97 lines
3.0 KiB
YAML
97 lines
3.0 KiB
YAML
|
# Talos Configuration Templates
|
||
|
|
# Machine configurations and Talos-specific patterns
|
||
|
|
|
||
|
|
# Custom Talos Factory Image
|
||
|
|
# Uses factory image with Longhorn extension pre-installed
|
||
|
|
TALOS_FACTORY_IMAGE: "613e1592b2da41ae5e265e8789429f22e121aab91cb4deb6bc3c0b6262961245:v1.10.4"
|
||
|
|
|
||
|
|
# Network Interface Configuration
|
||
|
|
---
|
||
|
|
apiVersion: v1alpha1
|
||
|
|
kind: MachineConfig
|
||
|
|
metadata:
|
||
|
|
name: node-config
|
||
|
|
spec:
|
||
|
|
machine:
|
||
|
|
network:
|
||
|
|
interfaces:
|
||
|
|
# Public interface (DHCP + static configuration)
|
||
|
|
- interface: enp7s0
|
||
|
|
dhcp: true
|
||
|
|
addresses:
|
||
|
|
- 152.53.107.24/24 # Example for n1
|
||
|
|
routes:
|
||
|
|
- network: 0.0.0.0/0
|
||
|
|
gateway: 152.53.107.1
|
||
|
|
|
||
|
|
# Private VLAN interface (static configuration)
|
||
|
|
- interface: enp9s0
|
||
|
|
addresses:
|
||
|
|
- 10.132.0.10/24 # Example for n1 (VLAN 1004963)
|
||
|
|
vip:
|
||
|
|
ip: 10.132.0.5 # Shared VIP for control plane HA
|
||
|
|
|
||
|
|
# Node IP Configuration
|
||
|
|
machine:
|
||
|
|
kubelet:
|
||
|
|
extraArgs:
|
||
|
|
node-ip: 152.53.107.24 # Use public IP for node reporting
|
||
|
|
|
||
|
|
# Node IP Mappings (NetCup Cloud vLAN 1004963)
|
||
|
|
# All nodes are control plane nodes with shared VIP for HA
|
||
|
|
# n1: Public 152.53.107.24 + Private 10.132.0.10/24 (Control plane)
|
||
|
|
# n2: Public 152.53.105.81 + Private 10.132.0.20/24 (Control plane)
|
||
|
|
# n3: Public 152.53.200.111 + Private 10.132.0.30/24 (Control plane)
|
||
|
|
# VIP: 10.132.0.5 (shared VIP, nodes elect primary)
|
||
|
|
|
||
|
|
# Cluster Configuration
|
||
|
|
---
|
||
|
|
apiVersion: v1alpha1
|
||
|
|
kind: ClusterConfig
|
||
|
|
metadata:
|
||
|
|
name: keyboardvagabond
|
||
|
|
spec:
|
||
|
|
clusterName: keyboardvagabond.com
|
||
|
|
controlPlane:
|
||
|
|
endpoint: https://10.132.0.5:6443 # VIP endpoint for HA
|
||
|
|
|
||
|
|
# Allow workloads on control plane
|
||
|
|
allowSchedulingOnControlPlanes: true
|
||
|
|
|
||
|
|
# CNI Configuration (Cilium)
|
||
|
|
network:
|
||
|
|
cni:
|
||
|
|
name: none # Cilium installed via Helm
|
||
|
|
dnsDomain: cluster.local # Standard domain for compatibility
|
||
|
|
|
||
|
|
# API Server Configuration
|
||
|
|
apiServer:
|
||
|
|
extraArgs:
|
||
|
|
# Enable aggregation layer for metrics
|
||
|
|
enable-aggregator-routing: "true"
|
||
|
|
|
||
|
|
# Volume Configuration
|
||
|
|
# System disk: /dev/vda with 2-50GB ephemeral storage
|
||
|
|
# Longhorn storage: 400GB minimum on system disk at /var/lib/longhorn
|
||
|
|
|
||
|
|
# Administrative Access Commands
|
||
|
|
# Recommended: Use VIP endpoint for HA
|
||
|
|
# talosctl config endpoint 10.132.0.5 # VIP endpoint
|
||
|
|
# talosctl config node 10.132.0.5
|
||
|
|
# talosctl health
|
||
|
|
# talosctl dashboard (via Tailscale VPN only)
|
||
|
|
|
||
|
|
# Alternative: Individual node endpoints
|
||
|
|
# talosctl config endpoint 10.132.0.10 10.132.0.20 10.132.0.30
|
||
|
|
# talosctl config node 10.132.0.10
|
||
|
|
|
||
|
|
# kubectl Contexts:
|
||
|
|
# - admin@keyboardvagabond-tailscale (VIP: 10.132.0.5:6443 or node IPs) - ACTIVE
|
||
|
|
# - admin@keyboardvagabond.com (blocked by firewall, Tailscale-only access)
|
||
|
|
|
||
|
|
# Security Notes:
|
||
|
|
# - API access restricted to Tailscale CGNAT range (100.64.0.0/10)
|
||
|
|
# - Cilium host firewall blocks world access to ports 6443, 50000-50010
|
||
|
|
# - All administrative access requires Tailscale mesh VPN connection
|
||
|
|
# - Backup kubeconfig available as SOPS-encrypted portable configuration
|