Skip to content

Commit

Permalink
feat(clustertool): move file changes to talconfig for user accessabil…
Browse files Browse the repository at this point in the history 
…ity and enable local kube discovery service
  • Loading branch information
@PrivatePuffin
PrivatePuffin committed Oct 24, 2024
1 parent cbb3ba6 commit 2d388d3
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 38 deletions.
51 changes: 51 additions & 0 deletions clustertool/embed/generic/base/talos/talconfig.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ kubernetesVersion: v1.31.2
endpoint: https://${VIP}:6443
allowSchedulingOnControlPlanes: true
additionalMachineCertSans:
- 127.0.0.1
- ${VIP}
additionalApiServerCertSans:
- 127.0.0.1
- ${VIP}
# Warning: Also used in Cilium CNI values!
clusterPodNets:
Expand Down Expand Up @@ -54,6 +56,31 @@ controlPlane:
- siderolabs/util-linux-tools
- siderolabs/iscsi-tools
- siderolabs/qemu-guest-agent
machineFiles:
- content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
worker:
patches:
- '@./patches/worker.yaml'
Expand All @@ -68,3 +95,27 @@ worker:
- siderolabs/util-linux-tools
- siderolabs/iscsi-tools
- siderolabs/qemu-guest-agent
machineFiles:
- content: |
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
45 changes: 7 additions & 38 deletions clustertool/embed/generic/patches/all.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,42 +49,11 @@
fs.inotify.max_user_watches: "524288"
net.core.rmem_max: "2500000"
net.core.wmem_max: "2500000"

## TODO: Check how we can have this pass checks
# - op: add
# path: /machine/udev
# value:
# # Thunderbolt
# - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
# # Intel GPU
# - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
# # Google Coral USB Accelerator
# - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660"
# - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660"

- op: add
path: /machine/files
- op: replace
path: /cluster/discovery/registries/kubernetes
value:
disabled: false
- op: replace
path: /cluster/discovery/registries/service
value:
- content: |-
[plugins."io.containerd.grpc.v1.cri"]
enable_unprivileged_ports = true
enable_unprivileged_icmp = true
[plugins."io.containerd.grpc.v1.cri".containerd]
discard_unpacked_layers = false
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
discard_unpacked_layers = false
permissions: 0
path: /etc/cri/conf.d/20-customization.part
op: create
- content: |-
[ NFSMount_Global_Options ]
nfsvers=4.2
hard=True
noatime=True
nodiratime=True
rsize=131072
wsize=131072
nconnect=8
permissions: 420
path: /etc/nfsmount.conf
op: overwrite
disabled: false

0 comments on commit 2d388d3

Please sign in to comment.