From db6ffbbc562864c627d09f4e6e2e5a24400cbefc Mon Sep 17 00:00:00 2001 From: 0xWheatyz Date: Sun, 23 Nov 2025 21:13:27 +0000 Subject: [PATCH] feat: new cluster created, currently runs nginx --- testing1/controlplane.yaml | 2 +- testing1/first-cluster/.talosconfig | 10 +++++++ .../apps/demo/nginx-deployment.yaml | 27 +++++++++++++++++++ .../apps/demo/nginx-service.yaml | 14 ++++++++++ .../cluster/base/namespace-apps.yaml | 4 +++ testing1/kubeconfig | 4 +-- testing1/mc.yaml | 11 ++++++++ 7 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 testing1/first-cluster/.talosconfig create mode 100644 testing1/first-cluster/apps/demo/nginx-deployment.yaml create mode 100644 testing1/first-cluster/apps/demo/nginx-service.yaml create mode 100644 testing1/first-cluster/cluster/base/namespace-apps.yaml create mode 100644 testing1/mc.yaml diff --git a/testing1/controlplane.yaml b/testing1/controlplane.yaml index dfec197..f78ff34 100644 --- a/testing1/controlplane.yaml +++ b/testing1/controlplane.yaml @@ -574,4 +574,4 @@ cluster: # certLifetime: 1h0m0s # Admin kubeconfig certificate lifetime (default is 1 year). # # Allows running workload on control-plane nodes. - # allowSchedulingOnControlPlanes: true + allowSchedulingOnControlPlanes: true diff --git a/testing1/first-cluster/.talosconfig b/testing1/first-cluster/.talosconfig new file mode 100644 index 0000000..d383e34 --- /dev/null +++ b/testing1/first-cluster/.talosconfig @@ -0,0 +1,10 @@ +context: test-talos1-control +contexts: + test-talos1-control: + endpoints: + - 10.0.0.67 + nodes: + - 10.0.0.67 + ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBNTUzYnZ2c1RjRlE1RktIRTZEZ0l5ekFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXhNVEV6TURJMU9UQXhXaGNOTXpVeE1URXhNREkxT1RBeFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUU1cnptdE1WcjZCZkxnZEE1UUV6bDZOVEhxQi9OaXFCK1dICnI3ZW5yNWw2bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkVzcXFnZXFaYWZna3dTRApKUko0c0JNbWxaYkRNQVVHQXl0bGNBTkJBUFVMcWR1Z2Y1OEZmTVFTRC9Bc21RdkZBQnNjSkRLVnd2RXBWRWh3CnQ3Vnd3bVFRaEVyNVB3KzI3M1B3c1kvLzE3SjZDOFY2SGhiVDFqRFFMZ2hvY1FFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJLRENCMjZBREFnRUNBaEF6VXZDRUpPaGFoQ3Vhalg3alBDeXhNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5URXhNVE13TWpVNU1ERmFGdzB5TmpFeE1UTXdNalU1TURGYU1CTXhFVEFQQmdOVgpCQW9UQ0c5ek9tRmtiV2x1TUNvd0JRWURLMlZ3QXlFQVZCcmM5QUJDdXpYYW1adEFjQ3V6b2hrM21Eb0dLalhtClVZaEdwNEJ4VUsralNEQkdNQTRHQTFVZER3RUIvd1FFQXdJSGdEQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0QKQWpBZkJnTlZIU01FR0RBV2dCUkxLcW9IcW1XbjRKTUVneVVTZUxBVEpwV1d3ekFGQmdNclpYQURRUUFjSzFRRQpDeThxVmxxN1lmc2ZNVFF2L3RNbkQ1YUJNSUp6SDNiNFNTUkU0SkFYQ2hQcktSM3laSno3Y2xNSDVORXVxTE9UCkxwYjM3UHpKVWxRbDMyQUUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJRjNic3BNbmZQdTR1aU9NOGFGNmJ4ZklGSDBLdm45YytPZHdMOXZlb0hHVgotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K diff --git a/testing1/first-cluster/apps/demo/nginx-deployment.yaml b/testing1/first-cluster/apps/demo/nginx-deployment.yaml new file mode 100644 index 0000000..2f7e25e --- /dev/null +++ b/testing1/first-cluster/apps/demo/nginx-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: demo-nginx + namespace: apps +spec: + replicas: 1 + selector: + matchLabels: + app: demo-nginx + template: + metadata: + labels: + app: demo-nginx + spec: + containers: + - name: nginx + image: nginx:1.27-alpine + ports: + - containerPort: 80 + resources: + requests: + cpu: "50m" + memory: "64Mi" + limits: + cpu: "200m" + memory: "128Mi" diff --git a/testing1/first-cluster/apps/demo/nginx-service.yaml b/testing1/first-cluster/apps/demo/nginx-service.yaml new file mode 100644 index 0000000..239f8a1 --- /dev/null +++ b/testing1/first-cluster/apps/demo/nginx-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: demo-nginx + namespace: apps +spec: + type: NodePort + selector: + app: demo-nginx + ports: + - name: http + port: 80 + targetPort: 80 + nodePort: 30080 diff --git a/testing1/first-cluster/cluster/base/namespace-apps.yaml b/testing1/first-cluster/cluster/base/namespace-apps.yaml new file mode 100644 index 0000000..f05026e --- /dev/null +++ b/testing1/first-cluster/cluster/base/namespace-apps.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apps diff --git a/testing1/kubeconfig b/testing1/kubeconfig index 26e447b..f1485e6 100644 --- a/testing1/kubeconfig +++ b/testing1/kubeconfig @@ -16,5 +16,5 @@ preferences: {} users: - name: admin@test-talos1-control user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnekNDQVNxZ0F3SUJBZ0lRZkJMSFlBczI5cFRJcGxlYXg5KzkyREFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTFNVEV4TkRJek1EWXdObG9YRFRJMk1URXhOREl6TURZeApObG93S1RFWE1CVUdBMVVFQ2hNT2MzbHpkR1Z0T20xaGMzUmxjbk14RGpBTUJnTlZCQU1UQldGa2JXbHVNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMkVpSGFGZHhDMk5sdXEyTkovR3FHRnFOK3RkUnU5M3YKUDAvQXhzQWtxaXJ5OUdoSUFrK3grZGNQNDRQOERlVkhFM1lWeTRObE9GSTI5NHhJWkF6a0c2TklNRVl3RGdZRApWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGRzI5CjVMNTRjanJjM1oxWXNMZUxPVTNZdy9JK01Bb0dDQ3FHU000OUJBTUNBMGNBTUVRQ0lHRThqQUNiNk1GT1QzL3cKNFB3L0JhYk42UXF2eVJDM1gzUFFzTHFrc3RkMkFpQjRaOXgwZHY3dEoyVTB0NzRvOHIwK084V3NVTWFIWDM2egpzSmZWVUV4MGt3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUQ2OVJ0K2o2ZmR0RUtTamNIVmxMamxibHFrYVJtMUNDNUU0QUNWSFI2cU5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMkVpSGFGZHhDMk5sdXEyTkovR3FHRnFOK3RkUnU5M3ZQMC9BeHNBa3Fpcnk5R2hJQWsreAorZGNQNDRQOERlVkhFM1lWeTRObE9GSTI5NHhJWkF6a0d3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJoVENDQVN1Z0F3SUJBZ0lSQUxyMndsaWlaWE44YUJBazg2ay82U0l3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOVEV4TWpNeE56RTJORFJhRncweU5qRXhNak14TnpFMgpOVFJhTUNreEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQktTZGcxT0E0THBrVngxbHZVeVhHajJCZjVYY2xQemsKd25nNUZhMUUvNE1TL0NoOWJDQ2Q1TnRDTlhybzFwL1kvSCsyWXBCQUhZWVo5ZTZSMWx6QytHNmpTREJHTUE0RwpBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFqQWZCZ05WSFNNRUdEQVdnQlJ0CnZlUytlSEk2M04yZFdMQzNpemxOMk1QeVBqQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpRUF4SXlxTkFGT3RYSU8KZytFZUhhSjRWSVVGeFFjQkVXVkdIL0lhd29neitkY0NJQldneEFZVDlPTFI4MzhsckVWak9vY3VaUGNpUXRHQQpXVDFpREdXMlZvM2YKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVB5dXhaUFZzdWdoTm9ZK1FvTStXN3NtcGIzUVdCZjZMTHFPR1ZuT1JqcXlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFcEoyRFU0RGd1bVJYSFdXOVRKY2FQWUYvbGR5VS9PVENlRGtWclVUL2d4TDhLSDFzSUozawoyMEkxZXVqV245ajhmN1ppa0VBZGhobjE3cEhXWE1MNGJnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/testing1/mc.yaml b/testing1/mc.yaml new file mode 100644 index 0000000..49c727d --- /dev/null +++ b/testing1/mc.yaml @@ -0,0 +1,11 @@ +node: 10.0.0.67 +metadata: + namespace: config + type: MachineConfigs.config.talos.dev + id: v1alpha1 + version: 1 + owner: + phase: running + created: 2025-11-23T20:26:53Z + updated: 2025-11-23T20:26:53Z +spec: "version: v1alpha1 # Indicates the schema used to decode the contents.\ndebug: false # Enable verbose logging to the console.\npersist: true\n# Provides machine specific configuration options.\nmachine:\n type: controlplane # Defines the role of the machine within the cluster.\n token: dhmkxg.kgt4nn0mw72kd3yb # The `token` is used by a machine to join the PKI of the cluster.\n # The root certificate authority of the PKI.\n ca:\n crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBNTUzYnZ2c1RjRlE1RktIRTZEZ0l5ekFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qVXhNVEV6TURJMU9UQXhXaGNOTXpVeE1URXhNREkxT1RBeFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUU1cnptdE1WcjZCZkxnZEE1UUV6bDZOVEhxQi9OaXFCK1dICnI3ZW5yNWw2bzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkVzcXFnZXFaYWZna3dTRApKUko0c0JNbWxaYkRNQVVHQXl0bGNBTkJBUFVMcWR1Z2Y1OEZmTVFTRC9Bc21RdkZBQnNjSkRLVnd2RXBWRWh3CnQ3Vnd3bVFRaEVyNVB3KzI3M1B3c1kvLzE3SjZDOFY2SGhiVDFqRFFMZ2hvY1FFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJQVZVTjAyWTRiVnpXenhyL0tKOWRicE1Iakt2V1JVV2VEVjZRRGtzcWV0dwotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K\n # Extra certificate subject alternative names for the machine's certificate.\n certSANs: []\n # # Uncomment this to enable SANs.\n # - 10.0.0.10\n # - 172.16.0.10\n # - 192.168.0.10\n\n # Used to provide additional options to the kubelet.\n kubelet:\n image: ghcr.io/siderolabs/kubelet:v1.33.0 # The `image` field is an optional reference to an alternative kubelet image.\n defaultRuntimeSeccompProfileEnabled: true # Enable container runtime default Seccomp profile.\n disableManifestsDirectory: true # The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory.\n \n # # The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list.\n # clusterDNS:\n # - 10.96.0.10\n # - 169.254.2.53\n\n # # The `extraArgs` field is used to provide additional flags to the kubelet.\n # extraArgs:\n # key: value\n\n # # The `extraMounts` field is used to add additional mounts to the kubelet container.\n # extraMounts:\n # - destination: /var/lib/example # Destination is the absolute path where the mount will be placed in the container.\n # type: bind # Type specifies the mount kind.\n # source: /var/lib/example # Source specifies the source path of the mount.\n # # Options are fstab style mount options.\n # options:\n # - bind\n # - rshared\n # - rw\n\n # # The `extraConfig` field is used to provide kubelet configuration overrides.\n # extraConfig:\n # serverTLSBootstrap: true\n\n # # The `KubeletCredentialProviderConfig` field is used to provide kubelet credential configuration.\n # credentialProviderConfig:\n # apiVersion: kubelet.config.k8s.io/v1\n # kind: CredentialProviderConfig\n # providers:\n # - apiVersion: credentialprovider.kubelet.k8s.io/v1\n # defaultCacheDuration: 12h\n # matchImages:\n # - '*.dkr.ecr.*.amazonaws.com'\n # - '*.dkr.ecr.*.amazonaws.com.cn'\n # - '*.dkr.ecr-fips.*.amazonaws.com'\n # - '*.dkr.ecr.us-iso-east-1.c2s.ic.gov'\n # - '*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov'\n # name: ecr-credential-provider\n\n # # The `nodeIP` field is used to configure `--node-ip` flag for the kubelet.\n # nodeIP:\n # # The `validSubnets` field configures the networks to pick kubelet node IP from.\n # validSubnets:\n # - 10.0.0.0/8\n # - '!10.0.0.3/32'\n # - fdc7::/16\n # Provides machine specific network configuration options.\n network: {}\n # # `interfaces` is used to define the network interface configuration.\n # interfaces:\n # - interface: enp0s1 # The interface name.\n # # Assigns static IP addresses to the interface.\n # addresses:\n # - 192.168.2.0/24\n # # A list of routes associated with the interface.\n # routes:\n # - network: 0.0.0.0/0 # The route's network (destination).\n # gateway: 192.168.2.1 # The route's gateway (if empty, creates link scope route).\n # metric: 1024 # The optional metric for the route.\n # mtu: 1500 # The interface's MTU.\n # \n # # # Picks a network device using the selector.\n\n # # # select a device with bus prefix 00:*.\n # # deviceSelector:\n # # busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.\n # # # select a device with mac address matching `*:f0:ab` and `virtio` kernel driver.\n # # deviceSelector:\n # # hardwareAddr: '*:f0:ab' # Device hardware (MAC) address, supports matching by wildcard.\n # # driver: virtio_net # Kernel driver, supports matching by wildcard.\n # # # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver.\n # # deviceSelector:\n # # - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.\n # # - hardwareAddr: '*:f0:ab' # Device hardware (MAC) address, supports matching by wildcard.\n # # driver: virtio_net # Kernel driver, supports matching by wildcard.\n\n # # # Bond specific options.\n # # bond:\n # # # The interfaces that make up the bond.\n # # interfaces:\n # # - enp2s0\n # # - enp2s1\n # # # Picks a network device using the selector.\n # # deviceSelectors:\n # # - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.\n # # - hardwareAddr: '*:f0:ab' # Device hardware (MAC) address, supports matching by wildcard.\n # # driver: virtio_net # Kernel driver, supports matching by wildcard.\n # # mode: 802.3ad # A bond option.\n # # lacpRate: fast # A bond option.\n\n # # # Bridge specific options.\n # # bridge:\n # # # The interfaces that make up the bridge.\n # # interfaces:\n # # - enxda4042ca9a51\n # # - enxae2a6774c259\n # # # Enable STP on this bridge.\n # # stp:\n # # enabled: true # Whether Spanning Tree Protocol (STP) is enabled.\n\n # # # Configure this device as a bridge port.\n # # bridgePort:\n # # master: br0 # The name of the bridge master interface\n\n # # # Indicates if DHCP should be used to configure the interface.\n # # dhcp: true\n\n # # # DHCP specific options.\n # # dhcpOptions:\n # # routeMetric: 1024 # The priority of all routes received via DHCP.\n\n # # # Wireguard specific configuration.\n\n # # # wireguard server example\n # # wireguard:\n # # privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).\n # # listenPort: 51111 # Specifies a device's listening port.\n # # # Specifies a list of peer configurations to apply to a device.\n # # peers:\n # # - publicKey: ABCDEF... # Specifies the public key of this peer.\n # # endpoint: 192.168.1.3 # Specifies the endpoint of this peer entry.\n # # # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.\n # # allowedIPs:\n # # - 192.168.1.0/24\n # # # wireguard peer example\n # # wireguard:\n # # privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).\n # # # Specifies a list of peer configurations to apply to a device.\n # # peers:\n # # - publicKey: ABCDEF... # Specifies the public key of this peer.\n # # endpoint: 192.168.1.2:51822 # Specifies the endpoint of this peer entry.\n # # persistentKeepaliveInterval: 10s # Specifies the persistent keepalive interval for this peer.\n # # # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.\n # # allowedIPs:\n # # - 192.168.1.0/24\n\n # # # Virtual (shared) IP address configuration.\n\n # # # layer2 vip example\n # # vip:\n # # ip: 172.16.199.55 # Specifies the IP address to be used.\n\n # # Used to statically set the nameservers for the machine.\n # nameservers:\n # - 8.8.8.8\n # - 1.1.1.1\n\n # # Used to statically set arbitrary search domains.\n # searchDomains:\n # - example.org\n # - example.com\n\n # # Allows for extra entries to be added to the `/etc/hosts` file\n # extraHostEntries:\n # - ip: 192.168.1.100 # The IP of the host.\n # # The host alias.\n # aliases:\n # - example\n # - example.domain.tld\n\n # # Configures KubeSpan feature.\n # kubespan:\n # enabled: true # Enable the KubeSpan feature.\n\n # Used to provide instructions for installations.\n install:\n disk: /dev/sda # The disk used for installations.\n image: ghcr.io/siderolabs/installer:v1.10.1 # Allows for supplying the image used to perform the installation.\n wipe: false # Indicates if the installation disk should be wiped at installation time.\n \n # # Look up disk using disk attributes like model, size, serial and others.\n # diskSelector:\n # size: 4GB # Disk size.\n # model: WDC* # Disk model `/sys/block//device/model`.\n # busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 # Disk bus path.\n\n # # Allows for supplying extra kernel args via the bootloader.\n # extraKernelArgs:\n # - talos.platform=metal\n # - reboot=k\n # Used to configure the machine's container image registry mirrors.\n registries: {}\n # # Specifies mirror configuration for each registry host namespace.\n # mirrors:\n # ghcr.io:\n # # List of endpoints (URLs) for registry mirrors to use.\n # endpoints:\n # - https://registry.insecure\n # - https://ghcr.io/v2/\n\n # # Specifies TLS & auth configuration for HTTPS image registries.\n # config:\n # registry.insecure:\n # # The TLS configuration for the registry.\n # tls:\n # insecureSkipVerify: true # Skip TLS server certificate verification (not recommended).\n # \n # # # Enable mutual TLS authentication with the registry.\n # # clientIdentity:\n # # crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t\n # # key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==\n # \n # # # The auth configuration for this registry.\n # # auth:\n # # username: username # Optional registry authentication.\n # # password: password # Optional registry authentication.\n\n # Features describe individual Talos features that can be switched on or off.\n features:\n rbac: true # Enable role-based access control (RBAC).\n stableHostname: true # Enable stable default hostname.\n apidCheckExtKeyUsage: true # Enable checks for extended key usage of client certificates in apid.\n diskQuotaSupport: true # Enable XFS project quota support for EPHEMERAL partition and user disks.\n # KubePrism - local proxy/load balancer on defined port that will distribute\n kubePrism:\n enabled: true # Enable KubePrism support - will start local load balancing proxy.\n port: 7445 # KubePrism port.\n # Configures host DNS caching resolver.\n hostDNS:\n enabled: true # Enable host DNS caching resolver.\n forwardKubeDNSToHost: true # Use the host DNS resolver as upstream for Kubernetes CoreDNS pods.\n \n # # Configure Talos API access from Kubernetes pods.\n # kubernetesTalosAPIAccess:\n # enabled: true # Enable Talos API access from Kubernetes pods.\n # # The list of Talos API roles which can be granted for access from Kubernetes pods.\n # allowedRoles:\n # - os:reader\n # # The list of Kubernetes namespaces Talos API access is available from.\n # allowedKubernetesNamespaces:\n # - kube-system\n # Configures the node labels for the machine.\n nodeLabels:\n node.kubernetes.io/exclude-from-external-load-balancers: \"\"\n \n # # Provides machine specific control plane configuration options.\n\n # # ControlPlane definition example.\n # controlPlane:\n # # Controller manager machine specific configuration options.\n # controllerManager:\n # disabled: false # Disable kube-controller-manager on the node.\n # # Scheduler machine specific configuration options.\n # scheduler:\n # disabled: true # Disable kube-scheduler on the node.\n\n # # Used to provide static pod definitions to be run by the kubelet directly bypassing the kube-apiserver.\n\n # # nginx static pod.\n # pods:\n # - apiVersion: v1\n # kind: pod\n # metadata:\n # name: nginx\n # spec:\n # containers:\n # - image: nginx\n # name: nginx\n\n # # Allows the addition of user specified files.\n\n # # MachineFiles usage example.\n # files:\n # - content: '...' # The contents of the file.\n # permissions: 0o666 # The file's permissions in octal.\n # path: /tmp/file.txt # The path of the file.\n # op: append # The operation to use\n\n # # The `env` field allows for the addition of environment variables.\n\n # # Environment variables definition examples.\n # env:\n # GRPC_GO_LOG_SEVERITY_LEVEL: info\n # GRPC_GO_LOG_VERBOSITY_LEVEL: \"99\"\n # https_proxy: http://SERVER:PORT/\n # env:\n # GRPC_GO_LOG_SEVERITY_LEVEL: error\n # https_proxy: https://USERNAME:PASSWORD@SERVER:PORT/\n # env:\n # https_proxy: http://DOMAIN\\USERNAME:PASSWORD@SERVER:PORT/\n\n # # Used to configure the machine's time settings.\n\n # # Example configuration for cloudflare ntp server.\n # time:\n # disabled: false # Indicates if the time service is disabled for the machine.\n # # description: |\n # servers:\n # - time.cloudflare.com\n # bootTimeout: 2m0s # Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence.\n\n # # Used to configure the machine's sysctls.\n\n # # MachineSysctls usage example.\n # sysctls:\n # kernel.domainname: talos.dev\n # net.ipv4.ip_forward: \"0\"\n # net/ipv6/conf/eth0.100/disable_ipv6: \"1\"\n\n # # Used to configure the machine's sysfs.\n\n # # MachineSysfs usage example.\n # sysfs:\n # devices.system.cpu.cpu0.cpufreq.scaling_governor: performance\n\n # # Machine system disk encryption configuration.\n # systemDiskEncryption:\n # # Ephemeral partition encryption.\n # ephemeral:\n # provider: luks2 # Encryption provider to use for the encryption.\n # # Defines the encryption keys generation and storage method.\n # keys:\n # - # Deterministically generated key from the node UUID and PartitionLabel.\n # nodeID: {}\n # slot: 0 # Key slot number for LUKS2 encryption.\n # \n # # # KMS managed encryption key.\n # # kms:\n # # endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.\n # \n # # # Cipher kind to use for the encryption. Depends on the encryption provider.\n # # cipher: aes-xts-plain64\n\n # # # Defines the encryption sector size.\n # # blockSize: 4096\n\n # # # Additional --perf parameters for the LUKS2 encryption.\n # # options:\n # # - no_read_workqueue\n # # - no_write_workqueue\n\n # # Configures the udev system.\n # udev:\n # # List of udev rules to apply to the udev system\n # rules:\n # - SUBSYSTEM==\"drm\", KERNEL==\"renderD*\", GROUP=\"44\", MODE=\"0660\"\n\n # # Configures the logging system.\n # logging:\n # # Logging destination.\n # destinations:\n # - endpoint: tcp://1.2.3.4:12345 # Where to send logs. Supported protocols are \"tcp\" and \"udp\".\n # format: json_lines # Logs format.\n\n # # Configures the kernel.\n # kernel:\n # # Kernel modules to load.\n # modules:\n # - name: brtfs # Module name.\n\n # # Configures the seccomp profiles for the machine.\n # seccompProfiles:\n # - name: audit.json # The `name` field is used to provide the file name of the seccomp profile.\n # # The `value` field is used to provide the seccomp profile.\n # value:\n # defaultAction: SCMP_ACT_LOG\n\n # # Override (patch) settings in the default OCI runtime spec for CRI containers.\n\n # # override default open file limit\n # baseRuntimeSpecOverrides:\n # process:\n # rlimits:\n # - hard: 1024\n # soft: 1024\n # type: RLIMIT_NOFILE\n\n # # Configures the node annotations for the machine.\n\n # # node annotations example.\n # nodeAnnotations:\n # customer.io/rack: r13a25\n\n # # Configures the node taints for the machine. Effect is optional.\n\n # # node taints example.\n # nodeTaints:\n # exampleTaint: exampleTaintValue:NoSchedule\n# Provides cluster specific configuration options.\ncluster:\n id: T1wrNZkR6bWDMhqxHwogu6UC1XYwE-HzhO5aB6yzelg= # Globally unique identifier for this cluster (base64 encoded random 32 bytes).\n secret: t6mCiKFppGqSJNbTIelhMvxE7OCsAHiCdlDkBgukszo= # Shared secret of cluster (base64 encoded random 32 bytes).\n # Provides control plane specific configuration options.\n controlPlane:\n endpoint: https://10.0.0.67:6443 # Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname.\n clusterName: test-talos1-control # Configures the cluster's name.\n # Provides cluster specific network configuration options.\n network:\n dnsDomain: cluster.local # The domain used by Kubernetes DNS.\n # The pod subnet CIDR.\n podSubnets:\n - 10.244.0.0/16\n # The service subnet CIDR.\n serviceSubnets:\n - 10.96.0.0/12\n \n # # The CNI used.\n # cni:\n # name: custom # Name of CNI to use.\n # # URLs containing manifests to apply for the CNI.\n # urls:\n # - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml\n token: kaxfds.we8jyuew8eqc6df8 # The [bootstrap token](https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/) used to join the cluster.\n secretboxEncryptionSecret: ZY8YL8xl+egIKxKDyg20zGDWa/T7sZWN/rZr1JuKN1g= # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).\n # The base64 encoded root certificate authority used by Kubernetes.\n ca:\n crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQUpzNTZtbElxQUNKZytDeUU5MWhzb2d3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOVEV4TVRNd01qVTVNREZhRncwek5URXhNVEV3TWpVNQpNREZhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVRoRlpkRGNmZFo5d3d2ZFh4UUJVU2JmV2MzUGxuNVBCVENEeCtmSVM4UUdGSVFDdGg0aFk4Zmc1RVEKVUFaM2VuajN5WU5jQmlGWERxK21sZW9zdlVDMG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGRzI5NUw1NGNqcmMzWjFZc0xlTE9VM1l3L0krTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUY5M08rV2IKbnkrSHhtZWZJQU5BUnJtY0FEQkZac1psOGxoQjJZL2t2aGFoQWlFQXBnQW0xSWR0azA3Nkp0a1VySXVMWDJCYwpxTTZWSnVNczhnTmlQTExaNEFZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUl0K1JDNVFtMHlEazlXZkpzQnRmRVVZbVpLOFhzTHhCMGxBcmVOb0poSXdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNFJXWFEzSDNXZmNNTDNWOFVBVkVtMzFuTno1WitUd1V3ZzhmbnlFdkVCaFNFQXJZZUlXUApINE9SRUZBR2QzcDQ5OG1EWEFZaFZ3NnZwcFhxTEwxQXRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n # The base64 encoded aggregator certificate authority used by Kubernetes for front-proxy certificate generation.\n aggregatorCA:\n crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZRENDQVFXZ0F3SUJBZ0lRYktJc0RBelF0QjRYS0RESm5QZFRxakFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMU1URXhNekF5TlRrd01Wb1hEVE0xTVRFeE1UQXlOVGt3TVZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCRitkc080ZXBwM2ZscWxEV2NXKzJidW8zVUxKUW4weExCSzJQSHhhVWFuWjdVTmVPM0RxCk9SUjVNbkl3L1NaMnJiT2RIeEVtR3BpSzg0MUlsRVZaZ0syallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVMUTVWRkcrd05ycldSTVZPN01hZnc3dG9OUkl3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loCkFKS3JJT284Z29QWXFpVVJUV2JJNHZyQXRteWRaTzVpak9QYmZUei9DQkR3QWlFQTkzZ2IrVHh3Z2J2R1BQcWwKWDR6ZFM2bm1Rc3JSTUZtZXE4M1EzSms0L2xzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==\n key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU8vL0tYUXBzcDczN1NSUzcydFhrTDdTMWFadU5sa29NSlVROTRUZEU1TjNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWDUydzdoNm1uZCtXcVVOWnhiN1p1NmpkUXNsQ2ZURXNFclk4ZkZwUnFkbnRRMTQ3Y09vNQpGSGt5Y2pEOUpuYXRzNTBmRVNZYW1JcnpqVWlVUlZtQXJRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n # The base64 encoded private key for service account token generation.\n serviceAccount:\n key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdzVOemVMc1pVcjhxTTkrNzhuNkhYUGNBMEV0eGJGbkFqWDJORjNMK1VCTDZGb0kzCjdxR0w2OWFFQTRxaFZoTVNzSDVFWk96T2VZajFEazByNEJzMXV2QzcrSnVQU0dmUFNzUWdyMDdQWmRuRml2YUsKdmRJZk1TVEIzZVdwZTdBTXROclROVWxsTXlQci8rektBMWRsWFQzamRjL0ZrMWtHdmRvZklEM0Q0clJIaGhnVgp2Q0lMU0MzeU9USU43NkVMSi9VdjRuZFVDYWxmZG5xSGFyYUs1V2tPZDYyb3JyY25vWm40dzVzL0xobE1pUFo0CkljMWU5ayt4Nlp0Ymp1U2lGaXIycjdWOC9qN1dpOTA0aUxPWWRxenloQ1RTbUZiUjRtd3o3emt2b1dORU5PQ20KS1dERVV6YWhadmo3NUZqS3hId1dsMHlGUi95VUw1RU8xZ2o1alA3RW1vTURveXlyQ3lmU3Q1V20zd1ROYVNtLwpvekZPaUhqWUc1UUlBV3BvNDZWYngrbGd4TXVrQmgrTnFUdVNkdzY3YkhaVmhZV2hReW5oSnU4QlQ1NDNqY0FhCmxtT1RCaEd5UkFlZ211NC9PRWlSUk1zOE5CNTJubGtuRGhGNnFkUnp1cUFKYVpQVnR0RG81QXA2eWJmL3g2ZHEKaUg2a0F4VUc2WmpDNlR4bCtuRTBsMXUrcTRZa0tuY0ovQ2w5bXZ1THgxaW84WHVzYm9qSEo5UVNpeXpVdmFFcwo5R3N2ZHgrYW5SN0VyQ0d2dTVuTC9uZ0I4dHg4Z1N4WDBWWlJLdG1SbWcwZS95bEdZOXI4eFpCTDNSVWNjeUoyCjJtNE5XT2ZSNjY1YklwdnJhNFBuVWFZaW80dWlsVTUvQ0MzZVBwUm5CVFF3U1JTTVQzMmRpM2FtZ0pFQ0F3RUEKQVFLQ0FnQVByODNBL0Z3bUNDOFhJcENxdlFNdFRjMksvTkRLbEp5dWJKM1ZhSlBsTWM4aWk0d2lHbzNaeGRGbwpaRS9zL1dkNnhiZEZmaE5RbEdUaXpRWDNlaVNTTmpscGZIYTBEaDdidThWTEI3cWpEQ0lvQ05RczIxbEU5ejBLCmg5OTl6Q3VLRW1HQzk3eFkxZjZFVkVhSmJwTGRpcUlxTFZjSEFDQWJqYm1Ba1VaYk1tNW9pY1F0TWNZdkRQKzQKU1RUQ0hld1h2Q0dTQnFsZkExbGt3WGxjOGVwMjhma25BeG1SZHArRWtDV2FjT01TMXVvak05dXVZR1hkRi9GOQorb2Y2a0ltVXJCcGJFbWJ3WmZOam5BUHJFN2FuVVlJUk5IcVBjcXFhZ0pISTFCRFIzeCtySmNLd3luSVhkNUswCndFU1o5cFRxODNDdmJ0azQ0b0F6UnRnR1lGNjlwWnVBQ3p5ejRVU2NCZkx5bjF4QmpvdFFMUXRtQlg2K0ZWUUwKMFBuU0NiQ0VKOFFLRUo5M01vWERjUUpFNjRqWmJLU25BZmszYzBpK0ZyUzdzYmZ5MXN4WHNzSHVuNGRDY2ZaSwp4R3dJVVZPd3VWNHJrQnp4Vnk4OUw5R3JaWTFvM25ZTnJrTUJjaWVuWHhiTXFoanU5OWFsUmJvcWZKS21qSGgxCmgrOUVaRlFCc1N6TUFnSnlCT24rbTJCbmNHV0UzakUwWVdRQWlaVFRrQ1JGek1ETTNITWR2dk9VZVZLbWw0RXAKYzJURFBNWGpjQnk5dzZvd1hpZUNPYTdGTm56eUZzcnFCbWdkOWcwZTNwMVdLekczM3orUFplUWFVNEpSTHMwQwp4Rm9Gd0xBbCs4cWE5b3JNaHZiQTFvbXNGZnM3Qmo4N3FzWjFIWWFIZ3M5S1FzVm5EUUtDQVFFQXpTRFVYWDdHCmtGYU8ycmZjdEFYWVFQQ2hXM216QytHZUdiZlhOMTU0Q0MxOUI0azZNNDlHUFJHQ20vNnYrUldILzRQbEJhV0sKWVFsRFFoV3BiK2lLb3BYdGcwUTBoemxubzRSdGJDS0wwWm9RN3RxQjcvNERSSFJXUHpSNmR0bUU2aFg0RmVtbApDRkV5RmltdDhaaVVaVDFpKzVEdmlObTF0UmQ5SWw5U3orQTlsUGFjS3ZFOURoUFM2ZWNuQ0x6eUhvbjdNNk9lCmFBZjhNMUFYZm9ib0lkbjdJaDFsVEN4YXo4dXY0UmpqaEpVTHYrbmpUUGhCR3NJYzJzcGUvQzdzQXcwWVgyMHMKV1FyeHdOY0Q4VFdEYThqeWkzTWhFc291MkRpeGZDRkdkSjJvNXptSjNXSUxHQm5TaDE2T3FBSXN0QS9NTlJ2eAp3L3pMOHBtTzhWbVpWUUtDQVFFQTlCUXJEUjY2Ky9KT2hRRzY0ZEJCQ0g4UXQ4UUdmemVKRzhkV0dhU3JncVhlClVVbXA2NStISnpnSWpCbHEyUVYzOTBuMGVhaGlJeFk0M3llMHYvckhkR1I0VTVVZDVZY2NYUy9vdXR0OStWbEwKcmEzbXBtQytCV0NQZ0lmYnhadjVPNnIvSU5vckQ0QUxlaGVncExjV3NIdU5iNTlLek1UemozbVpuUUdsZ0JPaApkUTdKQnFtTHRGZTJTT2JQUXRaTFZNaC9VNXJVMnppUk5qUCtVVkhoVit0NmZCdExxTE1YVmpJd2R6UnBXVnY4CkJmTGhweWQ3UUgxK1Iyb3pVeDRBTERmL2tSTnlXbXZBcjRzaU5MT25udlRKelVOZm90QXFCdHI5amRyT25kckIKeW9XMEZld2FMbnkwY2hRV0pDL1gxWXA2KzBob1dEWTJBY2hCWlozYVRRS0NBUUJ2VHNNdHdKOHFyMjF4RFpmNwpMN2k2OUZmNmRUMU0weTZoTWZyY2xxeDNjNGVHMFZYOXFGOHF3QmVwWWpoRzV3SVhDcEQ1MFd3WFg1bFpnTHVpCmVBTFNXcHk1UUFkbzRTTjF2V1JLNnl3SG5weFZuOGdtWENXVnZiTVhOUGpIQ1Ixd2tGOUFOTHBTbXd5Y3JoMHYKSGVaWVVVa216T3pOeTZVb0VRamIzL0hsenY1Ym1MNEJKMHBFRzBtMWxySzlzUm1Jck1MY3NJcENWU0xyRFNqUwpoWTNzNElXL2EwZ09YM3NmaXAxemZiZm50NkRha0tYQW5HMW5nYkY2bjVtUEtqN3pJT1g2MGhqZ2NHbmloRW9sClZ5NXJERzFnY2lhZU5ZdloxRm1xeTd1WmgvdWhETDNjblZqN3lQZE9jV2JqajlxR0VwUnl0U2twZWtHSThQNTUKeEc3SkFvSUJBUUN5QW9lSGNSTWtMd3N2SEJ6bEZoSm9GT3ZuYW5MbWsyVk91aW5FV0FHeUxqQ2ZEbDk3OWdRSApDV25LYTdzdWZqdUpRZ21vTkxNbUxjM2Fpc1hiZ2hXM2dKTDFPbnJzYklhMk8vdTdVOXRqWU1tOTZHZWdqa3ZuCjlnMlN5d0x3OHhscGVBUE1QUEZNdzdFYklXSkszekVRRTN3S25aMWJESVVwN2FDb0RveGFoWGFxdmRiRklpQSsKcmYzRzIzYnJvd2liMUFKd3dpcGRtN3JrVWpVM3I4VHViMUlNYzRmUmlKUUxqRjBtZ3pZV011enlsYm9YUThjegpPSk5CbUdYSVI4Z09kK1RQTk9TZ3A1ZUhMNjBKek1FQ1FEdHhsYUtKUnRKdjM0VXUwUmNCcjRySW5vekJ0RWxBCkFEbEdQZm9MK0V5c2MrdlBtblpuWjFvcUlKZjVlWSs5QW9JQkFDRThDbFZITWJEZkJtUXRBYzhHMFM0eUhqNXEKWkdEWTkxSGZIOVVnOFhBdWxuRmViaXpFSDFuQmNLTE5zTndZejcrNTdJaldocHhFcStrMWRpQUdEeTJNVXhNQQpoNGVzWDY1QmZRVHVBNGRMVVk2c2J4eHYwVDBOSW55bXk1SC9xL3RVMUJOVkJNK1FJWDduS1owMjJwek8zWUM1CnNjSDkyY3RwcEdKSDl2V2FZS3NOVUNTbFhBNXc3c3AxRTZBTkRtbVMzR1ZrUnlvOEFVVTZsalZnQ0FJSmFUV1YKN25yaHltY01xbGVyanlXYW9wTUo1d0pnbXJQOWR0ZUJNVmlucG5jdjd4N3ZybW5jeFdVOVU2ZmdtK2pFTGt4UApoTFA2VWpnd1BXMmk1VUZNY1ZzcFNJMEhCMkxvYXBYUWgwQjRUaVNtOFVmY1JUdUJTc21pUkM1cGdpaz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K\n # API server specific configuration options.\n apiServer:\n image: registry.k8s.io/kube-apiserver:v1.33.0 # The container image used in the API server manifest.\n # Extra certificate subject alternative names for the API server's certificate.\n certSANs:\n - 10.0.0.67\n disablePodSecurityPolicy: true # Disable PodSecurityPolicy in the API server and default manifests.\n # Configure the API server admission plugins.\n admissionControl:\n - name: PodSecurity # Name is the name of the admission controller.\n # Configuration is an embedded configuration object to be used as the plugin's\n configuration:\n apiVersion: pod-security.admission.config.k8s.io/v1alpha1\n defaults:\n audit: restricted\n audit-version: latest\n enforce: baseline\n enforce-version: latest\n warn: restricted\n warn-version: latest\n exemptions:\n namespaces:\n - kube-system\n runtimeClasses: []\n usernames: []\n kind: PodSecurityConfiguration\n # Configure the API server audit policy.\n auditPolicy:\n apiVersion: audit.k8s.io/v1\n kind: Policy\n rules:\n - level: Metadata\n \n # # Configure the API server authorization config. Node and RBAC authorizers are always added irrespective of the configuration.\n # authorizationConfig:\n # - type: Webhook # Type is the name of the authorizer. Allowed values are `Node`, `RBAC`, and `Webhook`.\n # name: webhook # Name is used to describe the authorizer.\n # # webhook is the configuration for the webhook authorizer.\n # webhook:\n # connectionInfo:\n # type: InClusterConfig\n # failurePolicy: Deny\n # matchConditionSubjectAccessReviewVersion: v1\n # matchConditions:\n # - expression: has(request.resourceAttributes)\n # - expression: '!(\\''system:serviceaccounts:kube-system\\'' in request.groups)'\n # subjectAccessReviewVersion: v1\n # timeout: 3s\n # - type: Webhook # Type is the name of the authorizer. Allowed values are `Node`, `RBAC`, and `Webhook`.\n # name: in-cluster-authorizer # Name is used to describe the authorizer.\n # # webhook is the configuration for the webhook authorizer.\n # webhook:\n # connectionInfo:\n # type: InClusterConfig\n # failurePolicy: NoOpinion\n # matchConditionSubjectAccessReviewVersion: v1\n # subjectAccessReviewVersion: v1\n # timeout: 3s\n # Controller manager server specific configuration options.\n controllerManager:\n image: registry.k8s.io/kube-controller-manager:v1.33.0 # The container image used in the controller manager manifest.\n # Kube-proxy server-specific configuration options\n proxy:\n image: registry.k8s.io/kube-proxy:v1.33.0 # The container image used in the kube-proxy manifest.\n \n # # Disable kube-proxy deployment on cluster bootstrap.\n # disabled: false\n # Scheduler server specific configuration options.\n scheduler:\n image: registry.k8s.io/kube-scheduler:v1.33.0 # The container image used in the scheduler manifest.\n # Configures cluster member discovery.\n discovery:\n enabled: true # Enable the cluster membership discovery feature.\n # Configure registries used for cluster member discovery.\n registries:\n # Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional information\n kubernetes:\n disabled: true # Disable Kubernetes discovery registry.\n # Service registry is using an external service to push and pull information about cluster members.\n service: {}\n # # External service endpoint.\n # endpoint: https://discovery.talos.dev/\n # Etcd specific configuration options.\n etcd:\n # The `ca` is the root certificate authority of the PKI.\n ca:\n crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmakNDQVNTZ0F3SUJBZ0lSQU1CYjZha2VXZFFobk1JYW5aSm9aZVF3Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TlRFeE1UTXdNalU1TURGYUZ3MHpOVEV4TVRFd01qVTVNREZhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRWmJNeEhTUHNiCmZHcnJCVkUxZXdmNVFoSDZ1djlnS1V1STdFVTl5SWpvdmtyZ1R6dGU3NkFLRG5zREhGRmxVTEdMQzlodGtPcWcKQmhhSnRqN2MxUUhGbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkc5c3IxelhJSk1sCm13SE1NekJVcTZwYytidmJNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJR2FrSmxYQmZGRUliaHB5VVpDOStLdWoKL3NqWHo1ZWY0TkFxcFdHV1RGSXZBaUVBODR6WHRWWC92dVVYUmFGODdJdTNOZEV6TTRubTZndUFrVWRwWFRsUwptQmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdIa3hkOGo5Sk43cXowWWdtZUo1QTVVYW5ocDkyM0FFNzdiSjgxZmMyeWdvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFR1d6TVIwajdHM3hxNndWUk5Yc0grVUlSK3JyL1lDbExpT3hGUGNpSTZMNUs0RTg3WHUrZwpDZzU3QXh4UlpWQ3hpd3ZZYlpEcW9BWVdpYlkrM05VQnhRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=\n \n # # The container image used to create the etcd service.\n # image: gcr.io/etcd-development/etcd:v3.5.21\n\n # # The `advertisedSubnets` field configures the networks to pick etcd advertised IP from.\n # advertisedSubnets:\n # - 10.0.0.0/8\n # A list of urls that point to additional manifests.\n extraManifests: []\n # - https://www.example.com/manifest1.yaml\n # - https://www.example.com/manifest2.yaml\n\n # A list of inline Kubernetes manifests.\n inlineManifests: []\n # - name: namespace-ci # Name of the manifest.\n # contents: |- # Manifest contents as a string.\n # apiVersion: v1\n # kind: Namespace\n # metadata:\n # \tname: ci\n\n \n # # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).\n\n # # Decryption secret example (do not use in production!).\n # aescbcEncryptionSecret: z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM=\n\n # # Core DNS specific configuration options.\n # coreDNS:\n # image: registry.k8s.io/coredns/coredns:v1.12.1 # The `image` field is an override to the default coredns image.\n\n # # External cloud provider configuration.\n # externalCloudProvider:\n # enabled: true # Enable external cloud provider.\n # # A list of urls that point to additional manifests for an external cloud provider.\n # manifests:\n # - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/rbac.yaml\n # - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/aws-cloud-controller-manager-daemonset.yaml\n\n # # A map of key value pairs that will be added while fetching the extraManifests.\n # extraManifestHeaders:\n # Token: \"1234567\"\n # X-ExtraInfo: info\n\n # # Settings for admin kubeconfig generation.\n # adminKubeconfig:\n # certLifetime: 1h0m0s # Admin kubeconfig certificate lifetime (default is 1 year).\n\n # # Allows running workload on control-plane nodes.\n allowSchedulingOnControlPlanes: true\n"