forked from hcloud-talos/terraform-hcloud-talos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
talos_patch_worker.tf
77 lines (77 loc) · 1.98 KB
/
talos_patch_worker.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
locals {
worker_yaml = {
for worker in local.workers : worker.name => {
machine = {
install = {
image = "ghcr.io/siderolabs/installer:${var.talos_version}"
extraKernelArgs = [
"ipv6.disable=${var.enable_ipv6 ? 0 : 1}",
]
}
certSANs = local.cert_SANs
kubelet = {
extraArgs = merge(
{
"cloud-provider" = "external"
"rotate-server-certificates" = true
},
var.kubelet_extra_args
)
nodeIP = {
validSubnets = [
local.node_ipv4_cidr
]
}
}
network = {
extraHostEntries = local.extra_host_entries
kubespan = {
enabled = var.enable_kube_span
advertiseKubernetesNetworks : false # Disabled because of cilium
mtu : 1370 # Hcloud has a MTU of 1450 (KubeSpanMTU = UnderlyingMTU - 80)
}
}
kernel = {
modules = var.kernel_modules_to_load
}
sysctls = merge(
{
"net.core.somaxconn" = "65535"
"net.core.netdev_max_backlog" = "4096"
},
var.sysctls_extra_args
)
features = {
hostDNS = {
enabled = true
forwardKubeDNSToHost = true
resolveMemberNames = true
}
}
time = {
servers = [
"ntp1.hetzner.de",
"ntp2.hetzner.com",
"ntp3.hetzner.net",
"time.cloudflare.com"
]
}
registries = var.registries
}
cluster = {
network = {
dnsDomain = var.cluster_domain
podSubnets = [
local.pod_ipv4_cidr
]
serviceSubnets = [
local.service_ipv4_cidr
]
cni = {
name = "none"
}
}
}
}
}
}