talos

talos/rendered/controlplane.yaml

@@ -22,6 +22,16 @@ machine:
         # The `extraArgs` field is used to provide additional flags to the kubelet.
         extraArgs:
             rotate-server-certificates: "true"
+        # The `extraMounts` field is used to add additional mounts to the kubelet container.
+        extraMounts:
+            - destination: /var/local/openebs # Destination is the absolute path where the mount will be placed in the container.
+              type: bind # Type specifies the mount kind.
+              source: /var/local/openebs # Source specifies the source path of the mount.
+              # Options are fstab style mount options.
+              options:
+                - bind
+                - rshared
+                - rw
         defaultRuntimeSeccompProfileEnabled: true # Enable container runtime default Seccomp profile.
         disableManifestsDirectory: true # The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory.
         
@@ -30,17 +40,6 @@ machine:
         #     - 10.96.0.10
         #     - 169.254.2.53
 
-        # # The `extraMounts` field is used to add additional mounts to the kubelet container.
-        # extraMounts:
-        #     - destination: /var/lib/example # Destination is the absolute path where the mount will be placed in the container.
-        #       type: bind # Type specifies the mount kind.
-        #       source: /var/lib/example # Source specifies the source path of the mount.
-        #       # Options are fstab style mount options.
-        #       options:
-        #         - bind
-        #         - rshared
-        #         - rw
-
         # # The `extraConfig` field is used to provide kubelet configuration overrides.
         # extraConfig:
         #     serverTLSBootstrap: true
@@ -197,6 +196,9 @@ machine:
         # description: |
         servers:
             - 192.168.1.11
+    # Used to configure the machine's sysctls.
+    sysctls:
+        vm.nr_hugepages: "1024"
     # Used to configure the machine's container image registry mirrors.
     registries: {}
     # # Specifies mirror configuration for each registry host namespace.
@@ -232,7 +234,7 @@ machine:
         diskQuotaSupport: true # Enable XFS project quota support for EPHEMERAL partition and user disks.
         # KubePrism - local proxy/load balancer on defined port that will distribute
         kubePrism:
-            enabled: true # Enable KubePrism support - will start local load balancing proxy.
+            enabled: false # Enable KubePrism support - will start local load balancing proxy.
             port: 7445 # KubePrism port.
         # Configures host DNS caching resolver.
         hostDNS:
@@ -251,6 +253,7 @@ machine:
     # Configures the node labels for the machine.
     nodeLabels:
         node.kubernetes.io/exclude-from-external-load-balancers: ""
+        openebs.io/engine: mayastor
     
     # # Provides machine specific control plane configuration options.
 
@@ -314,14 +317,6 @@ machine:
     # env:
     #     https_proxy: http://DOMAIN\USERNAME:PASSWORD@SERVER:PORT/
 
-    # # Used to configure the machine's sysctls.
-
-    # # MachineSysctls usage example.
-    # sysctls:
-    #     kernel.domainname: talos.dev
-    #     net.ipv4.ip_forward: "0"
-    #     net/ipv6/conf/eth0.100/disable_ipv6: "1"
-
     # # Used to configure the machine's sysfs.
 
     # # MachineSysfs usage example.
@@ -440,7 +435,7 @@ cluster:
             - name: PodSecurity # Name is the name of the admission controller.
               # Configuration is an embedded configuration object to be used as the plugin's
               configuration:
-                apiVersion: pod-security.admission.config.k8s.io/v1alpha1
+                apiVersion: pod-security.admission.config.k8s.io/v1beta1
                 defaults:
                     audit: restricted
                     audit-version: latest
@@ -451,6 +446,8 @@ cluster:
                 exemptions:
                     namespaces:
                         - kube-system
+                        - openebs
+                        - democratic-csi
                     runtimeClasses: []
                     usernames: []
                 kind: PodSecurityConfiguration
@@ -503,6 +500,7 @@ cluster:
     extraManifests:
         - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
         - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+        - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
     # A list of inline Kubernetes manifests.
     inlineManifests:
         - name: calico-installation # Name of the manifest.
@@ -537,6 +535,25 @@ cluster:
             metadata:
               name: default
             spec: {}
+        - name: calico-bgpconfig # Name of the manifest.
+          contents: | # Manifest contents as a string.
+            apiVersion: crd.projectcalico.org/v1
+            kind: BGPConfiguration
+            metadata:
+              name: default
+            spec:
+              asNumber: 64624
+              serviceClusterIPs:
+              - cidr: 10.80.0.0/12
+        - name: calico-bgppeer # Name of the manifest.
+          contents: | # Manifest contents as a string.
+            apiVersion: crd.projectcalico.org/v1
+            kind: BGPPeer
+            metadata:
+              name: router-balsillie-house
+            spec:
+              asNumber: 64625
+              peerIP: 192.168.1.11:179
     allowSchedulingOnControlPlanes: true # Allows running workload on control-plane nodes.
     
     # # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).