# yaml-language-server: $schema=https://raw.githubusercontent.com/budimanjojo/talhelper/master/pkg/config/schemas/talconfig.json
---
# renovate: datasource=docker depName=ghcr.io/siderolabs/installer
talosVersion: v1.6.6
# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
kubernetesVersion: v1.29.2

clusterName: &cluster home-kubernetes
endpoint: https://10.0.30.30:6443
clusterPodNets:
  - "10.69.0.0/16"
clusterSvcNets:
  - "10.96.0.0/16"
additionalApiServerCertSans: &sans
  - "10.0.30.30"
  - 127.0.0.1 # KubePrism
additionalMachineCertSans: *sans
cniConfig:
  name: none

nodes:
  - hostname: "fleetcom-node1"
    ipAddress: "10.0.30.11"
    installDiskSelector:
      serial: "S6PXNM0TA06773Z"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: b8:85:84:ad:fc:89
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node2"
    ipAddress: "10.0.30.12"
    installDiskSelector:
      serial: "S6PXNM0TB56304Y"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: b8:85:84:bf:db:f3
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node3"
    ipAddress: "10.0.30.13"
    installDiskSelector:
      serial: "224002803991"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: true
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: 14:b3:1f:28:a6:b4
        mtu: 1500
        dhcp: true
        vip:
          ip: 10.0.30.30
  - hostname: "fleetcom-node4"
    ipAddress: "10.0.30.14"
    installDiskSelector:
      serial: "173802800239"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: ac:e2:d3:17:9d:0e
        mtu: 1500
        dhcp: true
  - hostname: "fleetcom-node5"
    ipAddress: "10.0.30.15"
    installDiskSelector:
      serial: "UFZMV01D18859J"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: ac:e2:d3:0d:48:71
        mtu: 1500
        dhcp: true
  - hostname: "fleetcom-node6"
    ipAddress: "10.0.30.16"
    installDiskSelector:
      serial: "14440F62970"
    talosImageURL: factory.talos.dev/installer/c6e79f26b414c5323fd87d853fd72654e3b3561d6cd1950a9c0aa2ca6e0ccf0c
    controlPlane: false
    networkInterfaces:
      - deviceSelector:
          hardwareAddr: 6c:2b:59:eb:e3:be
        mtu: 1500
        dhcp: true

patches:
  # Configure containerd
  - |-
    machine:
      files:
        - op: create
          path: /etc/cri/conf.d/20-customization.part
          content: |-
            [plugins."io.containerd.grpc.v1.cri"]
              enable_unprivileged_ports = true
              enable_unprivileged_icmp = true
            [plugins."io.containerd.grpc.v1.cri".containerd]
              discard_unpacked_layers = false
            [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
              discard_unpacked_layers = false

  # Enable cluster discovery
  - |-
    cluster:
      discovery:
        registries:
          kubernetes:
            disabled: false
          service:
            disabled: false

  # Configure kubelet
  - |-
    machine:
      kubelet:
        extraArgs:
          image-gc-low-threshold: 50
          image-gc-high-threshold: 55
          rotate-server-certificates: true
        nodeIP:
          validSubnets:
            - "10.0.30.0/24"

  # Force nameserver
  - |-
    machine:
      network:
        nameservers:
          - 10.0.254.6

  # Configure NTP
  - |-
    machine:
      time:
        disabled: false
        servers:
          - 10.0.10.1

  # Custom sysctl settings
  - |-
    machine:
      sysctls:
        fs.inotify.max_queued_events: 65536
        fs.inotify.max_user_watches: 524288
        fs.inotify.max_user_instances: 8192

  # Mount openebs-hostpath in kubelet
  - |-
    machine:
      kubelet:
        extraMounts:
          - destination: /var/openebs/local
            type: bind
            source: /var/openebs/local
            options:
              - bind
              - rshared
              - rw


controlPlane:
  patches:
    # Cluster configuration
    - |-
      cluster:
        allowSchedulingOnMasters: true
        controllerManager:
          extraArgs:
            bind-address: 0.0.0.0
        proxy:
          disabled: true
        scheduler:
          extraArgs:
            bind-address: 0.0.0.0

    # ETCD configuration
    - |-
      cluster:
        etcd:
          extraArgs:
            listen-metrics-urls: http://0.0.0.0:2381
          advertisedSubnets:
            - "10.0.30.0/24"

    # Disable default API server admission plugins.
    - |-
      - op: remove
        path: /cluster/apiServer/admissionControl

    # Enable K8s Talos API Access
    - |-
      machine:
        features:
          kubernetesTalosAPIAccess:
            enabled: true
            allowedRoles:
              - os:admin
            allowedKubernetesNamespaces:
              - system-upgrade