--- cluster: allowSchedulingOnControlPlanes: true apiServer: admissionControl: - name: PodSecurity configuration: apiVersion: pod-security.admission.config.k8s.io/v1beta1 kind: PodSecurityConfiguration exemptions: namespaces: - openebs - democratic-csi controlPlane: endpoint: https://cp00.balsillie.house:6443 localAPIServerPort: 6443 clusterName: cluster00.balsillie.house extraManifests: - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml inlineManifests: - name: calico-installation contents: | apiVersion: operator.tigera.io/v1 kind: Installation metadata: name: default spec: variant: Calico cni: type: Calico ipam: type: Calico serviceCIDRs: - 10.80.0.0/12 calicoNetwork: bgp: Enabled linuxDataplane: Nftables hostPorts: Enabled ipPools: - name: default-ipv4-ippool blockSize: 24 cidr: 10.64.0.0/12 encapsulation: None natOutgoing: Disabled nodeSelector: all() - name: calico-apiserver contents: | apiVersion: operator.tigera.io/v1 kind: APIServer metadata: name: default spec: {} - name: calico-bgpconfig contents: | apiVersion: crd.projectcalico.org/v1 kind: BGPConfiguration metadata: name: default spec: asNumber: 64624 serviceClusterIPs: - cidr: 10.80.0.0/12 - name: calico-bgppeer contents: | apiVersion: crd.projectcalico.org/v1 kind: BGPPeer metadata: name: router-balsillie-house spec: asNumber: 64625 peerIP: 192.168.1.11:179 network: cni: name: custom urls: - https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml dnsDomain: cluster00.balsillie.house podSubnets: - 10.64.0.0/12 serviceSubnets: - 10.80.0.0/12 proxy: mode: nftables disabled: false extraArgs: proxy-mode: nftables