talos

2024-12-09 23:34:13 -05:00
parent 43fc89a966
commit 098f63fa5b
11 changed files with 277 additions and 144 deletions
--- a/talos/patches/talos-cluster.yml
+++ b/talos/patches/talos-cluster.yml
@ -0,0 +1,88 @@
+---
+cluster:
+  allowSchedulingOnControlPlanes: true
+  apiServer:
+    admissionControl:
+      - name: PodSecurity
+        configuration:
+          apiVersion: pod-security.admission.config.k8s.io/v1beta1
+          kind: PodSecurityConfiguration
+          exemptions:
+            namespaces:
+              - openebs
+              - democratic-csi
+  controlPlane:
+    endpoint: https://cp00.balsillie.house:6443
+    localAPIServerPort: 6443
+  clusterName: cluster00.balsillie.house
+  extraManifests:
+    - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
+    - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+    - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
+  inlineManifests:
+    - name: calico-installation
+      contents: |
+        apiVersion: operator.tigera.io/v1
+        kind: Installation
+        metadata:
+          name: default
+        spec:
+          variant: Calico
+          cni:
+            type: Calico
+            ipam:
+              type: Calico
+          serviceCIDRs:
+            - 10.80.0.0/12
+          calicoNetwork:
+            bgp: Enabled
+            linuxDataplane: Nftables
+            hostPorts: Enabled
+            ipPools:
+            - name: default-ipv4-ippool
+              blockSize: 24
+              cidr: 10.64.0.0/12
+              encapsulation: None
+              natOutgoing: Disabled
+              nodeSelector: all()
+    - name: calico-apiserver
+      contents: |
+        apiVersion: operator.tigera.io/v1
+        kind: APIServer
+        metadata:
+          name: default
+        spec: {}
+    - name: calico-bgpconfig
+      contents: |
+        apiVersion: crd.projectcalico.org/v1
+        kind: BGPConfiguration
+        metadata:
+          name: default
+        spec:
+          asNumber: 64624
+          serviceClusterIPs:
+          - cidr: 10.80.0.0/12
+    - name: calico-bgppeer
+      contents: |
+        apiVersion: crd.projectcalico.org/v1
+        kind: BGPPeer
+        metadata:
+          name: router-balsillie-house
+        spec:
+          asNumber: 64625
+          peerIP: 192.168.1.11:179
+  network:
+    cni:
+      name: custom
+      urls:
+        - https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
+    dnsDomain: cluster00.balsillie.house
+    podSubnets:
+      - 10.64.0.0/12
+    serviceSubnets:
+      - 10.80.0.0/12
+  proxy:
+    mode: nftables
+    disabled: false
+    extraArgs:
+      proxy-mode: nftables