scottk/terraform-talos
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/terraform-talos.git synced 2025-10-29 01:22:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4797ae621006411c33ec9f30a72192a2702dc1c9
terraform-talos/hetzner/templates/controlplane.yaml.tpl
Serge Logvinov 4797ae6210 scale down fixes
2024-08-16 12:09:29 +03:00

133 lines
3.9 KiB
Smarty
Raw Blame History

machine:
certSANs:
- "${lbv4}"
- "${lbv6}"
- "${lbv4_local}"
- "${ipv4_local}"
- "${ipv4_vip}"
- "${apiDomain}"
kubelet:
image: ghcr.io/siderolabs/kubelet:${version}
extraArgs:
rotate-server-certificates: true
clusterDNS:
- 169.254.2.53
- ${cidrhost(split(",",serviceSubnets)[0], 10)}
nodeIP:
validSubnets: ${format("%#v",split(",",nodeSubnets))}
network:
hostname: ${name}
interfaces:
- interface: eth0
dhcp: true
vip:
ip: ${lbv4}
hcloud:
apiToken: ${hcloud_token}
- interface: eth1
dhcp: true
vip:
ip: ${ipv4_vip}
hcloud:
apiToken: ${hcloud_token}
- interface: dummy0
addresses:
- 169.254.2.53/32
extraHostEntries:
- ip: 127.0.0.1
aliases:
- ${apiDomain}
sysctls:
net.core.somaxconn: 65535
net.core.netdev_max_backlog: 4096
systemDiskEncryption:
state:
provider: luks2
options:
- no_read_workqueue
- no_write_workqueue
keys:
- nodeID: {}
slot: 0
ephemeral:
provider: luks2
options:
- no_read_workqueue
- no_write_workqueue
keys:
- nodeID: {}
slot: 0
features:
kubernetesTalosAPIAccess:
enabled: true
allowedRoles:
- os:reader
allowedKubernetesNamespaces:
- kube-system
cluster:
adminKubeconfig:
certLifetime: 48h0m0s
controlPlane:
endpoint: https://${apiDomain}:6443
discovery:
enabled: false
network:
dnsDomain: ${domain}
podSubnets: ${format("%#v",split(",",podSubnets))}
serviceSubnets: ${format("%#v",split(",",serviceSubnets))}
cni:
name: custom
urls:
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/cilium-result.yaml
proxy:
disabled: true
apiServer:
image: registry.k8s.io/kube-apiserver:${version}
certSANs:
- "${lbv4}"
- "${lbv6}"
- "${lbv4_local}"
- "${ipv4_local}"
- "${ipv4_vip}"
- "${apiDomain}"
controllerManager:
image: registry.k8s.io/kube-controller-manager:${version}
extraArgs:
controllers: "*,tokencleaner,-node-ipam-controller"
node-cidr-mask-size-ipv4: "24"
node-cidr-mask-size-ipv6: "80"
scheduler:
image: registry.k8s.io/kube-scheduler:${version}
etcd:
advertisedSubnets:
- ${nodeSubnets}
listenSubnets:
- ${nodeSubnets}
inlineManifests:
- name: hcloud-secret
contents: |-
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: hcloud
namespace: kube-system
data:
network: ${base64encode(hcloud_network)}
token: ${base64encode(hcloud_token)}
user: ${base64encode(robot_user)}
password: ${base64encode(robot_password)}
sshkey: ${base64encode(hcloud_sshkey)}
image: ${base64encode(hcloud_image)}
init: ${base64encode(hcloud_init)}
externalCloudProvider:
enabled: true
manifests:
# - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/hetzner/deployments/talos-cloud-controller-manager-result.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/hetzner/deployments/hcloud-cloud-controller-manager-result.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/local-path-storage-ns.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/local-path-storage-result.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/coredns-local.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/ingress-ns.yaml
- https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/_deployments/vars/ingress-result.yaml
Reference in New Issue View Git Blame Copy Permalink