From bead6c027893f9937a2742d14983fefe8d913bea Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Tue, 16 Apr 2024 14:04:26 -0500 Subject: [PATCH] Latest version of omni export. --- .omni/omni-cluster-patchesyml.yml | 35 ---- .omni/omni-cp-patches.yml | 25 --- ...-template.yaml => omni-homelab-export.yaml | 187 ++++++++++-------- 3 files changed, 101 insertions(+), 146 deletions(-) delete mode 100644 .omni/omni-cluster-patchesyml.yml delete mode 100644 .omni/omni-cp-patches.yml rename .omni/omni-template.yaml => omni-homelab-export.yaml (56%) diff --git a/.omni/omni-cluster-patchesyml.yml b/.omni/omni-cluster-patchesyml.yml deleted file mode 100644 index d400d26e..00000000 --- a/.omni/omni-cluster-patchesyml.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Cluster -machine: - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" - kubelet: - defaultRuntimeSeccompProfileEnabled: true - - extraMounts: - - destination: /var/openebs/local - options: - - bind - - rshared - - rw - source: /var/openebs/local - type: bind - files: - - content: |- - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - op: create - path: /etc/cri/conf.d/20-customization.part - permissions: 0 -cluster: - network: - cni: - name: none - proxy: - disabled: true \ No newline at end of file diff --git a/.omni/omni-cp-patches.yml b/.omni/omni-cp-patches.yml deleted file mode 100644 index 8c926185..00000000 --- a/.omni/omni-cp-patches.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Control Plane -cluster: - apiServer: - admissionControl: - - configuration: - exemptions: - namespaces: - - openebs-system - - security - - kyverno - - rook-ceph - - qbittorrent - name: PodSecurity - disablePodSecurityPolicy: true - extraArgs: - bind-address: 0.0.0.0 - controllerManager: - extraArgs: - bind-address: 0.0.0.0 - etcd: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - scheduler: - extraArgs: - bind-address: 0.0.0.0 diff --git a/.omni/omni-template.yaml b/omni-homelab-export.yaml similarity index 56% rename from .omni/omni-template.yaml rename to omni-homelab-export.yaml index e84087b3..5e581f3f 100644 --- a/.omni/omni-template.yaml +++ b/omni-homelab-export.yaml @@ -1,52 +1,24 @@ kind: Cluster name: homelab kubernetes: - version: v1.29.2 + version: v1.29.3 talos: - version: v1.6.4 + version: v1.6.7 features: backupConfiguration: interval: 1h0m0s patches: - - idOverride: 500-2f051f5c-7177-4cbb-b3c9-801e5eb556b1 - annotations: - name: increase fs events - inline: - machine: - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" - - idOverride: 500-602f425a-d488-4ecd-a528-68118bfc6cb1 - annotations: - name: openebs local mounts - inline: - machine: - kubelet: - extraMounts: - - destination: /var/openebs/local - options: - - bind - - rshared - - rw - source: /var/openebs/local - type: bind - - idOverride: 500-63fc2c84-33e5-42ae-b79e-e48928d8ef9a - annotations: - description: Disables flannel and kube-proxy to make way for cilium. - name: disable-cni + - idOverride: 200-homelab inline: cluster: + apiServer: + certSANs: + - 10.5.0.2 network: cni: name: none proxy: disabled: true - - idOverride: 500-a6b7ecdb-884f-44b1-8eee-709a4b4d99a1 - annotations: - description: Patch for spegel to work with containerd - name: spegel-containerd - inline: machine: files: - content: |- @@ -60,48 +32,31 @@ patches: op: create path: /etc/cri/conf.d/20-customization.part permissions: 0 - - idOverride: 500-b9b199c3-030b-48d2-a34b-dc47fa07372b - annotations: - name: default seccomp - inline: - machine: kubelet: defaultRuntimeSeccompProfileEnabled: true + extraMounts: + - destination: /var/openebs/local + options: + - bind + - rshared + - rw + source: /var/openebs/local + type: bind + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + time: + disabled: false + servers: + - 10.1.1.1 --- kind: ControlPlane -machines: - - 4c4c4544-0038-4810-8057-b5c04f513232 - - 4c4c4544-0047-3010-804a-b2c04f4d3232 - - 4c4c4544-0047-4c10-8056-b7c04f513232 +machineClass: + name: dell-micro + size: 3 patches: - - idOverride: 500-0b228a5c-62b8-4f22-9908-2e98dcd82559 - annotations: - description: Enable several monitoring services on the control planes - name: monitoring - inline: - cluster: - apiServer: - extraArgs: - bind-address: 0.0.0.0 - controllerManager: - extraArgs: - bind-address: 0.0.0.0 - etcd: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - scheduler: - extraArgs: - bind-address: 0.0.0.0 - - idOverride: 500-c714a4d2-d205-4bc2-924b-aa1a4c174d9a - annotations: - name: disable pod security - inline: - cluster: - apiServer: - disablePodSecurityPolicy: true - - idOverride: 500-f7275be8-0f4a-40f0-8da8-d2dcaa93e575 - annotations: - name: remove admission contollers + - idOverride: 400-homelab-control-planes inline: cluster: apiServer: @@ -114,28 +69,88 @@ patches: - kyverno - rook-ceph - qbittorrent + - observability + - home-automation name: PodSecurity + disablePodSecurityPolicy: true + extraArgs: + bind-address: 0.0.0.0 + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + scheduler: + extraArgs: + bind-address: 0.0.0.0 --- kind: Workers machines: - - 325dfcd5-a5fa-d714-5037-8df713d9f4f1 - - 4968005b-9579-5c15-6d32-7b58e850a7d9 + - 00000000-0000-0000-0000-00d861319aa0 - 95d6c80f-d76e-42c2-7e77-c9938b5b52bf + - e0380f77-9228-4679-9561-daef16748b94 --- kind: Machine -name: 325dfcd5-a5fa-d714-5037-8df713d9f4f1 ---- -kind: Machine -name: 4968005b-9579-5c15-6d32-7b58e850a7d9 ---- -kind: Machine -name: 4c4c4544-0038-4810-8057-b5c04f513232 ---- -kind: Machine -name: 4c4c4544-0047-3010-804a-b2c04f4d3232 ---- -kind: Machine -name: 4c4c4544-0047-4c10-8056-b7c04f513232 +name: 00000000-0000-0000-0000-00d861319aa0 +patches: + - idOverride: 500-29b8171e-4766-4f30-99a0-041e89c370fd + annotations: + name: Anduril-Net + inline: + machine: + network: + interfaces: + - bond: + deviceSelectors: + - hardwareAddr: 00:d8:61:31:9a:a0 + mode: active-backup + dhcp: true + interface: bond0 + - idOverride: 500-d80a0219-be53-49c1-8bbc-4f734cd99a86 + annotations: + name: Nvidia + inline: + machine: + kernel: + modules: + - name: nvidia + - name: nvidia_uvm + - name: nvidia_drm + - name: nvidia_modeset + sysctls: + net.core.bpf_jit_harden: 1 --- kind: Machine name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf +patches: + - idOverride: 500-5c55d5ef-2293-4e67-8dcc-0b93db9a43c4 + annotations: + name: shadowfax-net + inline: + machine: + network: + interfaces: + - bond: + deviceSelectors: + - hardwareAddr: 0e:46:8d:59:24:ca + mode: active-backup + dhcp: true + interface: bond0 +--- +kind: Machine +name: e0380f77-9228-4679-9561-daef16748b94 +patches: + - idOverride: 500-669e0035-eeea-44ea-880e-1dc7a2c496dd + annotations: + name: Gandalf-Net + inline: + machine: + network: + interfaces: + - bond: + deviceSelectors: + - hardwareAddr: 00:25:90:85:51:ca + mode: active-backup + dhcp: true + interface: bond0