michael/IaC
1
0
Fork 0
Code Packages Activity

talos

Browse Source
This commit is contained in:
=
2024-12-09 23:34:13 -05:00
parent 43fc89a966
commit 098f63fa5b
11 changed files with 277 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

123
talos/rendered/worker.yaml
View File

@ -22,6 +22,16 @@ machine:
# The `extraArgs` field is used to provide additional flags to the kubelet.
extraArgs:
rotate-server-certificates: "true"
# The `extraMounts` field is used to add additional mounts to the kubelet container.
extraMounts:
- destination: /var/local/openebs # Destination is the absolute path where the mount will be placed in the container.
type: bind # Type specifies the mount kind.
source: /var/local/openebs # Source specifies the source path of the mount.
# Options are fstab style mount options.
options:
- bind
- rshared
- rw
defaultRuntimeSeccompProfileEnabled: true # Enable container runtime default Seccomp profile.
disableManifestsDirectory: true # The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory.
@ -30,17 +40,6 @@ machine:
# - 10.96.0.10
# - 169.254.2.53
# # The `extraMounts` field is used to add additional mounts to the kubelet container.
# extraMounts:
# - destination: /var/lib/example # Destination is the absolute path where the mount will be placed in the container.
# type: bind # Type specifies the mount kind.
# source: /var/lib/example # Source specifies the source path of the mount.
# # Options are fstab style mount options.
# options:
# - bind
# - rshared
# - rw
# # The `extraConfig` field is used to provide kubelet configuration overrides.
# extraConfig:
# serverTLSBootstrap: true
@ -197,6 +196,9 @@ machine:
# description: |
servers:
- 192.168.1.11
# Used to configure the machine's sysctls.
sysctls:
vm.nr_hugepages: "1024"
# Used to configure the machine's container image registry mirrors.
registries: {}
# # Specifies mirror configuration for each registry host namespace.
@ -232,7 +234,7 @@ machine:
diskQuotaSupport: true # Enable XFS project quota support for EPHEMERAL partition and user disks.
# KubePrism - local proxy/load balancer on defined port that will distribute
kubePrism:
enabled: true # Enable KubePrism support - will start local load balancing proxy.
enabled: false # Enable KubePrism support - will start local load balancing proxy.
port: 7445 # KubePrism port.
# Configures host DNS caching resolver.
hostDNS:
@ -248,6 +250,9 @@ machine:
# # The list of Kubernetes namespaces Talos API access is available from.
# allowedKubernetesNamespaces:
# - kube-system
# Configures the node labels for the machine.
nodeLabels:
openebs.io/engine: mayastor
# # Provides machine specific control plane configuration options.
@ -311,14 +316,6 @@ machine:
# env:
# https_proxy: http://DOMAIN\USERNAME:PASSWORD@SERVER:PORT/
# # Used to configure the machine's sysctls.
# # MachineSysctls usage example.
# sysctls:
# kernel.domainname: talos.dev
# net.ipv4.ip_forward: "0"
# net/ipv6/conf/eth0.100/disable_ipv6: "1"
# # Used to configure the machine's sysfs.
# # MachineSysfs usage example.
@ -377,12 +374,6 @@ machine:
# value:
# defaultAction: SCMP_ACT_LOG
# # Configures the node labels for the machine.
# # node labels example.
# nodeLabels:
# exampleLabel: exampleLabelValue
# # Configures the node annotations for the machine.
# # node annotations example.
@ -423,6 +414,29 @@ cluster:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpekNDQVRDZ0F3SUJBZ0lSQVBoRnFMK05xZ3JWSnprWkJUOUliSUl3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREV5TURReE9ESXlNRFZhRncwek5ERXlNREl4T0RJeQpNRFZhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVFMbS8vMjJTVWp5elFFMVhzSEY3dGpWR1plME9UQnNTWUE1VjdxSkFEaWlNZEhRL1pnZTlpMGY4SzkKbzI2UmFxazBXaXdaMmVxUWo2bzhOMWN6Mmdwd28yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGQkgvbkVibWgwWFg4aGhaSWI4L0JLRjZYMUN6TUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDSVFEcGdrQkoKN2wzMlpjQmZXYlNzMEd3UU1FSWtjQjBlSXhOMDVtbjZVYlFHUEFJaEFJZlY1MG43Qi9nT1dtYjFVSExPNUMwTgpwaTFwS0lGU0p3aWFwYkxFeGYzOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
# API server specific configuration options.
apiServer:
# Configure the API server admission plugins.
admissionControl:
- name: PodSecurity # Name is the name of the admission controller.
# Configuration is an embedded configuration object to be used as the plugin's
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1beta1
exemptions:
namespaces:
- openebs
- democratic-csi
kind: PodSecurityConfiguration
# # The container image used in the API server manifest.
# image: registry.k8s.io/kube-apiserver:v1.31.2
# # Configure the API server audit policy.
# auditPolicy:
# apiVersion: audit.k8s.io/v1
# kind: Policy
# rules:
# - level: Metadata
# Kube-proxy server-specific configuration options
proxy:
disabled: false # Disable kube-proxy deployment on cluster bootstrap.
@ -449,6 +463,7 @@ cluster:
extraManifests:
- https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
- https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
# A list of inline Kubernetes manifests.
inlineManifests:
- name: calico-installation # Name of the manifest.
@ -483,6 +498,25 @@ cluster:
metadata:
name: default
spec: {}
- name: calico-bgpconfig # Name of the manifest.
contents: | # Manifest contents as a string.
apiVersion: crd.projectcalico.org/v1
kind: BGPConfiguration
metadata:
name: default
spec:
asNumber: 64624
serviceClusterIPs:
- cidr: 10.80.0.0/12
- name: calico-bgppeer # Name of the manifest.
contents: | # Manifest contents as a string.
apiVersion: crd.projectcalico.org/v1
kind: BGPPeer
metadata:
name: router-balsillie-house
spec:
asNumber: 64625
peerIP: 192.168.1.11:179
allowSchedulingOnControlPlanes: true # Allows running workload on control-plane nodes.
# # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
@ -508,43 +542,6 @@ cluster:
# serviceAccount:
# key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
# # API server specific configuration options.
# apiServer:
# image: registry.k8s.io/kube-apiserver:v1.31.2 # The container image used in the API server manifest.
# # Extra arguments to supply to the API server.
# extraArgs:
# feature-gates: ServerSideApply=true
# http2-max-streams-per-connection: "32"
# # Extra certificate subject alternative names for the API server's certificate.
# certSANs:
# - 1.2.3.4
# - 4.5.6.7
# # Configure the API server admission plugins.
# admissionControl:
# - name: PodSecurity # Name is the name of the admission controller.
# # Configuration is an embedded configuration object to be used as the plugin's
# configuration:
# apiVersion: pod-security.admission.config.k8s.io/v1alpha1
# defaults:
# audit: restricted
# audit-version: latest
# enforce: baseline
# enforce-version: latest
# warn: restricted
# warn-version: latest
# exemptions:
# namespaces:
# - kube-system
# runtimeClasses: []
# usernames: []
# kind: PodSecurityConfiguration
# # Configure the API server audit policy.
# auditPolicy:
# apiVersion: audit.k8s.io/v1
# kind: Policy
# rules:
# - level: Metadata
# # Controller manager server specific configuration options.
# controllerManager:
# image: registry.k8s.io/kube-controller-manager:v1.31.2 # The container image used in the controller manager manifest.