Skip to content

Commit

Permalink
feat(talos): update talos configs
Browse files Browse the repository at this point in the history
Signed-off-by: Devin Buhl <[email protected]>
  • Loading branch information
onedr0p committed Oct 28, 2024
1 parent b3982c0 commit d00540a
Show file tree
Hide file tree
Showing 6 changed files with 177 additions and 114 deletions.
55 changes: 36 additions & 19 deletions kubernetes/main/talos/k8s-0.sops.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,7 @@ machine:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
options: ["bind", "rshared", "rw"]
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
Expand All @@ -41,40 +38,47 @@ machine:
diskSelector:
model: Samsung SSD 870
extraKernelArgs:
- cpufreq.default_governor=performance
- intel_pstate=disable
- mitigations=off
- module_blacklist=e1000e
image: factory.talos.dev/installer/d715f723f882b1e1e8063f1b89f237dcc0e3bd000f9f970243af59c8baae0100:{{ ENV.TALOS_VERSION }}
wipe: false
files:
- content: |
- op: create
path: /etc/cri/conf.d/20-customization.part
content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
- op: overwrite
path: /etc/nfsmount.conf
permissions: 0o644
content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
net.core.rmem_max: "7500000"
net.core.wmem_max: "7500000"
fs.inotify.max_user_watches: 1048576
fs.inotify.max_user_instances: 8192
net.core.netdev_max_backlog: 30000
net.core.rmem_max: 67108864
net.core.wmem_max: 67108864
net.ipv4.tcp_rmem: 4096 87380 33554432
net.ipv4.tcp_wmem: 4096 65536 33554432
net.ipv4.tcp_tw_reuse: 1
net.ipv4.tcp_window_scaling: 1
sysfs:
block.nvme0n1.queue.scheduler: none
devices.system.cpu.cpufreq.boost: 0
features:
rbac: true
stableHostname: true
Expand All @@ -92,7 +96,7 @@ machine:
hostDNS:
enabled: true
resolveMemberNames: true
forwardKubeDNSToHost: false
forwardKubeDNSToHost: false # Incompatible with Cilium bpf masquerade
udev:
rules:
# Thunderbolt
Expand Down Expand Up @@ -152,6 +156,19 @@ cluster:
image: registry.k8s.io/kube-scheduler:{{ ENV.KUBERNETES_VERSION }}
extraArgs:
bind-address: 0.0.0.0
config:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
profiles:
- schedulerName: default-scheduler
pluginConfig:
- name: PodTopologySpread
args:
defaultingType: List
defaultConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
discovery:
enabled: true
registries:
Expand Down
55 changes: 36 additions & 19 deletions kubernetes/main/talos/k8s-1.sops.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,7 @@ machine:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
options: ["bind", "rshared", "rw"]
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
Expand All @@ -41,40 +38,47 @@ machine:
diskSelector:
model: Samsung SSD 870
extraKernelArgs:
- cpufreq.default_governor=performance
- intel_pstate=disable
- mitigations=off
- module_blacklist=e1000e
image: factory.talos.dev/installer/d715f723f882b1e1e8063f1b89f237dcc0e3bd000f9f970243af59c8baae0100:{{ ENV.TALOS_VERSION }}
wipe: false
files:
- content: |
- op: create
path: /etc/cri/conf.d/20-customization.part
content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
- op: overwrite
path: /etc/nfsmount.conf
permissions: 0o644
content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
net.core.rmem_max: "7500000"
net.core.wmem_max: "7500000"
fs.inotify.max_user_watches: 1048576
fs.inotify.max_user_instances: 8192
net.core.netdev_max_backlog: 30000
net.core.rmem_max: 67108864
net.core.wmem_max: 67108864
net.ipv4.tcp_rmem: 4096 87380 33554432
net.ipv4.tcp_wmem: 4096 65536 33554432
net.ipv4.tcp_tw_reuse: 1
net.ipv4.tcp_window_scaling: 1
sysfs:
block.nvme0n1.queue.scheduler: none
devices.system.cpu.cpufreq.boost: 0
features:
rbac: true
stableHostname: true
Expand All @@ -92,7 +96,7 @@ machine:
hostDNS:
enabled: true
resolveMemberNames: true
forwardKubeDNSToHost: false
forwardKubeDNSToHost: false # Incompatible with Cilium bpf masquerade
udev:
rules:
# Thunderbolt
Expand Down Expand Up @@ -152,6 +156,19 @@ cluster:
image: registry.k8s.io/kube-scheduler:{{ ENV.KUBERNETES_VERSION }}
extraArgs:
bind-address: 0.0.0.0
config:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
profiles:
- schedulerName: default-scheduler
pluginConfig:
- name: PodTopologySpread
args:
defaultingType: List
defaultConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
discovery:
enabled: true
registries:
Expand Down
55 changes: 36 additions & 19 deletions kubernetes/main/talos/k8s-2.sops.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,7 @@ machine:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
options: ["bind", "rshared", "rw"]
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
Expand All @@ -41,40 +38,47 @@ machine:
diskSelector:
model: Samsung SSD 870
extraKernelArgs:
- cpufreq.default_governor=performance
- intel_pstate=disable
- mitigations=off
- module_blacklist=e1000e
image: factory.talos.dev/installer/d715f723f882b1e1e8063f1b89f237dcc0e3bd000f9f970243af59c8baae0100:{{ ENV.TALOS_VERSION }}
wipe: false
files:
- content: |
- op: create
path: /etc/cri/conf.d/20-customization.part
content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
- op: overwrite
path: /etc/nfsmount.conf
permissions: 0o644
content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
net.core.rmem_max: "7500000"
net.core.wmem_max: "7500000"
fs.inotify.max_user_watches: 1048576
fs.inotify.max_user_instances: 8192
net.core.netdev_max_backlog: 30000
net.core.rmem_max: 67108864
net.core.wmem_max: 67108864
net.ipv4.tcp_rmem: 4096 87380 33554432
net.ipv4.tcp_wmem: 4096 65536 33554432
net.ipv4.tcp_tw_reuse: 1
net.ipv4.tcp_window_scaling: 1
sysfs:
block.nvme0n1.queue.scheduler: none
devices.system.cpu.cpufreq.boost: 0
features:
rbac: true
stableHostname: true
Expand All @@ -92,7 +96,7 @@ machine:
hostDNS:
enabled: true
resolveMemberNames: true
forwardKubeDNSToHost: false
forwardKubeDNSToHost: false # Incompatible with Cilium bpf masquerade
udev:
rules:
# Thunderbolt
Expand Down Expand Up @@ -152,6 +156,19 @@ cluster:
image: registry.k8s.io/kube-scheduler:{{ ENV.KUBERNETES_VERSION }}
extraArgs:
bind-address: 0.0.0.0
config:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
profiles:
- schedulerName: default-scheduler
pluginConfig:
- name: PodTopologySpread
args:
defaultingType: List
defaultConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
discovery:
enabled: true
registries:
Expand Down
42 changes: 23 additions & 19 deletions kubernetes/main/talos/k8s-3.sops.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,7 @@ machine:
- destination: /var/openebs/local
type: bind
source: /var/openebs/local
options:
- bind
- rshared
- rw
options: ["bind", "rshared", "rw"]
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
Expand All @@ -39,40 +36,47 @@ machine:
diskSelector:
model: Samsung SSD 870
extraKernelArgs:
- cpufreq.default_governor=performance
- intel_pstate=disable
- mitigations=off
- module_blacklist=e1000e
image: factory.talos.dev/installer/d715f723f882b1e1e8063f1b89f237dcc0e3bd000f9f970243af59c8baae0100:{{ ENV.TALOS_VERSION }}
wipe: false
files:
- content: |
- op: create
path: /etc/cri/conf.d/20-customization.part
content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
- op: overwrite
path: /etc/nfsmount.conf
permissions: 0o644
content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
sysctls:
fs.inotify.max_queued_events: "65536"
fs.inotify.max_user_instances: "8192"
fs.inotify.max_user_watches: "524288"
net.core.rmem_max: "7500000"
net.core.wmem_max: "7500000"
fs.inotify.max_user_watches: 1048576
fs.inotify.max_user_instances: 8192
net.core.netdev_max_backlog: 30000
net.core.rmem_max: 67108864
net.core.wmem_max: 67108864
net.ipv4.tcp_rmem: 4096 87380 33554432
net.ipv4.tcp_wmem: 4096 65536 33554432
net.ipv4.tcp_tw_reuse: 1
net.ipv4.tcp_window_scaling: 1
sysfs:
block.nvme0n1.queue.scheduler: none
devices.system.cpu.cpufreq.boost: 0
features:
rbac: true
stableHostname: true
Expand All @@ -84,7 +88,7 @@ machine:
hostDNS:
enabled: true
resolveMemberNames: true
forwardKubeDNSToHost: false
forwardKubeDNSToHost: false # Incompatible with Cilium bpf masquerade
udev:
rules:
# Thunderbolt
Expand Down
Loading

0 comments on commit d00540a

Please sign in to comment.