s5b-public/k8s
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Structured configuration

Browse Source
This commit is contained in:
Marcel Straub
2025-01-19 11:58:37 +01:00
parent 6b4b3d9ee2
commit 4a50ca5829
17 changed files with 83 additions and 564 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
apply_all.sh
View File

@@ -1,13 +1,47 @@
#!/usr/bin/bash
CLUSTER_NAME="eis-mk8-prod"
ENDPOINTS=10.51.10.101
CONTROL_PLANE="https://ctl.prod.k8.eis-mk8.de.s5b.org:6443"
SECRETS="secrets.yaml"
# talosctl gen config \
# $CLUSTER_NAME \
# $CONTROL_PLANE \
# --with-secrets $SECRETS \
# --config-patch @patches/00_all.yaml \
# --config-patch-control-plane @patches/10_control_plane.yaml \
# --config-patch-worker @patches/20_worker.yaml \
for i in ctl-1 ctl-2 ctl-3; do
echo "Configuring CONTROLPLANE host $i"
talosctl machineconfig patch controlplane.yaml --patch @$i.patch --output $i.yaml
talosctl apply-config --nodes $i --endpoints 10.51.10.101 --talosconfig=./talosconfig --file $i.yaml
talosctl machineconfig patch \
controlplane.yaml \
-p @patches/00_all.yaml \
-p @patches/10_control_plane.yaml \
-p @patches/machines/$i.yaml \
--output transient/$i.yaml
talosctl apply-config \
--nodes $i \
--endpoints $ENDPOINTS \
--talosconfig=./talosconfig \
--file transient/$i.yaml
done
for i in node-1 node-2 node-3; do
echo "Configuring WORKER host $i"
talosctl machineconfig patch worker.yaml --patch @$i.patch --output $i.yaml
talosctl apply-config --nodes $i --endpoints 10.51.10.101 --talosconfig=./talosconfig --file $i.yaml
talosctl machineconfig patch \
worker.yaml \
-p @patches/00_all.yaml \
-p @patches/20_worker.yaml \
-p @patches/machines/$i.yaml \
--output transient/$i.yaml
talosctl apply-config \
--nodes $i \
--endpoints $ENDPOINTS \
--talosconfig=./talosconfig \
--file transient/$i.yaml
done

5
cluster_wide.patch
View File

@@ -1,5 +0,0 @@
# Cluster level patches for all machines
cluster:
network:
cni:
name: none

123
ctl-1.yaml
View File

@@ -1,123 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTTZkUWFMQkUydXdNbmhQVVNmRGwyZElWSHJDWVRpbFdFYmlyOUkwaEV2egotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64
disableManifestsDirectory: true
network:
hostname: ctl-1
interfaces:
- interface: enp6s18
addresses:
- 10.51.10.101/23
- 2a13:fc80:1:a:ffff::1/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
nameservers:
- 2a13:fc80:1:f000::1
searchDomains:
- prod.k8.eis-mk8.de.s5b.org
install:
disk: /dev/sda
image: ghcr.io/siderolabs/installer:v1.9.1
wipe: false
time:
disabled: false
servers:
- 2a13:fc80:1:f000::1
bootTimeout: 2m0s
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
nodeLabels:
node.kubernetes.io/exclude-from-external-load-balancers: ""
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
secretboxEncryptionSecret: /XuQmrDbYldLlswq65pdfX9YhuOJOrUYUmAauAaceLs=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtqcklCVnBpellUaVh6YjlWZFRnRkVZcWlOWi9Dc0pHeE85OU9DOXUrNWlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUnNNeGhKY1UwK1crYWd1bmRBL0dBYmZmN2NUK1JPVEt6TGVWMmkrNE5IQk8rTEpUYkNmbQpQcGZXZlBqUHBzTnA4dE44TVVtbkFsY2R1N0xnRC9CQWlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFXZ0F3SUJBZ0lRR3VUM0MzTzVBMCtNQ0VlRUNvdVFYREFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMU1ERXhOREl3TWpFMU5Gb1hEVE0xTURFeE1qSXdNakUxTkZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCTCtYRVZ3U3lKd3h5eTVVVEUvSThoK0tETlhMMGZOM2JsWGpzQzVnTVJ1K2Rwb1oyY09rCnBBUm1ENVptZE1zeWhNVVVNcVR5a2ZnM3dLL3pKQk9JT2l1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVCeng1S1psbFgxOFlacm13ZlFlQXdmbXBKUUV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloCkFOS2Y2eFRsNFU3ZnU4NjJ1QjFna1BTeFFvQzJhN2h2dmhwYWFvZnk0NjZlQWlCYzRvbDVPRS8wN0o5S082MXUKaTI4WWRxeVBXSVcrOEJZbHh0YUh6MHY5YUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVxSWFKQkhmSGMybkpTQ1VZTWs3VXFBenVoQWVISlM3Smt0enZCeHgrZ2VvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFdjVjUlhCTEluREhMTGxSTVQ4anlING9NMWN2UjgzZHVWZU93TG1BeEc3NTJtaG5adzZTawpCR1lQbG1aMHl6S0V4UlF5cFBLUitEZkFyL01rRTRnNkt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBN2hxYm9lczNlbm1HZ3Q4YVM2VDdMa1NZOVhTeUZrakpyZXV3ZmEzL1Z0a2FsZTVKCkZOY3RBQ0tKVkhrTHZWTGtuZzB1QlFBTEQ5THdyZm1IejViQlRHTXllNGRubU5pemEvK0cyT2FVZnIxeitJNzgKZ2xYQllXclZHUnBKUDJpaDcyVWk3d0dwWkpKWkt1V2p5dEl4d3lFaGQ4bmVJaUdxVFZLL1orcEx1VkkxYWlrQwpKNlhudjdocG9kOTl0bTJwSkdJVTNiQmRRUjY4VW1yNG5jc0tjMmJreXY2WE9MMTJSVGF2YmZEZ0VadWFITm1pCkU4akFhQ1pSNXNSajRTazJneUdoUlhwMEtjNXdWWnFmT1BaclF6c010VTJnRi9nRHllcng5cy9EOTRSMG5WSjIKVmlZaG9BczJiTmEwNEJkRGd4dkd3TnVOVTh2WGVtc0hwZWxmanRqNTNVUjBTWktVNExXdHNZaXhHc3BwekxPdApTUXNYVUxBUWRsQVF1VlRXbHdSa1pYNk1QdXZ2OEwwY051YXhhZmErYlJTT3BoeitFVE1acUR3U0NWS0RSeWFzCk5aellMWk9OaDl6cVNaUC9xVUhCUkdIRlRnMy9aRWl1cGZTKzVibkdWMW93MW9PSEVYOS9KS1VScVh3VXVOcDgKVFIvbjNWaVRNY3F1dllMcXBoTWtxUC92Yy9reTFvZTVsUmtaOEJaaS9heTdkTnBMSzlkWVZoYzhTZlNvL0Z5UApKK2ZxT1RXbVNYNTFJTkVwZDFYTWdCQUxqcmtXRDZPcDg5U0lPWWRFK2hqNVpRS09UL2pJbE84QUtPQnNWYWhsCmJxRUZ1d3VPTld2T2dDa2NtWHpxWndKZUZvd3hoOW5xYTdka0NzeEp4RWtJMDRySTkzV04vNFZ1VStFQ0F3RUEKQVFLQ0FnQTkvZkY5VThkcS9NNzNyZXlqdXoybWl6ZWoySkV4V2h3Z1N4ZjFjT0xsRXJ0b1E5VUZOd3pCVnp5WQpJTGZjd0FORDN6eVhFcTdPbk9ZSzljZlZWWFBZVm85ak9CclI0Y0c5SVpkVFM1MW43aDJPbm5QQjMxL3M1Q3E5ClVXbTJ0NkJKdXZSQWRCZE5Wd2tlTVJIWEVhamhHL1Fod3c0eHBzQTNSNDhNR0NWRkI5RmVaWFRwSzduTjRjNm0KMVpCZWVlaXF6MXFOYVlpdUZybURYOVNCQ01jY3lySlE0NzR0aUs2TlVMS1dGanZRZWNuREx5cVNxaGJtUnV2VwpBRlhjM3FVUnVTVEsrUm5iZEtNc3RvZzBCWHhoMGJMNlZVNlVUdjkxaDlVZHBIUnFNak5HYnB6ZXl5akFDWXRQCkJRdXN1SUhjVmRRR2pHTWNhUnNlQlZYRmJhQnlDUnpBNHRzL3dmZllvY0tKcEhONFFzL1FCbGlQYmoyakswT28KLzJzUi9FanNiQkdNdVlST0tmaWlBSk1BT3lob2VJUE94ZVVNYy9PQmdOY1VxNDRyK3ByS0lIVW5XcklrODNqeApkcGt6S0FlWWN0cE5xY0R2SFJzRzlRSVdiQWUxZW96WVVnVm1HVDlXU3pUYUVGQ2t0Q0JoOStGMmRpTlZwOTdwCjRrSkc4bkk5VTNhQk9XV2dqS1kreVJ0YmJ5NXFsSU56SFhkdENFdXZSNWVZMjVxaTcxcjhzL2xXMFNrcjVOVUUKTGdpblJJTjFzMlpOTXQvWlMwUGNPZVRWRVFXVTYyOEhaelNCZWpORTdoOStjZGdjU3FkdmtnakdxUjczckt6RwptajVyT0ZPcmFjejZpNExnbC96a0pheDhkTFBYakwxcThGZWJlblRRa3k5VzlqTzZqUUtDQVFFQStWVWtDUVBlCmR1Z0wrV0hHaWRuaCswSW40RHJjOUVsUExNc0tab1RRdmNnSkZNdWZxSWcrV1V6SCtEU244S1pWbVAyN1hlNGwKWG9JSEVjWWRUWjVFZDFqV0tWSFVYbThKYStpY1kwejB4d21kSFhnU01wNTk1MGZraEZnSVYxbWdHZmJxeFkzcApiTTBGZXFTSDBXc0ZsQ2Z4U2FVSmdVZUJPb0Jld2VkMzBDUmlFT1FHR1ZOQlZyNEJEa25OdElwWVB0a3hITThxCmF3TDRtQ2k3VHdNY0QvZGR6M1JmeXRrdU5RT3JuSURrQUg3enNQSlJHQTNXNVp1eUlCSFFSdnNqdFpjb3doWHoKcjdqZlpRazVEMHdoUFhUUDZBUFA5WmxwWXVlZE1ZRHBIaUxwVUQwMlNSUDFPRno3VCs4SkMwcmFMQjl2R2VhMgpScnJaSXVLc1RSRmVnd0tDQVFFQTlIaVpYd1pXSFliR0dTbjVnUFpFbFI4TXFUQnBVUVFsZWh0VlpDcTJMSVUwClRvbWZaWkRtL1BmZUs0YktZdkVzc0FhMXZSeHNuL0JIR1J4ZVFkOWRNOE5uTzk0RlhjWmtQVWZMdUZrZGdxT04KY3FMd0JPVEJnZXRWazgxZjcwK3N1UGMrb0xRSEszQ05sQ0h2RW1udjJ4RGNZdVVBZ0U3VjNaVEZYUi9GNzE2awpUYyt1aDZDQktFWHhPWnhjUHlqOVd0Uys2UmdUNHh4MUNDUVhKQXo0d0lXd1kvN0NRVGw1MFBUUnQ5QUFFSVljCitxQXNDbHEwblJxZlVtWFpRbGhoT1p0cFJnYTBlMzhNbXRLWmVOVXpMZklpQ0hPYy9hVjRKYjJxV2ZITzd3YW4KcFVnVUUwWEhGY2pmMjhGS2Y4M3VFOTdtdjcyNi9tZmgzQ1VpVVFoMnl3S0NBUUF2UWtvUVEyRjVYRVpZd0lXbgpQMXNzQ3NBUUtsZ1RIWW9hVFdudFFLTm9OWEF6TnQxT1RuU3k3SERDeFFoSC90OGVub2xUSm42Q3lWYVpzZG1BCkNzMmphWDArVzdwTEkvUy9OVm5mSUlrTTZPK1UxRnR1cU1mb2ZLSDl5OG5ZOUszNS9lbEdCTDRIMTF5QWdJc1YKMEpsQUdjb01VWEhaeFRuallzMlRKMUo0YTAwRE1wVk5XNUI0NW83QXJKQ0c5ZW9BRDU3VmZSYm5MYXI4L0V0MAprSHhUTW1uZmxvbEpvNXkwZzd1VmNJREc3MGsxY3RpWUhKZHM4ZlB6VEMwVUp5bi9rMlV3VklUWis4cXNGZkZ3Cnl0ZEtGTWdMakIxd3llRkYwK3pob3pPTWVNV01aZTNTTUN3OHdMTUoxWjc3T3ZiYmdpSEc0UW9Qb2Y3aU0rREEKd3RnTkFvSUJBUUNGNjY2dzFHckdQL2N5LzhCek9mVDE3NDFpL1djai8yNThSbzd2a1VvOGR6ZmhNaGpFYmExcgp0R2piVlRwM0d3RE02TkFUNllkRDBqOVFiUzdoVFBma2pFMTRDVGJOV1FtK1hCOG9QSUVpK0c5YTloRWZ6U1NJCkJCL2NHS3hPRDBwaUJPY2s1NW5wM1AxaHdYa1NrRC9adEpIV0J2YlFVdDlyUTcwZU4zS1puekhJZ2xWc2JLdDAKSVdSMGw4Z2N2VnFVc0dob2prME9vNThrdDRpSnNpVnVhWTNvS1QzR3R6S1pHaFBzYXFBdWJSbGczZTlpT0xBcQpROVExTWgvaTdVRk5hbW92OXlwVllKTEtHVVlEWUY5cDh2TmJ4K0dmUFU3azlkSms5VWJUdjhTRWtVaVdDaXAyCkw1VVo3L2ZjclRXWFl3cnF6SWVzSjhJZGM2WXAxOFlqQW9JQkFRQ3RhVlAzYTFRZVVZWGk4R0xOWFJJUzhTVTYKZWFoMGc1NGZqcE1XdGhaaElkNzlQRXBZTE5NbFNLOUJiMXZ4eU9rWFFPaVpQWmhQa2QxNndjZVl5WXNNZVFOdAo2UkhZRVFvelIwTXJuSXBEekszaVFXRTBlNFc5dHJyTzZOV3lWRXpKdmUrQ0IyeW1oQm9Ec1U5NmU0eStkRWVNCkJoSVdWSFBFSzVYdkFucmUyWlR6U3U5TnJjR2doUXJ6VmtpbXErVjI1a1MwUjNlMElxV0lNU01meHVHaGJCeC8KRGlSRVkzZGdCdk5IVUxUWkJTUTRBL0FYOWFHK1M2U3JuUWVLcXM1anpyS1BQM3hVb1ZrVEJ3MFZqNXF3OTZ0MQplNDhkYzNyWTAyb1lxZ0VaY2hQeE0rVG9STVo4VmlyTGlYNzNJVFJaV01CUWlhR3FFMEZzSkJHdE1KL2QKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
apiServer:
image: registry.k8s.io/kube-apiserver:v1.32.0
certSANs:
- ctl.prod.k8.eis-mk8.de.s5b.org
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.32.0
proxy:
image: registry.k8s.io/kube-proxy:v1.32.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.32.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNTZ0F3SUJBZ0lSQUsvN1gvM3gwVTJ1Z1B1YkpuVlhTY013Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TlRBeE1UUXlNREl4TlRSYUZ3MHpOVEF4TVRJeU1ESXhOVFJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSNG56S2pqdGQyCjV4NHhQS0Z5Kyt1d0VjdEU5dkRLRU1XekUvVkRhVzZsVFp3T0h3RDFJZ0JpVWdPYmlPWm05dXFORHpqSlo1UDEKM2ppOHNJYyswSDhubzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkhISm1YSDhXM1BIClJlOEI2NUdicEU4M1IvYUhNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUUQ5YWNsN0VJWm8zR1c0RDB6YTlFUEkKUnM0YzgyNUs3NEcyNjJDVlJVMjFIUUloQU1td0NadVRSWE9nRW5ZWmxjZTdSb28wdVh5MjdwaDB6bmhaTlJvRQpLSlRRCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBlVmxpVEpHRHRrRE50UEltQU5HY25Wa2w5cmlBTWV6SCt2aVZma29KMU1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFZUo4eW80N1hkdWNlTVR5aGN2dnJzQkhMUlBid3loREZzeFAxUTJsdXBVMmNEaDhBOVNJQQpZbElEbTRqbVp2YnFqUTg0eVdlVDlkNDR2TENIUHRCL0p3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
advertisedSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64

123
ctl-2.yaml
View File

@@ -1,123 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTTZkUWFMQkUydXdNbmhQVVNmRGwyZElWSHJDWVRpbFdFYmlyOUkwaEV2egotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64
disableManifestsDirectory: true
network:
hostname: ctl-2
interfaces:
- interface: enp6s18
addresses:
- 10.51.10.102/23
- 2a13:fc80:1:a:ffff::2/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
nameservers:
- 2a13:fc80:1:f000::1
searchDomains:
- prod.k8.eis-mk8.de.s5b.org
install:
disk: /dev/sda
image: ghcr.io/siderolabs/installer:v1.9.1
wipe: false
time:
disabled: false
servers:
- 2a13:fc80:1:f000::1
bootTimeout: 2m0s
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
nodeLabels:
node.kubernetes.io/exclude-from-external-load-balancers: ""
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
secretboxEncryptionSecret: /XuQmrDbYldLlswq65pdfX9YhuOJOrUYUmAauAaceLs=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtqcklCVnBpellUaVh6YjlWZFRnRkVZcWlOWi9Dc0pHeE85OU9DOXUrNWlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUnNNeGhKY1UwK1crYWd1bmRBL0dBYmZmN2NUK1JPVEt6TGVWMmkrNE5IQk8rTEpUYkNmbQpQcGZXZlBqUHBzTnA4dE44TVVtbkFsY2R1N0xnRC9CQWlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFXZ0F3SUJBZ0lRR3VUM0MzTzVBMCtNQ0VlRUNvdVFYREFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMU1ERXhOREl3TWpFMU5Gb1hEVE0xTURFeE1qSXdNakUxTkZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCTCtYRVZ3U3lKd3h5eTVVVEUvSThoK0tETlhMMGZOM2JsWGpzQzVnTVJ1K2Rwb1oyY09rCnBBUm1ENVptZE1zeWhNVVVNcVR5a2ZnM3dLL3pKQk9JT2l1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVCeng1S1psbFgxOFlacm13ZlFlQXdmbXBKUUV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloCkFOS2Y2eFRsNFU3ZnU4NjJ1QjFna1BTeFFvQzJhN2h2dmhwYWFvZnk0NjZlQWlCYzRvbDVPRS8wN0o5S082MXUKaTI4WWRxeVBXSVcrOEJZbHh0YUh6MHY5YUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVxSWFKQkhmSGMybkpTQ1VZTWs3VXFBenVoQWVISlM3Smt0enZCeHgrZ2VvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFdjVjUlhCTEluREhMTGxSTVQ4anlING9NMWN2UjgzZHVWZU93TG1BeEc3NTJtaG5adzZTawpCR1lQbG1aMHl6S0V4UlF5cFBLUitEZkFyL01rRTRnNkt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBN2hxYm9lczNlbm1HZ3Q4YVM2VDdMa1NZOVhTeUZrakpyZXV3ZmEzL1Z0a2FsZTVKCkZOY3RBQ0tKVkhrTHZWTGtuZzB1QlFBTEQ5THdyZm1IejViQlRHTXllNGRubU5pemEvK0cyT2FVZnIxeitJNzgKZ2xYQllXclZHUnBKUDJpaDcyVWk3d0dwWkpKWkt1V2p5dEl4d3lFaGQ4bmVJaUdxVFZLL1orcEx1VkkxYWlrQwpKNlhudjdocG9kOTl0bTJwSkdJVTNiQmRRUjY4VW1yNG5jc0tjMmJreXY2WE9MMTJSVGF2YmZEZ0VadWFITm1pCkU4akFhQ1pSNXNSajRTazJneUdoUlhwMEtjNXdWWnFmT1BaclF6c010VTJnRi9nRHllcng5cy9EOTRSMG5WSjIKVmlZaG9BczJiTmEwNEJkRGd4dkd3TnVOVTh2WGVtc0hwZWxmanRqNTNVUjBTWktVNExXdHNZaXhHc3BwekxPdApTUXNYVUxBUWRsQVF1VlRXbHdSa1pYNk1QdXZ2OEwwY051YXhhZmErYlJTT3BoeitFVE1acUR3U0NWS0RSeWFzCk5aellMWk9OaDl6cVNaUC9xVUhCUkdIRlRnMy9aRWl1cGZTKzVibkdWMW93MW9PSEVYOS9KS1VScVh3VXVOcDgKVFIvbjNWaVRNY3F1dllMcXBoTWtxUC92Yy9reTFvZTVsUmtaOEJaaS9heTdkTnBMSzlkWVZoYzhTZlNvL0Z5UApKK2ZxT1RXbVNYNTFJTkVwZDFYTWdCQUxqcmtXRDZPcDg5U0lPWWRFK2hqNVpRS09UL2pJbE84QUtPQnNWYWhsCmJxRUZ1d3VPTld2T2dDa2NtWHpxWndKZUZvd3hoOW5xYTdka0NzeEp4RWtJMDRySTkzV04vNFZ1VStFQ0F3RUEKQVFLQ0FnQTkvZkY5VThkcS9NNzNyZXlqdXoybWl6ZWoySkV4V2h3Z1N4ZjFjT0xsRXJ0b1E5VUZOd3pCVnp5WQpJTGZjd0FORDN6eVhFcTdPbk9ZSzljZlZWWFBZVm85ak9CclI0Y0c5SVpkVFM1MW43aDJPbm5QQjMxL3M1Q3E5ClVXbTJ0NkJKdXZSQWRCZE5Wd2tlTVJIWEVhamhHL1Fod3c0eHBzQTNSNDhNR0NWRkI5RmVaWFRwSzduTjRjNm0KMVpCZWVlaXF6MXFOYVlpdUZybURYOVNCQ01jY3lySlE0NzR0aUs2TlVMS1dGanZRZWNuREx5cVNxaGJtUnV2VwpBRlhjM3FVUnVTVEsrUm5iZEtNc3RvZzBCWHhoMGJMNlZVNlVUdjkxaDlVZHBIUnFNak5HYnB6ZXl5akFDWXRQCkJRdXN1SUhjVmRRR2pHTWNhUnNlQlZYRmJhQnlDUnpBNHRzL3dmZllvY0tKcEhONFFzL1FCbGlQYmoyakswT28KLzJzUi9FanNiQkdNdVlST0tmaWlBSk1BT3lob2VJUE94ZVVNYy9PQmdOY1VxNDRyK3ByS0lIVW5XcklrODNqeApkcGt6S0FlWWN0cE5xY0R2SFJzRzlRSVdiQWUxZW96WVVnVm1HVDlXU3pUYUVGQ2t0Q0JoOStGMmRpTlZwOTdwCjRrSkc4bkk5VTNhQk9XV2dqS1kreVJ0YmJ5NXFsSU56SFhkdENFdXZSNWVZMjVxaTcxcjhzL2xXMFNrcjVOVUUKTGdpblJJTjFzMlpOTXQvWlMwUGNPZVRWRVFXVTYyOEhaelNCZWpORTdoOStjZGdjU3FkdmtnakdxUjczckt6RwptajVyT0ZPcmFjejZpNExnbC96a0pheDhkTFBYakwxcThGZWJlblRRa3k5VzlqTzZqUUtDQVFFQStWVWtDUVBlCmR1Z0wrV0hHaWRuaCswSW40RHJjOUVsUExNc0tab1RRdmNnSkZNdWZxSWcrV1V6SCtEU244S1pWbVAyN1hlNGwKWG9JSEVjWWRUWjVFZDFqV0tWSFVYbThKYStpY1kwejB4d21kSFhnU01wNTk1MGZraEZnSVYxbWdHZmJxeFkzcApiTTBGZXFTSDBXc0ZsQ2Z4U2FVSmdVZUJPb0Jld2VkMzBDUmlFT1FHR1ZOQlZyNEJEa25OdElwWVB0a3hITThxCmF3TDRtQ2k3VHdNY0QvZGR6M1JmeXRrdU5RT3JuSURrQUg3enNQSlJHQTNXNVp1eUlCSFFSdnNqdFpjb3doWHoKcjdqZlpRazVEMHdoUFhUUDZBUFA5WmxwWXVlZE1ZRHBIaUxwVUQwMlNSUDFPRno3VCs4SkMwcmFMQjl2R2VhMgpScnJaSXVLc1RSRmVnd0tDQVFFQTlIaVpYd1pXSFliR0dTbjVnUFpFbFI4TXFUQnBVUVFsZWh0VlpDcTJMSVUwClRvbWZaWkRtL1BmZUs0YktZdkVzc0FhMXZSeHNuL0JIR1J4ZVFkOWRNOE5uTzk0RlhjWmtQVWZMdUZrZGdxT04KY3FMd0JPVEJnZXRWazgxZjcwK3N1UGMrb0xRSEszQ05sQ0h2RW1udjJ4RGNZdVVBZ0U3VjNaVEZYUi9GNzE2awpUYyt1aDZDQktFWHhPWnhjUHlqOVd0Uys2UmdUNHh4MUNDUVhKQXo0d0lXd1kvN0NRVGw1MFBUUnQ5QUFFSVljCitxQXNDbHEwblJxZlVtWFpRbGhoT1p0cFJnYTBlMzhNbXRLWmVOVXpMZklpQ0hPYy9hVjRKYjJxV2ZITzd3YW4KcFVnVUUwWEhGY2pmMjhGS2Y4M3VFOTdtdjcyNi9tZmgzQ1VpVVFoMnl3S0NBUUF2UWtvUVEyRjVYRVpZd0lXbgpQMXNzQ3NBUUtsZ1RIWW9hVFdudFFLTm9OWEF6TnQxT1RuU3k3SERDeFFoSC90OGVub2xUSm42Q3lWYVpzZG1BCkNzMmphWDArVzdwTEkvUy9OVm5mSUlrTTZPK1UxRnR1cU1mb2ZLSDl5OG5ZOUszNS9lbEdCTDRIMTF5QWdJc1YKMEpsQUdjb01VWEhaeFRuallzMlRKMUo0YTAwRE1wVk5XNUI0NW83QXJKQ0c5ZW9BRDU3VmZSYm5MYXI4L0V0MAprSHhUTW1uZmxvbEpvNXkwZzd1VmNJREc3MGsxY3RpWUhKZHM4ZlB6VEMwVUp5bi9rMlV3VklUWis4cXNGZkZ3Cnl0ZEtGTWdMakIxd3llRkYwK3pob3pPTWVNV01aZTNTTUN3OHdMTUoxWjc3T3ZiYmdpSEc0UW9Qb2Y3aU0rREEKd3RnTkFvSUJBUUNGNjY2dzFHckdQL2N5LzhCek9mVDE3NDFpL1djai8yNThSbzd2a1VvOGR6ZmhNaGpFYmExcgp0R2piVlRwM0d3RE02TkFUNllkRDBqOVFiUzdoVFBma2pFMTRDVGJOV1FtK1hCOG9QSUVpK0c5YTloRWZ6U1NJCkJCL2NHS3hPRDBwaUJPY2s1NW5wM1AxaHdYa1NrRC9adEpIV0J2YlFVdDlyUTcwZU4zS1puekhJZ2xWc2JLdDAKSVdSMGw4Z2N2VnFVc0dob2prME9vNThrdDRpSnNpVnVhWTNvS1QzR3R6S1pHaFBzYXFBdWJSbGczZTlpT0xBcQpROVExTWgvaTdVRk5hbW92OXlwVllKTEtHVVlEWUY5cDh2TmJ4K0dmUFU3azlkSms5VWJUdjhTRWtVaVdDaXAyCkw1VVo3L2ZjclRXWFl3cnF6SWVzSjhJZGM2WXAxOFlqQW9JQkFRQ3RhVlAzYTFRZVVZWGk4R0xOWFJJUzhTVTYKZWFoMGc1NGZqcE1XdGhaaElkNzlQRXBZTE5NbFNLOUJiMXZ4eU9rWFFPaVpQWmhQa2QxNndjZVl5WXNNZVFOdAo2UkhZRVFvelIwTXJuSXBEekszaVFXRTBlNFc5dHJyTzZOV3lWRXpKdmUrQ0IyeW1oQm9Ec1U5NmU0eStkRWVNCkJoSVdWSFBFSzVYdkFucmUyWlR6U3U5TnJjR2doUXJ6VmtpbXErVjI1a1MwUjNlMElxV0lNU01meHVHaGJCeC8KRGlSRVkzZGdCdk5IVUxUWkJTUTRBL0FYOWFHK1M2U3JuUWVLcXM1anpyS1BQM3hVb1ZrVEJ3MFZqNXF3OTZ0MQplNDhkYzNyWTAyb1lxZ0VaY2hQeE0rVG9STVo4VmlyTGlYNzNJVFJaV01CUWlhR3FFMEZzSkJHdE1KL2QKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
apiServer:
image: registry.k8s.io/kube-apiserver:v1.32.0
certSANs:
- ctl.prod.k8.eis-mk8.de.s5b.org
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.32.0
proxy:
image: registry.k8s.io/kube-proxy:v1.32.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.32.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNTZ0F3SUJBZ0lSQUsvN1gvM3gwVTJ1Z1B1YkpuVlhTY013Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TlRBeE1UUXlNREl4TlRSYUZ3MHpOVEF4TVRJeU1ESXhOVFJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSNG56S2pqdGQyCjV4NHhQS0Z5Kyt1d0VjdEU5dkRLRU1XekUvVkRhVzZsVFp3T0h3RDFJZ0JpVWdPYmlPWm05dXFORHpqSlo1UDEKM2ppOHNJYyswSDhubzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkhISm1YSDhXM1BIClJlOEI2NUdicEU4M1IvYUhNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUUQ5YWNsN0VJWm8zR1c0RDB6YTlFUEkKUnM0YzgyNUs3NEcyNjJDVlJVMjFIUUloQU1td0NadVRSWE9nRW5ZWmxjZTdSb28wdVh5MjdwaDB6bmhaTlJvRQpLSlRRCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBlVmxpVEpHRHRrRE50UEltQU5HY25Wa2w5cmlBTWV6SCt2aVZma29KMU1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFZUo4eW80N1hkdWNlTVR5aGN2dnJzQkhMUlBid3loREZzeFAxUTJsdXBVMmNEaDhBOVNJQQpZbElEbTRqbVp2YnFqUTg0eVdlVDlkNDR2TENIUHRCL0p3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
advertisedSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64

123
ctl-3.yaml
View File

@@ -1,123 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: controlplane
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTTZkUWFMQkUydXdNbmhQVVNmRGwyZElWSHJDWVRpbFdFYmlyOUkwaEV2egotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
nodeIP:
validSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64
disableManifestsDirectory: true
network:
hostname: ctl-3
interfaces:
- interface: enp6s18
addresses:
- 10.51.10.103/23
- 2a13:fc80:1:a:ffff::3/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
nameservers:
- 2a13:fc80:1:f000::1
searchDomains:
- prod.k8.eis-mk8.de.s5b.org
install:
disk: /dev/sda
image: ghcr.io/siderolabs/installer:v1.9.1
wipe: false
time:
disabled: false
servers:
- 2a13:fc80:1:f000::1
bootTimeout: 2m0s
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
nodeLabels:
node.kubernetes.io/exclude-from-external-load-balancers: ""
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
secretboxEncryptionSecret: /XuQmrDbYldLlswq65pdfX9YhuOJOrUYUmAauAaceLs=
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtqcklCVnBpellUaVh6YjlWZFRnRkVZcWlOWi9Dc0pHeE85OU9DOXUrNWlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUnNNeGhKY1UwK1crYWd1bmRBL0dBYmZmN2NUK1JPVEt6TGVWMmkrNE5IQk8rTEpUYkNmbQpQcGZXZlBqUHBzTnA4dE44TVVtbkFsY2R1N0xnRC9CQWlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
aggregatorCA:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFXZ0F3SUJBZ0lRR3VUM0MzTzVBMCtNQ0VlRUNvdVFYREFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMU1ERXhOREl3TWpFMU5Gb1hEVE0xTURFeE1qSXdNakUxTkZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCTCtYRVZ3U3lKd3h5eTVVVEUvSThoK0tETlhMMGZOM2JsWGpzQzVnTVJ1K2Rwb1oyY09rCnBBUm1ENVptZE1zeWhNVVVNcVR5a2ZnM3dLL3pKQk9JT2l1allUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVCeng1S1psbFgxOFlacm13ZlFlQXdmbXBKUUV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloCkFOS2Y2eFRsNFU3ZnU4NjJ1QjFna1BTeFFvQzJhN2h2dmhwYWFvZnk0NjZlQWlCYzRvbDVPRS8wN0o5S082MXUKaTI4WWRxeVBXSVcrOEJZbHh0YUh6MHY5YUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVxSWFKQkhmSGMybkpTQ1VZTWs3VXFBenVoQWVISlM3Smt0enZCeHgrZ2VvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFdjVjUlhCTEluREhMTGxSTVQ4anlING9NMWN2UjgzZHVWZU93TG1BeEc3NTJtaG5adzZTawpCR1lQbG1aMHl6S0V4UlF5cFBLUitEZkFyL01rRTRnNkt3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
serviceAccount:
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBN2hxYm9lczNlbm1HZ3Q4YVM2VDdMa1NZOVhTeUZrakpyZXV3ZmEzL1Z0a2FsZTVKCkZOY3RBQ0tKVkhrTHZWTGtuZzB1QlFBTEQ5THdyZm1IejViQlRHTXllNGRubU5pemEvK0cyT2FVZnIxeitJNzgKZ2xYQllXclZHUnBKUDJpaDcyVWk3d0dwWkpKWkt1V2p5dEl4d3lFaGQ4bmVJaUdxVFZLL1orcEx1VkkxYWlrQwpKNlhudjdocG9kOTl0bTJwSkdJVTNiQmRRUjY4VW1yNG5jc0tjMmJreXY2WE9MMTJSVGF2YmZEZ0VadWFITm1pCkU4akFhQ1pSNXNSajRTazJneUdoUlhwMEtjNXdWWnFmT1BaclF6c010VTJnRi9nRHllcng5cy9EOTRSMG5WSjIKVmlZaG9BczJiTmEwNEJkRGd4dkd3TnVOVTh2WGVtc0hwZWxmanRqNTNVUjBTWktVNExXdHNZaXhHc3BwekxPdApTUXNYVUxBUWRsQVF1VlRXbHdSa1pYNk1QdXZ2OEwwY051YXhhZmErYlJTT3BoeitFVE1acUR3U0NWS0RSeWFzCk5aellMWk9OaDl6cVNaUC9xVUhCUkdIRlRnMy9aRWl1cGZTKzVibkdWMW93MW9PSEVYOS9KS1VScVh3VXVOcDgKVFIvbjNWaVRNY3F1dllMcXBoTWtxUC92Yy9reTFvZTVsUmtaOEJaaS9heTdkTnBMSzlkWVZoYzhTZlNvL0Z5UApKK2ZxT1RXbVNYNTFJTkVwZDFYTWdCQUxqcmtXRDZPcDg5U0lPWWRFK2hqNVpRS09UL2pJbE84QUtPQnNWYWhsCmJxRUZ1d3VPTld2T2dDa2NtWHpxWndKZUZvd3hoOW5xYTdka0NzeEp4RWtJMDRySTkzV04vNFZ1VStFQ0F3RUEKQVFLQ0FnQTkvZkY5VThkcS9NNzNyZXlqdXoybWl6ZWoySkV4V2h3Z1N4ZjFjT0xsRXJ0b1E5VUZOd3pCVnp5WQpJTGZjd0FORDN6eVhFcTdPbk9ZSzljZlZWWFBZVm85ak9CclI0Y0c5SVpkVFM1MW43aDJPbm5QQjMxL3M1Q3E5ClVXbTJ0NkJKdXZSQWRCZE5Wd2tlTVJIWEVhamhHL1Fod3c0eHBzQTNSNDhNR0NWRkI5RmVaWFRwSzduTjRjNm0KMVpCZWVlaXF6MXFOYVlpdUZybURYOVNCQ01jY3lySlE0NzR0aUs2TlVMS1dGanZRZWNuREx5cVNxaGJtUnV2VwpBRlhjM3FVUnVTVEsrUm5iZEtNc3RvZzBCWHhoMGJMNlZVNlVUdjkxaDlVZHBIUnFNak5HYnB6ZXl5akFDWXRQCkJRdXN1SUhjVmRRR2pHTWNhUnNlQlZYRmJhQnlDUnpBNHRzL3dmZllvY0tKcEhONFFzL1FCbGlQYmoyakswT28KLzJzUi9FanNiQkdNdVlST0tmaWlBSk1BT3lob2VJUE94ZVVNYy9PQmdOY1VxNDRyK3ByS0lIVW5XcklrODNqeApkcGt6S0FlWWN0cE5xY0R2SFJzRzlRSVdiQWUxZW96WVVnVm1HVDlXU3pUYUVGQ2t0Q0JoOStGMmRpTlZwOTdwCjRrSkc4bkk5VTNhQk9XV2dqS1kreVJ0YmJ5NXFsSU56SFhkdENFdXZSNWVZMjVxaTcxcjhzL2xXMFNrcjVOVUUKTGdpblJJTjFzMlpOTXQvWlMwUGNPZVRWRVFXVTYyOEhaelNCZWpORTdoOStjZGdjU3FkdmtnakdxUjczckt6RwptajVyT0ZPcmFjejZpNExnbC96a0pheDhkTFBYakwxcThGZWJlblRRa3k5VzlqTzZqUUtDQVFFQStWVWtDUVBlCmR1Z0wrV0hHaWRuaCswSW40RHJjOUVsUExNc0tab1RRdmNnSkZNdWZxSWcrV1V6SCtEU244S1pWbVAyN1hlNGwKWG9JSEVjWWRUWjVFZDFqV0tWSFVYbThKYStpY1kwejB4d21kSFhnU01wNTk1MGZraEZnSVYxbWdHZmJxeFkzcApiTTBGZXFTSDBXc0ZsQ2Z4U2FVSmdVZUJPb0Jld2VkMzBDUmlFT1FHR1ZOQlZyNEJEa25OdElwWVB0a3hITThxCmF3TDRtQ2k3VHdNY0QvZGR6M1JmeXRrdU5RT3JuSURrQUg3enNQSlJHQTNXNVp1eUlCSFFSdnNqdFpjb3doWHoKcjdqZlpRazVEMHdoUFhUUDZBUFA5WmxwWXVlZE1ZRHBIaUxwVUQwMlNSUDFPRno3VCs4SkMwcmFMQjl2R2VhMgpScnJaSXVLc1RSRmVnd0tDQVFFQTlIaVpYd1pXSFliR0dTbjVnUFpFbFI4TXFUQnBVUVFsZWh0VlpDcTJMSVUwClRvbWZaWkRtL1BmZUs0YktZdkVzc0FhMXZSeHNuL0JIR1J4ZVFkOWRNOE5uTzk0RlhjWmtQVWZMdUZrZGdxT04KY3FMd0JPVEJnZXRWazgxZjcwK3N1UGMrb0xRSEszQ05sQ0h2RW1udjJ4RGNZdVVBZ0U3VjNaVEZYUi9GNzE2awpUYyt1aDZDQktFWHhPWnhjUHlqOVd0Uys2UmdUNHh4MUNDUVhKQXo0d0lXd1kvN0NRVGw1MFBUUnQ5QUFFSVljCitxQXNDbHEwblJxZlVtWFpRbGhoT1p0cFJnYTBlMzhNbXRLWmVOVXpMZklpQ0hPYy9hVjRKYjJxV2ZITzd3YW4KcFVnVUUwWEhGY2pmMjhGS2Y4M3VFOTdtdjcyNi9tZmgzQ1VpVVFoMnl3S0NBUUF2UWtvUVEyRjVYRVpZd0lXbgpQMXNzQ3NBUUtsZ1RIWW9hVFdudFFLTm9OWEF6TnQxT1RuU3k3SERDeFFoSC90OGVub2xUSm42Q3lWYVpzZG1BCkNzMmphWDArVzdwTEkvUy9OVm5mSUlrTTZPK1UxRnR1cU1mb2ZLSDl5OG5ZOUszNS9lbEdCTDRIMTF5QWdJc1YKMEpsQUdjb01VWEhaeFRuallzMlRKMUo0YTAwRE1wVk5XNUI0NW83QXJKQ0c5ZW9BRDU3VmZSYm5MYXI4L0V0MAprSHhUTW1uZmxvbEpvNXkwZzd1VmNJREc3MGsxY3RpWUhKZHM4ZlB6VEMwVUp5bi9rMlV3VklUWis4cXNGZkZ3Cnl0ZEtGTWdMakIxd3llRkYwK3pob3pPTWVNV01aZTNTTUN3OHdMTUoxWjc3T3ZiYmdpSEc0UW9Qb2Y3aU0rREEKd3RnTkFvSUJBUUNGNjY2dzFHckdQL2N5LzhCek9mVDE3NDFpL1djai8yNThSbzd2a1VvOGR6ZmhNaGpFYmExcgp0R2piVlRwM0d3RE02TkFUNllkRDBqOVFiUzdoVFBma2pFMTRDVGJOV1FtK1hCOG9QSUVpK0c5YTloRWZ6U1NJCkJCL2NHS3hPRDBwaUJPY2s1NW5wM1AxaHdYa1NrRC9adEpIV0J2YlFVdDlyUTcwZU4zS1puekhJZ2xWc2JLdDAKSVdSMGw4Z2N2VnFVc0dob2prME9vNThrdDRpSnNpVnVhWTNvS1QzR3R6S1pHaFBzYXFBdWJSbGczZTlpT0xBcQpROVExTWgvaTdVRk5hbW92OXlwVllKTEtHVVlEWUY5cDh2TmJ4K0dmUFU3azlkSms5VWJUdjhTRWtVaVdDaXAyCkw1VVo3L2ZjclRXWFl3cnF6SWVzSjhJZGM2WXAxOFlqQW9JQkFRQ3RhVlAzYTFRZVVZWGk4R0xOWFJJUzhTVTYKZWFoMGc1NGZqcE1XdGhaaElkNzlQRXBZTE5NbFNLOUJiMXZ4eU9rWFFPaVpQWmhQa2QxNndjZVl5WXNNZVFOdAo2UkhZRVFvelIwTXJuSXBEekszaVFXRTBlNFc5dHJyTzZOV3lWRXpKdmUrQ0IyeW1oQm9Ec1U5NmU0eStkRWVNCkJoSVdWSFBFSzVYdkFucmUyWlR6U3U5TnJjR2doUXJ6VmtpbXErVjI1a1MwUjNlMElxV0lNU01meHVHaGJCeC8KRGlSRVkzZGdCdk5IVUxUWkJTUTRBL0FYOWFHK1M2U3JuUWVLcXM1anpyS1BQM3hVb1ZrVEJ3MFZqNXF3OTZ0MQplNDhkYzNyWTAyb1lxZ0VaY2hQeE0rVG9STVo4VmlyTGlYNzNJVFJaV01CUWlhR3FFMEZzSkJHdE1KL2QKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
apiServer:
image: registry.k8s.io/kube-apiserver:v1.32.0
certSANs:
- ctl.prod.k8.eis-mk8.de.s5b.org
disablePodSecurityPolicy: true
admissionControl:
- name: PodSecurity
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
auditPolicy:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.32.0
proxy:
image: registry.k8s.io/kube-proxy:v1.32.0
scheduler:
image: registry.k8s.io/kube-scheduler:v1.32.0
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}
etcd:
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNTZ0F3SUJBZ0lSQUsvN1gvM3gwVTJ1Z1B1YkpuVlhTY013Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TlRBeE1UUXlNREl4TlRSYUZ3MHpOVEF4TVRJeU1ESXhOVFJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSNG56S2pqdGQyCjV4NHhQS0Z5Kyt1d0VjdEU5dkRLRU1XekUvVkRhVzZsVFp3T0h3RDFJZ0JpVWdPYmlPWm05dXFORHpqSlo1UDEKM2ppOHNJYyswSDhubzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkhISm1YSDhXM1BIClJlOEI2NUdicEU4M1IvYUhNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUUQ5YWNsN0VJWm8zR1c0RDB6YTlFUEkKUnM0YzgyNUs3NEcyNjJDVlJVMjFIUUloQU1td0NadVRSWE9nRW5ZWmxjZTdSb28wdVh5MjdwaDB6bmhaTlJvRQpLSlRRCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBlVmxpVEpHRHRrRE50UEltQU5HY25Wa2w5cmlBTWV6SCt2aVZma29KMU1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFZUo4eW80N1hkdWNlTVR5aGN2dnJzQkhMUlBid3loREZzeFAxUTJsdXBVMmNEaDhBOVNJQQpZbElEbTRqbVp2YnFqUTg0eVdlVDlkNDR2TENIUHRCL0p3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
advertisedSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64

62
node-1.yaml
View File

@@ -1,62 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network:
hostname: node-1
interfaces:
- interface: enp6s18
addresses:
- 10.51.11.1/23
- 2a13:fc80:1:a:fffe::1/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
install:
disk: /dev/sda
image: factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.2
wipe: false
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}

62
node-2.yaml
View File

@@ -1,62 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network:
hostname: node-2
interfaces:
- interface: enp6s18
addresses:
- 10.51.11.2/23
- 2a13:fc80:1:a:fffe::2/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
install:
disk: /dev/sda
image: factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.2
wipe: false
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}

62
node-3.yaml
View File

@@ -1,62 +0,0 @@
version: v1alpha1
debug: false
persist: true
machine:
type: worker
token: 2xhfuf.45akfjnnh804awuu
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBd0FRMVBETG1JbWNKdTgzQ2RLZUlSakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXdNVEUwTWpBeU1UVTBXaGNOTXpVd01URXlNakF5TVRVMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUZQbzBVVnJ1cXJaMStMcUU4d2dadUFKbWNGK3RKTUdNdTJuCnJNOUhrMzV6bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRksvQnV2K0NMT1NtbW5BQgpSVjExcEk3WnNGOHZNQVVHQXl0bGNBTkJBRDFrRXFrOFVzam9LOTlqd3lpZjhDcU9tWTdWRjRVaTN5NWh3SmFiCk1RdFR1Z1RhQnpiK0N3cllqZlZyeUg3NEhDVy9aeXdMRWdTNlhMZlpid1RrWHdNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
certSANs: []
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.32.0
defaultRuntimeSeccompProfileEnabled: true
disableManifestsDirectory: true
network:
hostname: node-3
interfaces:
- interface: enp6s18
addresses:
- 10.51.11.3/23
- 2a13:fc80:1:a:fffe::3/64
routes:
- network: 0.0.0.0/0
gateway: 10.51.10.1
mtu: 9000
install:
disk: /dev/sda
image: factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.9.2
wipe: false
features:
rbac: true
stableHostname: true
apidCheckExtKeyUsage: true
diskQuotaSupport: true
kubePrism:
enabled: true
port: 7445
hostDNS:
enabled: true
forwardKubeDNSToHost: true
cluster:
id: O2LsB7AZqRyAo_30uf8Yec_PN6FiXJG-9sAzMwUl3TI=
secret: YtpgPEYZEgsef4RW4XrM1KDfjT4Apa2/Bww4RGuylcg=
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443
clusterName: eis-mk8-prod
network:
dnsDomain: cluster.local
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/12
token: mfnr8h.csyfzmisvvijcji4
ca:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRU1dMOEJldXFENko4V3hPbDB3WldwVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNREV4TkRJd01qRTFORm9YRFRNMU1ERXhNakl3TWpFMQpORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCRWJETVlTWEZOUGx2bW9McDNRUHhnRzMzKzNFL2tUa3lzeTNsZG92dURSd1R2aXlVMnduNWo2WDFuejQKejZiRGFmTFRmREZKcHdKWEhidXk0QS93UUlxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVSM3BkSVFlK3NPUjB6OTBSeElHUVdoWEJjTFV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU4rT25uR0YKODBGR2IvMzJlVllKcExIa0lISHorVTUwekJVbkg0ek0xYkFvQWlBbUdBblVDbkErL0hIR1B6c2cxNkZBb2tTWAp6OHRlQWRQNHRpUHQ1eTc5QVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: ""
discovery:
enabled: true
registries:
kubernetes:
disabled: true
service: {}

38
patches/00_all.yaml Normal file
View File

@@ -0,0 +1,38 @@
# Cluster level patches for all machines
machine:
kubelet:
nodeIP:
validSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64
network:
nameservers:
- 2a13:fc80:1:f000::1
searchDomains:
- prod.k8.eis-mk8.de.s5b.org
time:
disabled: false # Indicates if the time service is disabled for the machine.
servers:
- 2a13:fc80:1:f000::1
bootTimeout: 2m0s # Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence.
cluster:
controlPlane:
endpoint: https://ctl.prod.k8.eis-mk8.de.s5b.org:6443 # Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname.
clusterName: eis-mk8-prod # Configures the cluster's name.
# Provides cluster specific network configuration options.
network:
cni:
name: none
dnsDomain: cluster.local # The domain used by Kubernetes DNS.
# The pod subnet CIDR.
podSubnets:
- 10.244.0.0/16
# The service subnet CIDR.
serviceSubnets:
- 10.96.0.0/12

7
patches/10_control_plane.yaml Normal file
View File

@@ -0,0 +1,7 @@
cluster:
# Etcd specific configuration options.
etcd:
# The `advertisedSubnets` field configures the networks to pick etcd advertised IP from.
advertisedSubnets:
- 10.51.10.0/23
- 2a13:fc80:1:a::/64

0
patches/20_worker.yaml Normal file
View File

0
ctl-1.patch → patches/machines/ctl-1.yaml
View File

0
ctl-2.patch → patches/machines/ctl-2.yaml
View File

0
ctl-3.patch → patches/machines/ctl-3.yaml
View File

0
node-1.patch → patches/machines/node-1.yaml
View File

0
node-2.patch → patches/machines/node-2.yaml
View File

0
node-3.patch → patches/machines/node-3.yaml
View File