# Talos Control Plane Configuration Patch
# Base configuration for HA control plane
machine:
  # Network configuration for Floating IP
  network:
    interfaces:
      - interface: eth0
        dhcp: true
%{ if is_first_cp ~}
        addresses:
          - ${floating_ip}/32
%{ endif ~}

  # Network optimizations
  sysctls:
    net.core.somaxconn: "8192"
    net.ipv4.tcp_max_syn_backlog: "8192"
    net.core.netdev_max_backlog: "5000"
    net.ipv4.ip_local_port_range: "1024 65535"
    net.ipv4.tcp_tw_reuse: "1"
    net.ipv4.tcp_fin_timeout: "15"
    fs.file-max: "2097152"
    fs.inotify.max_user_watches: "524288"
    vm.max_map_count: "262144"

  # Kubelet configuration
  kubelet:
    extraArgs:
      max-pods: "110"
      kube-reserved: "cpu=200m,memory=300Mi"
      system-reserved: "cpu=200m,memory=200Mi"
    # Force kubelet to use private network IP
    nodeIP:
      validSubnets:
        - 10.0.0.0/8

  # Time sync
  time:
    servers:
      - ntp1.hetzner.de
      - ntp2.hetzner.com
      - ntp3.hetzner.net

  # Features
  features:
    rbac: true
    stableHostname: true

cluster:
  # Control plane configuration
  controlPlane:
    endpoint: https://${floating_ip}:6443

  # Network configuration
  network:
    cni:
      name: flannel
      flannel:
        extraArgs:
          - --iface-can-reach=10.0.1.1
    dnsDomain: cluster.local
    serviceSubnets:
      - 10.96.0.0/12
    podSubnets:
      - 10.244.0.0/16

  # Etcd configuration for HA
  etcd:
    advertisedSubnets:
      - 10.0.1.0/24