k8s/00-infrastructure/01-tofu/talos/machine-config/common.yaml.tftpl

machine:
%{if length(registry_mirrors) > 0}
  registries:
    mirrors:
%{for registry_name, endpoint in registry_mirrors }
      ${registry_name}:
        endpoints:
          - ${endpoint}
        overridePath: true
%{endfor}
%{endif}
  # https://github.com/siderolabs/talos/issues/10002
  # Incompatibility with Cilium BPF routing and Talos Host DNS
  features:
    hostDNS:
      enabled: true
      forwardKubeDNSToHost: false
  kubelet:
    image: ghcr.io/siderolabs/kubelet:${kubernetes_version}
%{if kubelet != ""}
    ${indent(4, kubelet)}
%{endif}
  nodeLabels:
    topology.kubernetes.io/region: ${cluster_name}
    topology.kubernetes.io/zone: ${node_name}
  network:
    hostname: ${hostname}
%{if length(ntp_servers) > 0 }
  time:
    servers:
%{ for addr in ntp_servers ~}
      - ${addr}
%{ endfor ~}
%{endif}
  sysctls:
    fs.inotify.max_user_watches: 1048576   # Watchdog
    fs.inotify.max_user_instances: 8192    # Watchdog
    net.core.default_qdisc: fq             # 10Gb/s
    net.core.rmem_max: 67108864            # 10Gb/s | Cloudflared / QUIC
    net.core.wmem_max: 67108864            # 10Gb/s | Cloudflared / QUIC
    net.ipv4.tcp_congestion_control: bbr   # 10Gb/s
    net.ipv4.tcp_fastopen: 3               # Send and accept data in the opening SYN packet
    net.ipv4.tcp_mtu_probing: 1            # 10Gb/s | Jumbo frames
    net.ipv4.tcp_rmem: 4096 87380 33554432 # 10Gb/s
    net.ipv4.tcp_wmem: 4096 65536 33554432 # 10Gb/s
    net.ipv4.tcp_window_scaling: 1         # 10Gb/s
    vm.nr_hugepages: 1024                  # PostgreSQL
%{if http_proxy != ""}
  env:
    http_proxy: ${http_proxy}
    https_proxy: ${http_proxy}
%{if no_proxy != ""} 
    no_proxy: ${no_proxy}
%{endif}
%{endif}

cluster:
  apiServer:
    image: registry.k8s.io/kube-apiserver:${kubernetes_version}
  controllerManager:
    image: registry.k8s.io/kube-controller-manager:${kubernetes_version}
  proxy:
    image: registry.k8s.io/kube-proxy:${kubernetes_version}
  scheduler:
    image: registry.k8s.io/kube-scheduler:${kubernetes_version}
  network:
    podSubnets:
      - 10.244.0.0/16
#      - 2a13:fc80:1:d200::/64
    serviceSubnets:
      - 10.96.0.0/16
#      - 2a13:fc80:1:d201::/64