-
-
Notifications
You must be signed in to change notification settings - Fork 273
/
config.sample.yaml
93 lines (83 loc) · 4.3 KB
/
config.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
#
# Bootstrap configuration - config.yaml is gitignored
#
# Distribution can either be 'k3s' or 'k0s'
# Note that changing this to k0s will ignore `system_upgrade_controller` in the addons.
bootstrap_distribution: k3s
# Github username (e.g. onedr0p)
bootstrap_github_username:
# Github repository (e.g. flux-cluster-template)
bootstrap_github_repository_name:
# Github repository branch (e.g. main)
bootstrap_github_repository_branch: main
# Age Public Key (e.g. age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta)
bootstrap_age_public_key:
# Choose your timezone (e.g. America/New_York)
bootstrap_timezone: Etc/UTC
# Email you want to be associated with the ACME account (used for TLS certificates via letsencrypt.org)
bootstrap_acme_email:
# Use the ACME production env when requesting the wildcard certificate,
# the default here is `false` which means ACME staging env will be used instead.
# This is to prevent being rate-limited. Update this option to `true` when you
# have verified the staging certificate works and then re-run `task configure`
# and push your changes to Github.
bootstrap_acme_production_enabled: false
# Flux github webhook token (openssl rand -hex 12)
bootstrap_flux_github_webhook_token:
# Cloudflare domain
bootstrap_cloudflare_domain:
# Cloudflare API Token (not API Key)
bootstrap_cloudflare_token:
# Cloudflared Account Tag (cat ~/.cloudflared/*.json | jq -r .AccountTag)
bootstrap_cloudflare_account_tag:
# Cloudflared Tunnel Secret (cat ~/.cloudflared/*.json | jq -r .TunnelSecret)
bootstrap_cloudflare_tunnel_secret:
# Cloudflared Tunnel ID (cat ~/.cloudflared/*.json | jq -r .TunnelID)
bootstrap_cloudflare_tunnel_id:
# CIDR your nodes are on (e.g. 192.168.1.0/24)
bootstrap_node_cidr:
# The IP address of the kubeapi, choose an available IP in your nodes network that is not being used
# (Optional) Leave this blank if you are deploying a single master node, this will disable kube-vip in k3s
# or keepalived in k0s and use the master node IP instead
bootstrap_kubeapi_addr:
# The hostname of the kubeapi, set this if you intend to call the kubeapi by hostname rather than IP
# (Optional) This is currently only utilized in k0s and is added to the kubeapi cert sans
#bootstrap_kubeapi_hostname:
# The Load balancer IP for k8s_gateway, choose an available IP in your nodes network that is not being used
bootstrap_k8s_gateway_addr:
# The Load balancer IP for external ingress, choose an available IP in your nodes network that is not being used
bootstrap_external_ingress_addr:
# The Load balancer IP for internal ingress, choose an available IP in your nodes network that is not being used
bootstrap_internal_ingress_addr:
# (Advanced) Cilium load balancer mode, choose either 'dsr' or 'snat'
# Due to unknown reasons some people need this set to 'snat' in order
# for Cilium L2 announcements to work properly. Keep this dsr unless
# you have issues with connecting to Cilium L2 announcements.
bootstrap_cilium_loadbalancer_mode: dsr
# Keep the next three options default unless you know what you are doing
# (Advanced) Enable ipv6
bootstrap_ipv6_enabled: false
# (Advanced) For ipv6 use format 10.42.0.0/16,fd78:c889:47fb:10::/60
# /60 IPv6 block is enough for 16 nodes
bootstrap_cluster_cidr: 10.42.0.0/16
# (Advanced) For ipv6 use format 10.43.0.0/16,fd78:c889:47fb:e0::/112
bootstrap_service_cidr: 10.43.0.0/16
# (Advanced) Path for openebs openebs-hostpath to use for storage on ALL nodes
bootstrap_local_storage_path: /var/openebs/local
# Node information
bootstrap_nodes:
# Use only 1, 3 or more odd master nodes, recommended is 3
master:
# - name: # name or hostname of the master node (must match [a-z0-9-\.]+)
# address: # ip address of the master node
# username: # ssh username of the master node
# role: # (Optional) k0s only: can be controller+worker (default) or controller
# # external_address: # (Optional) k3s only: Only use when SSH is not reachable on the IP specified in 'address' field
# ...
worker: # set to [] or omit if no workers are needed
# - name: # name or hostname of the worker node (must match [a-z0-9-\.]+)
# address: # ip address of the worker node
# username: # ssh username of the worker node
# # external_address: # (Optional) k3s only: Only use when SSH is not reachable on the IP specified in 'address' field
# ...