kind: Cluster name: weyma-talos kubernetes: version: v1.34.2 talos: version: v1.11.5 features: backupConfiguration: interval: 6h0m0s patches: - idOverride: 500-5100c0c3-f72e-45f5-8cde-4a1c3b6f72a8 annotations: description: pod-svc-subnets name: User defined patch inline: cluster: network: podSubnets: - 10.244.0.0/16 serviceSubnets: - 10.112.0.0/12 - idOverride: 500-7c228773-8b44-40b0-8b4c-30f617668af0 annotations: description: weyma-image-cache name: User defined patch inline: machine: registries: mirrors: docker.io: endpoints: - http://10.105.6.215:6000 factory.talos.dev: endpoints: - http://10.105.6.215:6004 gcr.io: endpoints: - http://10.105.6.215:6002 ghcr.io: endpoints: - http://10.105.6.215:6003 registry.k8s.io: endpoints: - http://10.105.6.215:6001 - idOverride: 500-f198cacc-280b-4874-a410-252c160621a7 annotations: name: weyma-bind-addr inline: cluster: controllerManager: extraArgs: bind-address: 0.0.0.0 proxy: extraArgs: metrics-bind-address: 0.0.0.0:10249 scheduler: extraArgs: bind-address: 0.0.0.0 - idOverride: 500-fc113705-0777-4b52-8df0-7cee67fcc68e annotations: name: weyma-bootstrap-metrics inline: cluster: extraManifests: - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml inlineManifests: - contents: |- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - appProtocol: https name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=10250 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: registry.k8s.io/metrics-server/metrics-server:v0.8.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 10250 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 name: metrics-server - contents: |- apiVersion: v1 kind: Service metadata: name: metrics-lb namespace: kube-system annotations: metallb.io/ip-allocated-from-pool: test-pool spec: type: LoadBalancer ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server name: metrics-lb --- kind: ControlPlane machines: - 20b4c826-e699-43b3-826d-73eb5173680b - 5fdea709-56ad-45f2-966d-5e344dbe4fdf --- kind: Workers machines: - 02c02200-f403-11ef-9372-70f446672600 - 03000200-0400-0500-0006-000700080009 - 1006b91a-ecbf-11ea-aed4-046ba1ee3700 - 5f0cd701-0784-4fcc-8e52-3b3304049972 - da507021-8912-4337-86a3-94a05bd1cf05 --- kind: Machine name: 02c02200-f403-11ef-9372-70f446672600 patches: - idOverride: 400-cm-02c02200-f403-11ef-9372-70f446672600 annotations: name: "" inline: machine: network: hostname: weyma-talos-w02 interfaces: - deviceSelector: driver: igc hardwareAddr: e8:ff:1e:d4:b8:89 dhcp: true vlans: - dhcp: false vlanId: 50 - deviceSelector: hardwareAddr: e8:ff:1e:d4:b8:8a dhcp: true mtu: 9000 - bridge: interfaces: - enp1s0.50 dhcp: false interface: br0 --- kind: Machine name: 03000200-0400-0500-0006-000700080009 patches: - idOverride: 400-cm-03000200-0400-0500-0006-000700080009 annotations: name: "" inline: machine: network: hostname: weyma-talos-testw01 interfaces: - deviceSelector: driver: igc hardwareAddr: e8:ff:1e:d5:f8:22 dhcp: true vlans: - dhcp: false vlanId: 50 - deviceSelector: hardwareAddr: e8:ff:1e:d5:f8:21 dhcp: true mtu: 9000 - bridge: interfaces: - enp2s0.50 dhcp: false interface: br0 --- kind: Machine name: 1006b91a-ecbf-11ea-aed4-046ba1ee3700 patches: - idOverride: 400-cm-1006b91a-ecbf-11ea-aed4-046ba1ee3700 annotations: name: "" inline: machine: network: hostname: weyma-talos-testw04 interfaces: - deviceSelector: driver: mlx4_core hardwareAddr: f4:52:14:60:5e:30 dhcp: true vlans: - dhcp: false vlanId: 50 - deviceSelector: hardwareAddr: f4:52:14:60:5e:31 dhcp: true mtu: 9000 - bridge: interfaces: - eno1.50 dhcp: false interface: br0 --- kind: Machine name: 20b4c826-e699-43b3-826d-73eb5173680b patches: - idOverride: 400-cm-20b4c826-e699-43b3-826d-73eb5173680b annotations: name: "" inline: machine: network: hostname: weyma-talos-cp02 interfaces: - deviceSelector: driver: virtio* hardwareAddr: 00:16:3e:9c:01:27 dhcp: true --- kind: Machine name: 5f0cd701-0784-4fcc-8e52-3b3304049972 patches: - idOverride: 400-cm-5f0cd701-0784-4fcc-8e52-3b3304049972 annotations: name: "" inline: machine: network: hostname: weyma-talos-testw05 interfaces: - deviceSelector: hardwareAddr: 00:16:3e:b3:dd:f8 dhcp: true - deviceSelector: hardwareAddr: 00:16:3e:e5:79:0a dhcp: true mtu: 9000 - deviceSelector: hardwareAddr: 00:16:3e:6b:1c:1d dhcp: false - bridge: interfaces: - enx00163e6b1c1d dhcp: false interface: br0 --- kind: Machine systemExtensions: - siderolabs/nut-client - siderolabs/qemu-guest-agent name: 5fdea709-56ad-45f2-966d-5e344dbe4fdf patches: - idOverride: 400-cm-5fdea709-56ad-45f2-966d-5e344dbe4fdf annotations: name: "" inline: machine: network: hostname: weyma-talos-cp01 interfaces: - deviceSelector: driver: virtio* hardwareAddr: bc:24:11:e6:ff:7b dhcp: true --- kind: Machine name: da507021-8912-4337-86a3-94a05bd1cf05 patches: - idOverride: 400-cm-da507021-8912-4337-86a3-94a05bd1cf05 annotations: name: "" inline: machine: network: hostname: weyma-talos-w03 interfaces: - deviceSelector: driver: virtio* hardwareAddr: bc:24:11:be:6c:08 dhcp: true - deviceSelector: driver: virtio* hardwareAddr: bc:24:11:f8:4a:92 dhcp: true mtu: 8996 - deviceSelector: driver: virtio* hardwareAddr: bc:24:11:93:02:0e dhcp: false - bridge: interfaces: - enxbc241193020e dhcp: false interface: br0