diff --git a/clustertool/embed/generic/kubernetes/system/topolvm/app/helm-release.yaml b/clustertool/embed/generic/kubernetes/system/topolvm/app/helm-release.yaml deleted file mode 100644 index ad10770c7ac3b..0000000000000 --- a/clustertool/embed/generic/kubernetes/system/topolvm/app/helm-release.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: topolvm - namespace: topolvm-system -spec: - interval: 5m - releaseName: topolvm - chart: - spec: - - chart: topolvm - version: 15.4.0 - sourceRef: - kind: HelmRepository - name: topolvm - namespace: flux-system - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 3 - upgrade: - crds: CreateReplace - remediation: - retries: 3 - values: - lvmd: - managed: false - env: - - name: LVM_SYSTEM_DIR - value: /tmp - deviceClasses: - - name: thin - volume-group: topolvm_vg # Volume Group name used in LVM_Disk_Watcher - default: true - spare-gb: 10 - type: thin - thin-pool: - name: topolvm_thin # Logical Volume name used in LVM_Disk_Watcher - overprovision-ratio: 10.0 # Adjust to your convenience - storageClasses: - - name: topolvm-thin-provisioner - storageClass: - fsType: xfs - isDefaultClass: false - volumeBindingMode: WaitForFirstConsumer - allowVolumeExpansion: true - additionalParameters: - "topolvm.io/device-class": "thin" - node: - lvmdEmbedded: true - - controller: - replicaCount: 1 diff --git a/clustertool/embed/generic/kubernetes/system/topolvm/app/namespace.yaml b/clustertool/embed/generic/kubernetes/system/topolvm/app/namespace.yaml deleted file mode 100644 index 0e614006cf0fe..0000000000000 --- a/clustertool/embed/generic/kubernetes/system/topolvm/app/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: topolvm-system - labels: - pod-security.kubernetes.io/enforce: privileged - topolvm.io/webhook: ignore diff --git a/clustertool/embed/generic/kubernetes/system/topolvm/app/volumeSnapshotClass.yaml b/clustertool/embed/generic/kubernetes/system/topolvm/app/volumeSnapshotClass.yaml deleted file mode 100644 index 125fd1828d6de..0000000000000 --- a/clustertool/embed/generic/kubernetes/system/topolvm/app/volumeSnapshotClass.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: snapshot.storage.k8s.io/v1 -kind: VolumeSnapshotClass -metadata: - name: topolvm-provisioner-thin - # annotations: - # snapshot.storage.kubernetes.io/is-default-class: "false" -driver: topolvm.io -deletionPolicy: Delete diff --git a/clustertool/embed/generic/patches/all.yaml b/clustertool/embed/generic/patches/all.yaml index b2ae5f9258c73..afbc8ecb4a9c0 100644 --- a/clustertool/embed/generic/patches/all.yaml +++ b/clustertool/embed/generic/patches/all.yaml @@ -1,63 +1,80 @@ -cluster: - proxy: - disabled: true - -machine: - time: - disabled: false - servers: +- op: replace + path: /machine/time + value: + "disabled": false + "servers": - "time.cloudflare.com" - - kernel: +- op: add + path: /machine/kernel + value: modules: - - name: "dm_thin_pool" - - name: "dm_mod" - - name: "nvme_tcp" - - name: "vfio_pci" - - name: "uio_pci_generic" - - kubelet: - extraArgs: - rotate-server-certificates: true - extraConfig: - maxPods: 250 - shutdownGracePeriod: "15s" - shutdownGracePeriodCriticalPods: "10s" - extraMounts: - - destination: "/var/openebs/local" - type: "bind" - source: "/var/openebs/local" - options: - - "bind" - - "rshared" - - "rw" - - destination: "/var/lib/longhorn" - type: "bind" - source: "/var/lib/longhorn" - options: - - "bind" - - "rshared" - - "rw" - - features: - hostDNS: - enabled: true - resolveMemberNames: true - forwardKubeDNSToHost: false - - sysctls: + - "name": "dm_thin_pool" + - "name": "dm_mod" + - "name": nvme_tcp + - "name": vfio_pci + - "name": uio_pci_generic +- op: replace + path: /cluster/proxy + value: + "disabled": true +- op: add + path: /machine/kubelet/extraArgs + value: + "rotate-server-certificates": true +- op: add + path: /machine/kubelet/extraConfig + value: + "maxPods": 250 + "shutdownGracePeriod": "15s" + "shutdownGracePeriodCriticalPods": "10s" +- op: add + path: /machine/kubelet/extraMounts + value: + - "destination": "/var/openebs/local" + "type": "bind" + "source": "/var/openebs/local" + "options": + - "bind" + - "rshared" + - "rw" + - destination: /var/lib/longhorn + type: bind + source: /var/lib/longhorn + options: + - bind + - rshared + - rw +- op: replace + path: /machine/features/hostDNS + value: + enabled: true + resolveMemberNames: true + forwardKubeDNSToHost: false +- op: add + path: /machine/sysctls + value: fs.inotify.max_queued_events: "65536" fs.inotify.max_user_instances: "8192" fs.inotify.max_user_watches: "524288" net.core.rmem_max: "2500000" net.core.wmem_max: "2500000" - vm.nr_hugepages: "2048" - files: - - path: "/etc/cri/conf.d/20-customization.part" - permissions: 0 - op: "create" - content: | +## TODO: Check how we can have this pass checks +# - op: add +# path: /machine/udev +# value: +# # Thunderbolt +# - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" +# # Intel GPU +# - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" +# # Google Coral USB Accelerator +# - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660" +# - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660" + +- op: add + path: /machine/files + value: + - content: |- [plugins."io.containerd.grpc.v1.cri"] enable_unprivileged_ports = true enable_unprivileged_icmp = true @@ -65,11 +82,10 @@ machine: discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] discard_unpacked_layers = false - - - path: "/etc/nfsmount.conf" - permissions: 420 - op: "overwrite" - content: | + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: |- [ NFSMount_Global_Options ] nfsvers=4.2 hard=True @@ -78,3 +94,6 @@ machine: rsize=131072 wsize=131072 nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite