--- # yaml-language-server: $schema=https://ks.hsn.dev/talconfig.json clusterName: homelab talosVersion: v1.7.4 kubernetesVersion: 1.30.0 endpoint: "https://10.1.1.57:6443" additionalApiServerCertSans: - 10.1.1.57 additionalMachineCertSans: - 10.1.1.57 nodes: - hostname: shadowfax disableSearchDomain: true ipAddress: 10.1.1.61 controlPlane: true installDiskSelector: busPath: /pci0000:20/0000:20:01.2/0000:2c:00.0/nvme/nvme4/nvme4n1 networkInterfaces: - interface: enp37s0f1 dhcp: true - interface: enp37s0f0 dhcp: false kernelModules: - name: nvidia - name: nvidia_uvm - name: nvidia_drm - name: nvidia_modeset schematic: customization: systemExtensions: officialExtensions: - siderolabs/amd-ucode - siderolabs/nonfree-kmod-nvidia - siderolabs/nvidia-container-toolkit - siderolabs/zfs patches: - |- machine: sysctls: net.core.bpf_jit_harden: 1 controlPlane: patches: # Disable search domain everywhere - |- machine: network: disableSearchDomain: true # Force nameserver - |- machine: network: nameservers: - 10.1.1.1 # Configure NTP - |- machine: time: disabled: false servers: - 10.1.1.1 # Enable KubePrism - |- machine: features: kubePrism: enabled: true port: 7445 # Cluster configuration - |- cluster: allowSchedulingOnMasters: true proxy: disabled: true network: cni: name: none controllerManager: extraArgs: bind-address: 0.0.0.0 etcd: extraArgs: listen-metrics-urls: http://0.0.0.0:2381 scheduler: extraArgs: bind-address: 0.0.0.0 # ETCD configuration - |- cluster: etcd: advertisedSubnets: - 10.1.1.0/24 # Configure containerd - |- machine: files: - op: create path: /etc/cri/conf.d/20-customization.part content: | [plugins] [plugins."io.containerd.grpc.v1.cri"] enable_unprivileged_ports = true enable_unprivileged_icmp = true [plugins."io.containerd.grpc.v1.cri".containerd] discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] discard_unpacked_layers = false # Disable default API server admission plugins. - |- - op: remove path: /cluster/apiServer/admissionControl # Enable K8s Talos API Access - |- machine: features: kubernetesTalosAPIAccess: enabled: true allowedRoles: - os:admin allowedKubernetesNamespaces: - system-upgrade # Kubelet configuration - |- machine: kubelet: defaultRuntimeSeccompProfileEnabled: true extraArgs: rotate-server-certificates: "true" extraConfig: maxPods: 150 nodeIP: validSubnets: - 10.1.1.0/24 extraMounts: - destination: /var/openebs/keys options: - bind - rshared - rw source: /var/openebs/keys type: bind # Custom sysctls - |- machine: sysctls: fs.inotify.max_queued_events: "65536" fs.inotify.max_user_instances: "8192" fs.inotify.max_user_watches: "524288" net.core.rmem_max: "2500000" net.core.wmem_max: "2500000"