--- # yaml-language-server: $schema=https://ks.hsn.dev/talhelper-schema.json clusterName: homelab talosVersion: v1.8.0-alpha.1 kubernetesVersion: 1.30.2 endpoint: "https://${clusterEndpointIP}:6443" additionalApiServerCertSans: &san - ${clusterEndpointIP} - "127.0.0.1" # KubePrism additionalMachineCertSans: *san nodes: - hostname: shadowfax disableSearchDomain: true ipAddress: 10.1.1.61 controlPlane: true installDiskSelector: busPath: /pci0000:20/0000:20:01.2/0000:2c:00.0/nvme/nvme4/nvme4n1 machineDisks: - device: /dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C partitions: - mountpoint: /var/mnt/nvme1 networkInterfaces: - interface: bond0 dhcp: false addresses: - 10.1.1.61 bond: mode: active-backup lacpRate: fast miimon: 100 deviceSelectors: - hardwareAddr: 04:42:1a:ef:35:74 driver: ixgbe - hardwareAddr: 04:42:1a:ef:35:75 driver: ixgbe vlans: - &vlan-iot vlanId: 30 mtu: 1500 dhcp: true dhcpOptions: routeMetric: 4096 kernelModules: - name: nvidia - name: nvidia_uvm - name: nvidia_drm - name: nvidia_modeset schematic: customization: systemExtensions: officialExtensions: - siderolabs/amd-ucode - siderolabs/nonfree-kmod-nvidia - siderolabs/nvidia-container-toolkit # Need talos 1.8 for nvidia and zfs to coexist # https://github.com/siderolabs/extensions/issues/380 - siderolabs/zfs patches: - |- machine: sysctls: net.core.bpf_jit_harden: 1 vm.nr_hugepages: "1024" - &kubelet_extra_mounts |- machine: kubelet: extraMounts: - destination: /var/mnt/nvme1 type: bind source: /var/mnt/nvme1 options: - rbind - rshared - rw # disables new feature that forwards kube-dns to host-dns 10.96.0.10 --> 10.96.0.9 - |- machine: features: hostDNS: enabled: true forwardKubeDNSToHost: false controlPlane: patches: # Disable search domain everywhere - |- machine: network: disableSearchDomain: true # Force nameserver - |- machine: network: nameservers: - 10.1.1.1 # Configure NTP - |- machine: time: disabled: false servers: - time.cloudflare.com # Enable KubePrism - |- machine: features: kubePrism: enabled: true port: 7445 # Cluster configuration - |- cluster: allowSchedulingOnMasters: true proxy: disabled: true network: cni: name: none controllerManager: extraArgs: bind-address: 0.0.0.0 etcd: extraArgs: listen-metrics-urls: http://0.0.0.0:2381 scheduler: extraArgs: bind-address: 0.0.0.0 # ETCD configuration - |- cluster: etcd: advertisedSubnets: - 10.1.1.0/24 # Disable default API server admission plugins. - |- - op: remove path: /cluster/apiServer/admissionControl # Enable K8s Talos API Access - |- machine: features: kubernetesTalosAPIAccess: enabled: true allowedRoles: - os:admin allowedKubernetesNamespaces: - system-upgrade # Kubelet configuration - |- machine: kubelet: defaultRuntimeSeccompProfileEnabled: true extraArgs: rotate-server-certificates: "true" extraConfig: maxPods: 150 nodeIP: validSubnets: - 10.1.1.0/24 extraMounts: - destination: /var/openebs/keys type: bind source: /var/openebs/keys options: - bind - rshared - rw - destination: /var/openebs/local type: bind source: /var/openebs/local options: - bind - rshared - rw # Custom sysctls - |- machine: sysctls: fs.inotify.max_queued_events: "65536" fs.inotify.max_user_instances: "8192" fs.inotify.max_user_watches: "524288" net.core.rmem_max: "2500000" net.core.wmem_max: "2500000" # Configure nfs mount options - | machine: files: - op: overwrite path: /etc/nfsmount.conf permissions: 0o644 content: | [ NFSMount_Global_Options ] nfsvers=4.1 hard=True noatime=True nodiratime=True rsize=131072 wsize=131072 nconnect=8