Comments (3)
Minivolk02
commented on September 2, 2024
controlplane.yaml
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: 808ib1.tefx98a4odmrp3o3
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFhVnVJUkpBTWptWVJLWHNSQkt6azBNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5EQTFNRFV4TWpBNE1qZGFGdzB6TkRBMU1ETXhNakE0TWpkYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBdUhjajdZME5Hb203TXFqcXVUZ1FqZklDN1NKQ20yNGFNbGl6CnZCdXo0aXFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVOUFWZjI0cThOS3FqUzFRSwpLT3c0SFhZbmFoSXdCUVlESzJWd0EwRUE0ZjdQdHlnc1F6M0VkYTI5WnlGRGFzK1pFaHZTdk1BTXBmQkxlK29GCjFwNWtuK1phcWhxS1hVTUFzNVl3UHR3RTh6WGN4WnBiMnR5T1Q1N1pqSUU4QUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJSUp4eTNLd3ZscHlUUlRLa0k1UFpXTldVblB5MDMxTnRYTldOYUxkbTBBSAotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
# # Uncomment this to enable SANs.
# - 10.0.0.10
# - 172.16.0.10
# - 192.168.0.10
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.28.9
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
# clusterDNS:
# - 10.96.0.10
# - 169.254.2.53
# extraArgs:
# key: value
# extraMounts:
# - destination: /var/lib/example
# type: bind
# source: /var/lib/example
# options:
# - bind
# - rshared
# - rw
# extraConfig:
# serverTLSBootstrap: true
# credentialProviderConfig:
# apiVersion: kubelet.config.k8s.io/v1
# kind: CredentialProviderConfig
# providers:
# - apiVersion: credentialprovider.kubelet.k8s.io/v1
# defaultCacheDuration: 12h
# matchImages:
# - '*.dkr.ecr.*.amazonaws.com'
# - '*.dkr.ecr.*.amazonaws.com.cn'
# - '*.dkr.ecr-fips.*.amazonaws.com'
# - '*.dkr.ecr.us-iso-east-1.c2s.ic.gov'
# - '*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov'
# name: ecr-credential-provider
# nodeIP:
# validSubnets:
# - 10.0.0.0/8
# - '!10.0.0.3/32'
# - fdc7::/16
network:
interfaces:
- interface: eth0
addresses:
- 10.224.224.137
routes:
- network: 0.0.0.0/0
gateway: 10.224.239.253
- network: 10.224.224.0/20
gateway: 0.0.0.0
- network: 172.253.0.0/18
gateway: 10.224.239.253
# # select a device with bus prefix 00:*.
# deviceSelector:
# busPath: 00:*
# # select a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# hardwareAddr: '*:f0:ab'
# driver: virtio
# # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# - busPath: 00:*
# - hardwareAddr: '*:f0:ab'
# driver: virtio
# bond:
# interfaces:
# - enp2s0
# - enp2s1
# deviceSelectors:
# - busPath: 00:*
# - hardwareAddr: '*:f0:ab'
# driver: virtio
# mode: 802.3ad
# lacpRate: fast
# bridge:
# interfaces:
# - enxda4042ca9a51
# - enxae2a6774c259
# stp:
# enabled: true
# dhcp: true
# dhcpOptions:
# routeMetric: 1024
# # wireguard server example
# wireguard:
# privateKey: ABCDEF...
# listenPort: 51111
# peers:
# - publicKey: ABCDEF...
# endpoint: 192.168.1.3
# allowedIPs:
# - 192.168.1.0/24
# # wireguard peer example
# wireguard:
# privateKey: ABCDEF...
# peers:
# - publicKey: ABCDEF...
# endpoint: 192.168.1.2:51822
# persistentKeepaliveInterval: 10s
# allowedIPs:
# - 192.168.1.0/24
# nameservers:
# - 8.8.8.8
# - 1.1.1.1
# extraHostEntries:
# - ip: 192.168.1.100
# aliases:
# - example
# - example.domain.tld
# kubespan:
# enabled: true
install:
disk: /dev/vda
extraKernelArgs:
- net.ifnames=0
image: ghcr.io/siderolabs/installer:v1.7.0
wipe: true
# diskSelector:
# size: 4GB
# model: WDC*
# busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0
# extensions:
# - image: ghcr.io/siderolabs/gvisor:20220117.0-v1.0.0
files:
- content: |
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.k8s.io/pause:3.8"
permissions: 0o0
path: /etc/cri/conf.d/20-customization.part
op: create
time:
servers:
- 10.224.239.6
registries:
mirrors:
'*':
endpoints:
- http://10.224.239.6:6000/
docker.io:
endpoints:
- http://10.224.239.6:6000/
gcr.io:
endpoints:
- http://10.224.239.6:6000/
ghcr.io:
endpoints:
- http://10.224.239.6:6000/
registry.k8s.io:
endpoints:
- http://10.224.239.6:6000/
config:
registry.insecure:
tls:
insecureSkipVerify: true
# clientIdentity:
# crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
# key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
# auth:
# username: username
# password: password
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
# kubernetesTalosAPIAccess:
# enabled: true
# allowedRoles:
# - os:reader
# allowedKubernetesNamespaces:
# - kube-system
# # ControlPlane definition example.
# controlPlane:
# controllerManager:
# disabled: false
# scheduler:
# disabled: true
# # nginx static pod.
# pods:
# - apiVersion: v1
# kind: pod
# metadata:
# name: nginx
# spec:
# containers:
# - image: nginx
# name: nginx
# # MachineDisks list example.
# disks:
# - device: /dev/sdb
# partitions:
# - mountpoint: /var/mnt/extra
#
# # # Human readable representation.
# # size: 100 MB
# # # Precise value in bytes.
# # size: 1073741824
# # Environment variables definition examples.
# env:
# GRPC_GO_LOG_SEVERITY_LEVEL: info
# GRPC_GO_LOG_VERBOSITY_LEVEL: "99"
# https_proxy: http://SERVER:PORT/
# env:
# GRPC_GO_LOG_SEVERITY_LEVEL: error
# https_proxy: https://USERNAME:PASSWORD@SERVER:PORT/
# env:
# https_proxy: http://DOMAIN\USERNAME:PASSWORD@SERVER:PORT/
# # MachineSysctls usage example.
# sysctls:
# kernel.domainname: talos.dev
# net.ipv4.ip_forward: "0"
# net/ipv6/conf/eth0.100/disable_ipv6: "1"
# # MachineSysfs usage example.
# sysfs:
# devices.system.cpu.cpu0.cpufreq.scaling_governor: performance
# systemDiskEncryption:
# ephemeral:
# provider: luks2
# keys:
# - nodeID: {}
# slot: 0
#
# # kms:
# # endpoint: https://192.168.88.21:4443
#
# # cipher: aes-xts-plain64
# # blockSize: 4096
# # options:
# # - no_read_workqueue
# # - no_write_workqueue
# udev:
# rules:
# - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
# logging:
# destinations:
# - endpoint: tcp://1.2.3.4:12345
# format: json_lines
# kernel:
# modules:
# - name: brtfs
# seccompProfiles:
# - name: audit.json
# value:
# defaultAction: SCMP_ACT_LOG
# # node labels example.
# nodeLabels:
# exampleLabel: exampleLabelValue
# # node taints example.
# nodeTaints:
# exampleTaint: exampleTaintValue:NoSchedule
cluster:
id: pHH1N42y-lUGfoEtnkzhpvRf100tbYSOz5v49-bazdA=
secret: vzgQdSED9eqvAlL8Qc1TWTQ46WsLi3Nr2/AdYVD285k=
controlPlane:
endpoint: https://10.224.224.140:6443
clusterName: duke-cluster
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
# cni:
# name: custom
# urls:
# - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml
token: mgwmox.8sd3pwb7i46v1n7l
secretboxEncryptionSecret: +YzFbuBNqmy4aJqWYn0CPuVKBov2fkKIWVLN6SA2MlQ=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQVArdWZWM1g4TXVwYW5xVFFFcWJzc013Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREExTURVeE1qQTRNamRhRncwek5EQTFNRE14TWpBNApNamRhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVJQaXNNaGxhWmVoNVJiVVR2MFlEb09GNFo1SUMrejQ3R2cvTGt5a25iTklKMURuNjVEbEtERzBJcjYKVmR4QzVBSUp6WElrd2src2ZuT0F4UDU1amtmM28yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGQWhzS3c1VkJvUW5pV0piVlhoeEZXUlAwaEpCTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFDanlva3IKV2JiQXVSOTVaOUhrNHU4RXBBZ0ZtNDZoc052c3VUd0FvbFVyT2dJZ01GQVMrOXJWWUFMWlRqZVE5RzdMN0ludwpkTngrdXZ5SkprNlZndTliT1dzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSURlM2J1QkFhOWUzam91dytRRGpMSlRQQnRuWG1wcXRnRUc3eEM1TnR1T25vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVDRyRElaV21Yb2VVVzFFNzlHQTZEaGVHZVNBdnMrT3hvUHk1TXBKMnpTQ2RRNSt1UTVTZwp4dENLK2xYY1F1UUNDYzF5Sk1KUHJINXpnTVQrZVk1SDl3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFhZ0F3SUJBZ0lSQU8rOUNlZ3lLQXkzcHB0VzhyMnlnVVV3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU5EQTFNRFV4TWpBNE1qZGFGdzB6TkRBMU1ETXhNakE0TWpkYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVJRWjl5MDVLdlNEL0d6VUxXU2kwUTVDVmR4THVqMVFSU3pmNGJLbTVoakE5MkJpNCtqCkp0NHI0aDZUR2FEZi9heTg1bVpXVkhLNGN0aGN3TU5SRWk2Sm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGSE9qWThDVXV4ZWVKd1l5OE0veXhFc2tPamZ4TUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDCklIRHh2NHVBWmpaUldjcTAySFRiRmV0Wk9WeElVOGxBaG9HSlBaazJGdW94QWlBUVFzRkJGd0ZReWxNV2FaU3MKVWdwcEtsbHRUTjBkSWNvSE5uL0ZPR0pDcGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxaTmlycGZ5c2M3WDcxMW9VTlErejNSeGJNZzJSaHJpRklKaVgxZUt1c3RvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUdmY3RPU3IwZy94czFDMWtvdEVPUWxYY1M3bzlVRVVzMytHeXB1WVl3UGRnWXVQb3liZQpLK0lla3htZzMvMnN2T1ptVmxSeXVITFlYTUREVVJJdWlRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBeEZTeXd2ZXl0Y3F1OWMwNEpuUmxuZ0JEcUdsUW4xbVgrVzRBOVN0N0NwNHZmbkFJCk1vQUZhYXAvMW8xMWp4SDlJVDZwVVdGQ2VIQ1NVdHArRmV5RnhyWEIrL1Q2Qlljbi9EcWsyT0o5NVVhbFV5T2YKRDdMWWc0WnlRUm5aSFVUR2V2cGQ2L25XaUVwaWRpWDRXR2piVktQeVplMGhwZmNnTWREMlNGbk5FM2kySThURgppRy9iTzN4bWM1cHVlMmFkNUpmSCtOeGJ2RlFSNHpZZ0cyM3p0SlU5RWxCKzYxVm5zNEg2QXczdmNqa1lTeDVVCmREQUhNem5aN1ZNUXlkdjVqbjkvbnEwb0ZQczZMWFJnNVdQemcwaWsyV09VVTJNZG91bmFqYWNlU0w3cWVRMloKcjBUbGJ1cDgwUi9ablJkV2pxek41UWV0bVFzM0tWcHkxUEp3YlhHZ1pncHdwak9XdDUwUUxLdGEvRnVVT0RQMgozNUNzejJmU1NqZ1M1WUpxZVdlY2VHTkQvMWlDWXNCV3Ywakxvd2NTL0FRMU9VZnphb2NYdG5neTRqWGt3RHVECmo1QWFjSC80SzFJZUh5TlZMeGo5UVI3cWVEd1Vxbm9sTndKa3NQQlQ2VStlR3Rtc2dDcG9ubGpwdXA2OVgxd0MKNXZnbWw4bWJQSEhTWE1FN1g3Z3M5TlR4aThhT1pmek1MTytKQ2RSVjUvYU1vSWR5enpLTWtvMSt6U2dFM0MvVQpwdjNkYUM0N2hsQURMNmVTYlp6N0lYYVdrbzJFdWtVTUR5eUlwcFVWTlR2ZHhYWndQaXFVU20yNnBscHZwaWNmCjZjS2ZaTE1DaTI4NkZobkZWMEV4T05ic1RvVTIrQXl3d1JiT2hOejlpYmZ0SHFQVkF2VThZTWJkQTc4Q0F3RUEKQVFLQ0FnQlEzMkxUbFJ6MGJZMHNpMkI1MXJDVktSNjFuTXd0RjhiV1pFM1lzQlI3QnpZaEt4ejFVRzdxVytWVgpCK2hKQ3V2dWFkVnRSRmNSTGEzWW0xQWN6OVU3U1Z1aTRnS3JqRVVZVFQvaVowbmN6QUVHQWtKZlFSaVc5U2JUClVrWnhIQWQyV1BPZlpNYk9WWFhCblZwemNKNEllNUE2RkRnc0dXUVZvVElTRTR1Nlhac0ptT0NWbHg0RG52YkUKMy9ScXVKYUp0MHdVWXhFV3ZycXZrWGdnVkdaekdKYVRtTHp2UzdydjRyYU4wNHV5elhvSVYzSUtlazQ4OTdPaApZdm9qYkkyYitVRWtwOGMrL1UyMXM1N0dYeW5NQm55Qlg5ZVZrZHAvWlQwMTVJVkJDZ09qNGNwUXZGeVdGOWxhCmUzZzBrWXlDTVFTUE4xNTNFSHVrZVRHY0xsSEl5akdhM0VRQ2ZvK0lXVHRYcTNnKzh2c0JFZm5hejlwZ1dZQXUKT0lrUkMweDdxQzFvLzBObmxrdWNWY0ErR3BTemw3alpjQkc0NXRSdzhvU0F6b28zQlFpalVQaE9QSzQybDVYMApaaUhTaDFyL0FpSkswa2NJVko4T3cycUNweE1jWFNHM1o5Zi81N3k3MjRKVzQ5eEJNNXN0dnljcUpoMTIxOFpJClBDd05EQ3Q4MDlLSnpvenFTREpXektnZTVhU0Y5c2N3MFcrV0tKRzRGc2lJc1oveUllcXdOaXc1a3ppWmpjWDIKekZramZINjN4amdOeFoySXFiTnpvcVc2dkhSMktOUW5jM0RXb01ZRSsvRlFzdmVQV1lCc0NnVTJoRHFvcmFVRQpSeDBYeDVmQVdVS1FZQko5S0M3dVZ1WC9mTGxDTTMrWnJaaFg1ZS9tMjk3clBHUVlvUUtDQVFFQThhWDJJbit5ClhpUEZwRTlXdmIrQzlTSmxOL2ZXTTVPVnlZSEtuaDV1dWxaUDRER3RIYVdEOU1BRklpRmd4elVGWVJvK1poTkIKU1BNTkh1ZXh0Q3kxWjE5b2xub1dIOGZEVktBaEJ0Q1JiVTdKalZRMHpQYUZlVXlhRDFGN3pablJrY2NLZndKSAp3d2hqMURQZG8rUSthdVdHSzY1eFJwQ3BwNEZsSVVZWmEvSnF1VXdvWG1URGo2RlR0NFVpZGpoUmVxZ2lDSEhuCnA3UCtzckpodDhtLy9WSko5RW5jZXBPT3Y4c2JhTFh6dW5lY0tlMVZlcU85T3ZZbkhBN3FvUGVjWDJscFpLbHoKYXNPRlBMMVcwcFhRSUorVDRVeGcyTE9JN1lWU3RrWTdHSDdHbmN6QktxM0o0b2FmeFp5dFNVQlg3bTNjQ1oxRApDYVpnbHBqSmlUYmF4UUtDQVFFQXovMjZLSUxzd1E5L3dLZkswMUpSdXlwSTUzeEhjUUJYRGZFa0pFS1dodHdsCnNRNU9SL2VPWUpTaUhBV2RYclBnMitmMnhaYm5DUlFYWlMxZXJDeXBKMGl2dnBHSzF3bU5JMVhOYWNkaUo0b2wKLzk3SnZxOWhtYUd1Nk9aQ20xZTN1b081U1NrbzdoWVBsdVY5c3ZzeUZlbGNKUEVhekMzcHJ2ZlEvcWFtM1FsegpQUVFZOWUrcFoxSWhhakgwaUdFdnB0SVQxZVowMHNZaEJmanJsdGs5akw0b2VLVk92MW4yZ0p6bjUycUUwS3hTCkxpSkhxY0hxL1JpWVZqcHRVS3FlYnhQVy94RlQ5djd3K1NqTlFTcjFzdTRzcG1OZHUrWXl0U21hS3RrV0dJZzUKblJzckVHVHVYUUg4enE0MVltMzdXU0c5M2NoM1NpWUVLTXdjTW9xY3N3S0NBUUFIN21HSXVsWTVYc1V5NG1PLwpjSlMweFA4N2VnZnV3MjVNSWRWcm9TWVRPWmYvak1IWTBrRGxmSlB1amRmbVVlZ3VTclUzbG5RekY3OGJmNUZHCmo1MFltbm9OVGs2QmxvWGp0aW0vVm9NZmFsR1ZNT2xXdk5TZXFaUDQ0cnpFZjhMd0hPOU1RZC9uRjlSbTk1alQKc3o4Vk5SbFZQN0Y2Rm05ckR3VXB0V3BLTDdldkF6L2o4VHkxN3g2WFRHaFlKdnNOb28wVForR3BrRy9RbjZnegpad3pGSExsT3FrbnhQL3lVY084aVhhNTFOVTNMMW4xU3ZDTU8xMXRyUVZZVUdHeHFlVVE3U0pDQU5aQ2U4THZ6CngzVUFUUnlHYllKVU9uaEpDM0l1aDFtVE1UNEZtZDNSTDhrTGhVMmpKOFJNUGk5a3BQaHUzRm1CN0pNSS9sVEgKQ3lUZEFvSUJBUUN1WmVtNkhrMjJjL0NDOGk2M2tzYkZVV2RmOG0xVTZ4d1RyS2JKWUt3bTJHRWlYUVIyZzdUMgpkcXFYSkg0WDhtd1ErQ2VLOWtVeTc0M09ZSVNKaWNrc0QxNk5SQ3hPc3N1TlhWeW4zVzhJQ0daa2JjSnNDVktsCkoxVXFKQ2lsYUorOTNNVjMrdk0rNzNDUzdrcS8wTERtZm8yc3pCM1VKb3RURXFoRFhpbDhIWGhyS1F4azYxZjQKTW4yaU5kRDhxY0R5K0NONXI0czFVTHhQN2JCZEJEci8wRkxQRm8wNUZZNER1WTBhRmM3WHlpWCtXUEFOLzNPeQpWUFVuR0VhZzVPK0Q0L2JhV1FVMmpmNHdiVzN0dnIvV0VLK1B0TEhiNCtHUTFobFc1RUFLd2U3Tk5RS2U5SUtKCnFpajRoRXB2QmhsRFcyK0FqNTYycGJuSEc1NXBJcURSQW9JQkFHYU5INlF1bktjYkVKUnE5SW1qdTZ5VzdKNTYKMmw2bkZDUDJuUUo5WHBOQXVXN1JRd0JWRnBLZjdaV0NaV1BsRkM2c1RoNVd6SFplTG5lNnJmQ280RSsrZmtWaAp5MEdkYWpTck45UXdUNzk1eGxrek0zN1NMZmwyRE9aSkRNMENBbjl3bXFaWVJMMllPU2R2cG91UGpZUWJPQ010CnN2aGNIQUpES0J1Z0JoRUFreFFabkNHcGhHeHpTajl6V0hOeWNEQ2dqK3k3YWFENFFFUzlRZmMyQmxHNTY5T3EKZjlQNzJVZXBrbVVjMGEzSXVaNHMxQWlCQ2ZPcmM4V092V2tUWm44QUNzb25zRnlqZVRtb2hzQzNmUC9BaHRqdgp1SlJ5Y2Zqb1dDNGdZb0RvRUkxbjVLREFFQ3IrcWpwRlZHZm4reUpPVERCVlZvMXVDeW9VY0ZuZkVpVT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
apiServer:
image: registry.k8s.io/kube-apiserver:v1.28.9
certSANs:
- 10.224.224.140
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.28.9
proxy:
image: registry.k8s.io/kube-proxy:v1.28.9
# disabled: false
scheduler:
image: registry.k8s.io/kube-scheduler:v1.28.9
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
# endpoint: https://discovery.talos.dev/
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmRENDQVNPZ0F3SUJBZ0lRRnRvZVJUbmZrc3RCMytIc1JPdEpUekFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEkwTURVd05URXlNRGd5TjFvWERUTTBNRFV3TXpFeU1EZ3lOMW93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkFVMjVyQ2xBWUtKCnhuUDYwVVc1dEVNMVFwUmVQZW11eXo1UHplbFQxL3NIWXg1U1l1TFp2SFhpZEpvb281TmgzZlQ2Vm9BTUxEOHUKb3JVQ2hSQ3lZbnlqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVbCtJbXJHSkRlblhmCkUyMnRSazUvYXZmWWJBQXdDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdaRlNtamlRNnJIWmRWMUtUMjd0VDZSNmQKTUxKcFZXL0FWa0RCb3Y3MEF3WUNJRE5pV0YwZGhpTFdvaHk2Wmppa29uOWpUNmNMUlBBZ3d5NEtPbkV0L3pYawotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUl1YlpRNUhaVTRsTGRtWGxmRjJNR2RLK21GNW4xcm1mdGhRL0xlTTBJdm5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFQlRibXNLVUJnb25HYy9yUlJibTBRelZDbEY0OTZhN0xQay9ONlZQWCt3ZGpIbEppNHRtOApkZUowbWlpamsySGQ5UHBXZ0F3c1B5Nml0UUtGRUxKaWZBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
# image: gcr.io/etcd-development/etcd:v3.5.13
# advertisedSubnets:
# - 10.0.0.0/8
extraManifests: []
# - https://www.example.com/manifest1.yaml
# - https://www.example.com/manifest2.yaml
inlineManifests: []
# - name: namespace-ci
# contents: |-
# apiVersion: v1
# kind: Namespace
# metadata:
# name: ci
# # Decryption secret example (do not use in production!).
# aescbcEncryptionSecret: z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM=
# coreDNS:
# image: registry.k8s.io/coredns/coredns:v1.11.1
# externalCloudProvider:
# enabled: true
# manifests:
# - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/rbac.yaml
# - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/aws-cloud-controller-manager-daemonset.yaml
# extraManifestHeaders:
# Token: "1234567"
# X-ExtraInfo: info
# adminKubeconfig:
# certLifetime: 1h0m0s
# allowSchedulingOnControlPlanes: true
from talos.
smira
commented on September 2, 2024
Please submit talosctl support bundle and format issues using GitHub Makrdown.
from talos.
Minivolk02
commented on September 2, 2024
Sorry for format. Now this issue doesn't disturb me, and i even can't catch it, so i think this issue can be closed
from talos.
Related Issues (20)
- allow `ethtool` configuration, e.g. TCP checksum offloading
- KubeSpan extra announced endpoint
- allow inline machine config documents via kernel command line
- Reparenting child processes within system-extenstion services HOT 1
- Netkit support HOT 1
- System extensions do not run on the first boot after apply-config on a node HOT 5
- NVIDIA Modules Not Loading HOT 7
- Latest kubelet patch versions (1.30.4, 1.29.8) break NFS volume mounts HOT 4
- Talos Host DNS issue HOT 1
- DNS resolution seems broken with `nftables` and `forwardKubeDNSToHost` in development version HOT 3
- `talosctl time` doesnt work with PTP devices HOT 4
- pkg/machinery not supporting ExtenstionServiceConfigs patching via API HOT 2
- Node Keeps Returning to Maintenance Mode on Boot HOT 7
- `update-k8s` replaces machine.disks with nil
- Talos uses wrong subnet for vip | Bare Metal
- Bare Metal extremly long booting time on Ryzen system HOT 2
- FR: Create Symlink
- Nvme Kernel Modules Missing HOT 3
- Out of memory OOM node failure when using windows docker image in talos linux HOT 11
- Bare Metal XFS breaks every power loss and stucks at the boot stage HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from talos.