--- clusterName: valinor talosVersion: v1.5.5 kubernetesVersion: 1.28.4 endpoint: "https://${clusterEndpointIP}:6443" cniConfig: name: none additionalApiServerCertSans: - ${clusterEndpointIP} additionalMachineCertSans: - ${clusterEndpointIP} imageFactory: registryURL: factory.hsn.dev schematicEndpoint: /schematics protocol: https installerURLTmpl: "{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}" ISOURLTmpl: "{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso" nodes: # cloud CAX21 Arm64 - hostname: arlen disableSearchDomain: true ipAddress: ${arlenIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: true routes: - network: 10.2.0.0/16 gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). metric: 2048 # cloud CAX21 Arm64 - hostname: eonwe disableSearchDomain: true ipAddress: ${eonweIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: true routes: - network: 10.2.0.0/16 gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). metric: 2048 # cloud CAX21 Arm64 - hostname: aule disableSearchDomain: true ipAddress: ${auleIP} controlPlane: true installDiskSelector: busPath: /dev/sda networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: true routes: - network: 10.2.0.0/16 gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route). metric: 2048 # VM AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM - hostname: nienna disableSearchDomain: true ipAddress: ${niennaIP} controlPlane: false schematic: customization: extraKernelArgs: - net.ifnames=0 systemExtensions: officialExtensions: - siderolabs/amd-ucode - siderolabs/qemu-guest-agent installDiskSelector: busPath: /pci0000:00/0000:00:0a.0/virtio2/ networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: false vlans: - vlanId: 4010 mtu: 1400 addresses: - 10.2.1.2/24 dhcp: false routes: - network: 10.2.0.0/16 gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). metric: 2048 # VM AX41-Nvme - AMD Ryzen 5 3600 6-Core Processor (Zen2) - 64GB ECC RAM - hostname: nessa disableSearchDomain: true ipAddress: ${nessaIP} controlPlane: false schematic: customization: extraKernelArgs: - net.ifnames=0 systemExtensions: officialExtensions: - siderolabs/amd-ucode - siderolabs/qemu-guest-agent installDiskSelector: busPath: /pci0000:00/0000:00:0a.0/virtio2/ networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: false vlans: - vlanId: 4010 mtu: 1400 addresses: - 10.2.1.4/24 dhcp: false routes: - network: 10.2.0.0/16 gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). metric: 2048 # VM on EX44 - Intel Gen 13 (Raptor Lake) - 64GB RAM - hostname: orome disableSearchDomain: true ipAddress: ${oromeIP} controlPlane: false schematic: customization: extraKernelArgs: - net.ifnames=0 systemExtensions: officialExtensions: - siderolabs/i915-ucode - siderolabs/intel-ucode - siderolabs/qemu-guest-agent installDiskSelector: busPath: /pci0000:00/0000:00:0a.0/virtio2/ networkInterfaces: - interface: eth0 dhcp: true - interface: eth1 dhcp: false vlans: - vlanId: 4010 mtu: 1400 addresses: - 10.2.1.3/24 dhcp: false routes: - network: 10.2.0.0/16 gateway: 10.2.1.1 # The route's gateway (if empty, creates link scope route). metric: 2048 worker: patches: - |- cluster: externalCloudProvider: enabled: true manifests: - https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm.yaml machine: sysctls: fs.inotify.max_user_watches: "1048576" fs.inotify.max_user_instances: "8192" time: disabled: false servers: - ntp.hetzner.com kubelet: extraArgs: feature-gates: CronJobTimeZone=true,GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false rotate-server-certificates: "true" extraConfig: maxPods: 150 nodeIP: validSubnets: - 10.2.0.0/16 registries: mirrors: docker.io: endpoints: - http://harbor.hsn.dev/v2/docker.io overridePath: true ghcr.io: endpoints: - http://harbor.hsn.dev/v2/ghcr.io overridePath: true controlPlane: patches: - |- cluster: allowSchedulingOnMasters: true externalCloudProvider: enabled: true manifests: - https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm.yaml network: cni: name: none proxy: disabled: true etcd: advertisedSubnets: - 10.2.0.0/24 - |- - op: remove path: /cluster/apiServer/admissionControl - |- machine: features: kubePrism: enabled: true port: 7445 registries: mirrors: docker.io: endpoints: - http://harbor.hsn.dev/v2/docker.io overridePath: true ghcr.io: endpoints: - http://harbor.hsn.dev/v2/ghcr.io overridePath: true files: - op: create path: /etc/cri/conf.d/20-customization.part content: | [plugins] [plugins."io.containerd.grpc.v1.cri"] enable_unprivileged_ports = true enable_unprivileged_icmp = true kubelet: extraArgs: feature-gates: CronJobTimeZone=true,GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false rotate-server-certificates: "true" extraConfig: maxPods: 150 nodeIP: validSubnets: - 10.2.0.0/16 sysctls: fs.inotify.max_user_watches: "1048576" fs.inotify.max_user_instances: "8192" time: disabled: false servers: - ntp.hetzner.com