Cradicle Explorer
abyss
/ neptune / talos-config.tf
talos-config.tf
  1  locals {
  2    control_plane_config_patch = yamlencode({
  3      machine = {
  4        certSANs = [
  5          hcloud_primary_ip.control_plane.ip_address,
  6        ]
  7        time = {
  8          servers = [
  9            "ntp1.hetzner.de",
 10            "ntp2.hetzner.com",
 11            "ntp3.hetzner.net",
 12            "0.de.pool.ntp.org",
 13            "1.de.pool.ntp.org",
 14            "time.cloudflare.com"
 15          ]
 16        }
 17        # Required for enabling metrics server
 18        # https://www.talos.dev/v1.6/kubernetes-guides/configuration/deploy-metrics-server/ 
 19        kubelet = {
 20          extraArgs = {
 21            rotate-server-certificates = true
 22          }
 23        }
 24      }
 25      cluster = {
 26        # Required for the metrics server
 27        # https://www.talos.dev/v1.6/kubernetes-guides/configuration/deploy-metrics-server/
 28        extraManifests = [
 29          "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml",
 30        ]
 31        # Cilium configuration
 32        # https://www.talos.dev/v1.6/kubernetes-guides/network/deploying-cilium/
 33        network = {
 34          cni = {
 35            name = "none"
 36          }
 37        }
 38        # We use Cilium's kube-proxy replacement
 39        proxy = {
 40          disabled = true
 41        }
 42      }
 43    })
 44  
 45    worker_config_patch = yamlencode({
 46      machine = {
 47        install = {
 48          disk = "/dev/nvme0n1"
 49          # Resolves an issue on hetzner bare metal
 50          # https://github.com/siderolabs/talos/issues/7883#issuecomment-1836630848
 51          extraKernelArgs = ["-console=ttyS0"]
 52        }
 53        # todo: should be using UUIDs instead since these arent consistent
 54        disks = [
 55          {
 56            device = "/dev/nvme1n1"
 57            partitions = [{
 58              mountpoint = "/var/mnt/ssd-2"
 59            }]
 60          },
 61          {
 62            device = "/dev/sda"
 63            partitions = [{
 64              mountpoint = "/var/mnt/hdd"
 65            }]
 66          }
 67        ],
 68        network = {
 69          hostname = "nereid"
 70        }
 71        certSANs = [
 72          hcloud_primary_ip.control_plane.ip_address,
 73        ]
 74        time = {
 75          servers = [
 76            "ntp1.hetzner.de",
 77            "ntp2.hetzner.com",
 78            "ntp3.hetzner.net",
 79            "0.de.pool.ntp.org",
 80            "1.de.pool.ntp.org",
 81            "time.cloudflare.com"
 82          ]
 83        }
 84        # Required for enabling metrics server
 85        # https://www.talos.dev/v1.5/kubernetes-guides/configuration/deploy-metrics-server/ 
 86        kubelet = {
 87          extraArgs = {
 88            rotate-server-certificates = true
 89          }
 90          # Required by Longhorn
 91          extraMounts = [
 92            {
 93              destination = "/var/lib/longhorn"
 94              type        = "bind"
 95              source      = "/var/lib/longhorn"
 96              options     = ["bind", "rshared", "rw"]
 97            }
 98          ]
 99        }
100      }
101      cluster = {
102        # Required for the metrics server
103        # https://www.talos.dev/v1.5/kubernetes-guides/configuration/deploy-metrics-server/
104        extraManifests = [
105          "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml",
106        ]
107        # Cilium configuration
108        # https://www.talos.dev/v1.5/kubernetes-guides/network/deploying-cilium/
109        network = {
110          cni = {
111            name = "none"
112          }
113        }
114        # We use Cilium's kube-proxy replacement
115        proxy = {
116          disabled = true
117        }
118      }
119    })
120  }