binaryn3xus/gist:612b0f8cf4954048eb4983cd4ca74219

## gistfile1.txt
# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
---
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
talosVersion: v1.6.6
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: v1.29.2

clusterName: &cluster home-kubernetes
endpoint: https://10.0.30.30:6443
clusterPodNets:
  - "10.69.0.0/16"
clusterSvcNets:
  - "10.96.0.0/16"
additionalApiServerCertSans: &sans
  - "10.0.30.30"
  - 127.0.0.1 # KubePrism
additionalMachineCertSans: *sans
cniConfig:
  name: none

nodes:
  - hostname: "fleetcom-node1"
    ipAddress: "10.0.30.11"
    installDiskSelector:
      serial: "S6PXNM0TA06773Z"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: b8:85:84:ad:fc:89
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node2"
    ipAddress: "10.0.30.12"
    installDiskSelector:
      serial: "S6PXNM0TB56304Y"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: b8:85:84:bf:db:f3
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node3"
    ipAddress: "10.0.30.13"
    installDiskSelector:
      serial: "224002803991"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: 14:b3:1f:28:a6:b4
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node4"
    ipAddress: "10.0.30.14"
    installDiskSelector:
      serial: "173802800239"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: ac:e2:d3:17:9d:0e
        mtu: 1500
        dhcp: true
  - hostname: "fleetcom-node5"
    ipAddress: "10.0.30.15"
    installDiskSelector:
      serial: "UFZMV01D18859J"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: ac:e2:d3:0d:48:71
        mtu: 1500
        dhcp: true
  - hostname: "fleetcom-node6"
    ipAddress: "10.0.30.16"
    installDiskSelector:
      serial: "14440F62970"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: 6c:2b:59:eb:e3:be
        mtu: 1500
        dhcp: true

patches:
  # Configure containerd
  - |-
    machine:
      files:
        - op: create
          path: /etc/cri/conf.d/20-customization.part
          content: |-
            [plugins."io.containerd.grpc.v1.cri"]
              enable_unprivileged_ports = true
              enable_unprivileged_icmp = true
            [plugins."io.containerd.grpc.v1.cri".containerd]
              discard_unpacked_layers = false
            [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
              discard_unpacked_layers = false

  # Enable cluster discovery
  - |-
    cluster:
      discovery:
        registries:
          kubernetes:
            disabled: false
          service:
            disabled: false

  # Configure kubelet
  - |-
    machine:
      kubelet:
        extraArgs:
          image-gc-low-threshold: 50
          image-gc-high-threshold: 55
          rotate-server-certificates: true
        nodeIP:
          validSubnets:
            - "10.0.30.0/24"

  # Force nameserver
  - |-
    machine:
      network:
        nameservers:
          - 10.0.254.6

  # Configure NTP
  - |-
    machine:
      time:
        disabled: false
        servers:
          - 10.0.10.1

  # Custom sysctl settings
  - |-
    machine:
      sysctls:
        fs.inotify.max_queued_events: 65536
        fs.inotify.max_user_watches: 524288
        fs.inotify.max_user_instances: 8192

  # Mount openebs-hostpath in kubelet
  - |-
    machine:
      kubelet:
        extraMounts:
          - destination: /var/openebs/local
            type: bind
            source: /var/openebs/local
            options:
              - bind
              - rshared
              - rw


controlPlane:
  patches:
    # Cluster configuration
    - |-
      cluster:
        allowSchedulingOnMasters: true
        controllerManager:
          extraArgs:
            bind-address: 0.0.0.0
        proxy:
          disabled: true
        scheduler:
          extraArgs:
            bind-address: 0.0.0.0

    # ETCD configuration
    - |-
      cluster:
        etcd:
          extraArgs:
            listen-metrics-urls: http://0.0.0.0:2381
          advertisedSubnets:
            - "10.0.30.0/24"

    # Disable default API server admission plugins.
    - |-
      - op: remove
        path: /cluster/apiServer/admissionControl

    # Enable K8s Talos API Access
    - |-
      machine:
        features:
          kubernetesTalosAPIAccess:
            enabled: true
            allowedRoles:
              - os:admin
            allowedKubernetesNamespaces:
              - system-upgrade
	# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
	---
	# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
	talosVersion: v1.6.6
	# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
	kubernetesVersion: v1.29.2

	clusterName: &cluster home-kubernetes
	endpoint: https://10.0.30.30:6443
	clusterPodNets:
	- "10.69.0.0/16"
	clusterSvcNets:
	- "10.96.0.0/16"
	additionalApiServerCertSans: &sans
	- "10.0.30.30"
	- 127.0.0.1 # KubePrism
	additionalMachineCertSans: *sans
	cniConfig:
	name: none

	nodes:
	- hostname: "fleetcom-node1"
	ipAddress: "10.0.30.11"
	installDiskSelector:
	serial: "S6PXNM0TA06773Z"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: true
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: b8:85:84:ad:fc:89
	mtu: 1500
	dhcp: true
	vip:
	ip: 10.0.30.30
	- hostname: "fleetcom-node2"
	ipAddress: "10.0.30.12"
	installDiskSelector:
	serial: "S6PXNM0TB56304Y"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: true
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: b8:85:84:bf:db:f3
	mtu: 1500
	dhcp: true
	vip:
	ip: 10.0.30.30
	- hostname: "fleetcom-node3"
	ipAddress: "10.0.30.13"
	installDiskSelector:
	serial: "224002803991"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: true
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: 14:b3:1f:28:a6:b4
	mtu: 1500
	dhcp: true
	vip:
	ip: 10.0.30.30
	- hostname: "fleetcom-node4"
	ipAddress: "10.0.30.14"
	installDiskSelector:
	serial: "173802800239"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: false
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: ac:e2:d3:17:9d:0e
	mtu: 1500
	dhcp: true
	- hostname: "fleetcom-node5"
	ipAddress: "10.0.30.15"
	installDiskSelector:
	serial: "UFZMV01D18859J"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: false
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: ac:e2:d3:0d:48:71
	mtu: 1500
	dhcp: true
	- hostname: "fleetcom-node6"
	ipAddress: "10.0.30.16"
	installDiskSelector:
	serial: "14440F62970"
	talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
	controlPlane: false
	networkInterfaces:
	- deviceSelector:
	hardwareAddr: 6c:2b:59:eb:e3:be
	mtu: 1500
	dhcp: true

	patches:
	# Configure containerd
	- \|-
	machine:
	files:
	- op: create
	path: /etc/cri/conf.d/20-customization.part
	content: \|-
	[plugins."io.containerd.grpc.v1.cri"]
	enable_unprivileged_ports = true
	enable_unprivileged_icmp = true
	[plugins."io.containerd.grpc.v1.cri".containerd]
	discard_unpacked_layers = false
	[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
	discard_unpacked_layers = false

	# Enable cluster discovery
	- \|-
	cluster:
	discovery:
	registries:
	kubernetes:
	disabled: false
	service:
	disabled: false

	# Configure kubelet
	- \|-
	machine:
	kubelet:
	extraArgs:
	image-gc-low-threshold: 50
	image-gc-high-threshold: 55
	rotate-server-certificates: true
	nodeIP:
	validSubnets:
	- "10.0.30.0/24"

	# Force nameserver
	- \|-
	machine:
	network:
	nameservers:
	- 10.0.254.6

	# Configure NTP
	- \|-
	machine:
	time:
	disabled: false
	servers:
	- 10.0.10.1

	# Custom sysctl settings
	- \|-
	machine:
	sysctls:
	fs.inotify.max_queued_events: 65536
	fs.inotify.max_user_watches: 524288
	fs.inotify.max_user_instances: 8192

	# Mount openebs-hostpath in kubelet
	- \|-
	machine:
	kubelet:
	extraMounts:
	- destination: /var/openebs/local
	type: bind
	source: /var/openebs/local
	options:
	- bind
	- rshared
	- rw


	controlPlane:
	patches:
	# Cluster configuration
	- \|-
	cluster:
	allowSchedulingOnMasters: true
	controllerManager:
	extraArgs:
	bind-address: 0.0.0.0
	proxy:
	disabled: true
	scheduler:
	extraArgs:
	bind-address: 0.0.0.0

	# ETCD configuration
	- \|-
	cluster:
	etcd:
	extraArgs:
	listen-metrics-urls: http://0.0.0.0:2381
	advertisedSubnets:
	- "10.0.30.0/24"

	# Disable default API server admission plugins.
	- \|-
	- op: remove
	path: /cluster/apiServer/admissionControl

	# Enable K8s Talos API Access
	- \|-
	machine:
	features:
	kubernetesTalosAPIAccess:
	enabled: true
	allowedRoles:
	- os:admin
	allowedKubernetesNamespaces:
	- system-upgrade