From f0dad1e0333243a66db2b70a195dc131d844f243 Mon Sep 17 00:00:00 2001 From: William P Date: Sat, 13 Dec 2025 12:48:56 -0500 Subject: [PATCH] create omni cluster template --- omni/cluster.yaml | 289 ++++++++++++++++++++++++++ omni/controlplane.yaml | 5 + omni/machine/weyma-talos-cp01.yaml | 16 ++ omni/machine/weyma-talos-cp02.yaml | 13 ++ omni/machine/weyma-talos-cp04.yaml | 14 ++ omni/machine/weyma-talos-testw01.yaml | 30 +++ omni/machine/weyma-talos-testw04.yaml | 25 +++ omni/machine/weyma-talos-testw05.yaml | 24 +++ omni/machine/weyma-talos-w02.yaml | 25 +++ omni/machine/weyma-talos-w03.yaml | 27 +++ omni/workers.yaml | 7 + 11 files changed, 475 insertions(+) create mode 100644 omni/cluster.yaml create mode 100644 omni/controlplane.yaml create mode 100644 omni/machine/weyma-talos-cp01.yaml create mode 100644 omni/machine/weyma-talos-cp02.yaml create mode 100644 omni/machine/weyma-talos-cp04.yaml create mode 100644 omni/machine/weyma-talos-testw01.yaml create mode 100644 omni/machine/weyma-talos-testw04.yaml create mode 100644 omni/machine/weyma-talos-testw05.yaml create mode 100644 omni/machine/weyma-talos-w02.yaml create mode 100644 omni/machine/weyma-talos-w03.yaml create mode 100644 omni/workers.yaml diff --git a/omni/cluster.yaml b/omni/cluster.yaml new file mode 100644 index 0000000..eeb54ef --- /dev/null +++ b/omni/cluster.yaml @@ -0,0 +1,289 @@ +kind: Cluster +name: weyma-talos +kubernetes: + version: v1.34.2 +talos: + version: v1.11.5 +features: + backupConfiguration: + interval: 6h0m0s +patches: + - idOverride: 500-5100c0c3-f72e-45f5-8cde-4a1c3b6f72a8 + annotations: + description: pod-svc-subnets + name: User defined patch + inline: + cluster: + network: + podSubnets: + - 10.244.0.0/16 + serviceSubnets: + - 10.112.0.0/12 + - idOverride: 500-7c228773-8b44-40b0-8b4c-30f617668af0 + annotations: + description: weyma-image-cache + name: User defined patch + inline: + machine: + registries: + mirrors: + docker.io: + endpoints: + - http://10.105.6.215:6000 + factory.talos.dev: + endpoints: + - http://10.105.6.215:6004 + gcr.io: + endpoints: + - http://10.105.6.215:6002 + ghcr.io: + endpoints: + - http://10.105.6.215:6003 + registry.k8s.io: + endpoints: + - http://10.105.6.215:6001 + - idOverride: 500-f198cacc-280b-4874-a410-252c160621a7 + annotations: + name: weyma-bind-addr + inline: + cluster: + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + proxy: + extraArgs: + metrics-bind-address: 0.0.0.0:10249 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - idOverride: 500-fc113705-0777-4b52-8df0-7cee67fcc68e + annotations: + name: weyma-bootstrap-metrics + inline: + cluster: + extraManifests: + - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml + inlineManifests: + - contents: |- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader + rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server + rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + spec: + ports: + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=10250 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + - --kubelet-insecure-tls + image: registry.k8s.io/metrics-server/metrics-server:v0.8.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 10250 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir + --- + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io + spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 + name: metrics-server + - contents: |- + apiVersion: v1 + kind: Service + metadata: + name: metrics-lb + namespace: kube-system + annotations: + metallb.io/ip-allocated-from-pool: test-pool + spec: + type: LoadBalancer + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server + name: metrics-lb \ No newline at end of file diff --git a/omni/controlplane.yaml b/omni/controlplane.yaml new file mode 100644 index 0000000..5494392 --- /dev/null +++ b/omni/controlplane.yaml @@ -0,0 +1,5 @@ +kind: ControlPlane +machines: + - 20b4c826-e699-43b3-826d-73eb5173680b + - 30303031-3030-3030-6335-303731636665 + - 5fdea709-56ad-45f2-966d-5e344dbe4fdf \ No newline at end of file diff --git a/omni/machine/weyma-talos-cp01.yaml b/omni/machine/weyma-talos-cp01.yaml new file mode 100644 index 0000000..21f305e --- /dev/null +++ b/omni/machine/weyma-talos-cp01.yaml @@ -0,0 +1,16 @@ +kind: Machine +systemExtensions: + - siderolabs/nut-client + - siderolabs/qemu-guest-agent +name: 5fdea709-56ad-45f2-966d-5e344dbe4fdf +patches: + - idOverride: 400-cm-5fdea709-56ad-45f2-966d-5e344dbe4fdf + inline: + machine: + network: + hostname: weyma-talos-cp01 + interfaces: + - deviceSelector: + driver: virtio* + hardwareAddr: bc:24:11:e6:ff:7b + dhcp: true \ No newline at end of file diff --git a/omni/machine/weyma-talos-cp02.yaml b/omni/machine/weyma-talos-cp02.yaml new file mode 100644 index 0000000..5e381ff --- /dev/null +++ b/omni/machine/weyma-talos-cp02.yaml @@ -0,0 +1,13 @@ +kind: Machine +name: 20b4c826-e699-43b3-826d-73eb5173680b +patches: + - idOverride: 400-cm-20b4c826-e699-43b3-826d-73eb5173680b + inline: + machine: + network: + hostname: weyma-talos-cp02 + interfaces: + - deviceSelector: + driver: virtio* + hardwareAddr: 00:16:3e:9c:01:27 + dhcp: true \ No newline at end of file diff --git a/omni/machine/weyma-talos-cp04.yaml b/omni/machine/weyma-talos-cp04.yaml new file mode 100644 index 0000000..226161d --- /dev/null +++ b/omni/machine/weyma-talos-cp04.yaml @@ -0,0 +1,14 @@ +kind: Machine +systemExtensions: + - siderolabs/nut-client +name: 30303031-3030-3030-6335-303731636665 +patches: + - idOverride: 400-cm-30303031-3030-3030-6335-303731636665 + inline: + machine: + network: + hostname: weyma-talos-cp04 + interfaces: + - deviceSelector: + hardwareAddr: dc:a6:32:95:0f:cb + dhcp: true \ No newline at end of file diff --git a/omni/machine/weyma-talos-testw01.yaml b/omni/machine/weyma-talos-testw01.yaml new file mode 100644 index 0000000..e6118c7 --- /dev/null +++ b/omni/machine/weyma-talos-testw01.yaml @@ -0,0 +1,30 @@ +kind: Machine +systemExtensions: + - siderolabs/i915 + - siderolabs/nut-client +name: 03000200-0400-0500-0006-000700080009 +install: + disk: /dev/sda +patches: + - idOverride: 400-cm-03000200-0400-0500-0006-000700080009 + inline: + machine: + network: + hostname: weyma-talos-testw01 + interfaces: + - deviceSelector: + driver: igc + hardwareAddr: e8:ff:1e:d5:f8:22 + dhcp: true + vlans: + - dhcp: false + vlanId: 50 + - deviceSelector: + hardwareAddr: e8:ff:1e:d5:f8:21 + dhcp: true + mtu: 9000 + - bridge: + interfaces: + - enp2s0.50 + dhcp: false + interface: br0 \ No newline at end of file diff --git a/omni/machine/weyma-talos-testw04.yaml b/omni/machine/weyma-talos-testw04.yaml new file mode 100644 index 0000000..c46f141 --- /dev/null +++ b/omni/machine/weyma-talos-testw04.yaml @@ -0,0 +1,25 @@ +kind: Machine +name: 1006b91a-ecbf-11ea-aed4-046ba1ee3700 +patches: + - idOverride: 400-cm-1006b91a-ecbf-11ea-aed4-046ba1ee3700 + inline: + machine: + network: + hostname: weyma-talos-testw04 + interfaces: + - deviceSelector: + driver: mlx4_core + hardwareAddr: f4:52:14:60:5e:30 + dhcp: true + vlans: + - dhcp: false + vlanId: 50 + - deviceSelector: + hardwareAddr: f4:52:14:60:5e:31 + dhcp: true + mtu: 9000 + - bridge: + interfaces: + - eno1.50 + dhcp: false + interface: br0 \ No newline at end of file diff --git a/omni/machine/weyma-talos-testw05.yaml b/omni/machine/weyma-talos-testw05.yaml new file mode 100644 index 0000000..17a0545 --- /dev/null +++ b/omni/machine/weyma-talos-testw05.yaml @@ -0,0 +1,24 @@ +kind: Machine +name: 5f0cd701-0784-4fcc-8e52-3b3304049972 +patches: + - idOverride: 400-cm-5f0cd701-0784-4fcc-8e52-3b3304049972 + inline: + machine: + network: + hostname: weyma-talos-testw05 + interfaces: + - deviceSelector: + hardwareAddr: 00:16:3e:b3:dd:f8 + dhcp: true + - deviceSelector: + hardwareAddr: 00:16:3e:e5:79:0a + dhcp: true + mtu: 9000 + - deviceSelector: + hardwareAddr: 00:16:3e:6b:1c:1d + dhcp: false + - bridge: + interfaces: + - enx00163e6b1c1d + dhcp: false + interface: br0 \ No newline at end of file diff --git a/omni/machine/weyma-talos-w02.yaml b/omni/machine/weyma-talos-w02.yaml new file mode 100644 index 0000000..b214375 --- /dev/null +++ b/omni/machine/weyma-talos-w02.yaml @@ -0,0 +1,25 @@ +kind: Machine +name: 02c02200-f403-11ef-9372-70f446672600 +patches: + - idOverride: 400-cm-02c02200-f403-11ef-9372-70f446672600 + inline: + machine: + network: + hostname: weyma-talos-w02 + interfaces: + - deviceSelector: + driver: igc + hardwareAddr: e8:ff:1e:d4:b8:89 + dhcp: true + vlans: + - dhcp: false + vlanId: 50 + - deviceSelector: + hardwareAddr: e8:ff:1e:d4:b8:8a + dhcp: true + mtu: 9000 + - bridge: + interfaces: + - enp1s0.50 + dhcp: false + interface: br0 \ No newline at end of file diff --git a/omni/machine/weyma-talos-w03.yaml b/omni/machine/weyma-talos-w03.yaml new file mode 100644 index 0000000..160f35d --- /dev/null +++ b/omni/machine/weyma-talos-w03.yaml @@ -0,0 +1,27 @@ +kind: Machine +name: da507021-8912-4337-86a3-94a05bd1cf05 +patches: + - idOverride: 400-cm-da507021-8912-4337-86a3-94a05bd1cf05 + inline: + machine: + network: + hostname: weyma-talos-w03 + interfaces: + - deviceSelector: + driver: virtio* + hardwareAddr: bc:24:11:be:6c:08 + dhcp: true + - deviceSelector: + driver: virtio* + hardwareAddr: bc:24:11:f8:4a:92 + dhcp: true + mtu: 8996 + - deviceSelector: + driver: virtio* + hardwareAddr: bc:24:11:93:02:0e + dhcp: false + - bridge: + interfaces: + - enxbc241193020e + dhcp: false + interface: br0 diff --git a/omni/workers.yaml b/omni/workers.yaml new file mode 100644 index 0000000..9f02820 --- /dev/null +++ b/omni/workers.yaml @@ -0,0 +1,7 @@ +kind: Workers +machines: + - 02c02200-f403-11ef-9372-70f446672600 + - 03000200-0400-0500-0006-000700080009 + - 1006b91a-ecbf-11ea-aed4-046ba1ee3700 + - 5f0cd701-0784-4fcc-8e52-3b3304049972 + - da507021-8912-4337-86a3-94a05bd1cf05 \ No newline at end of file -- 2.49.1