This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
landscape_base.yaml
executable file
·180 lines (165 loc) · 6.17 KB
/
landscape_base.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Note: the purpose of this project is to provide a simple setup of the
# Gardener environment. It is not meant for productive environments
# This is the base file for a spiff merge.
# It contains spiff merge tags that will be replaced by values
# from the landscape_config.yaml file, as well as technical configuration,
# that is assumed to be independent of the user configuration.
# Only touch this if you know what you are doing.
# ---------------------------------------------------------------------------
# Cloud Provider
# ---------------------------------------------------------------------------
cloud:
# currently only AWS and Openstack are supported, other cloud providers will follow
# for this setup (Azure, GCP, ...)
# Use lower case!
variant: (( merge ))
authentication:
<<: (( merge ))
# ---------------------------------------------------------------------------
# Settings required for Kubernetes cluster setup with Kubify
# ---------------------------------------------------------------------------
# You should leave the following parameters untouched unless you are planning
# to use newer versions
versions:
variant_all:
kubernetes_version: v1.9.11
variant_aws:
#etcd_version: v3.3.10
image_name: "CoreOS-stable-1576.5.0"
variant_openstack:
image_name: "coreos-1688.5.3"
variant_azure:
image_name: "coreos-1745.7.0"
clusters:
# name of the cluster
name: "(( merge ))"
type: eval
base_cluster: (( merge ))
dns:
# domain name for cluster created by Kubify
domain_name: "(( merge ))"
# DNS provider (currently only route53 supported by these setup scripts)
dns_type: route53
# hosted zone for domain names and credentials (possibly the same ones
# as above)
hosted_zone_id: "(( merge ))"
access_key: "(( merge ))"
secret_key: "(( merge ))"
master:
# Properties for master nodes.
<<: (( merge ))
worker:
# Properties for worker nodes
<<: (( merge ))
etcd:
# namespace to use for etcd deployment (only relevant if etcd component is deployed)
namespace: etcd
# address of the etcd server to use (HOST:PORT)
server:
kubify: "https://10.241.0.15:2379"
custom: (( "etcd." etcd.namespace ".svc.cluster.local:2379" ))
etcd_backup:
<<: (( merge ))
# for futher add-ons check the Kubify documentation
addons:
variant_all:
nginx-ingress: {}
dashboard:
app_name: "kubernetes-dashboard"
variant_aws:
variant_openstack:
misc:
variant_all:
# use htpasswd to create password entries
# example here: admin: ********* (htpasswd -bn admin "chosen password")
dashboard_creds: "(( merge ))"
# you should not change anything in this section below except for the
# password
deploy_tiller: "false"
oidc_issuer_subdomain: "identity.ingress"
oidc_client_id: "kube-kubectl"
oidc_username_claim: "email"
oidc_groups_claim: "groups"
subnet_cidr: &subnet_cidr "10.251.128.0/17"
service_cidr: &service_cidr "10.241.0.0/17"
pod_cidr: &pod_cidr "10.241.128.0/17"
vpc_cidr: "10.251.0.0/16"
variant_aws:
variant_openstack:
os_fip_pool_name: "(( merge ))"
os_lbaas_provider: "haproxy"
event_ttl: 168h0m0s
# ---------------------------------------------------------------------------
# Helm charts for gardener, dasboard, and identity deployments
# ---------------------------------------------------------------------------
charts:
- name: gardener
repository: https://github.com/gardener/gardener
path: charts/gardener
tag: 0.12.4
managed: true
# This is the DH value for the VPN. You can generate a new one using this
# command: "openssl dhparam -out dh2048.pem 2048"
openVPNDiffieHellmanKey: |
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAuuD7hZeeAUzs+bWFcdS6fM/F8xOyLn1vrNQ+I/zoLh8maehADhHr
yJsW0nF3mgDFYx18/6sqd3jKrwW+O6Gg48X/AzEm2O1TBnMgH+CgZ/C5HzouWUtu
UiUnqy0GaFv7oxbeQBv0Y5mP7k7ey5nuIhuRXJkH1j3PKopWD52AOE620ndLsZuz
DxszvaCZLo85qb6lm75+XSL2i3gXaw1Dv78ogdrOrggwqAUM6OG7d1B4eTC7aGj+
I32AbPZ8+IIZCDUKL+bqXIg2TieT+sDMUQSJPlAcur+UmNf5Sss67NM0d/uclaOU
OEdYnniH3kneQZH/zy0hwiRES9W2Ws3RkwIBAg==
-----END DH PARAMETERS-----
values:
controller:
internalDomain:
# the cluster internal domain, this should be set to
# "internal." + clusters.dns.domain_name
domain: (( "internal." clusters.dns.domain_name ))
provider: aws-route53
hostedZoneID: (( clusters.dns.hosted_zone_id ))
access_key: (( clusters.dns.access_key ))
secret_key: (( clusters.dns.secret_key ))
defaultDomains:
# the cluster internal domain, this should be set to
# "shoot." + clusters.dns.domain_name
- domain: (( "shoot." clusters.dns.domain_name ))
provider: aws-route53
hostedZoneID: (( clusters.dns.hosted_zone_id ))
access_key: (( clusters.dns.access_key ))
secret_key: (( clusters.dns.secret_key ))
- name: dashboard
repository: https://github.com/gardener/dashboard
path: charts/gardener-dashboard
tag: 1.22.0
managed: true
- name: identity
repository: https://github.com/gardener/dashboard
path: charts/identity
tag: v2.10.0
values: (( merge ))
staticPasswords: (( merge ))
connectors: (( merge ))
- name: certmanager
version: v0.4.1 # version given to the helm chart
# Email address used for ACME registration
email: "(( merge ))"
live: "(( merge ))"
seed_config:
<<: (( merge ))
variant_all:
node_cidr: *subnet_cidr
pod_cidr: *pod_cidr
service_cidr: *service_cidr