gitops/talos/controlplane.yaml

version: v1alpha1
debug: false
persist: true
machine:
    type: controlplane
    token: n9y5eq.m7wt7dimgfl8175f
    ca:
        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEFBemlIa1J3cjMrMnAyQWl6K1cxVmhNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5EQXlNVFF4T0RJME1qWmFGdzB6TkRBeU1URXhPREkwTWpaYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBSFBmZmd2ZjZGalpIM0xEbk50aS9HSG9ITmhjMW5Ra0tQb2s1CmFSS1lwZmFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVQitOZ05BM1FXVTBOREh1VQoxWWE5MmxOMmIrb3dCUVlESzJWd0EwRUFnZ1cva1VvcVJmSUZZRk42MTkxK0NwWk1qWXlNU0RPdE4vdW51ZGpPCmJiSlEvQTRadnVYT2pBR3loMkJmeW5MY3Y3bVFUNzhqZzYzRDY1S3BXcmtPQUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
        key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJTXJLYTRtTG1mUTVZeUMxazQ0cGk0MU1sMjN4V2N1NGp5TnRkZkxOdUtwMgotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
    certSANs: []
    kubelet:
        image: ghcr.io/siderolabs/kubelet:v1.29.1
        defaultRuntimeSeccompProfileEnabled: true
        disableManifestsDirectory: true
    network: {}
    install:
        disk: /dev/sda
        extraKernelArgs:
            - talos.platform=metal
            - talos.hostname=talos
        image: ghcr.io/siderolabs/installer:v1.6.4
        wipe: true
    features:
        rbac: true
        stableHostname: true
        apidCheckExtKeyUsage: true
        diskQuotaSupport: true
        kubePrism:
            enabled: true
            port: 7445
cluster:
    id: VWpUbi_9bCB87F51ZcpsHZvZxZ-MAF-J5uuq_2Rz_ZM=
    secret: u1R5pV72bj7kuyTvQ0uFeM81cR3VstKVRMF4VdFeehg=
    controlPlane:
        endpoint: https://192.168.1.101:6443
    clusterName: talos
    network:
        cni:
            name: none
        dnsDomain: cluster.local
        podSubnets:
            - 10.244.0.0/16
        serviceSubnets:
            - 10.96.0.0/12
    token: 2bilql.wggdk4dqypsfozwd
    secretboxEncryptionSecret: 4tLuleOazv3jiacgmHKPySvi/2M2wbnsCG+Z0uvsq74=
    ca:
        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRTDA3T0lESUVMWWd4NXJwSmM0b0l5akFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTBNREl4TkRFNE1qUXlObG9YRFRNME1ESXhNVEU0TWpReQpObG93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCR0pwVUZiQ21tUEc2eHAwYzhBbk5ubTg4UEhSN2tOd3dmUVlJdmdKOUhQTHhUbm1GN2UyVkdzek40T0YKVnJ2MGM0MXYwTE9TYlZlbDNGQlIrajAwYXoyallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVV2UVQ5aG5MV2NwM2JsdXV4cTVOOTR5Y1RQSFl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU9EbkhzTzQKVm5oNi9ZNmg3VEQ3ZFI3eG94OHgwR1FSTVoxMlNFUzVHbXM5QWlBKzFiZzNtRHVhRnpsU3llV2o3NHNsZ3E5bwozdXhrc25rcS9ZV3B0c2xqUGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhXQUtJQjBIVDE0TERFWmF4L2Noa0RSVFk2LzJrSnFMVEpaeUxOSlloZU1vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWW1sUVZzS2FZOGJyR25SendDYzJlYnp3OGRIdVEzREI5QmdpK0FuMGM4dkZPZVlYdDdaVQphek0zZzRWV3UvUnpqVy9RczVKdFY2WGNVRkg2UFRSclBRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
    aggregatorCA:
        crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJZVENDQVFhZ0F3SUJBZ0lSQU95TEN4R3ZIRHR1cnZia2JteWR2UzB3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU5EQXlNVFF4T0RJME1qWmFGdzB6TkRBeU1URXhPREkwTWpaYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVE3UzlpZnU4bmRQSmtXa2dBSHpGd0JSajFLSXZtUHdGMU8zUmVEa3liYmlHOXpGZmMzCkRiNFJ0S1JPSmVZMW9yMitZL2lmeXo3b2xidDBkY1o0U0FLWm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGQ01RMXNDSmJGK0w5MGdEVmtUSHBGbDJXNlloTUFvR0NDcUdTTTQ5QkFNQ0Ewa0FNRVlDCklRQ1NBajE3YWZieHFxbFVrTVF4cHN5VnpmM0JxaS84aEIra01heWoraGViRFFJaEFLSkprdFlDT2ZTUVkxRGcKRVVjUHVmTVFLbmhZNDJ2VnBSSDZEQ0JNZjhMSwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUFJY3NHMDZ5MXZyOVJrVFhZaUE4OHV0UC9OdmlXaVp4WUxZbjl1WmdPRmlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFTzB2WW43dkozVHlaRnBJQUI4eGNBVVk5U2lMNWo4QmRUdDBYZzVNbTI0aHZjeFgzTncyKwpFYlNrVGlYbU5hSzl2bVA0bjhzKzZKVzdkSFhHZUVnQ21RPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
    serviceAccount:
        key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSVBsQ25lSlFydFc0bm9hbTJheDhUVHVFRVVBSlhJaXZWUjAvc0ZDRVJEemZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFcnVCWWxTSi9zYi92VlIxL1FUdWZmU1hFZFMzQ0VOSU5NY3poZHh2eDdoektURVh5WWxuZwoxRGNJTnBPc2taT0E1YTNjUDhhV1JVQ3FKTWlJbzdNN2ZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
    apiServer:
        image: registry.k8s.io/kube-apiserver:v1.29.1
        certSANs:
            - 192.168.1.101
        disablePodSecurityPolicy: true
        admissionControl:
            - name: PodSecurity
              configuration:
                apiVersion: pod-security.admission.config.k8s.io/v1alpha1
                defaults:
                    audit: restricted
                    audit-version: latest
                    enforce: baseline
                    enforce-version: latest
                    warn: restricted
                    warn-version: latest
                exemptions:
                    namespaces:
                        - kube-system
                    runtimeClasses: []
                    usernames: []
                kind: PodSecurityConfiguration
        auditPolicy:
            apiVersion: audit.k8s.io/v1
            kind: Policy
            rules:
                - level: Metadata
    controllerManager:
        image: registry.k8s.io/kube-controller-manager:v1.29.1
    proxy:
        disabled: true
    scheduler:
        image: registry.k8s.io/kube-scheduler:v1.29.1
    discovery:
        enabled: true
        registries:
            kubernetes:
                disabled: true
            service: {}
    etcd:
        ca:
            crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRS0J1MjNwTi9PUzNDZ0RqNk5WNUw2VEFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEkwTURJeE5ERTRNalF5TmxvWERUTTBNREl4TVRFNE1qUXlObG93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkJjYkg2OWpJVlU4CmE1NWhJY3Bsb3pnc0JkWjBPUGxiSEZEYnV6ay9NYytsSEtNZFhTenhiSVRFTnV4QUxBRGtDRXlQQldQTzlvaDAKcDY2bGt3MnNqZVdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWnptMmFBVzRqcnhFCk9uQXE1V0FvdlpuYVJwVXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdYZXgxMWpXTnBLK0tZTTB3ZkJWUnQwbU4KOWNtbW1vT0lPRm5MYjVPUER5UUNJUUNQbzZQS3B0dHdueGVXRlNobVA3aEhaR0N1MlFDb2VvWU5ydVRWdUdXUQpBUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
            key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdjU3EvSVhFK0s2bUJVV1cxdXNWcFdPQ3hUYTYrZGFZMlorK3pETk81aHNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFRnhzZnIyTWhWVHhybm1FaHltV2pPQ3dGMW5RNCtWc2NVTnU3T1Q4eHo2VWNveDFkTFBGcwpoTVEyN0VBc0FPUUlUSThGWTg3MmlIU25ycVdURGF5TjVRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
    allowSchedulingOnControlPlanes: true