jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity Actions

Latest version of omni export.

Browse source
This commit is contained in:
Joseph Hanson 2024-04-16 14:04:26 -05:00
parent ba0bfb00e9
commit bead6c0278
3 changed files with 101 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
.omni/omni-cluster-patchesyml.yml
View file

@ -1,35 +0,0 @@
# Cluster
machine:
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
kubelet:
defaultRuntimeSeccompProfileEnabled: true
extraMounts:
- destination: /var/openebs/local
options:
- bind
- rshared
- rw
source: /var/openebs/local
type: bind
files:
- content: |-
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
op: create
path: /etc/cri/conf.d/20-customization.part
permissions: 0
cluster:
network:
cni:
name: none
proxy:
disabled: true

25
.omni/omni-cp-patches.yml
View file

@ -1,25 +0,0 @@
# Control Plane
cluster:
apiServer:
admissionControl:
- configuration:
exemptions:
namespaces:
- openebs-system
- security
- kyverno
- rook-ceph
- qbittorrent
name: PodSecurity
disablePodSecurityPolicy: true
extraArgs:
bind-address: 0.0.0.0
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0

187
.omni/omni-template.yaml → omni-homelab-export.yaml
View file

@ -1,52 +1,24 @@
kind: Cluster kind: Cluster
name: homelab name: homelab
kubernetes: kubernetes:
version: v1.29.2 version: v1.29.3
talos: talos:
version: v1.6.4 version: v1.6.7
features: features:
backupConfiguration: backupConfiguration:
interval: 1h0m0s interval: 1h0m0s
patches: patches:
- idOverride: 500-2f051f5c-7177-4cbb-b3c9-801e5eb556b1 - idOverride: 200-homelab
annotations:
name: increase fs events
inline:
machine:
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
- idOverride: 500-602f425a-d488-4ecd-a528-68118bfc6cb1
annotations:
name: openebs local mounts
inline:
machine:
kubelet:
extraMounts:
- destination: /var/openebs/local
options:
- bind
- rshared
- rw
source: /var/openebs/local
type: bind
- idOverride: 500-63fc2c84-33e5-42ae-b79e-e48928d8ef9a
annotations:
description: Disables flannel and kube-proxy to make way for cilium.
name: disable-cni
inline: inline:
cluster: cluster:
apiServer:
certSANs:
- 10.5.0.2
network: network:
cni: cni:
name: none name: none
proxy: proxy:
disabled: true disabled: true
- idOverride: 500-a6b7ecdb-884f-44b1-8eee-709a4b4d99a1
annotations:
description: Patch for spegel to work with containerd
name: spegel-containerd
inline:
machine: machine:
files: files:
- content: |- - content: |-
@ -60,48 +32,31 @@ patches:
op: create op: create
path: /etc/cri/conf.d/20-customization.part path: /etc/cri/conf.d/20-customization.part
permissions: 0 permissions: 0
- idOverride: 500-b9b199c3-030b-48d2-a34b-dc47fa07372b
annotations:
name: default seccomp
inline:
machine:
kubelet: kubelet:
defaultRuntimeSeccompProfileEnabled: true defaultRuntimeSeccompProfileEnabled: true
extraMounts:
- destination: /var/openebs/local
options:
- bind
- rshared
- rw
source: /var/openebs/local
type: bind
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
time:
disabled: false
servers:
- 10.1.1.1
--- ---
kind: ControlPlane kind: ControlPlane
machines: machineClass:
- 4c4c4544-0038-4810-8057-b5c04f513232 name: dell-micro
- 4c4c4544-0047-3010-804a-b2c04f4d3232 size: 3
- 4c4c4544-0047-4c10-8056-b7c04f513232
patches: patches:
- idOverride: 500-0b228a5c-62b8-4f22-9908-2e98dcd82559 - idOverride: 400-homelab-control-planes
annotations:
description: Enable several monitoring services on the control planes
name: monitoring
inline:
cluster:
apiServer:
extraArgs:
bind-address: 0.0.0.0
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0
- idOverride: 500-c714a4d2-d205-4bc2-924b-aa1a4c174d9a
annotations:
name: disable pod security
inline:
cluster:
apiServer:
disablePodSecurityPolicy: true
- idOverride: 500-f7275be8-0f4a-40f0-8da8-d2dcaa93e575
annotations:
name: remove admission contollers
inline: inline:
cluster: cluster:
apiServer: apiServer:
@ -114,28 +69,88 @@ patches:
- kyverno - kyverno
- rook-ceph - rook-ceph
- qbittorrent - qbittorrent
- observability
- home-automation
name: PodSecurity name: PodSecurity
disablePodSecurityPolicy: true
extraArgs:
bind-address: 0.0.0.0
controllerManager:
extraArgs:
bind-address: 0.0.0.0
etcd:
extraArgs:
listen-metrics-urls: http://0.0.0.0:2381
scheduler:
extraArgs:
bind-address: 0.0.0.0
--- ---
kind: Workers kind: Workers
machines: machines:
- 325dfcd5-a5fa-d714-5037-8df713d9f4f1 - 00000000-0000-0000-0000-00d861319aa0
- 4968005b-9579-5c15-6d32-7b58e850a7d9
- 95d6c80f-d76e-42c2-7e77-c9938b5b52bf - 95d6c80f-d76e-42c2-7e77-c9938b5b52bf
- e0380f77-9228-4679-9561-daef16748b94
--- ---
kind: Machine kind: Machine
name: 325dfcd5-a5fa-d714-5037-8df713d9f4f1 name: 00000000-0000-0000-0000-00d861319aa0
--- patches:
kind: Machine - idOverride: 500-29b8171e-4766-4f30-99a0-041e89c370fd
name: 4968005b-9579-5c15-6d32-7b58e850a7d9 annotations:
--- name: Anduril-Net
kind: Machine inline:
name: 4c4c4544-0038-4810-8057-b5c04f513232 machine:
--- network:
kind: Machine interfaces:
name: 4c4c4544-0047-3010-804a-b2c04f4d3232 - bond:
--- deviceSelectors:
kind: Machine - hardwareAddr: 00:d8:61:31:9a:a0
name: 4c4c4544-0047-4c10-8056-b7c04f513232 mode: active-backup
dhcp: true
interface: bond0
- idOverride: 500-d80a0219-be53-49c1-8bbc-4f734cd99a86
annotations:
name: Nvidia
inline:
machine:
kernel:
modules:
- name: nvidia
- name: nvidia_uvm
- name: nvidia_drm
- name: nvidia_modeset
sysctls:
net.core.bpf_jit_harden: 1
--- ---
kind: Machine kind: Machine
name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf name: 95d6c80f-d76e-42c2-7e77-c9938b5b52bf
patches:
- idOverride: 500-5c55d5ef-2293-4e67-8dcc-0b93db9a43c4
annotations:
name: shadowfax-net
inline:
machine:
network:
interfaces:
- bond:
deviceSelectors:
- hardwareAddr: 0e:46:8d:59:24:ca
mode: active-backup
dhcp: true
interface: bond0
---
kind: Machine
name: e0380f77-9228-4679-9561-daef16748b94
patches:
- idOverride: 500-669e0035-eeea-44ea-880e-1dc7a2c496dd
annotations:
name: Gandalf-Net
inline:
machine:
network:
interfaces:
- bond:
deviceSelectors:
- hardwareAddr: 00:25:90:85:51:ca
mode: active-backup
dhcp: true
interface: bond0