k8s/00-infrastructure/01-tofu/talos/machine-config/common.yaml.tftpl

machine:
  registries:
    mirrors:
      docker.io:
        endpoints:
          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-docker.io
        overridePath: true
      ghcr.io:
        endpoints:
          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-ghcr.io
        overridePath: true
      gcr.io:
        endpoints:
          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-gcr.io
        overridePath: true
      registry.k8s.io:
        endpoints:
          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-registry.k8s.io
        overridePath: true
  kubelet:
    image: ghcr.io/siderolabs/kubelet:${kubernetes_version}
%{if kubelet != ""}
    ${indent(4, kubelet)}
%{endif}
  nodeLabels:
    topology.kubernetes.io/region: ${cluster_name}
    topology.kubernetes.io/zone: ${node_name}
  network:
    hostname: ${hostname}
%{if length(ntp_servers) > 0 }
    time:
      servers:
%{ for addr in ntp_servers ~}
        - ${addr}
%{ endfor ~}
%{endif}
  sysctls:
    fs.inotify.max_user_watches: 1048576   # Watchdog
    fs.inotify.max_user_instances: 8192    # Watchdog
    net.core.default_qdisc: fq             # 10Gb/s
    net.core.rmem_max: 67108864            # 10Gb/s | Cloudflared / QUIC
    net.core.wmem_max: 67108864            # 10Gb/s | Cloudflared / QUIC
    net.ipv4.tcp_congestion_control: bbr   # 10Gb/s
    net.ipv4.tcp_fastopen: 3               # Send and accept data in the opening SYN packet
    net.ipv4.tcp_mtu_probing: 1            # 10Gb/s | Jumbo frames
    net.ipv4.tcp_rmem: 4096 87380 33554432 # 10Gb/s
    net.ipv4.tcp_wmem: 4096 65536 33554432 # 10Gb/s
    net.ipv4.tcp_window_scaling: 1         # 10Gb/s
    vm.nr_hugepages: 1024                  # PostgreSQL
%{if http_proxy != ""}
  env:
    http_proxy: ${http_proxy}
    https_proxy: ${http_proxy}
%{if no_proxy != ""} 
    no_proxy: ${no_proxy}
%{endif}
%{endif}

cluster:
  apiServer:
    image: registry.k8s.io/kube-apiserver:${kubernetes_version}
  controllerManager:
    image: registry.k8s.io/kube-controller-manager:${kubernetes_version}
  proxy:
    image: registry.k8s.io/kube-proxy:${kubernetes_version}
  scheduler:
    image: registry.k8s.io/kube-scheduler:${kubernetes_version}