50dc74c1d8
aula-06: - Adicionar instalação do Hetzner CSI Driver no setup.sh - Input interativo seguro para token da Hetzner Cloud - Atualizar custom-values.yaml para n8n.kube.quest aula-08: - Adicionar regras de firewall para VXLAN e rede privada - Configurar Flannel para usar interface privada (--iface-can-reach) - Configurar kubelet.nodeIP.validSubnets para rede privada - Corrigir segurança: VXLAN restrito a 10.0.0.0/8
51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
# Talos Worker Configuration Patch
|
|
# Base configuration for worker nodes
|
|
machine:
|
|
# Network optimizations
|
|
sysctls:
|
|
net.core.somaxconn: "8192"
|
|
net.ipv4.tcp_max_syn_backlog: "8192"
|
|
net.core.netdev_max_backlog: "5000"
|
|
net.ipv4.ip_local_port_range: "1024 65535"
|
|
net.ipv4.tcp_tw_reuse: "1"
|
|
net.ipv4.tcp_fin_timeout: "15"
|
|
fs.file-max: "2097152"
|
|
fs.inotify.max_user_watches: "524288"
|
|
vm.max_map_count: "262144"
|
|
|
|
# Kubelet configuration
|
|
kubelet:
|
|
extraArgs:
|
|
max-pods: "110"
|
|
kube-reserved: "cpu=100m,memory=200Mi"
|
|
system-reserved: "cpu=100m,memory=100Mi"
|
|
# Force kubelet to use private network IP
|
|
nodeIP:
|
|
validSubnets:
|
|
- 10.0.0.0/8
|
|
|
|
# Time sync
|
|
time:
|
|
servers:
|
|
- ntp1.hetzner.de
|
|
- ntp2.hetzner.com
|
|
- ntp3.hetzner.net
|
|
|
|
# Features
|
|
features:
|
|
rbac: true
|
|
stableHostname: true
|
|
|
|
cluster:
|
|
# Network configuration
|
|
network:
|
|
cni:
|
|
name: flannel
|
|
flannel:
|
|
extraArgs:
|
|
- --iface-can-reach=10.0.1.1
|
|
dnsDomain: cluster.local
|
|
serviceSubnets:
|
|
- 10.96.0.0/12
|
|
podSubnets:
|
|
- 10.244.0.0/16 |