Talos Linux based K8s Cluster
- pve01 -
192.168.100.91/24 - pve02 -
192.168.100.92/24 - pve03 -
192.168.100.93/24 - pve04 -
192.168.100.94/24 - pve05 -
192.168.100.95/24
-
tlvip01 -
192.168.100.100/24 -
tlc01 -
192.168.100.101/24 -
tlc02 -
192.168.100.102/24 -
tlc03 -
192.168.100.103/24
- tlw01 -
192.168.100.104/24 - tlw02 -
192.168.100.105/24 - tlw03 -
192.168.100.106/24
This portion is optional. I did not have to do it as passthrough worked out of the box for for the Intel 630 graphics card.
Verify IOMMU is enabled in BIOS.
dmesg | grep -e DMAR -e IOMMU
Verify IOMMU interrupy remapping is enabled.
dmesg | grep -e 'remapping'
Verify IOMMU isolation groups.
pvesh get /nodes/pve01/hardware/pci --pci-class-blacklist ""
Blacklist intel GPU kernel module.
echo "blacklist i915" >> /etc/modprobe.d/blacklist.conf
Reboot.
reboot
Create virtual machines.
Control
- 4 x CPU Cores
- 4096MB Memory
- 100GB Disk
Workers
- 2 x CPU Cores
- 2048MB Memory
- 100GB Disk
For secure boot, pre-enrolled keys should be ignored and the secure boot image should be used.
- EFI Disk:
pre-enrolled-key=0
Configure static DHCP address assignments on router.
-
tlc01
BC:24:11:62:13:6E -
tlc02
BC:24:11:74:2A:A5 -
tlc03
BC:24:11:B0:10:1A -
tlw01
BC:24:11:43:49:21 -
tlw02
BC:24:11:D6:2E:0B -
tlw03
BC:24:11:A2:E9:C6
Generate a custom image with support for the qemu-guest-agent extension.
ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515
Verify secureboot is being used.
talosctl -n 192.168.100.101 get securitystate --insecure
export CLUSTER_ENDPOINT=https://192.168.100.100:6443
export CLUSTER_NAME=infra-prod
talosctl gen secrets -o secrets.yaml
talosctl gen config --with-secrets secrets.yaml $CLUSTER_NAME $CLUSTER_ENDPOINT
Patch VIP address into control plane config
talosctl gen config --with-secrets secrets.yaml $CLUSTER_NAME $CLUSTER_ENDPOINT --config-patch-control-plane @vip_patch.yaml --force