diff --git a/kubernetes/main/bootstrap/talos/assets/k8s-0.secret.sops.yaml b/kubernetes/main/bootstrap/talos/assets/k8s-0.secret.sops.yaml index 7263bdf84186c..83c1f218f1b05 100644 --- a/kubernetes/main/bootstrap/talos/assets/k8s-0.secret.sops.yaml +++ b/kubernetes/main/bootstrap/talos/assets/k8s-0.secret.sops.yaml @@ -2,193 +2,192 @@ version: v1alpha1 debug: false persist: true machine: - type: controlplane - token: ENC[AES256_GCM,data:TpcG5gEASyc/DY6LtwJ6Gm4Vvqj0ijo=,iv:MlnymnodIhyyOxm8t7ZmaAMZlXhsxP6Ehulaj55aCKA=,tag:0lFHYthbyrQRqxDIslm0lg==,type:str] - ca: - crt: ENC[AES256_GCM,data:CzBkN8oUN/CGLLhrpP6vGMjHMMJWVsy0Y2weQnv3NW7yIebR8Wik0yUShpH6VgvjeDNINbsTWstpscpBLZkrPWoLuzSxzg1b6kbql3YmmINc6xBApg7UWOPrQ7sRXrWNaRv9aBBf0/RhTB20gjlaMohUGBT4qmpcCLQVXAH5np62WbMpCBj0ZDTgTarh6VwQB3htuCGvUv/M1Ag0kt3bG0cbVKA5zHH8tQ8Dvw3z5e4Oxu7GN4EiXiQqDRVJ4pu/dVrLOq888nKpQMTAtPiV0wU0Kp0REiqt/M5HLPDqG2vWVV8VmjloodkNs1A91dYHtoVLK/BgWglliKN0mFW8Y1u51INFdBp2yJ5SdpZLeq5o1fQNSfVBRbROoxRabIFldhgyUw8ljgkm+aEkO4pD8NKC35KSYTQ5DPmMzro8nN60R7BP3y73CLQkqsrxWj9UXKKz1GMGXlZSoTTvPhgz/F5M1eLqsOFf1ExinYbIgdxW1S1vhAe1Zmt7gQccYlJOG5zqHpEhYV2WvfI1uR1Uo6EggQcS1ypnIHyNovbtw/bMZuG5gABv0TI3IecmDl+eYFdrENSIHVPjE5bsJh/voJiJKHZvjxy6qFWprYs223JsPWfHksnTaqP/bKuTGRPYSULNK8FSj1JBHl6SCk8Y/0zGkNBr9qzV42smDza90CUHJMM9ZZzcN+RhK7EBzbzpVyvCtPNH/HxPVTDaxUcEloUJO6SE73+HRlCMtFGpM2OnUWFahXk++Y0yg6FXHFRUFgBmXFo+9MJ5GM+2dH9O/PW4TBR0rDJzxzFrPtoaaufQtasqjcKrCHgTJ0V+r0ZbAz29gKpkb4xcw3HNCH3jsg+IaoylOffIB9E9O5/z/C+s/B8l,iv:Jjscc57LvUrpzcgDwXRyyNecn2m2cveCSAcE1xcvgCo=,tag:Z5bnyk1/0g6tL1yk5EGwfw==,type:str] - key: ENC[AES256_GCM,data:3GrHhjN6OaUorQmhxEuk8ji6zE+kOkDHOtCBlLO9EiS+WReEhc8bUtmqZzhbGkug8nl91XFy/dtXYZuY7wy/T/2vBF1ZkWEhNytgEqEggFERhVjGKKRDvenD60fhJfOgF5KBStEetnXXv1UYx1IdKhnfApKM7B38mNl5qPUMXIuBVv5DHS1CsX0XkOYX0zgqu0kGcuW4ctVerZveZ6yvhBg19fehuzlxMZUJRqZklFP+0MPG,iv:2++FVy/rbHURFzyaSv9TWxF6+0DZroScCIm2zzZZ9+g=,tag:zORLCHOhsrMzD7GsRyO3gw==,type:str] - certSANs: - - 127.0.0.1 - - 192.168.42.120 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - extraArgs: - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - type: bind - source: /var/openebs/local - options: - - bind - - rshared - - rw - defaultRuntimeSeccompProfileEnabled: true - nodeIP: - validSubnets: - - 192.168.42.0/24 - disableManifestsDirectory: true - network: - hostname: k8s-0 - interfaces: - - deviceSelector: - hardwareAddr: 00:30:93:12:* - driver: atlantic - mtu: 9000 - dhcp: true - vip: - ip: 192.168.42.120 - install: - diskSelector: - model: Samsung SSD 870 - extraKernelArgs: - - mitigations=off - - module_blacklist=e1000e - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - files: - - content: | - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: | - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" - net.core.rmem_max: "2500000" - net.core.wmem_max: "2500000" - features: - rbac: true - stableHostname: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - forwardKubeDNSToHost: false - udev: - rules: - # Thunderbolt - - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - # Intel GPU - - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" - # Google Coral USB Accelerator - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" - nodeLabels: - topology.kubernetes.io/region: main - topology.kubernetes.io/zone: m - factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} - factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} -cluster: - id: ENC[AES256_GCM,data:C5Zhfs2dET7Qe978Gk1+wJzCZyGyOCY2XSCHJhoV9OusKkvOZVCwwlRQIN8=,iv:rSqjL+GnkAJMbE1AXd9WXDEr7ohZACulKZPTAbXqQ8M=,tag:Y8+hDV+XBYCXCWdVjGNzww==,type:str] - secret: ENC[AES256_GCM,data:ObAJW8awcHVVvTughR61AXbrPHi/iXtEByisvwO8Lu/9DMoSpQ4yaGq+Wf8=,iv:kYYQMY4xFsCvPBkMr5S9Pp3UGPmAIN+2S8OREQLBqPg=,tag:JWYmBS+01IoMOAzdIVVO1w==,type:str] - controlPlane: - endpoint: https://192.168.42.120:6443 - clusterName: main - network: - cni: - name: none - dnsDomain: cluster.local - podSubnets: - - 10.42.0.0/16 - serviceSubnets: - - 10.43.0.0/16 - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:uefeWR0yTxmXvhC8G688R3DjxRfsOUU=,iv:HYF/laANUeCYIX0sLapxeXcXmvT13oRMCRLxYqdYolU=,tag:n4VYiejPjSi4ICJsy3mJeg==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:YSN7Npe4IIass8VwYSQZSRanRd7F3nxOoHpgFhx/liqw1KLuKCVkJlW/p7Q=,iv:OaUnzSpbDwNEdJZ0/ooF4iFzEE7CvQ15eO0hStDHZgM=,tag:jDjKDEyPr3vVCt3Behn9GQ==,type:str] - ca: - crt: ENC[AES256_GCM,data:XUOZ+MvTrx3pOEVty13X35NISF2/4Z5W2V4UVhPjBg22Bdo2xzEuu9cscRpHOQecvChEZ6fnWssQ+DlRMj5i/wXJleL1tXzpwFX6y2dH1pQp9J08O7n4QPPDvyw4jc6yCZZKOr0txIleOwb7Knp6P0elETvHvcOESty6ISYSzCr2QMxW4jAYesfLH3gUrUuqT7sRBiaTHlKOY+nzVP3Dt1gTSUAbOVPpdPVWkwJrysgKZPKumRDA89Q9zngE9Os17RwEnGRR1JjSDB4e/ijobLfsXEzmpx8SF4Kf5Xhoeu8Pq9KCyq4lJA8NzWeitfzAvarfNAM6AapbBQKoNTTr/kloJYJ4ElhTS4KMmSdrHQpreLgy4NxfsUsJwlfaGFZcpt7lv6n3Xth2C0GeDxQvbqt1UxAsFk2naI8yBcckEKOuqpc0Vqvj6lweuLSXqfoChaE2FW/H1jQE6FVmKYmT5LIZCo02/cBI6F50nMGfkk46KMrAKtPX7E/qgHMMXAaUTEnuOfNZNSG0mFyvuGnAzCulhB/eMlYnk9L9pMknDtWnX2ouKkfvSDzvQcRyIOI5IzxVzY9hbpnvekhSNpBalZhdFrbvNFXrsWMkr/9EfiyCRodn8rnswDQrA2r5m0JWOIahHlpED4MMulsP9ZC0VLzGM76+gVH0Npo5ahrVg1ArQIYbeSTy63zmqLdSqFBjVWAiSBapDjn5I0UBOCG5fW3f27C9LhP0NVZMsfC3aYINwa1cypqLkg7syZ4pLRyEkoyXBHxeYgJZv2tW7c4KdUjwumYPKk87yltwh5SajFMKIUNvS7rAXUXNIVyqJ6z3QMhqmIxy38MREDLVUucjBtv3XH5EZUSRBClwGft+IPsnvrOIX9k8HN286paY/u3WsU+al/5ad3KPX4eBgWIU1IJ72x+IXB8MkAr6y/2J9bn3MAz8jL3NPH9XxdZNz7eLhHqbgwsgSo8yXtKifr7ZX1IdnpGN/iGZo8cLgfAnMNs3LgdWf8x5TrWPCZtMDh6j90EcwDKIQDWl2+7O2D9bHzNySZnfkEwC4vFXvg==,iv:hwd5qRpySyUyca4HXSw8dkdIclxlRZdGV17vOVh1Oto=,tag:n6Y9YLL4OeiYUdhfhCKqcw==,type:str] - key: ENC[AES256_GCM,data:uHyPjiDyHgm3fw0XtDRFyVYiETjtcyDw10DF/PeVtGmNtAAELGKroW/CFeVllmC0JUDAle5+k9IoGEhoqNSFTNEOyb9/1wS2ksKiXts1Qt9zvwMaCXTjy92uHh5i7s7JEWZQuzbMG6/xTbdt5p5V441E08bvfWuJ39SXoJdyNunVB1v6QICzT4KS7cFvL0xLMRAZk2SB4R2Rx7SsTqMfFS6psogFm9sckZZkW7AmxbSLfzQRW0faeOqV4EBfIPwXhtvLnUf3Spro8Ox5YbAIW699xvU7itriWKX96I12ObRJMBZaLa+6rV5Ddky7bWve5GC2hofqVJwdgtTxQkA+2ojnVGZWXWAFceKgaJutBbGCKmQn4FrRErIAFyepqE61Zk2N67TeN/xTWm2GCs40iQ==,iv:M5Aj/W++eQv8iVyeOfUZW2gtawMnWBOdOIdwd2EblpI=,tag:Dto40rpbtW0Q3fjDt3AHJQ==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:53ocCknq6YDDihncYyJEN5XHCwyjFB+N+sCkpieSShXSVuD0x1Jb2FfGoXYTYKiCQA4cbebCg5Z7JD0uoO00cVxWJwMMpwbQA7ZTmLLsOKeHMlnKxxoOBcTvbOhFVzWXBlcXzU+AGL6UYpiIfyTSTR/bTJqkZITCQUQZ/Cx34t7Av+rWaHUSJmmu8RWmzXo2viiGFVPjmN7IHhKh0RbXCvFiNXHxDG9H4z3gfaeXKbmQyniJs0Hpsn5ah6C64EO5gC9EOOCxA0YVWDufzNVWkgVURCVLlLoGONJY7CFgA6MPuVFhan2NbG7ixJRL5wci7+aPUHp2GV2L17EbnNC8rrUKChQkUWe5zjw0g44If6kNDcxmNFdyrFMtRToe2D7mCgKELqJ8OUpos4lAU1KDkpDCRCECExOJdysU0FbBDVSvYh5IYF86DaY7XbHcjqXsBN3e34dju+NsWVi6N+5ksyReyfk2EJIMRQgJD+nvFZcjguylWJCxQ7UU7d6r8O9oEMVtKra1jUjPSql5aeHnRikADJWS+s3uThn5qpvo8AO5HkC9RtFAdkHkEurfZbdwtY0+Pa+0l8DeueTVxjFt6hAFn0xb1LTSH80O56iGsKH4sb6p+NR62T9By/Js0QUzv+FP1puOruavErTz0XSp3Qen6cp+0dFnu0mFLtmJ3Qn5nOtbTHLr52VrpQFP+8oqGVJPtNWJPlxqSgl4KkdzK3peLLREKAUSejAsM5dn1Xi863tjlmFk34P3swQsH3+D6+NjQA0M2XfOY0tIo7jClh66NwF0zSp1aXHVp2YiLrVKMGOzWlN/YvWBcCOqRuom8S6rhaMy4WPBMOaoKRRhMHtGVoAQrUdccQ3UrsXM3R8ZwTXy/Smo8YNL/HxwcK88gsYbI0GPyaGiFCAv2xKQGEz1Pb9sE1dO264JuMGqqZ3J0EWx6/ekBQ==,iv:5VstISUvUwUDNo6Ma7rATwjTB7/dlrHmwLr1xGbTdG0=,tag:5JFB0dBAlU/E6mQXjnB5+g==,type:str] - key: ENC[AES256_GCM,data:ll2qwhXgvDHG4Z/G3RVkgu3x3VsL64xon2abgCWt/xefxDGTo66v44LO/KFy2FNMS7AFkB6kLHESJIp7L7MDU714p4uaIKpuM25DTHDop4zbScq3r7fiyFdKhop+cgsYstY7NxIwPvbl/BiVRGChX9XNHEcKDjyOycZb5VBSEv7jFfUDb/oNKVNdb6jZkdAfQSO48a/lvNRi7EF0Au1qKz1iG3AmpmHiEKFTtgDC01PbUCtTT5rxzmcKzr6Vu7KkR1Oyt2FyShciCinzOUA2kq/wKoTCWG4/iqODN92JTv+RDbGwvIGa5ZCzMgTd2ijBhIK94Ki0eqkEEPOfpl63+dy5zTt3yhP0vRBWBioOnPZ73ISqeh2s9QQsCaxZQ60BVD9InCC12n/5f26sMAfDEw==,iv:fAdvVYppSO2ZLaa3+nlWEDCY3cNwMss1KxqrQkiIrY4=,tag:qXZwNxpsk6USRzG1ba6fWA==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:+WwMb5IqA1SVLvXDAl10KTlXf0j0ugEH8v8vWa55Hhvwlsmx4Fi5Frfe4QfqW8cSPLLIIxDBqMWSb+HZ5ACx9xtralO8cw1Rg7/Kga6d1dFCABg/YcJCPiwwEIwbUTQaItgTdefnp7d4DSJHEAiYjpJsxH1FqcuUD7FjjWyUYiy3jIrgy6eVG402g9LGS+jZn12TSvnkB9J9NroY1+wOLenSXXFAu9QKagGaH5nj8mD3L6FC628ZhY6J2LJXtzjnU/lVpBoWsP3bCO3yAWOdqvJwQQ58rFVachiKZT3bcdQC4eVGMVI8KSfyBcNpKtGrdhhbA1YflQNCtdNdGEZVZOK/8vIbgr8Cai0qJ9988yJqDLkSwKaI6KP4qCjSkYkQkNRYC48KleJUXLc8SSZe/w==,iv:RgLbDRhq5v9kB/vwu8jiipFyn1HF8+CkaWPHG5imMUk=,tag:oEiPlAEUJ115QBGCiDDMPg==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + type: controlplane + token: ENC[AES256_GCM,data:TpcG5gEASyc/DY6LtwJ6Gm4Vvqj0ijo=,iv:MlnymnodIhyyOxm8t7ZmaAMZlXhsxP6Ehulaj55aCKA=,tag:0lFHYthbyrQRqxDIslm0lg==,type:str] + ca: + crt: ENC[AES256_GCM,data:CzBkN8oUN/CGLLhrpP6vGMjHMMJWVsy0Y2weQnv3NW7yIebR8Wik0yUShpH6VgvjeDNINbsTWstpscpBLZkrPWoLuzSxzg1b6kbql3YmmINc6xBApg7UWOPrQ7sRXrWNaRv9aBBf0/RhTB20gjlaMohUGBT4qmpcCLQVXAH5np62WbMpCBj0ZDTgTarh6VwQB3htuCGvUv/M1Ag0kt3bG0cbVKA5zHH8tQ8Dvw3z5e4Oxu7GN4EiXiQqDRVJ4pu/dVrLOq888nKpQMTAtPiV0wU0Kp0REiqt/M5HLPDqG2vWVV8VmjloodkNs1A91dYHtoVLK/BgWglliKN0mFW8Y1u51INFdBp2yJ5SdpZLeq5o1fQNSfVBRbROoxRabIFldhgyUw8ljgkm+aEkO4pD8NKC35KSYTQ5DPmMzro8nN60R7BP3y73CLQkqsrxWj9UXKKz1GMGXlZSoTTvPhgz/F5M1eLqsOFf1ExinYbIgdxW1S1vhAe1Zmt7gQccYlJOG5zqHpEhYV2WvfI1uR1Uo6EggQcS1ypnIHyNovbtw/bMZuG5gABv0TI3IecmDl+eYFdrENSIHVPjE5bsJh/voJiJKHZvjxy6qFWprYs223JsPWfHksnTaqP/bKuTGRPYSULNK8FSj1JBHl6SCk8Y/0zGkNBr9qzV42smDza90CUHJMM9ZZzcN+RhK7EBzbzpVyvCtPNH/HxPVTDaxUcEloUJO6SE73+HRlCMtFGpM2OnUWFahXk++Y0yg6FXHFRUFgBmXFo+9MJ5GM+2dH9O/PW4TBR0rDJzxzFrPtoaaufQtasqjcKrCHgTJ0V+r0ZbAz29gKpkb4xcw3HNCH3jsg+IaoylOffIB9E9O5/z/C+s/B8l,iv:Jjscc57LvUrpzcgDwXRyyNecn2m2cveCSAcE1xcvgCo=,tag:Z5bnyk1/0g6tL1yk5EGwfw==,type:str] + key: ENC[AES256_GCM,data:3GrHhjN6OaUorQmhxEuk8ji6zE+kOkDHOtCBlLO9EiS+WReEhc8bUtmqZzhbGkug8nl91XFy/dtXYZuY7wy/T/2vBF1ZkWEhNytgEqEggFERhVjGKKRDvenD60fhJfOgF5KBStEetnXXv1UYx1IdKhnfApKM7B38mNl5qPUMXIuBVv5DHS1CsX0XkOYX0zgqu0kGcuW4ctVerZveZ6yvhBg19fehuzlxMZUJRqZklFP+0MPG,iv:2++FVy/rbHURFzyaSv9TWxF6+0DZroScCIm2zzZZ9+g=,tag:zORLCHOhsrMzD7GsRyO3gw==,type:str] certSANs: - - 127.0.0.1 - - 192.168.42.120 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - disabled: true - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: + - 127.0.0.1 + - 192.168.42.120 + kubelet: + image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} + extraArgs: + rotate-server-certificates: "true" + extraMounts: + - destination: /var/openebs/local + type: bind + source: /var/openebs/local + options: + - bind + - rshared + - rw + defaultRuntimeSeccompProfileEnabled: true + nodeIP: + validSubnets: + - 192.168.42.0/24 + disableManifestsDirectory: true + network: + hostname: k8s-0 + interfaces: + - deviceSelector: + hardwareAddr: 00:30:93:12:* + driver: atlantic + mtu: 9000 + dhcp: true + vip: + ip: 192.168.42.120 + install: + diskSelector: + model: Samsung SSD 870 + extraKernelArgs: + - mitigations=off + - module_blacklist=e1000e + image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} + wipe: false + files: + - content: | + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: | + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + net.core.rmem_max: "2500000" + net.core.wmem_max: "2500000" + features: + rbac: true + stableHostname: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + forwardKubeDNSToHost: false + udev: + rules: + # Thunderbolt + - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" + # Intel GPU + - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" + # Google Coral USB Accelerator + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" + nodeLabels: + topology.kubernetes.io/region: main + topology.kubernetes.io/zone: m + factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} + factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} +cluster: + id: ENC[AES256_GCM,data:C5Zhfs2dET7Qe978Gk1+wJzCZyGyOCY2XSCHJhoV9OusKkvOZVCwwlRQIN8=,iv:rSqjL+GnkAJMbE1AXd9WXDEr7ohZACulKZPTAbXqQ8M=,tag:Y8+hDV+XBYCXCWdVjGNzww==,type:str] + secret: ENC[AES256_GCM,data:ObAJW8awcHVVvTughR61AXbrPHi/iXtEByisvwO8Lu/9DMoSpQ4yaGq+Wf8=,iv:kYYQMY4xFsCvPBkMr5S9Pp3UGPmAIN+2S8OREQLBqPg=,tag:JWYmBS+01IoMOAzdIVVO1w==,type:str] + controlPlane: + endpoint: https://192.168.42.120:6443 + clusterName: main + network: + cni: + name: none + dnsDomain: cluster.local + podSubnets: + - 10.42.0.0/16 + serviceSubnets: + - 10.43.0.0/16 + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:uefeWR0yTxmXvhC8G688R3DjxRfsOUU=,iv:HYF/laANUeCYIX0sLapxeXcXmvT13oRMCRLxYqdYolU=,tag:n4VYiejPjSi4ICJsy3mJeg==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:YSN7Npe4IIass8VwYSQZSRanRd7F3nxOoHpgFhx/liqw1KLuKCVkJlW/p7Q=,iv:OaUnzSpbDwNEdJZ0/ooF4iFzEE7CvQ15eO0hStDHZgM=,tag:jDjKDEyPr3vVCt3Behn9GQ==,type:str] ca: - crt: ENC[AES256_GCM,data:YihERbgsfG1UGycG4ZPKif3BfBWvIzxLe6SPfGQaPYmcuduQlCNKQsDLI2328gHToqn7tmu3BczQgkHEtXQy7OhtZDAn/TglNiDISLT+gyX822mx+j62oBM6fK55yHNywSIGcvvzOc1RvsW/1ijEDIJjNKMcni+1gY0qVo0HukWdTA20YYmP61utJBslrqisGeiH2zpR1fANu1l4v/cN2Aunq7W4o/rpBjRCZZ4Eevmj7iC6IwNbpzvsrLSof74cSTc9mhh60gunpk824RxcTHQ75wrCM3QQdRJmdij6CF4fPUcCQQzC8zpce1CyKlnPBzlmLY1ZqpLyMMPrLLkgFj9hTXNCzoCpLZbpBlxrH/22+V6VK/Ag7GkMx97PHGVNW4xzryKWhpY7MnpMsB2oPrzi28Udv6EshWTrkjeg4LkG793bAHJzQpVieRuV37rWQvGJTf6SLQaiuhDoi5mrcscMrZv6gN1iJluhaH1BFniDez6bQvXIIK+FQ+Gmr2l6oyNfVNM3cYINPrbCq5ldmRcAYs/5mMR6kgoBVhkXFMZHu0PYT+wa9OhsnqVEy2tq6DbaUfhCYSxRqXSKYlc/9epxq2nKj/9QKWxfEIUuppGJEvS9um01Q9wwTVC6epICsFMElpvxCIAwc4aSpIkkd5X31FH9zWqQ19qqizqTW/7kJtCevi+HPEk30V4DzW/0Wja4Wxz4UNdiFxo5wby99h8l1v0a2BhhNEKpv/7R1MZt9JG23BRoI6q+nuDaGcBmF44HrexetIgu3CvfzEZUnagzq/t9yIbmcObZJeHKeCuTYvVZcgixRe0wAHGNsX5VaI3cGvdSskFd/klXiHJIJ/mlg/BR29JBPP3rfIZJjX7vTQy9VXjb8pCODKIchcBmrYmaVtEhIROU2/mQ1zanFNaeN50gLT3mKlnfphOQObXwYOnVm1EdcSYco05jjIA3WQeRuPCccXerURco/C5hXivlj83hJQLLtJj1dU7O6s13uEZpftmZoU6BW8EL6W7Io3VUzQ==,iv:0BfdKuhdm9kAazIdSOipn+zF8v2Yt8m3wp9tp49+pCw=,tag:1JKQvl1vmo0RaUiaBD0wYg==,type:str] - key: ENC[AES256_GCM,data:H2EIp2FOWpCDdOowbgF+2UUEHxijLGh+Afwm48dR72vBd5vxEXJnRBoUgciXAocK6ta/ICBAp7nO58wQYoqKalabq0rgoIF05qpFQJybUgwDWZyx0poF+s0bgEniKHGHASU2RxKi6oP+Lx8IJKnRZ4xLIzmfpr4ax1ov0Ybd7gyvFtTrt/+Hophn+at35PLtu5g6+Ewi9oordBvUCmHlY6CpbjYOowXazUCEJfg79PTxdbYvkwPlMFMlhQF5W2adjmkgQlpGl2yCNgvQGhjQlNtAB+55WjcyXMXvT9+NW+3s/s9ZpYNLt4OMVHJbUMgJ51CqmV/GAPqtHG72w9BRPivEZVGAVk+uod6agzaDXI1scGFqwx2Ljjvs6cJuiMrTHIY4xQB36dYyytcMmze90A==,iv:+tNfAtuzlq3Afj1xjZguCubKA1j1p+0DMNR6ndn1UIE=,tag:xvSrOikm/11cffqMYZfM4Q==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 192.168.42.0/24 - allowSchedulingOnMasters: true + crt: ENC[AES256_GCM,data:XUOZ+MvTrx3pOEVty13X35NISF2/4Z5W2V4UVhPjBg22Bdo2xzEuu9cscRpHOQecvChEZ6fnWssQ+DlRMj5i/wXJleL1tXzpwFX6y2dH1pQp9J08O7n4QPPDvyw4jc6yCZZKOr0txIleOwb7Knp6P0elETvHvcOESty6ISYSzCr2QMxW4jAYesfLH3gUrUuqT7sRBiaTHlKOY+nzVP3Dt1gTSUAbOVPpdPVWkwJrysgKZPKumRDA89Q9zngE9Os17RwEnGRR1JjSDB4e/ijobLfsXEzmpx8SF4Kf5Xhoeu8Pq9KCyq4lJA8NzWeitfzAvarfNAM6AapbBQKoNTTr/kloJYJ4ElhTS4KMmSdrHQpreLgy4NxfsUsJwlfaGFZcpt7lv6n3Xth2C0GeDxQvbqt1UxAsFk2naI8yBcckEKOuqpc0Vqvj6lweuLSXqfoChaE2FW/H1jQE6FVmKYmT5LIZCo02/cBI6F50nMGfkk46KMrAKtPX7E/qgHMMXAaUTEnuOfNZNSG0mFyvuGnAzCulhB/eMlYnk9L9pMknDtWnX2ouKkfvSDzvQcRyIOI5IzxVzY9hbpnvekhSNpBalZhdFrbvNFXrsWMkr/9EfiyCRodn8rnswDQrA2r5m0JWOIahHlpED4MMulsP9ZC0VLzGM76+gVH0Npo5ahrVg1ArQIYbeSTy63zmqLdSqFBjVWAiSBapDjn5I0UBOCG5fW3f27C9LhP0NVZMsfC3aYINwa1cypqLkg7syZ4pLRyEkoyXBHxeYgJZv2tW7c4KdUjwumYPKk87yltwh5SajFMKIUNvS7rAXUXNIVyqJ6z3QMhqmIxy38MREDLVUucjBtv3XH5EZUSRBClwGft+IPsnvrOIX9k8HN286paY/u3WsU+al/5ad3KPX4eBgWIU1IJ72x+IXB8MkAr6y/2J9bn3MAz8jL3NPH9XxdZNz7eLhHqbgwsgSo8yXtKifr7ZX1IdnpGN/iGZo8cLgfAnMNs3LgdWf8x5TrWPCZtMDh6j90EcwDKIQDWl2+7O2D9bHzNySZnfkEwC4vFXvg==,iv:hwd5qRpySyUyca4HXSw8dkdIclxlRZdGV17vOVh1Oto=,tag:n6Y9YLL4OeiYUdhfhCKqcw==,type:str] + key: ENC[AES256_GCM,data:uHyPjiDyHgm3fw0XtDRFyVYiETjtcyDw10DF/PeVtGmNtAAELGKroW/CFeVllmC0JUDAle5+k9IoGEhoqNSFTNEOyb9/1wS2ksKiXts1Qt9zvwMaCXTjy92uHh5i7s7JEWZQuzbMG6/xTbdt5p5V441E08bvfWuJ39SXoJdyNunVB1v6QICzT4KS7cFvL0xLMRAZk2SB4R2Rx7SsTqMfFS6psogFm9sckZZkW7AmxbSLfzQRW0faeOqV4EBfIPwXhtvLnUf3Spro8Ox5YbAIW699xvU7itriWKX96I12ObRJMBZaLa+6rV5Ddky7bWve5GC2hofqVJwdgtTxQkA+2ojnVGZWXWAFceKgaJutBbGCKmQn4FrRErIAFyepqE61Zk2N67TeN/xTWm2GCs40iQ==,iv:M5Aj/W++eQv8iVyeOfUZW2gtawMnWBOdOIdwd2EblpI=,tag:Dto40rpbtW0Q3fjDt3AHJQ==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:53ocCknq6YDDihncYyJEN5XHCwyjFB+N+sCkpieSShXSVuD0x1Jb2FfGoXYTYKiCQA4cbebCg5Z7JD0uoO00cVxWJwMMpwbQA7ZTmLLsOKeHMlnKxxoOBcTvbOhFVzWXBlcXzU+AGL6UYpiIfyTSTR/bTJqkZITCQUQZ/Cx34t7Av+rWaHUSJmmu8RWmzXo2viiGFVPjmN7IHhKh0RbXCvFiNXHxDG9H4z3gfaeXKbmQyniJs0Hpsn5ah6C64EO5gC9EOOCxA0YVWDufzNVWkgVURCVLlLoGONJY7CFgA6MPuVFhan2NbG7ixJRL5wci7+aPUHp2GV2L17EbnNC8rrUKChQkUWe5zjw0g44If6kNDcxmNFdyrFMtRToe2D7mCgKELqJ8OUpos4lAU1KDkpDCRCECExOJdysU0FbBDVSvYh5IYF86DaY7XbHcjqXsBN3e34dju+NsWVi6N+5ksyReyfk2EJIMRQgJD+nvFZcjguylWJCxQ7UU7d6r8O9oEMVtKra1jUjPSql5aeHnRikADJWS+s3uThn5qpvo8AO5HkC9RtFAdkHkEurfZbdwtY0+Pa+0l8DeueTVxjFt6hAFn0xb1LTSH80O56iGsKH4sb6p+NR62T9By/Js0QUzv+FP1puOruavErTz0XSp3Qen6cp+0dFnu0mFLtmJ3Qn5nOtbTHLr52VrpQFP+8oqGVJPtNWJPlxqSgl4KkdzK3peLLREKAUSejAsM5dn1Xi863tjlmFk34P3swQsH3+D6+NjQA0M2XfOY0tIo7jClh66NwF0zSp1aXHVp2YiLrVKMGOzWlN/YvWBcCOqRuom8S6rhaMy4WPBMOaoKRRhMHtGVoAQrUdccQ3UrsXM3R8ZwTXy/Smo8YNL/HxwcK88gsYbI0GPyaGiFCAv2xKQGEz1Pb9sE1dO264JuMGqqZ3J0EWx6/ekBQ==,iv:5VstISUvUwUDNo6Ma7rATwjTB7/dlrHmwLr1xGbTdG0=,tag:5JFB0dBAlU/E6mQXjnB5+g==,type:str] + key: ENC[AES256_GCM,data:ll2qwhXgvDHG4Z/G3RVkgu3x3VsL64xon2abgCWt/xefxDGTo66v44LO/KFy2FNMS7AFkB6kLHESJIp7L7MDU714p4uaIKpuM25DTHDop4zbScq3r7fiyFdKhop+cgsYstY7NxIwPvbl/BiVRGChX9XNHEcKDjyOycZb5VBSEv7jFfUDb/oNKVNdb6jZkdAfQSO48a/lvNRi7EF0Au1qKz1iG3AmpmHiEKFTtgDC01PbUCtTT5rxzmcKzr6Vu7KkR1Oyt2FyShciCinzOUA2kq/wKoTCWG4/iqODN92JTv+RDbGwvIGa5ZCzMgTd2ijBhIK94Ki0eqkEEPOfpl63+dy5zTt3yhP0vRBWBioOnPZ73ISqeh2s9QQsCaxZQ60BVD9InCC12n/5f26sMAfDEw==,iv:fAdvVYppSO2ZLaa3+nlWEDCY3cNwMss1KxqrQkiIrY4=,tag:qXZwNxpsk6USRzG1ba6fWA==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:+WwMb5IqA1SVLvXDAl10KTlXf0j0ugEH8v8vWa55Hhvwlsmx4Fi5Frfe4QfqW8cSPLLIIxDBqMWSb+HZ5ACx9xtralO8cw1Rg7/Kga6d1dFCABg/YcJCPiwwEIwbUTQaItgTdefnp7d4DSJHEAiYjpJsxH1FqcuUD7FjjWyUYiy3jIrgy6eVG402g9LGS+jZn12TSvnkB9J9NroY1+wOLenSXXFAu9QKagGaH5nj8mD3L6FC628ZhY6J2LJXtzjnU/lVpBoWsP3bCO3yAWOdqvJwQQ58rFVachiKZT3bcdQC4eVGMVI8KSfyBcNpKtGrdhhbA1YflQNCtdNdGEZVZOK/8vIbgr8Cai0qJ9988yJqDLkSwKaI6KP4qCjSkYkQkNRYC48KleJUXLc8SSZe/w==,iv:RgLbDRhq5v9kB/vwu8jiipFyn1HF8+CkaWPHG5imMUk=,tag:oEiPlAEUJ115QBGCiDDMPg==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + certSANs: + - 127.0.0.1 + - 192.168.42.120 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + proxy: + disabled: true + scheduler: + image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:YihERbgsfG1UGycG4ZPKif3BfBWvIzxLe6SPfGQaPYmcuduQlCNKQsDLI2328gHToqn7tmu3BczQgkHEtXQy7OhtZDAn/TglNiDISLT+gyX822mx+j62oBM6fK55yHNywSIGcvvzOc1RvsW/1ijEDIJjNKMcni+1gY0qVo0HukWdTA20YYmP61utJBslrqisGeiH2zpR1fANu1l4v/cN2Aunq7W4o/rpBjRCZZ4Eevmj7iC6IwNbpzvsrLSof74cSTc9mhh60gunpk824RxcTHQ75wrCM3QQdRJmdij6CF4fPUcCQQzC8zpce1CyKlnPBzlmLY1ZqpLyMMPrLLkgFj9hTXNCzoCpLZbpBlxrH/22+V6VK/Ag7GkMx97PHGVNW4xzryKWhpY7MnpMsB2oPrzi28Udv6EshWTrkjeg4LkG793bAHJzQpVieRuV37rWQvGJTf6SLQaiuhDoi5mrcscMrZv6gN1iJluhaH1BFniDez6bQvXIIK+FQ+Gmr2l6oyNfVNM3cYINPrbCq5ldmRcAYs/5mMR6kgoBVhkXFMZHu0PYT+wa9OhsnqVEy2tq6DbaUfhCYSxRqXSKYlc/9epxq2nKj/9QKWxfEIUuppGJEvS9um01Q9wwTVC6epICsFMElpvxCIAwc4aSpIkkd5X31FH9zWqQ19qqizqTW/7kJtCevi+HPEk30V4DzW/0Wja4Wxz4UNdiFxo5wby99h8l1v0a2BhhNEKpv/7R1MZt9JG23BRoI6q+nuDaGcBmF44HrexetIgu3CvfzEZUnagzq/t9yIbmcObZJeHKeCuTYvVZcgixRe0wAHGNsX5VaI3cGvdSskFd/klXiHJIJ/mlg/BR29JBPP3rfIZJjX7vTQy9VXjb8pCODKIchcBmrYmaVtEhIROU2/mQ1zanFNaeN50gLT3mKlnfphOQObXwYOnVm1EdcSYco05jjIA3WQeRuPCccXerURco/C5hXivlj83hJQLLtJj1dU7O6s13uEZpftmZoU6BW8EL6W7Io3VUzQ==,iv:0BfdKuhdm9kAazIdSOipn+zF8v2Yt8m3wp9tp49+pCw=,tag:1JKQvl1vmo0RaUiaBD0wYg==,type:str] + key: ENC[AES256_GCM,data:H2EIp2FOWpCDdOowbgF+2UUEHxijLGh+Afwm48dR72vBd5vxEXJnRBoUgciXAocK6ta/ICBAp7nO58wQYoqKalabq0rgoIF05qpFQJybUgwDWZyx0poF+s0bgEniKHGHASU2RxKi6oP+Lx8IJKnRZ4xLIzmfpr4ax1ov0Ybd7gyvFtTrt/+Hophn+at35PLtu5g6+Ewi9oordBvUCmHlY6CpbjYOowXazUCEJfg79PTxdbYvkwPlMFMlhQF5W2adjmkgQlpGl2yCNgvQGhjQlNtAB+55WjcyXMXvT9+NW+3s/s9ZpYNLt4OMVHJbUMgJ51CqmV/GAPqtHG72w9BRPivEZVGAVk+uod6agzaDXI1scGFqwx2Ljjvs6cJuiMrTHIY4xQB36dYyytcMmze90A==,iv:+tNfAtuzlq3Afj1xjZguCubKA1j1p+0DMNR6ndn1UIE=,tag:xvSrOikm/11cffqMYZfM4Q==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 192.168.42.0/24 + allowSchedulingOnMasters: true sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUU4xUUNEVno5NU8rMkdT - dTlXUjNFb2prODBsQjZvMm1zQnJXdDIzUzA0CmJoa1JGY0ZDUTk3MkhYanRKbmx2 - b3BiWkVRYU10b3FzdkZubXV3Y3lwTDQKLS0tIC9QK25kYkZqbHRsS2NuNndISHdi - ckRaT2U0cDF4NWV5alNzSzFDODBsNzgKGTigNLScx+D/AqiltPni3BQ7UrrMNR93 - YYMVdfxAkr6WVSIqQ+Vgz9la8ym9x0iBvF2ARgTfjB9YLZ2TEpQuAw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-28T22:06:21Z" - mac: ENC[AES256_GCM,data:hC4scIH3IPNvjDxjOniOcoU9brPq1ZmwTTcyPGeoB9RiOiqGhSWw3tQIfXbAK4pGNqOaR1i1a0bUAxQ9uNy9Y9V0rYwkdgQ0u/xI8s0q5feCdtzmNT9YYjwtrmGIGH57d3eAvq9vE7TFxEcLr47m6NQbBZIE14Tpda5g817j5Ws=,iv:L1qwrF1aa81w/XxvN8iFS571oZ5xqD9x4P6IuMa7KEg=,tag:F0rPpg4Fd9A04rbxGb9k2g==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - mac_only_encrypted: true - version: 3.9.0 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzUU4xUUNEVno5NU8rMkdT + dTlXUjNFb2prODBsQjZvMm1zQnJXdDIzUzA0CmJoa1JGY0ZDUTk3MkhYanRKbmx2 + b3BiWkVRYU10b3FzdkZubXV3Y3lwTDQKLS0tIC9QK25kYkZqbHRsS2NuNndISHdi + ckRaT2U0cDF4NWV5alNzSzFDODBsNzgKGTigNLScx+D/AqiltPni3BQ7UrrMNR93 + YYMVdfxAkr6WVSIqQ+Vgz9la8ym9x0iBvF2ARgTfjB9YLZ2TEpQuAw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-02T18:45:53Z" + mac: ENC[AES256_GCM,data:KGtcgQJzWV/urE4eu1vGMBtCYnKbMlB7Q3ER/Gbtx+Ocrzj+tdD2N7xtv929jYdGVSS+KPEs25WEmE1FCLUJHbep3x9TTc6QgyviGQ5QGuFCx1o3bzOcLU/0y2bGLm/8gLA3HQwZCAxfnSNKHQprhw7Ypxi9FFzBaUmgIe+cJR8=,iv:jOK0Av3+ocDvNVgbbFt+jTGaHQfVE5cbhvbysSpM0Nc=,tag:Dv6svJtpbNMq51TsBtHpOg==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ + mac_only_encrypted: true + version: 3.9.0 diff --git a/kubernetes/main/bootstrap/talos/assets/k8s-1.secret.sops.yaml b/kubernetes/main/bootstrap/talos/assets/k8s-1.secret.sops.yaml index 0f5b449ad1c9e..229ff9ce4bc8b 100644 --- a/kubernetes/main/bootstrap/talos/assets/k8s-1.secret.sops.yaml +++ b/kubernetes/main/bootstrap/talos/assets/k8s-1.secret.sops.yaml @@ -2,193 +2,192 @@ version: v1alpha1 debug: false persist: true machine: - type: controlplane - token: ENC[AES256_GCM,data:t76GRpLUlq6fV9KAH4jAb+3AN5RpIpw=,iv:rV+yCSzVipQaMSPC+CKOB+g/x0hSY/QDTQvgd7vxUrE=,tag:mvjJ2YjnkqRSqZXcFbtT3Q==,type:str] - ca: - crt: ENC[AES256_GCM,data:ph7Ot5hpgBcpbRsSZiuzvU0QL4cJtYzAqcxqm1yNQe54KXxrgMjACTDoS7EsNry3HsQ1ZtaRb+twr0cGyEwrVR0BV+Z9IkJSNT6ky9dEXiAhsjKy8miyPNn8uHe2HekDTw0DgGjU/wYyXpqvW5c/DtpaJua61kB6lwc8254jSRyOPvzYK5OA6GS2wizfMn+469mwy0UM6I8KHDmA2SPIKrddwwzpAGptBKxhNeq7TrfepmTDiOeMOo2WUDCfqoe4VPKk9dURsNtvg7NahwLV9ApH4q5WmMSmbrnj3+5KB6X7HvOV+UeZvAwPVThqDuWN8fAVRxlbXVO9q/SlWtQFtbPiNzDgnFdebD4m47hgNcsvGxXyUn1g9b8emQdV/cj0dahtT58jEJVyQJJRtm8V4Ie1+KbfYA2zu5d3mM6jRvHNAHSzsFlJVIezIItnh+MU17O+5BxQRDR171P0ImEHHvrN6zs8cu+fVwd0tFLKVo7wJKcNJV+qmgLJav/aaQM3dpqxpbYthmVmfhbW124W5Venr7Ql6qhT2Gw7yq7So3NU2KK9OIX+sxSsHOojfKMlwmTILej+qGLMvW1sZeJUqNsg2gUCjM4vGtSjA17ZoVgfFZiCksScBtbA8Dw5i80Mmkh1xdn0xBQyWF+if7Ji+rA/qhF+pxuHuUfRrOZeJxTAGm25NZ4M2aseDb9ra0UJngbujKT5xhRZBnOMWfGkClribS1gg5UJ6csnv7kAiTGRU8IblP8Z7kFjQ3x1q8GhiqodfdjNx4M50yVb3TncUjfe3+n3+4E/GbcdShtiiCbQtyWR5aC4VJEp9NSL0f1430r0zEMMuxaxhNPiG0iLVishjGaWEMwJ7l0DdhAuWlGBo75O,iv:h7SKtBiDyQIC5DdlW9Opf2QGMKHUeUxIXDdFiMgt50A=,tag:3szi0C2/az2JfOLy+wVEew==,type:str] - key: ENC[AES256_GCM,data:lR52bz9WDDGnaEce8s+RHaisZTXcgYhPQEwJ6Ii1gEUzhkmpYJ7GZ3213mLBEJ6oxqcIJXiLQ0Ig6pE69MFIb9MNycEubzVQQZMJSZkxUi7ZhAb3nL/gQPr4leEWCHnUpI+vIYC17CDAMzLsc+D8EmxsCUlHyLsK7YHYvN/EQWA4p7PQ7dpCeo0lQ2WAumvU1R2cxloY9MNZWAW8rlOMnyTQv8UDKb/6Lhi7BD47N7zQLEqm,iv:4UgPL8py+wp2pum7MRJUBT5qJUiV01o9TICVRuShxrw=,tag:sKDXHufezflH/IeRdXOdwg==,type:str] - certSANs: - - 127.0.0.1 - - 192.168.42.120 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - extraArgs: - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - type: bind - source: /var/openebs/local - options: - - bind - - rshared - - rw - defaultRuntimeSeccompProfileEnabled: true - nodeIP: - validSubnets: - - 192.168.42.0/24 - disableManifestsDirectory: true - network: - hostname: k8s-1 - interfaces: - - deviceSelector: - hardwareAddr: 00:30:93:12:* - driver: atlantic - mtu: 9000 - dhcp: true - vip: - ip: 192.168.42.120 - install: - diskSelector: - model: Samsung SSD 870 - extraKernelArgs: - - mitigations=off - - module_blacklist=e1000e - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - files: - - content: | - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: | - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" - net.core.rmem_max: "2500000" - net.core.wmem_max: "2500000" - features: - rbac: true - stableHostname: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - forwardKubeDNSToHost: false - udev: - rules: - # Thunderbolt - - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - # Intel GPU - - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" - # Google Coral USB Accelerator - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" - nodeLabels: - topology.kubernetes.io/region: main - topology.kubernetes.io/zone: m - factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} - factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} -cluster: - id: ENC[AES256_GCM,data:+eurLvuKzdXer4HLqqnnf5t8XC7sBhB6//ZQg5vqSoF7eQVDOQEwYD7qwQs=,iv:63nGNRu8fPtWPjxwg1XlXRmQAOl+2Df3Y2K4beIfR+Q=,tag:SGBokRw3+wUaP2E3OFJTUw==,type:str] - secret: ENC[AES256_GCM,data:6CxO5LEmdaD96JnRv95EsvKeTBJuOF/TGq2YWMDw3eo2aSRiaKcOq9XdlSE=,iv:KKwS8bqCMOPuumkdDPxE5LZK7xJ+fDmth8SPMVn8zoY=,tag:YpCu5SMGzyX7RpTUV+rNzA==,type:str] - controlPlane: - endpoint: https://192.168.42.120:6443 - clusterName: main - network: - cni: - name: none - dnsDomain: cluster.local - podSubnets: - - 10.42.0.0/16 - serviceSubnets: - - 10.43.0.0/16 - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:6jCQUwe6GzJ62tlWr8YOR7+b8dFSKLQ=,iv:/sU8poZEqy9fmLHpdNtyQnyUt5eOMvTOBshoXd8S+f8=,tag:eHKiHC+Jj9F5aSPocQW0vg==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:XcT8g1h/chrSqcAiCNHjzSlga7YdJIJWjRUKEY+z93KuS8Uk97X5/JlgWZM=,iv:UXXGrsMCZ2g5hG5fLX3aJ+lxu6M3lEbRaI+0Db49/Co=,tag:ssoLQZOxpCTtM1Dzl3eAEA==,type:str] - ca: - crt: ENC[AES256_GCM,data:khyFvqJp7IjVh+N3bEVcfO+i4UrpehPa5F4yc5mqUc49dgOq3VC620MKkqVmVJeFVmD7QqwtMsiz728uL9I3lZSIvPbfHHYHCCXnzfpkdoVKeXDzoVSspUTSd+f1MDYbMJYqHgHHShM5NedyP3kaHEKlhYbhiJjOcWAzMqFJ5TnwPy06Tn8deJW4z1MEGQkjjwMJRAE3gX0eFr6/QSdsRMbGYGCd04/Tqc0uwU5Y7GA51IVJd5riE0rk2zNbBLTtfkiYkO2LqAt5nbfw5Tmls7wpl5+1XSJtL0q8OPC6+aVQm8/JjVxDbo5bd7YcYg9jYOLm5RVSO1tVd0oaNewkA3VnnPg5wSVpJIJluLg7l7o8D0wkKEKZajxSUdq1IcPVAt1zLe4sttPhfSuU761gFEAEmku905Zkge+Lt/oSc0EsM8jA5PFlylQ5cHMYhcli996p8sFMcoucY9r+s8Y84nqOQxyZ94plHhipQGmRA8s9NlAHaDE4yLgoAVzPQPEuj23JyWmXltfLWsE9WNhBTd5iAw6CQIc/zVoK4nBJPIf5/Ni/fGfijd/o9lh26XTM+7b5IjWzr1VKF5r1706GG+Bpkh3doP1V1KREgqyDMau48DgpWwYow5Ocp14q0HVPvQsgGdNQhPQ8tQmDxdZ2jwCR4WuHpcFreRyIiHshmpxT2bKlIURdJlFWix4p6dqC+t9Od1qUqmG76RjvbgP9gtrp7Q84aXdauhMh38AGYe4h9K13+llrIU/6iSBR+HoNCbQipq12Q+IibxPw92dzedVnPMyXuuN4/hZluHe+d+SqSH3pV6M+63RUDF0GH4aqwphyEPcj+NjGFW1/2PU9DJsONmhFbsEH7/0MZEojlm1uDjp/UUPCEmZNh8Sj1kwk48VlPlKQIByZ9PsvaQECfeD6R1hlYQ1pm4ZoRFDlZ9zm1DVxoFijRmp5uXMDV0USSKc4HCR8dZJ8SjwAHF+5oeA0PCvBjNvzUbl5KjWmBkmQY0SHqthMpz4XrHMUOxZhnfjePd5LGufzr5QSneOWJym2bK4APV13edkhpg==,iv:+AvzHZMi084KQ+CBNfOlTRhSki72XsrZV7yXH6SRqOE=,tag:aM9aj49s5OR6nSXbPQfZEA==,type:str] - key: ENC[AES256_GCM,data:Osk7QRKfsR+wH15m3raUFnTeJaFCwN1SrKAJx0JmM8oRL8Z5WfTNFw6FFcMGESky/qG+myABsZpKxD+jcEjKAI06HmVnY9CFanc/xR8zMV+a/XqY82lzv0J0+FARESGXSyVOoXiP964BKXhZhPIyCvlf3PNeSVHp1sn0DJGLPua5i7Dy4G/xPWeWk1qyw6zxDamK8+KA+CEy8f/d+tz7Cdn0qrFpxw9euIX9iOm5qEyV3VtTpzRHGG7rNmzxLHMc2vqBsYub0mNYJMnE+o98OGvMb02Utyn8vMb8OJ60GgA5NdaOpHAuYfUw0QDmlZeqUfNFuLFN8Wa2vLwBTeypOMmIPwN4rkgJ+qQoXVhxS5oOSKf0J6fdWdo2ElNA59vTRnyFEM3Oc7KQmwHq3dudag==,iv:C1IdN/AmPm/FTHK+jMDNu1GdXZO7H1pwCjrcRG7Bvns=,tag:N/DA05Kn22wf0cHyTPgOsQ==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:LtjxnMhoHPQkIZHYjNbPh1LYPGBPfV8x2Ael+maDAj7p5gzx5B1aOVsWfoHl/nrefqcAz9OPewaNldPyf6AfvbLDPosAA4ZMqUQKwe+MKGnmhPDkkwQeRU1tWoNDPmIs/DUg5xwsTGy4w1I7tF2HGYCsJVlUoVDahwf8TR3ELzXYY3c3O/4m/qnInJAfR/dJBF+sz5VPE6crVoIMdp2wTNdUcIOUhL8GqycnlrI7utSlmJANvtoagDvmPX1J8t76w856ZYc1fRgODy35O6Ar2qPnWZHcXVIFWI0k4OYl4g5fiYH5fDvyROe7mxb65IDF52o8k9xQCp8miAZB5r/SPshg84+CzMr8cc6d8sUTNzNH9lUceVBgwb86CEvG4uLFGuoQsWZoAsIGVVFPeG6Ok65HO81IQ6wlO1zoioGXx3nrV8S6tvVWwqiGkmtvgs5IqnrOiy4DK/IbNwqHAOoXcLCzwafPXWyIh9ymYUosJQj/VY05w8K66Mt4wQ+CBdSuVa1w07biYVdIIPAOVjqqKPNdbfyroeGw0S/cMxbCWyt+xQ5Ude6COewnF114phGqp4CHrkSvEr6kNmA51J6uDValWSDkDg6N+pf6AFsE1GWsBffUHonZD/2gz8A8oaUIK+ESYFil+5hwBgvNklwcsbbDJBIhH7sdAsYhguCaka5NlH34KpAXJ734onoce3Uowodmuh9WiSKrpb2bzW9X0DiPA+mDn8pHLOuuDmOYXIoDPS2QCKbYOJiL9aEkxtnmo5btxvZTU8wZz44HLqUf759cpuMCpqFP28KUj8R4rZ3eVyTmiNI30CtMqLK/QC0oWqMLYsBjbHcG/mVf6qdu45kdHeHynCw/nLojTx2syLRHETahlI2yd/aUL1NgPgqVCoJ67hllSvwecVn+yoySYmCEPOhKVqtPSfva/H2DTmamEGWUr8hTcw==,iv:GeHzjSxLdAiSroqH5tuyfhlYIIV7cUGcb8kLOKzrvnc=,tag:59jxt0Pjci3VZnU/XIpf3g==,type:str] - key: ENC[AES256_GCM,data:EVre3KzpfTwlsPl87nW3JXbw4/p2Ma65fkAEY0CQ6opZNwfyvucgyp0rrJae7gUH/4UtmUIR59RJPHl1KEe+D7E4FajHBwO9wfUeZ+wbVIN5zKJ9G2D+Jwv3reCvo99MKwo0415OBdeIk4HomXMiTzS1JQQYCIjd363lo7RLxRgAx5hU72wupOtGNQaUtccKNTlulKnCgbjDjvoebxUzYbQX7FWGBwmHjVJKMNthJHZqrNLVBGsPMvdIPp+61/g4h2NKl5niQRiyQ16nDFqaEdVp9q/MAzz7St69/k6OBx83R5azkVeNqJRde3Sr1NuGmrg7519M+mepVODGJBqmYwxoMRskL0zLZMG2s1FmyScwHTt39zJOUK3H7ftWKjCIhcXJP3a597NWx3/qmSvdcQ==,iv:0oeiurPYqDHBexuOivDvc7nVO4VU8g2X1o/akE4+e7k=,tag:eiMhM3DtoMyKRlgBYZkTUA==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:m9Jl09qQ3tbtR0St4vW9CnVEPVlAfrETXoNgQmKex8U8m6wIRa2cfIxCTYs2FQfiaeSr7XurRHJavG8JwJtSZ6SXwLW6uiB06ln9O/nyMkq1W4hDrd01CJxiGtxbwjrcbsoQy6GzXMylblMRASlsDpjYZnGYHOmgajiAhQ4287nsMZx/lAtiuUiadtFlm09VMuRAkPDaC8kiGSr6Juw3x/DZKh3jv1wc2tHsO/dkaL3sdFNk0HpPgryOyi3aD1bXlbw8exZZpiClrMvyDjL6pZhhJProQM2idWnsY4MRJvKV9G1xbMPeVWRRua4iEXXUfFQ1wEr4dG7wpOTyDmgam5EgnBWjpDI8/c8jmwZYDjnz0oN1QSApugDzcG9iQHtOZ4X1DdC7102gkQstSIHVlQ==,iv:3/BTr0c1Mzt11zxbLRnzI4LynFDgfFhWLEclBb3kcK0=,tag:lXZ4xc3qJb14o+fxCPuaHQ==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + type: controlplane + token: ENC[AES256_GCM,data:t76GRpLUlq6fV9KAH4jAb+3AN5RpIpw=,iv:rV+yCSzVipQaMSPC+CKOB+g/x0hSY/QDTQvgd7vxUrE=,tag:mvjJ2YjnkqRSqZXcFbtT3Q==,type:str] + ca: + crt: ENC[AES256_GCM,data:ph7Ot5hpgBcpbRsSZiuzvU0QL4cJtYzAqcxqm1yNQe54KXxrgMjACTDoS7EsNry3HsQ1ZtaRb+twr0cGyEwrVR0BV+Z9IkJSNT6ky9dEXiAhsjKy8miyPNn8uHe2HekDTw0DgGjU/wYyXpqvW5c/DtpaJua61kB6lwc8254jSRyOPvzYK5OA6GS2wizfMn+469mwy0UM6I8KHDmA2SPIKrddwwzpAGptBKxhNeq7TrfepmTDiOeMOo2WUDCfqoe4VPKk9dURsNtvg7NahwLV9ApH4q5WmMSmbrnj3+5KB6X7HvOV+UeZvAwPVThqDuWN8fAVRxlbXVO9q/SlWtQFtbPiNzDgnFdebD4m47hgNcsvGxXyUn1g9b8emQdV/cj0dahtT58jEJVyQJJRtm8V4Ie1+KbfYA2zu5d3mM6jRvHNAHSzsFlJVIezIItnh+MU17O+5BxQRDR171P0ImEHHvrN6zs8cu+fVwd0tFLKVo7wJKcNJV+qmgLJav/aaQM3dpqxpbYthmVmfhbW124W5Venr7Ql6qhT2Gw7yq7So3NU2KK9OIX+sxSsHOojfKMlwmTILej+qGLMvW1sZeJUqNsg2gUCjM4vGtSjA17ZoVgfFZiCksScBtbA8Dw5i80Mmkh1xdn0xBQyWF+if7Ji+rA/qhF+pxuHuUfRrOZeJxTAGm25NZ4M2aseDb9ra0UJngbujKT5xhRZBnOMWfGkClribS1gg5UJ6csnv7kAiTGRU8IblP8Z7kFjQ3x1q8GhiqodfdjNx4M50yVb3TncUjfe3+n3+4E/GbcdShtiiCbQtyWR5aC4VJEp9NSL0f1430r0zEMMuxaxhNPiG0iLVishjGaWEMwJ7l0DdhAuWlGBo75O,iv:h7SKtBiDyQIC5DdlW9Opf2QGMKHUeUxIXDdFiMgt50A=,tag:3szi0C2/az2JfOLy+wVEew==,type:str] + key: ENC[AES256_GCM,data:lR52bz9WDDGnaEce8s+RHaisZTXcgYhPQEwJ6Ii1gEUzhkmpYJ7GZ3213mLBEJ6oxqcIJXiLQ0Ig6pE69MFIb9MNycEubzVQQZMJSZkxUi7ZhAb3nL/gQPr4leEWCHnUpI+vIYC17CDAMzLsc+D8EmxsCUlHyLsK7YHYvN/EQWA4p7PQ7dpCeo0lQ2WAumvU1R2cxloY9MNZWAW8rlOMnyTQv8UDKb/6Lhi7BD47N7zQLEqm,iv:4UgPL8py+wp2pum7MRJUBT5qJUiV01o9TICVRuShxrw=,tag:sKDXHufezflH/IeRdXOdwg==,type:str] certSANs: - - 127.0.0.1 - - 192.168.42.120 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - disabled: true - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: + - 127.0.0.1 + - 192.168.42.120 + kubelet: + image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} + extraArgs: + rotate-server-certificates: "true" + extraMounts: + - destination: /var/openebs/local + type: bind + source: /var/openebs/local + options: + - bind + - rshared + - rw + defaultRuntimeSeccompProfileEnabled: true + nodeIP: + validSubnets: + - 192.168.42.0/24 + disableManifestsDirectory: true + network: + hostname: k8s-1 + interfaces: + - deviceSelector: + hardwareAddr: 00:30:93:12:* + driver: atlantic + mtu: 9000 + dhcp: true + vip: + ip: 192.168.42.120 + install: + diskSelector: + model: Samsung SSD 870 + extraKernelArgs: + - mitigations=off + - module_blacklist=e1000e + image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} + wipe: false + files: + - content: | + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: | + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + net.core.rmem_max: "2500000" + net.core.wmem_max: "2500000" + features: + rbac: true + stableHostname: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + forwardKubeDNSToHost: false + udev: + rules: + # Thunderbolt + - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" + # Intel GPU + - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" + # Google Coral USB Accelerator + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" + nodeLabels: + topology.kubernetes.io/region: main + topology.kubernetes.io/zone: m + factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} + factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} +cluster: + id: ENC[AES256_GCM,data:+eurLvuKzdXer4HLqqnnf5t8XC7sBhB6//ZQg5vqSoF7eQVDOQEwYD7qwQs=,iv:63nGNRu8fPtWPjxwg1XlXRmQAOl+2Df3Y2K4beIfR+Q=,tag:SGBokRw3+wUaP2E3OFJTUw==,type:str] + secret: ENC[AES256_GCM,data:6CxO5LEmdaD96JnRv95EsvKeTBJuOF/TGq2YWMDw3eo2aSRiaKcOq9XdlSE=,iv:KKwS8bqCMOPuumkdDPxE5LZK7xJ+fDmth8SPMVn8zoY=,tag:YpCu5SMGzyX7RpTUV+rNzA==,type:str] + controlPlane: + endpoint: https://192.168.42.120:6443 + clusterName: main + network: + cni: + name: none + dnsDomain: cluster.local + podSubnets: + - 10.42.0.0/16 + serviceSubnets: + - 10.43.0.0/16 + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:6jCQUwe6GzJ62tlWr8YOR7+b8dFSKLQ=,iv:/sU8poZEqy9fmLHpdNtyQnyUt5eOMvTOBshoXd8S+f8=,tag:eHKiHC+Jj9F5aSPocQW0vg==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:XcT8g1h/chrSqcAiCNHjzSlga7YdJIJWjRUKEY+z93KuS8Uk97X5/JlgWZM=,iv:UXXGrsMCZ2g5hG5fLX3aJ+lxu6M3lEbRaI+0Db49/Co=,tag:ssoLQZOxpCTtM1Dzl3eAEA==,type:str] ca: - crt: ENC[AES256_GCM,data:kp9Iat825PXQr7FJAf1d56HJ7WIAEAoUUWvW6x+U+AvFGbDHQNFfTIDR6eiOhS31q0ab0O4QnXok3QIO7TKbzO5MbIDWq3O4wnEEr5T6Tqkerptkvz2YE6Pszh+J2PnCSrJRWC4wLgyzKcFU0tYcAFvAC+ATSvtGRJuDwI1ier0ETs+TxAPyaL+XZLQADyx4G6sK5CmienU2zNhknLsR38Z3TXOE4HwfWcG2TzpBT1l6S3B3wsW2gb5JiWnLo6Q1S2mMrKTY4jron+JGjHZg1+9A0Zr5TB6eOkbCF6yPez+vruED7t7lD6LwfzRmXpOJCbtrS9AVHiS6w2snRPktn9VvtfnY7SvhOmuzu3/2vkoYk3Tp+kdMU6qsH/EJ6uwIfM2Y6BEqSLfnKYipWO18gQ9PcFjRBOIqTfNP/MLug7TJtnFhP1AsUMqoouMKgoN3y12LLi35D6LgVDmwX6OUVe/7zXAKYQxr14uy0CfRhA5QBqJ4bmRaSQpbZvp9W62gy29zk4Ffyl7GhWt5azuF/iEMOU9C5me+kHes6Hn0csFm95L4kAn5sOex4EmjzY1pg6Cy+inyyhGzE2DD3VWCEUbqhYw8VH1DHkwgFnLHiXFxh+29KDLLXO/InnMJiWyRfI9tvZlblSZ2ml80CnDEAa+9QVTZlwSVCOngT1MF36ASUwO/sfhGPMqf9Gv2w7TQw+isRTbYwpuGRZZr1edVKnaXwkBm8TXg4lRq6xOJvPrCWm5/duJlvOSRiboOKkHL93vWuHe6AazBMRSl0YnIk19PcebpDfm/WzqcP2mQBLsv1vYoDznq8oAfAqiHHB2omoYNAsWuWLloHdXYZH8Sd1H9LF9F1rVq3t76GJxdjI5BhKMhh3OJpNSALiY65Pfce5siU1jL096xFGR/9A2gBlOdJk+ORLWApgEqYB2Oug1lVevtHxHI9Lifwp/4xX5d3krXQak2U6tBJQqmzaFqv6iYWL8McA8bA27sd7JWDWiMKOYHgkC8sbTx2dgokqF27zeMDg==,iv:SmRMznUExrgoGiaRsjGooehNzPnhixauSHrRDm+x4Ms=,tag:7ZLJpcDr8rPlEkVLK55zSA==,type:str] - key: ENC[AES256_GCM,data:hzPKw5kAH7IzEnN+u2nFURDgqNQEJR3W0xPP7YGD72FrUK6K+EQ0BNUNJophkPEtyuLmgjiBF7FNzFyYUK9IClo8azpFWWgH8svboDNpVH5xKF+Pec1YNuF3c3JMEfomO5SqulgRKPYJErufo6MjZHJrjRZXyVyOY299WJKLaUCHyygVfjTT4fxDJs2z72wNqce53HLKt/rM+sw7TsfmDSQfE/qaarE85qz3KbVhMRJABb7+RKKxIm4XWgPDKj7zV3H7manVSlDEgEqoVTeOV2yl/pE8VOJUszfvcBxS6U+mBkzNJVBWkv7Fj12KErzHJiE/Dl4jJeowu60mZJg+BpKpSxxTFhDCcSPfoF8taskuTX7S6p6sJyJiUZkNMfqh3vaMOl3sxS9MGYn8TeIj1A==,iv:7/E17jcVN167VzWwJudloTKB117X83d3zyfEJYvWODQ=,tag:+IW09LRQJKyKtVq0l6wHfg==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 192.168.42.0/24 - allowSchedulingOnMasters: true + crt: ENC[AES256_GCM,data:khyFvqJp7IjVh+N3bEVcfO+i4UrpehPa5F4yc5mqUc49dgOq3VC620MKkqVmVJeFVmD7QqwtMsiz728uL9I3lZSIvPbfHHYHCCXnzfpkdoVKeXDzoVSspUTSd+f1MDYbMJYqHgHHShM5NedyP3kaHEKlhYbhiJjOcWAzMqFJ5TnwPy06Tn8deJW4z1MEGQkjjwMJRAE3gX0eFr6/QSdsRMbGYGCd04/Tqc0uwU5Y7GA51IVJd5riE0rk2zNbBLTtfkiYkO2LqAt5nbfw5Tmls7wpl5+1XSJtL0q8OPC6+aVQm8/JjVxDbo5bd7YcYg9jYOLm5RVSO1tVd0oaNewkA3VnnPg5wSVpJIJluLg7l7o8D0wkKEKZajxSUdq1IcPVAt1zLe4sttPhfSuU761gFEAEmku905Zkge+Lt/oSc0EsM8jA5PFlylQ5cHMYhcli996p8sFMcoucY9r+s8Y84nqOQxyZ94plHhipQGmRA8s9NlAHaDE4yLgoAVzPQPEuj23JyWmXltfLWsE9WNhBTd5iAw6CQIc/zVoK4nBJPIf5/Ni/fGfijd/o9lh26XTM+7b5IjWzr1VKF5r1706GG+Bpkh3doP1V1KREgqyDMau48DgpWwYow5Ocp14q0HVPvQsgGdNQhPQ8tQmDxdZ2jwCR4WuHpcFreRyIiHshmpxT2bKlIURdJlFWix4p6dqC+t9Od1qUqmG76RjvbgP9gtrp7Q84aXdauhMh38AGYe4h9K13+llrIU/6iSBR+HoNCbQipq12Q+IibxPw92dzedVnPMyXuuN4/hZluHe+d+SqSH3pV6M+63RUDF0GH4aqwphyEPcj+NjGFW1/2PU9DJsONmhFbsEH7/0MZEojlm1uDjp/UUPCEmZNh8Sj1kwk48VlPlKQIByZ9PsvaQECfeD6R1hlYQ1pm4ZoRFDlZ9zm1DVxoFijRmp5uXMDV0USSKc4HCR8dZJ8SjwAHF+5oeA0PCvBjNvzUbl5KjWmBkmQY0SHqthMpz4XrHMUOxZhnfjePd5LGufzr5QSneOWJym2bK4APV13edkhpg==,iv:+AvzHZMi084KQ+CBNfOlTRhSki72XsrZV7yXH6SRqOE=,tag:aM9aj49s5OR6nSXbPQfZEA==,type:str] + key: ENC[AES256_GCM,data:Osk7QRKfsR+wH15m3raUFnTeJaFCwN1SrKAJx0JmM8oRL8Z5WfTNFw6FFcMGESky/qG+myABsZpKxD+jcEjKAI06HmVnY9CFanc/xR8zMV+a/XqY82lzv0J0+FARESGXSyVOoXiP964BKXhZhPIyCvlf3PNeSVHp1sn0DJGLPua5i7Dy4G/xPWeWk1qyw6zxDamK8+KA+CEy8f/d+tz7Cdn0qrFpxw9euIX9iOm5qEyV3VtTpzRHGG7rNmzxLHMc2vqBsYub0mNYJMnE+o98OGvMb02Utyn8vMb8OJ60GgA5NdaOpHAuYfUw0QDmlZeqUfNFuLFN8Wa2vLwBTeypOMmIPwN4rkgJ+qQoXVhxS5oOSKf0J6fdWdo2ElNA59vTRnyFEM3Oc7KQmwHq3dudag==,iv:C1IdN/AmPm/FTHK+jMDNu1GdXZO7H1pwCjrcRG7Bvns=,tag:N/DA05Kn22wf0cHyTPgOsQ==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:LtjxnMhoHPQkIZHYjNbPh1LYPGBPfV8x2Ael+maDAj7p5gzx5B1aOVsWfoHl/nrefqcAz9OPewaNldPyf6AfvbLDPosAA4ZMqUQKwe+MKGnmhPDkkwQeRU1tWoNDPmIs/DUg5xwsTGy4w1I7tF2HGYCsJVlUoVDahwf8TR3ELzXYY3c3O/4m/qnInJAfR/dJBF+sz5VPE6crVoIMdp2wTNdUcIOUhL8GqycnlrI7utSlmJANvtoagDvmPX1J8t76w856ZYc1fRgODy35O6Ar2qPnWZHcXVIFWI0k4OYl4g5fiYH5fDvyROe7mxb65IDF52o8k9xQCp8miAZB5r/SPshg84+CzMr8cc6d8sUTNzNH9lUceVBgwb86CEvG4uLFGuoQsWZoAsIGVVFPeG6Ok65HO81IQ6wlO1zoioGXx3nrV8S6tvVWwqiGkmtvgs5IqnrOiy4DK/IbNwqHAOoXcLCzwafPXWyIh9ymYUosJQj/VY05w8K66Mt4wQ+CBdSuVa1w07biYVdIIPAOVjqqKPNdbfyroeGw0S/cMxbCWyt+xQ5Ude6COewnF114phGqp4CHrkSvEr6kNmA51J6uDValWSDkDg6N+pf6AFsE1GWsBffUHonZD/2gz8A8oaUIK+ESYFil+5hwBgvNklwcsbbDJBIhH7sdAsYhguCaka5NlH34KpAXJ734onoce3Uowodmuh9WiSKrpb2bzW9X0DiPA+mDn8pHLOuuDmOYXIoDPS2QCKbYOJiL9aEkxtnmo5btxvZTU8wZz44HLqUf759cpuMCpqFP28KUj8R4rZ3eVyTmiNI30CtMqLK/QC0oWqMLYsBjbHcG/mVf6qdu45kdHeHynCw/nLojTx2syLRHETahlI2yd/aUL1NgPgqVCoJ67hllSvwecVn+yoySYmCEPOhKVqtPSfva/H2DTmamEGWUr8hTcw==,iv:GeHzjSxLdAiSroqH5tuyfhlYIIV7cUGcb8kLOKzrvnc=,tag:59jxt0Pjci3VZnU/XIpf3g==,type:str] + key: ENC[AES256_GCM,data:EVre3KzpfTwlsPl87nW3JXbw4/p2Ma65fkAEY0CQ6opZNwfyvucgyp0rrJae7gUH/4UtmUIR59RJPHl1KEe+D7E4FajHBwO9wfUeZ+wbVIN5zKJ9G2D+Jwv3reCvo99MKwo0415OBdeIk4HomXMiTzS1JQQYCIjd363lo7RLxRgAx5hU72wupOtGNQaUtccKNTlulKnCgbjDjvoebxUzYbQX7FWGBwmHjVJKMNthJHZqrNLVBGsPMvdIPp+61/g4h2NKl5niQRiyQ16nDFqaEdVp9q/MAzz7St69/k6OBx83R5azkVeNqJRde3Sr1NuGmrg7519M+mepVODGJBqmYwxoMRskL0zLZMG2s1FmyScwHTt39zJOUK3H7ftWKjCIhcXJP3a597NWx3/qmSvdcQ==,iv:0oeiurPYqDHBexuOivDvc7nVO4VU8g2X1o/akE4+e7k=,tag:eiMhM3DtoMyKRlgBYZkTUA==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:m9Jl09qQ3tbtR0St4vW9CnVEPVlAfrETXoNgQmKex8U8m6wIRa2cfIxCTYs2FQfiaeSr7XurRHJavG8JwJtSZ6SXwLW6uiB06ln9O/nyMkq1W4hDrd01CJxiGtxbwjrcbsoQy6GzXMylblMRASlsDpjYZnGYHOmgajiAhQ4287nsMZx/lAtiuUiadtFlm09VMuRAkPDaC8kiGSr6Juw3x/DZKh3jv1wc2tHsO/dkaL3sdFNk0HpPgryOyi3aD1bXlbw8exZZpiClrMvyDjL6pZhhJProQM2idWnsY4MRJvKV9G1xbMPeVWRRua4iEXXUfFQ1wEr4dG7wpOTyDmgam5EgnBWjpDI8/c8jmwZYDjnz0oN1QSApugDzcG9iQHtOZ4X1DdC7102gkQstSIHVlQ==,iv:3/BTr0c1Mzt11zxbLRnzI4LynFDgfFhWLEclBb3kcK0=,tag:lXZ4xc3qJb14o+fxCPuaHQ==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + certSANs: + - 127.0.0.1 + - 192.168.42.120 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + proxy: + disabled: true + scheduler: + image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:kp9Iat825PXQr7FJAf1d56HJ7WIAEAoUUWvW6x+U+AvFGbDHQNFfTIDR6eiOhS31q0ab0O4QnXok3QIO7TKbzO5MbIDWq3O4wnEEr5T6Tqkerptkvz2YE6Pszh+J2PnCSrJRWC4wLgyzKcFU0tYcAFvAC+ATSvtGRJuDwI1ier0ETs+TxAPyaL+XZLQADyx4G6sK5CmienU2zNhknLsR38Z3TXOE4HwfWcG2TzpBT1l6S3B3wsW2gb5JiWnLo6Q1S2mMrKTY4jron+JGjHZg1+9A0Zr5TB6eOkbCF6yPez+vruED7t7lD6LwfzRmXpOJCbtrS9AVHiS6w2snRPktn9VvtfnY7SvhOmuzu3/2vkoYk3Tp+kdMU6qsH/EJ6uwIfM2Y6BEqSLfnKYipWO18gQ9PcFjRBOIqTfNP/MLug7TJtnFhP1AsUMqoouMKgoN3y12LLi35D6LgVDmwX6OUVe/7zXAKYQxr14uy0CfRhA5QBqJ4bmRaSQpbZvp9W62gy29zk4Ffyl7GhWt5azuF/iEMOU9C5me+kHes6Hn0csFm95L4kAn5sOex4EmjzY1pg6Cy+inyyhGzE2DD3VWCEUbqhYw8VH1DHkwgFnLHiXFxh+29KDLLXO/InnMJiWyRfI9tvZlblSZ2ml80CnDEAa+9QVTZlwSVCOngT1MF36ASUwO/sfhGPMqf9Gv2w7TQw+isRTbYwpuGRZZr1edVKnaXwkBm8TXg4lRq6xOJvPrCWm5/duJlvOSRiboOKkHL93vWuHe6AazBMRSl0YnIk19PcebpDfm/WzqcP2mQBLsv1vYoDznq8oAfAqiHHB2omoYNAsWuWLloHdXYZH8Sd1H9LF9F1rVq3t76GJxdjI5BhKMhh3OJpNSALiY65Pfce5siU1jL096xFGR/9A2gBlOdJk+ORLWApgEqYB2Oug1lVevtHxHI9Lifwp/4xX5d3krXQak2U6tBJQqmzaFqv6iYWL8McA8bA27sd7JWDWiMKOYHgkC8sbTx2dgokqF27zeMDg==,iv:SmRMznUExrgoGiaRsjGooehNzPnhixauSHrRDm+x4Ms=,tag:7ZLJpcDr8rPlEkVLK55zSA==,type:str] + key: ENC[AES256_GCM,data:hzPKw5kAH7IzEnN+u2nFURDgqNQEJR3W0xPP7YGD72FrUK6K+EQ0BNUNJophkPEtyuLmgjiBF7FNzFyYUK9IClo8azpFWWgH8svboDNpVH5xKF+Pec1YNuF3c3JMEfomO5SqulgRKPYJErufo6MjZHJrjRZXyVyOY299WJKLaUCHyygVfjTT4fxDJs2z72wNqce53HLKt/rM+sw7TsfmDSQfE/qaarE85qz3KbVhMRJABb7+RKKxIm4XWgPDKj7zV3H7manVSlDEgEqoVTeOV2yl/pE8VOJUszfvcBxS6U+mBkzNJVBWkv7Fj12KErzHJiE/Dl4jJeowu60mZJg+BpKpSxxTFhDCcSPfoF8taskuTX7S6p6sJyJiUZkNMfqh3vaMOl3sxS9MGYn8TeIj1A==,iv:7/E17jcVN167VzWwJudloTKB117X83d3zyfEJYvWODQ=,tag:+IW09LRQJKyKtVq0l6wHfg==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 192.168.42.0/24 + allowSchedulingOnMasters: true sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTFBHb25kcm85VkdOTWNy - VFM5M0pMR3VOcEwzcG1yZDNTMHYvTFYxcEdFCnBTbGhFL1pXSVRGYnBuVkplMEUx - Z0p2dlRoV1llcXBSS3phSW1tMk9DNVUKLS0tIGljVlROZ2NVUXNxbWZwM2kzaFJt - eUMvT3pid205eTRWc244Y0dYQSs1bFEKagN5lGwdC+JBHQBF4z2lpICinAW7Q3CD - TlQ92biebjj+snQhyoKc+WXpGyUG7plGMPzu7ERNKvyM4YJQWZbPGA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-28T22:06:18Z" - mac: ENC[AES256_GCM,data:DfBGfy/JBAzP6OXPHso4c5zcc+xPU+Ml2nHTTCUlSvo4vJhMvn7ifnCmbSl8Ccil7SgntS40qw8QivzowAm+xRk77XbxQiyOvFj8dyZJwIb4PdATyA3wGKoBNWEtjnb4sETACm5Rez2G3MYFtrNc2jLYVsZ4SZq3DPWz7dR4Yms=,iv:udxzarCFmgs70R9Zho9GkynDReV+daicPnMZlMfEGks=,tag:Ua8ky4F/Qrk3aE9AZT4Q7A==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - mac_only_encrypted: true - version: 3.9.0 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQTFBHb25kcm85VkdOTWNy + VFM5M0pMR3VOcEwzcG1yZDNTMHYvTFYxcEdFCnBTbGhFL1pXSVRGYnBuVkplMEUx + Z0p2dlRoV1llcXBSS3phSW1tMk9DNVUKLS0tIGljVlROZ2NVUXNxbWZwM2kzaFJt + eUMvT3pid205eTRWc244Y0dYQSs1bFEKagN5lGwdC+JBHQBF4z2lpICinAW7Q3CD + TlQ92biebjj+snQhyoKc+WXpGyUG7plGMPzu7ERNKvyM4YJQWZbPGA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-02T18:45:59Z" + mac: ENC[AES256_GCM,data:KbD/a1Dbdbr+G2ux7fMjADSUoqU6KIpPUuMkcvO0g5bC2kSkEZu4PCRpAu8aLDFkShL8mko+J6DU/6gI9+wWA+ejvGhxLmBvh+QLqHP4D1QokvAgwOzikMn1LxdofpR3J6gDEEBz5HvYFURsXZKg4rtzsm1dSGM027tFSUH7S4M=,iv:uOs9Tg/1f/p+VqWIcpBdTOVEvNHNO7lpt1TBCyjG11M=,tag:vKVEvZwnGZuFfl7wAK4HVw==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ + mac_only_encrypted: true + version: 3.9.0 diff --git a/kubernetes/main/bootstrap/talos/assets/k8s-2.secret.sops.yaml b/kubernetes/main/bootstrap/talos/assets/k8s-2.secret.sops.yaml index 3a78b52f0ec9e..fee61008f1f30 100644 --- a/kubernetes/main/bootstrap/talos/assets/k8s-2.secret.sops.yaml +++ b/kubernetes/main/bootstrap/talos/assets/k8s-2.secret.sops.yaml @@ -2,193 +2,192 @@ version: v1alpha1 debug: false persist: true machine: - type: controlplane - token: ENC[AES256_GCM,data:X+wvApwxqHpKwtMFr9kjUx0novqFm1M=,iv:5sLyxZNvBy/eIFrTJwE7C638X2VR37StPoLL36qvPU0=,tag:d+chQ+62tjsjmMw+HkCyTw==,type:str] - ca: - crt: ENC[AES256_GCM,data:nN3rd/ucy3GKh8xxvNDWoR2soRPUq2xye5N+2DBadu59Rs4KoaHNMxkdexx6RsTrCS1puImy6GndTnDHOoD6tFYNQmcFDO1L89DSSBbTA7/I++Z84Iy1sbq+pKTywfUGRiskGUd61RrTObosUtY4/zTwbLvsKDw2G/7udHPt07doqlUOJWhmq/la+uzvvW6i4SkecUSHv7XE4wWoB0BglVKXAQnLk0v9Z+WzM2sd0Mx/jGXfcPIu1DPUjbznu9mS9NMcYtbIi7va83HN5tuLkF+oVjlBCGkQa7TuC21owfrDn7OPU6YAQki+e5xdDPIKfwCGm5IMPe3tGAwGBLbOllVNioJ0CDDgBBhx2P6xbAcTuwOTwG4cGhWex6BtugA4PkfRtDChlKFGDHaJZBcKKl/Q4c/2THm92LcYcvGwaFqMIi927T7rd8BvaTwLcFXGDRm50KfsEGI0sBbVEGhNAYCrdzF+hEwjwGNvFL54F2fwRpP/Lmh69w78AE94BZ1o7MouMiEE11PJtQAu7CQXu00SWCkYR5wI1R0D3/3xAKh30b9xQQB2KpvpFSw5JTHk4e29TzRNMHa2hKqvpi3DMaFFlL8wLh16eTvKDz/jQJQ31REjrd6lheqdAUrAnNF78KiPiTRX08PHfN8OmkOWGg7FOuq9KqUYzsd9+BCmauFMeeUTM9CoVbG67Fy4iTTcKhYo/kr1bfYkhxtc6jBquOVTJFv6pmogfraO8NU0tlFQdCmRMIdXOt9nzrX3ntTMPYbLRscBF2mINN+aW0Ke1EPwYCISjT4LdJlHryhT2mkvaOvm0+lQWl2wI3+cwLM3Gh/NBLNPwaTs78vfITdfFkBFxkK0WsckjyRvwGBvu2JvxQV9,iv:MAf6iH8gsh+JaXTSHJN+8wmvjGTSTdRTc7/h6A7cdkE=,tag:oew/iJfEtFjOQqeCZOEZPg==,type:str] - key: ENC[AES256_GCM,data:TppGncAnDk9n+Opp9Ugxz0GffOhuIyWuzuK0MBmNhPUDKrS9O4z0tXUxekPkNimUSkJ0Hfj5O1PI1OUqtoIQqEo86xdsqieFSUgqYml6nVOJ2LKOm/Uro86/SEQeGxiclPMk33ndGVLAfhlB9NsfMD/qUkn4X+/1ctPhwE+q5PNRs6oB6sieC9d8i/7OAOWkgD4tfrhbfjX3r9AANx0GXum/P8aYlvJvnma4HzVWNvYSQMgW,iv:tLMWiifNm/H16SfRQYCxJkKkF/JfxFZvUQ+2D0hVTtA=,tag:Lj5T65H4alMW4tR+qXi/mg==,type:str] - certSANs: - - 127.0.0.1 - - 192.168.42.120 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - extraArgs: - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - type: bind - source: /var/openebs/local - options: - - bind - - rshared - - rw - defaultRuntimeSeccompProfileEnabled: true - nodeIP: - validSubnets: - - 192.168.42.0/24 - disableManifestsDirectory: true - network: - hostname: k8s-2 - interfaces: - - deviceSelector: - hardwareAddr: 00:30:93:12:* - driver: atlantic - mtu: 9000 - dhcp: true - vip: - ip: 192.168.42.120 - install: - diskSelector: - model: Samsung SSD 870 - extraKernelArgs: - - mitigations=off - - module_blacklist=e1000e - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - files: - - content: | - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: | - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" - net.core.rmem_max: "2500000" - net.core.wmem_max: "2500000" - features: - rbac: true - stableHostname: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - forwardKubeDNSToHost: false - udev: - rules: - # Thunderbolt - - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - # Intel GPU - - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" - # Google Coral USB Accelerator - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" - - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" - nodeLabels: - topology.kubernetes.io/region: main - topology.kubernetes.io/zone: m - factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} - factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} -cluster: - id: ENC[AES256_GCM,data:F9ESX5ECQhR/907RTLcS/crWxV3IFDbmZ31+PxtV8eljrhoeQdF99gc6PA0=,iv:Gn2XOVo9o/dhof32H2uvPwx+UDG/uDpKRj6RNz8yzPs=,tag:NGptvlINh8MsKiCSdrze0g==,type:str] - secret: ENC[AES256_GCM,data:EaPcekY1reMHyyZXBnJjajOjN6XbK0EEAaBio01hhVKJMI1AAFxH81dVHNA=,iv:vrlPznvL3M/qF4qGG1Un7lu+M+M618rd6OjDVv+297M=,tag:ZmORYBtQy5btq3LceFaSzg==,type:str] - controlPlane: - endpoint: https://192.168.42.120:6443 - clusterName: main - network: - cni: - name: none - dnsDomain: cluster.local - podSubnets: - - 10.42.0.0/16 - serviceSubnets: - - 10.43.0.0/16 - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:syrN52xn9B3R6Ur8gdM0E2LdaVTRKeg=,iv:TiaKZMUaET3iEvj35GtVU90LBfkspPEER1TQuuA9dN8=,tag:iKFNXIU7MdFDIU57NoVRJQ==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:0wvSBVCcKGfBYyEZLfXHC/NW/9k8JLP/s2eKsCr+xVIAg8ue++wRUEJpLdc=,iv:JKXxGyX0b7G5myj+bVBxmzd3okMjSci+bMaEtOPLWHs=,tag:L8YrbhZpXaYsq1lTAFuQag==,type:str] - ca: - crt: ENC[AES256_GCM,data:q2igZdzKLjVO063lIZZW8Dxk1vgDd6jNAr7BSsz4VkttftS5/IzdTrYjIABWMy06pvccqa1cPj5jP56kOwbjJlNF285h7moMTs7iGSt8IqpBAyMGt4SvjSMpamTelHz96faMsZxDUBaRa9K6yJjXsplg2jhLwBiE640MdaYW/JSFHTT5qY6uId4nvqY0EEcl6idgkYNh69iiOyUb5GYIjIcQbOVqdncnZ9PIuT0lMyxXbZCQIcsejtuqw4QDVxXgw15InhzA9+zYIDZzzecMpdvJzixbkXU+3NnIUUzhqooLCBYtrXQyeldrOiIPxiPkbwOQ27YMZPWfrwM+cD/88W1fxSYgBrIpkLORro863JugqTYE3uasahBB38LSTK2GwYj0Tw9SFdkO2TdRw2beV6LvvO0VI8QJQkRP1TBYZQWx0SIRicK/9svlMjSELxMf46gHyD8E9W7iyBM3cX1MOe+Sj61HJmuwErn/wSFNvOB0p1sYdslv6id+QIgm032QRtH0SYgS43NFTo6E3cRqf/u+XUQVYvLTuJzvrZdWDv3zpf5EvomvrWSmGiSbSvun4tx6RaP6zyTyvWCt3VsPoNTI2gVyxX3GxYbMjQPSUcoKkyPRo/SjUOjJvxm0MmVF6B0R1V83xs+XoFyh075pdf9YYjOqAc2HuxIIoKgmfT6iGMD7DVvxQR7SdS2Rv5tCn/9K5+BX92BG7uEI3hgYQ8yUDaJoQq9hA+j9pb+ufmlED9cnqokpA6QX8MC78zMK3rvu/8bhj+E1+vc03nRDsDpr+1Ah4w3UwMNCAX/7QTRbjw6TF6Nvu/0CJy9++TzI6WSm8ELTZHv9nEmZ2cSVUFnoYpmBHr7e/vNkLWD0vfUozRXkidjtzAa/MQXBrtH79Tcik374cbpFbVtGCRXxdbMY1YQHS3TzVkx3BxLPrvIu0F1wRLOt5xRqoNCSstuCXo5CedyWv3m6wC5oR1F7v18TvUq+ATVnGAlC86L0s0ld53DzSdkoTzb3S7q0n/XhyFtqmq5cB3qByEYprbeJntTpEs9j5ucsLzQuQw==,iv:Du0I4ItbkDOokagnbZVT/yUZ4+HcMFRKudxs3FJWbjo=,tag:ISKMsaV7NQ/5LuCkZcLgBg==,type:str] - key: ENC[AES256_GCM,data:8+qji4NGJbb66R7GIvuBZExA5sYFrfgs9fu/0Lh9MNWh1xIEvN8/xGAy0DqZO1XPZgisWoWb+p4BLgJIwdhj9OKCy2N/ZvqoV8qOEH4bx7ntV3kQPjXI6yS0Fax/quOcf7AvmqyJdpmY9orUqKA8Qlif5WNUOzUTfmvJAFIimFQnCFPOnI/M4l96tTdkn3EMMZoc5j9OYnUEsnqt/GyawSLjkvOvB/ieltqIrQWTT1nGLrj8LLjc8Q5kfntfyXkPnz5YStP6SR5sFD858+Ie2+mPkvTWODmagRwBNX4qwAT2R4KCx3nrW/nJC4xVczjpVf1rJ4azqU7GwqkeHhrW4YncwzAXVNxNt3s8bktCG516UejRdpsxKFGg8L8OXXb+6DkC+3S2goCuj0AdwkTnmw==,iv:gyGlBBfFsVsAplOfvoxcOvjaiR7ilZTD+6I9fkumIMI=,tag:6BD3EnncXPrUvjbIJwxk2Q==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:fVZwlYoUZ2INNnmwKd+xIXXKhzC55wa+r6XBkrdiusfXT7IyhOSM7QB8RJBA969VotFDP3BcCJw5htScciqzySuJ24ShAScbmsNThGMuPs2ovzItJ3fciIbGRBxEbsMlkseHjLEwB6swdIn/acpgtMPTj0UJW+La6LCKkqekTp8QZp2+8WQMAXMMkApqwmWupDy7qy9Sr+j8X88d0l7QcsNDUSr+iG3xbXpqDKT/ZtzAB+HWB9u5t8aLUqLQYlQPfsXxy3/V+fR1JMpiSsMZwdHGRRDjDnFo+9y0WQcOINLiUzwhPqYUyQzpbbIaU9WgIR2ZcE1fQGHU+ax/7Lp2NfDpB39u+TD/lIyHvXU4xHkf08MNFbWyQjMsskouJLyelo8fNFK6oQ4Enhp1oR4U2luWpnSNdjKOSQ44ZW3w3e7NIPluHQ/nrbd6dFrJmBN7+eB+uQXY5KPt5ssGUd4EcEyR2o20OseKm5Sa8PPQ+8yGnReKxKO46LG1YG/SIPUJL0/SWv0vY1r4qWw4UFFEyy/XRpOMSqxlFMYQwHuPWaJzrWcqbWNeoH44Rsce1xVxqndQGJGGIz0T1tq6fd1Y1cARkNtZpgy4dbLqi0Xl6tAi1LqH6dDqsNi+oYuvLdpgA1NNx3M7P/I67fYO87pIQeu8iiQCAO/5I01NpOFAtwfgqCWTkPge6SdTh7w/lsSjcdcWOC3HNwXrVjulkwIgvNQnEp2JY7Z9aIsmQvFcHXhmoeXP6nyNa/vqlpr4Q1B4kTjBKpI1EFifFPvg+/h3/37rrcjA1mFqZqLmtwN41LeidP/akLgNrBMPnLZ2polw9bQQqjz32Nqz+n8rcHhDSTLahAJs+gPrimHxkt3y8jn7UwvT+5LVg14Aiial2P8GOJV14YIS3jyap1xkfZrUY2B4A97vB/qZjmpzdFOphyZufkFmWL9i8Q==,iv:+AfCAZCSM1At7Gs+hpoWWJqrw+vIu9+q+80TD+Pv+RA=,tag:MDsj7UsR9Cf60piwrU4tDw==,type:str] - key: ENC[AES256_GCM,data:tZvAbyj5pMoT66uxBmBtZKfTi5M7BqnCFtdFhc99s/3Rg2wPB1OHwVVPGF2PwAIJ/SSti8CtxmiSHJNIV+1vu0pGTj1COTQAtICOzot5FcyY3kq80WVV6rPMQt/8505coKpgTm8TJuJseWkIZ5bmO0hV1mfHA8Z1PtBSGIHswoeddiY7xGQqkV9o+h86PjQFS/PvWzOM+92cCEZACwi1e2xxPGt8IbA0j0BzTYHyIGOiYDBAvLvMV3Ammi3Zrvdpn1IyMXVBON1GAX0f+YXPmeWWmsKJ3IlC15xdI6PmSy1G2vqHy+kalJEDf6wSyV4jZpCUiRdRNPNnbWiPUvnGAk49JwFA69KTGx4MehJaFfhfYEMfi5XDHKFUQYARbOOoFYtuQj8RCi00xQlzMy7NuQ==,iv:EbrnPYjrFsRCGSVHF/Mj3XrFp26YPl6xM0DyGm/qD5A=,tag:8hIClg21wQYUQEvQiOaszA==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:eFegQeg5oQosrLZ9dKwrP0/gmx7yf8vwjC/9BeI/q58zpo+6H6SQugw8bDQ3Yh6Q0Fgha5CVfIRcKVtYa1PGoRaUGoa4/sbL1WyEPMr1cNoRkosh1w94UwaFX3L/G7msx74Y9se/mfrVNtBCy388BQ8HgXxRVoTvG+zMPyjOXAIyxBYVsjgZ7PUVzJcYlWom1PswEusoLIFoKQ1w7scoYunvtYFT4CR9hL48nU54h4GFtQMNPdEWCPZB3ShQSvzsyd3hCh+klUKrxXrfB87xHrArBsVQ6JTJMI61BzdUE7j7grw7i+N6gmCs16HOFc+UsdF6VbGjNYTndn12N/mP4vs9fEnWoAbQsoMx2VLokTkWfj2HHdpkMF0jZpjXjFXHATzBV93MVvOvghnK6nMJxA==,iv:kjQU/5sq6GKgiUTHXtuyJNlTHcuYlpY9B4qbRcR+ibs=,tag:EYNCBmniRl0VTz4ff3+Y9Q==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + type: controlplane + token: ENC[AES256_GCM,data:X+wvApwxqHpKwtMFr9kjUx0novqFm1M=,iv:5sLyxZNvBy/eIFrTJwE7C638X2VR37StPoLL36qvPU0=,tag:d+chQ+62tjsjmMw+HkCyTw==,type:str] + ca: + crt: ENC[AES256_GCM,data:nN3rd/ucy3GKh8xxvNDWoR2soRPUq2xye5N+2DBadu59Rs4KoaHNMxkdexx6RsTrCS1puImy6GndTnDHOoD6tFYNQmcFDO1L89DSSBbTA7/I++Z84Iy1sbq+pKTywfUGRiskGUd61RrTObosUtY4/zTwbLvsKDw2G/7udHPt07doqlUOJWhmq/la+uzvvW6i4SkecUSHv7XE4wWoB0BglVKXAQnLk0v9Z+WzM2sd0Mx/jGXfcPIu1DPUjbznu9mS9NMcYtbIi7va83HN5tuLkF+oVjlBCGkQa7TuC21owfrDn7OPU6YAQki+e5xdDPIKfwCGm5IMPe3tGAwGBLbOllVNioJ0CDDgBBhx2P6xbAcTuwOTwG4cGhWex6BtugA4PkfRtDChlKFGDHaJZBcKKl/Q4c/2THm92LcYcvGwaFqMIi927T7rd8BvaTwLcFXGDRm50KfsEGI0sBbVEGhNAYCrdzF+hEwjwGNvFL54F2fwRpP/Lmh69w78AE94BZ1o7MouMiEE11PJtQAu7CQXu00SWCkYR5wI1R0D3/3xAKh30b9xQQB2KpvpFSw5JTHk4e29TzRNMHa2hKqvpi3DMaFFlL8wLh16eTvKDz/jQJQ31REjrd6lheqdAUrAnNF78KiPiTRX08PHfN8OmkOWGg7FOuq9KqUYzsd9+BCmauFMeeUTM9CoVbG67Fy4iTTcKhYo/kr1bfYkhxtc6jBquOVTJFv6pmogfraO8NU0tlFQdCmRMIdXOt9nzrX3ntTMPYbLRscBF2mINN+aW0Ke1EPwYCISjT4LdJlHryhT2mkvaOvm0+lQWl2wI3+cwLM3Gh/NBLNPwaTs78vfITdfFkBFxkK0WsckjyRvwGBvu2JvxQV9,iv:MAf6iH8gsh+JaXTSHJN+8wmvjGTSTdRTc7/h6A7cdkE=,tag:oew/iJfEtFjOQqeCZOEZPg==,type:str] + key: ENC[AES256_GCM,data:TppGncAnDk9n+Opp9Ugxz0GffOhuIyWuzuK0MBmNhPUDKrS9O4z0tXUxekPkNimUSkJ0Hfj5O1PI1OUqtoIQqEo86xdsqieFSUgqYml6nVOJ2LKOm/Uro86/SEQeGxiclPMk33ndGVLAfhlB9NsfMD/qUkn4X+/1ctPhwE+q5PNRs6oB6sieC9d8i/7OAOWkgD4tfrhbfjX3r9AANx0GXum/P8aYlvJvnma4HzVWNvYSQMgW,iv:tLMWiifNm/H16SfRQYCxJkKkF/JfxFZvUQ+2D0hVTtA=,tag:Lj5T65H4alMW4tR+qXi/mg==,type:str] certSANs: - - 127.0.0.1 - - 192.168.42.120 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - disabled: true - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: + - 127.0.0.1 + - 192.168.42.120 + kubelet: + image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} + extraArgs: + rotate-server-certificates: "true" + extraMounts: + - destination: /var/openebs/local + type: bind + source: /var/openebs/local + options: + - bind + - rshared + - rw + defaultRuntimeSeccompProfileEnabled: true + nodeIP: + validSubnets: + - 192.168.42.0/24 + disableManifestsDirectory: true + network: + hostname: k8s-2 + interfaces: + - deviceSelector: + hardwareAddr: 00:30:93:12:* + driver: atlantic + mtu: 9000 + dhcp: true + vip: + ip: 192.168.42.120 + install: + diskSelector: + model: Samsung SSD 870 + extraKernelArgs: + - mitigations=off + - module_blacklist=e1000e + image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} + wipe: false + files: + - content: | + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: | + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" + net.core.rmem_max: "2500000" + net.core.wmem_max: "2500000" + features: + rbac: true + stableHostname: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + forwardKubeDNSToHost: false + udev: + rules: + # Thunderbolt + - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" + # Intel GPU + - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" + # Google Coral USB Accelerator + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" + - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" + nodeLabels: + topology.kubernetes.io/region: main + topology.kubernetes.io/zone: m + factory.talos.dev/schematic-id.part-0: ${TALOS_SCHEMATIC_ID:0:32} + factory.talos.dev/schematic-id.part-1: ${TALOS_SCHEMATIC_ID:32} +cluster: + id: ENC[AES256_GCM,data:F9ESX5ECQhR/907RTLcS/crWxV3IFDbmZ31+PxtV8eljrhoeQdF99gc6PA0=,iv:Gn2XOVo9o/dhof32H2uvPwx+UDG/uDpKRj6RNz8yzPs=,tag:NGptvlINh8MsKiCSdrze0g==,type:str] + secret: ENC[AES256_GCM,data:EaPcekY1reMHyyZXBnJjajOjN6XbK0EEAaBio01hhVKJMI1AAFxH81dVHNA=,iv:vrlPznvL3M/qF4qGG1Un7lu+M+M618rd6OjDVv+297M=,tag:ZmORYBtQy5btq3LceFaSzg==,type:str] + controlPlane: + endpoint: https://192.168.42.120:6443 + clusterName: main + network: + cni: + name: none + dnsDomain: cluster.local + podSubnets: + - 10.42.0.0/16 + serviceSubnets: + - 10.43.0.0/16 + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:syrN52xn9B3R6Ur8gdM0E2LdaVTRKeg=,iv:TiaKZMUaET3iEvj35GtVU90LBfkspPEER1TQuuA9dN8=,tag:iKFNXIU7MdFDIU57NoVRJQ==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:0wvSBVCcKGfBYyEZLfXHC/NW/9k8JLP/s2eKsCr+xVIAg8ue++wRUEJpLdc=,iv:JKXxGyX0b7G5myj+bVBxmzd3okMjSci+bMaEtOPLWHs=,tag:L8YrbhZpXaYsq1lTAFuQag==,type:str] ca: - crt: ENC[AES256_GCM,data:zBoQoXsZkjlw/kwbAY+O1YnImKTk6RaKomQv9Fkd8FMPyAYa7RgWzF5VZkUbmC6XbiLzi6pagLAeq6/OrGkMNtx3j/r9ALWavgfhWuJXds0w0X1Ubj9J9pnKMvIA3i8ZyI6whm3jrKabyCfahAlHhlGwJzCxzMD1QKZwUc71q3kPvHjz6I2nyDaiKjtZ44F8OzTOP4jbSo9Ap6rGbRy+qr/KaFa/XA/4SSRkWsbS05at3nRAKLdR6a7Lc4fVnBRaHZfLJdIAeXOBxAbjwwXJzslxpWLfWWtdrptl/idUBfiEvnW95EAh8Zl0nrqt42YYUvkDAOGjQXWD5rS9oQubz+dIdOfu1VbJM+VVdZUl9geepsfuezZQU/ydlSl5O6nPInRnTTjYDCGwYgKroHkOlyrrdJoOXdMbq6Q8OHqmVfPi8NlPZOKnEJjcgHfrmhdNAEsmHSTRwV3fAu2/h+gdAdLC1apueKYdfxeO2D6AsZtEqXFwpbFiRP9eR9ubW4714f2GWKJrTraEgwfEtssqEvCKHZVVK54PW+jOi1VGBRPqeeuXo/zo86gY54S2YsSvBqQdfksjkC6O4s/N1l0X5wHXD5Bvx57ecpZ3RvuxNgwOfHKghZdiS6LuGOBKhN4VySButDLYf4w0ptU3uHRTIvBzTX4LpfIDb5M1ipiMBAr5UMfcyY4oh1RqTouLkmK9lB497grstHExlGtKGpHMCLh9F9rF5Vy6EEVEjVWwgyxc7CBUHLR41efqC8fLEP8zojU2IrnnJRY/v7g96KMELqxIuWQZ7D47gW3ZqXbopDU/ubfmZ0uTWk5DVczDoqSkkPdOEG6QJ7VLE0eYQ+VEPvwvd3dcZeVUDtDI+Q45pr/u9NLUcbHe9vNAvKnegWzCKrV1MgnFYI7ALmlOfVebkPtRWrIg22urC9YT0nMmD6STQHtvKFEBKgCVjwOOgwtO9bwNNN+zLYNY39vV/0X5Gbss1Q+PKBTZIr3pgeB4Z0fF9C5bjMsDwmWcy/mmfFOrgeMHUQ==,iv:3gzsFLVAi8sjIvrngDhZtEBed0OEt5b0jFJr0basxaw=,tag:bwPo/yqD+Avg3J3AMpwYmg==,type:str] - key: ENC[AES256_GCM,data:0VDCM42mmJ4m56v8Yjat5bFiE1YOU9HJ1EJi21fOzmt6COqVTzAeN9K5D5pEd16Ogbd+/NkPpmGSfCz4vjygshaOwAUx7WYy+41YMHjXmObd/n2TOReI2tlQcIFABGyJPDlXuEiejb+kPTgZKdtsvMPf/pm2o+tGxnKO5ncBYF4b1Oeh12GGR14FAmHsuTlCKCR6nzcRjdcrSegRaMVFB5mA1FOISjQ/pG/+gFRFGeqwD8djpNDZWfwAd+2ScvFVzgudufLbpqpAdxGWLhHbmwDvQoNQtOZLmkx0atSlkSQh2razgqm8ectMegwCamjiMhQmAplvE6/Dmlkq2inapkz/pHfRg1pgK79qXdmvHHdVXLQ6nyZ+/sNsMC0KHwLyRty86DL5WfmY02GOIuy3fQ==,iv:PdPNyCj9hi5e4+/VdFAhWf8857sAwcmHcn9FQKVAUwQ=,tag:SaPvYhYPkqXe4afpYVDz4g==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 192.168.42.0/24 - allowSchedulingOnMasters: true + crt: ENC[AES256_GCM,data:q2igZdzKLjVO063lIZZW8Dxk1vgDd6jNAr7BSsz4VkttftS5/IzdTrYjIABWMy06pvccqa1cPj5jP56kOwbjJlNF285h7moMTs7iGSt8IqpBAyMGt4SvjSMpamTelHz96faMsZxDUBaRa9K6yJjXsplg2jhLwBiE640MdaYW/JSFHTT5qY6uId4nvqY0EEcl6idgkYNh69iiOyUb5GYIjIcQbOVqdncnZ9PIuT0lMyxXbZCQIcsejtuqw4QDVxXgw15InhzA9+zYIDZzzecMpdvJzixbkXU+3NnIUUzhqooLCBYtrXQyeldrOiIPxiPkbwOQ27YMZPWfrwM+cD/88W1fxSYgBrIpkLORro863JugqTYE3uasahBB38LSTK2GwYj0Tw9SFdkO2TdRw2beV6LvvO0VI8QJQkRP1TBYZQWx0SIRicK/9svlMjSELxMf46gHyD8E9W7iyBM3cX1MOe+Sj61HJmuwErn/wSFNvOB0p1sYdslv6id+QIgm032QRtH0SYgS43NFTo6E3cRqf/u+XUQVYvLTuJzvrZdWDv3zpf5EvomvrWSmGiSbSvun4tx6RaP6zyTyvWCt3VsPoNTI2gVyxX3GxYbMjQPSUcoKkyPRo/SjUOjJvxm0MmVF6B0R1V83xs+XoFyh075pdf9YYjOqAc2HuxIIoKgmfT6iGMD7DVvxQR7SdS2Rv5tCn/9K5+BX92BG7uEI3hgYQ8yUDaJoQq9hA+j9pb+ufmlED9cnqokpA6QX8MC78zMK3rvu/8bhj+E1+vc03nRDsDpr+1Ah4w3UwMNCAX/7QTRbjw6TF6Nvu/0CJy9++TzI6WSm8ELTZHv9nEmZ2cSVUFnoYpmBHr7e/vNkLWD0vfUozRXkidjtzAa/MQXBrtH79Tcik374cbpFbVtGCRXxdbMY1YQHS3TzVkx3BxLPrvIu0F1wRLOt5xRqoNCSstuCXo5CedyWv3m6wC5oR1F7v18TvUq+ATVnGAlC86L0s0ld53DzSdkoTzb3S7q0n/XhyFtqmq5cB3qByEYprbeJntTpEs9j5ucsLzQuQw==,iv:Du0I4ItbkDOokagnbZVT/yUZ4+HcMFRKudxs3FJWbjo=,tag:ISKMsaV7NQ/5LuCkZcLgBg==,type:str] + key: ENC[AES256_GCM,data:8+qji4NGJbb66R7GIvuBZExA5sYFrfgs9fu/0Lh9MNWh1xIEvN8/xGAy0DqZO1XPZgisWoWb+p4BLgJIwdhj9OKCy2N/ZvqoV8qOEH4bx7ntV3kQPjXI6yS0Fax/quOcf7AvmqyJdpmY9orUqKA8Qlif5WNUOzUTfmvJAFIimFQnCFPOnI/M4l96tTdkn3EMMZoc5j9OYnUEsnqt/GyawSLjkvOvB/ieltqIrQWTT1nGLrj8LLjc8Q5kfntfyXkPnz5YStP6SR5sFD858+Ie2+mPkvTWODmagRwBNX4qwAT2R4KCx3nrW/nJC4xVczjpVf1rJ4azqU7GwqkeHhrW4YncwzAXVNxNt3s8bktCG516UejRdpsxKFGg8L8OXXb+6DkC+3S2goCuj0AdwkTnmw==,iv:gyGlBBfFsVsAplOfvoxcOvjaiR7ilZTD+6I9fkumIMI=,tag:6BD3EnncXPrUvjbIJwxk2Q==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:fVZwlYoUZ2INNnmwKd+xIXXKhzC55wa+r6XBkrdiusfXT7IyhOSM7QB8RJBA969VotFDP3BcCJw5htScciqzySuJ24ShAScbmsNThGMuPs2ovzItJ3fciIbGRBxEbsMlkseHjLEwB6swdIn/acpgtMPTj0UJW+La6LCKkqekTp8QZp2+8WQMAXMMkApqwmWupDy7qy9Sr+j8X88d0l7QcsNDUSr+iG3xbXpqDKT/ZtzAB+HWB9u5t8aLUqLQYlQPfsXxy3/V+fR1JMpiSsMZwdHGRRDjDnFo+9y0WQcOINLiUzwhPqYUyQzpbbIaU9WgIR2ZcE1fQGHU+ax/7Lp2NfDpB39u+TD/lIyHvXU4xHkf08MNFbWyQjMsskouJLyelo8fNFK6oQ4Enhp1oR4U2luWpnSNdjKOSQ44ZW3w3e7NIPluHQ/nrbd6dFrJmBN7+eB+uQXY5KPt5ssGUd4EcEyR2o20OseKm5Sa8PPQ+8yGnReKxKO46LG1YG/SIPUJL0/SWv0vY1r4qWw4UFFEyy/XRpOMSqxlFMYQwHuPWaJzrWcqbWNeoH44Rsce1xVxqndQGJGGIz0T1tq6fd1Y1cARkNtZpgy4dbLqi0Xl6tAi1LqH6dDqsNi+oYuvLdpgA1NNx3M7P/I67fYO87pIQeu8iiQCAO/5I01NpOFAtwfgqCWTkPge6SdTh7w/lsSjcdcWOC3HNwXrVjulkwIgvNQnEp2JY7Z9aIsmQvFcHXhmoeXP6nyNa/vqlpr4Q1B4kTjBKpI1EFifFPvg+/h3/37rrcjA1mFqZqLmtwN41LeidP/akLgNrBMPnLZ2polw9bQQqjz32Nqz+n8rcHhDSTLahAJs+gPrimHxkt3y8jn7UwvT+5LVg14Aiial2P8GOJV14YIS3jyap1xkfZrUY2B4A97vB/qZjmpzdFOphyZufkFmWL9i8Q==,iv:+AfCAZCSM1At7Gs+hpoWWJqrw+vIu9+q+80TD+Pv+RA=,tag:MDsj7UsR9Cf60piwrU4tDw==,type:str] + key: ENC[AES256_GCM,data:tZvAbyj5pMoT66uxBmBtZKfTi5M7BqnCFtdFhc99s/3Rg2wPB1OHwVVPGF2PwAIJ/SSti8CtxmiSHJNIV+1vu0pGTj1COTQAtICOzot5FcyY3kq80WVV6rPMQt/8505coKpgTm8TJuJseWkIZ5bmO0hV1mfHA8Z1PtBSGIHswoeddiY7xGQqkV9o+h86PjQFS/PvWzOM+92cCEZACwi1e2xxPGt8IbA0j0BzTYHyIGOiYDBAvLvMV3Ammi3Zrvdpn1IyMXVBON1GAX0f+YXPmeWWmsKJ3IlC15xdI6PmSy1G2vqHy+kalJEDf6wSyV4jZpCUiRdRNPNnbWiPUvnGAk49JwFA69KTGx4MehJaFfhfYEMfi5XDHKFUQYARbOOoFYtuQj8RCi00xQlzMy7NuQ==,iv:EbrnPYjrFsRCGSVHF/Mj3XrFp26YPl6xM0DyGm/qD5A=,tag:8hIClg21wQYUQEvQiOaszA==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:eFegQeg5oQosrLZ9dKwrP0/gmx7yf8vwjC/9BeI/q58zpo+6H6SQugw8bDQ3Yh6Q0Fgha5CVfIRcKVtYa1PGoRaUGoa4/sbL1WyEPMr1cNoRkosh1w94UwaFX3L/G7msx74Y9se/mfrVNtBCy388BQ8HgXxRVoTvG+zMPyjOXAIyxBYVsjgZ7PUVzJcYlWom1PswEusoLIFoKQ1w7scoYunvtYFT4CR9hL48nU54h4GFtQMNPdEWCPZB3ShQSvzsyd3hCh+klUKrxXrfB87xHrArBsVQ6JTJMI61BzdUE7j7grw7i+N6gmCs16HOFc+UsdF6VbGjNYTndn12N/mP4vs9fEnWoAbQsoMx2VLokTkWfj2HHdpkMF0jZpjXjFXHATzBV93MVvOvghnK6nMJxA==,iv:kjQU/5sq6GKgiUTHXtuyJNlTHcuYlpY9B4qbRcR+ibs=,tag:EYNCBmniRl0VTz4ff3+Y9Q==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + certSANs: + - 127.0.0.1 + - 192.168.42.120 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + proxy: + disabled: true + scheduler: + image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:zBoQoXsZkjlw/kwbAY+O1YnImKTk6RaKomQv9Fkd8FMPyAYa7RgWzF5VZkUbmC6XbiLzi6pagLAeq6/OrGkMNtx3j/r9ALWavgfhWuJXds0w0X1Ubj9J9pnKMvIA3i8ZyI6whm3jrKabyCfahAlHhlGwJzCxzMD1QKZwUc71q3kPvHjz6I2nyDaiKjtZ44F8OzTOP4jbSo9Ap6rGbRy+qr/KaFa/XA/4SSRkWsbS05at3nRAKLdR6a7Lc4fVnBRaHZfLJdIAeXOBxAbjwwXJzslxpWLfWWtdrptl/idUBfiEvnW95EAh8Zl0nrqt42YYUvkDAOGjQXWD5rS9oQubz+dIdOfu1VbJM+VVdZUl9geepsfuezZQU/ydlSl5O6nPInRnTTjYDCGwYgKroHkOlyrrdJoOXdMbq6Q8OHqmVfPi8NlPZOKnEJjcgHfrmhdNAEsmHSTRwV3fAu2/h+gdAdLC1apueKYdfxeO2D6AsZtEqXFwpbFiRP9eR9ubW4714f2GWKJrTraEgwfEtssqEvCKHZVVK54PW+jOi1VGBRPqeeuXo/zo86gY54S2YsSvBqQdfksjkC6O4s/N1l0X5wHXD5Bvx57ecpZ3RvuxNgwOfHKghZdiS6LuGOBKhN4VySButDLYf4w0ptU3uHRTIvBzTX4LpfIDb5M1ipiMBAr5UMfcyY4oh1RqTouLkmK9lB497grstHExlGtKGpHMCLh9F9rF5Vy6EEVEjVWwgyxc7CBUHLR41efqC8fLEP8zojU2IrnnJRY/v7g96KMELqxIuWQZ7D47gW3ZqXbopDU/ubfmZ0uTWk5DVczDoqSkkPdOEG6QJ7VLE0eYQ+VEPvwvd3dcZeVUDtDI+Q45pr/u9NLUcbHe9vNAvKnegWzCKrV1MgnFYI7ALmlOfVebkPtRWrIg22urC9YT0nMmD6STQHtvKFEBKgCVjwOOgwtO9bwNNN+zLYNY39vV/0X5Gbss1Q+PKBTZIr3pgeB4Z0fF9C5bjMsDwmWcy/mmfFOrgeMHUQ==,iv:3gzsFLVAi8sjIvrngDhZtEBed0OEt5b0jFJr0basxaw=,tag:bwPo/yqD+Avg3J3AMpwYmg==,type:str] + key: ENC[AES256_GCM,data:0VDCM42mmJ4m56v8Yjat5bFiE1YOU9HJ1EJi21fOzmt6COqVTzAeN9K5D5pEd16Ogbd+/NkPpmGSfCz4vjygshaOwAUx7WYy+41YMHjXmObd/n2TOReI2tlQcIFABGyJPDlXuEiejb+kPTgZKdtsvMPf/pm2o+tGxnKO5ncBYF4b1Oeh12GGR14FAmHsuTlCKCR6nzcRjdcrSegRaMVFB5mA1FOISjQ/pG/+gFRFGeqwD8djpNDZWfwAd+2ScvFVzgudufLbpqpAdxGWLhHbmwDvQoNQtOZLmkx0atSlkSQh2razgqm8ectMegwCamjiMhQmAplvE6/Dmlkq2inapkz/pHfRg1pgK79qXdmvHHdVXLQ6nyZ+/sNsMC0KHwLyRty86DL5WfmY02GOIuy3fQ==,iv:PdPNyCj9hi5e4+/VdFAhWf8857sAwcmHcn9FQKVAUwQ=,tag:SaPvYhYPkqXe4afpYVDz4g==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 192.168.42.0/24 + allowSchedulingOnMasters: true sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZHJEUFpUTjZzT0tUTHZa - TWdkellvSFNZY1NnUGsxaVJRU1F5SXF5ckFZCnFKZStyb0lSdUpZN3Qvc3ZMNnZ2 - b2srYjBTVW9Nc1FZakx5YWZVSEJ4VGMKLS0tIFZPQmZXd1BqVS9nQk8wOG1lb3dy - WXlJeEkyeXFxWkVRNUVmQ3R6cVJnN1kKphzRKdEc3H3Djm10FAoPofiiZOnJ8OtF - 8tb8dOZx7b888Ubhh2tzW09XczdU8Jt/atp6amHVFw+evUv9S2tUzQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-28T22:06:15Z" - mac: ENC[AES256_GCM,data:xxqn0YLT3qJ+4sG+SNKzy0SF43iOo+0InWyI03Ec6TknkGt4eKX6RYcO+m7EwlbtsGqCDcEzHQHi04pHIg21smS8ZYISuoIg1xbsGGX2oSAwfa0b/WkBQiDRK+W5GxNIwZqfORAmz096h6pN3tyRAukZ1p5ksdzlVApGtRMWku8=,iv:5qMKZ6FVaGOxXESA8ZkZDu3IL/jyEEUSq/KVIpZKAf0=,tag:SwIV8YZ/ExEQmu898Izmaw==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - mac_only_encrypted: true - version: 3.9.0 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZHJEUFpUTjZzT0tUTHZa + TWdkellvSFNZY1NnUGsxaVJRU1F5SXF5ckFZCnFKZStyb0lSdUpZN3Qvc3ZMNnZ2 + b2srYjBTVW9Nc1FZakx5YWZVSEJ4VGMKLS0tIFZPQmZXd1BqVS9nQk8wOG1lb3dy + WXlJeEkyeXFxWkVRNUVmQ3R6cVJnN1kKphzRKdEc3H3Djm10FAoPofiiZOnJ8OtF + 8tb8dOZx7b888Ubhh2tzW09XczdU8Jt/atp6amHVFw+evUv9S2tUzQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-02T18:46:04Z" + mac: ENC[AES256_GCM,data:AurlT97ksYYnAW8ndetN0eS3SohBxKLr+FuqBKvQxFJn2ny85cviz2Q01znHCic8jgVwh1VZ5Bina5LVy0H1heVCzHed6or7pkHSx2haeYMRNpGYJbgLEEv7AhDejfzo2eUbTNs20LLa76dd9O/CxW3RCITRTH4XwytvoxRD/p0=,iv:2NA+rTe5lHH1xU+xt576Iydi4ToITM4vV6RGG94gHSM=,tag:b0BR8k9Ck+asnsLE0hVKUA==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ + mac_only_encrypted: true + version: 3.9.0