talos

talos/patches/mc-all.yml

@@ -0,0 +1,31 @@
+machine:
+  features:
+    hostDNS:
+      enabled: true
+      forwardKubeDNSToHost: false
+    kubePrism:
+      enabled: false
+  install:
+    wipe: true
+    legacyBIOSSupport: false
+    diskSelector:
+      type: ssd
+  kubelet:
+    extraArgs:
+      rotate-server-certificates: true
+    extraMounts:
+      - destination: /var/local/openebs
+        type: bind
+        source: /var/local/openebs
+        options:
+          - bind
+          - rshared
+          - rw
+  nodeLabels:
+    openebs.io/engine: mayastor
+  sysctls:
+    vm.nr_hugepages: "1024"
+  time:
+    disabled: false
+    servers:
+      - 192.168.1.11

talos/patches/mc-node00.yml

@@ -0,0 +1,15 @@
+---
+machine:
+  network:
+    hostname: node00.balsillie.house
+    nameservers:
+      - 192.168.1.11
+    interfaces:
+      - deviceSelector:
+          hardwareAddr: 'f4:4d:30:6e:62:a7'
+        dhcp: false
+        routes:
+          - network: 0.0.0.0/0
+            gateway: 192.168.1.11
+        addresses:
+          - 192.168.1.15/24

talos/patches/talos-cluster.yaml

@@ -1,22 +0,0 @@
----
-
-cluster:
-  allowSchedulingOnControlPlanes: true
-  controlPlane:
-    endpoint: https://cp00.balsillie.house:6443
-    localAPIServerPort: 6443
-  clusterName: cluster00.balsillie.house
-  extraManifests:
-    - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
-  network:
-    cni:
-      name: custom
-      urls:
-        - https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
-    dnsDomain: cluster00.balsillie.house
-    podSubnets:
-      - 10.64.0.0/12
-    serviceSubnets:
-      - 10.80.0.0/12
-  proxy:
-    disabled: true

talos/patches/talos-cluster.yml

@@ -0,0 +1,88 @@
+---
+cluster:
+  allowSchedulingOnControlPlanes: true
+  apiServer:
+    admissionControl:
+      - name: PodSecurity
+        configuration:
+          apiVersion: pod-security.admission.config.k8s.io/v1beta1
+          kind: PodSecurityConfiguration
+          exemptions:
+            namespaces:
+              - openebs
+              - democratic-csi
+  controlPlane:
+    endpoint: https://cp00.balsillie.house:6443
+    localAPIServerPort: 6443
+  clusterName: cluster00.balsillie.house
+  extraManifests:
+    - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
+    - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+    - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
+  inlineManifests:
+    - name: calico-installation
+      contents: |
+        apiVersion: operator.tigera.io/v1
+        kind: Installation
+        metadata:
+          name: default
+        spec:
+          variant: Calico
+          cni:
+            type: Calico
+            ipam:
+              type: Calico
+          serviceCIDRs:
+            - 10.80.0.0/12
+          calicoNetwork:
+            bgp: Enabled
+            linuxDataplane: Nftables
+            hostPorts: Enabled
+            ipPools:
+            - name: default-ipv4-ippool
+              blockSize: 24
+              cidr: 10.64.0.0/12
+              encapsulation: None
+              natOutgoing: Disabled
+              nodeSelector: all()
+    - name: calico-apiserver
+      contents: |
+        apiVersion: operator.tigera.io/v1
+        kind: APIServer
+        metadata:
+          name: default
+        spec: {}
+    - name: calico-bgpconfig
+      contents: |
+        apiVersion: crd.projectcalico.org/v1
+        kind: BGPConfiguration
+        metadata:
+          name: default
+        spec:
+          asNumber: 64624
+          serviceClusterIPs:
+          - cidr: 10.80.0.0/12
+    - name: calico-bgppeer
+      contents: |
+        apiVersion: crd.projectcalico.org/v1
+        kind: BGPPeer
+        metadata:
+          name: router-balsillie-house
+        spec:
+          asNumber: 64625
+          peerIP: 192.168.1.11:179
+  network:
+    cni:
+      name: custom
+      urls:
+        - https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
+    dnsDomain: cluster00.balsillie.house
+    podSubnets:
+      - 10.64.0.0/12
+    serviceSubnets:
+      - 10.80.0.0/12
+  proxy:
+    mode: nftables
+    disabled: false
+    extraArgs:
+      proxy-mode: nftables

talos/patches/talos-machine.yaml

@@ -1,35 +0,0 @@
----
-
-machine:
-  kubelet:
-    extraArgs:
-      rotate-server-certificates: true
-  network:
-    hostname: node00.balsillie.house
-    nameservers:
-      - 192.168.1.11
-    interfaces:
-      - deviceSelector:
-          hardwareAddr: 'f4:4d:30:6e:62:a7'
-        dhcp: false
-        routes:
-          - network: 0.0.0.0/0
-            gateway: 192.168.1.11
-        addresses:
-          - 192.168.1.15/24
-        vip:
-          ip: 192.168.1.14/24
-  features:
-    hostDNS:
-      enabled: true
-      forwardKubeDNSToHost: false
-  time:
-    disabled: false
-    servers:
-      - 192.168.1.11
-  install:
-    wipe: true
-    legacyBIOSSupport: false
-    diskSelector:
-      type: ssd
-