: true
+
+    extraMounts:
+      - destination: /var/openebs/local
+        options:
+          - bind
+          - rshared
+          - rw
+        source: /var/openebs/local
+        type: bind
+  files:
+    - content: |-
+        [plugins."io.containerd.grpc.v1.cri"]
+          enable_unprivileged_ports = true
+          enable_unprivileged_icmp = true
+        [plugins."io.containerd.grpc.v1.cri".containerd]
+          discard_unpacked_layers = false
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          discard_unpacked_layers = false
+      op: create
+      path: /etc/cri/conf.d/20-customization.part
+      permissions: 0
+cluster:
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true

.omni/omni-cp-patches.yml

@@ -0,0 +1,25 @@
+# Control Plane
+cluster:
+  apiServer:
+    admissionControl:
+      - configuration:
+          exemptions:
+            namespaces:
+              - openebs-system
+              - security
+              - kyverno
+              - rook-ceph
+              - qbittorrent
+        name: PodSecurity
+    disablePodSecurityPolicy: true
+    extraArgs:
+      bind-address: 0.0.0.0
+  controllerManager:
+    extraArgs:
+      bind-address: 0.0.0.0
+  etcd:
+    extraArgs:
+      listen-metrics-urls: http://0.0.0.0:2381
+  scheduler:
+    extraArgs:
+      bind-address: 0.0.0.0

.omni/omni-template.yaml

@@ -113,6 +113,7 @@ patches:
                     - security
                     - kyverno
                     - rook-ceph
+                    - qbittorrent
               name: PodSecurity
 ---
 kind: Workers