This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
landscape_config.yaml
executable file
·207 lines (196 loc) · 8.19 KB
/
landscape_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains parameters for setting up a minimal Gardener
# environment. Follow the instructions in the file to configure an
# installation
# Note: the purpose of this project is to provide a simple setup of the
# Gardener environment. It is not meant for productive environments
# ---------------------------------------------------------------------------
# Cloud Provider
# ---------------------------------------------------------------------------
cloud:
# currently only AWS and Openstack are supported, other cloud providers will follow
# for this setup (Azure, GCP, ...)
# Use lower case!
variant: &cloud_variant <cloud variant>
# Only the variant nodes corresponding to the chosen cloud provider have to be filled out.
# If seeds for cloud providers other than the chosen one are to be created, their variants
# in the authentication and seed-config node need to be filled out too.
authentication:
variant_aws:
# You need an AWS access key which has sufficient permissions to create a
# VPC, subnets, routing tables, VMs, etc.
aws_access_key: "<access key>"
aws_secret_key: "<secret key>"
# AWS region where the Kubify cluster will be created
aws_region: &aws_region eu-west-1
# Availability zone for the Kubify cluster
aws_availability_zone: b
variant_openstack:
os_user_name: "<openstack username>"
os_password: "<openstack password>"
os_auth_url: "<openstack v3 api endpoint>"
os_tenant_name: "<tenant/project name>"
os_domain_name: "<domain name>"
os_region: &os_region "<region name>"
os_az: "<availability zone>"
variant_azure:
# This project does NOT support Gardener on Azure yet!
# This information is only needed for the Azure seed configuration
# (necessary if you want to create shoots on Azure)
az_tenant_id: "<az tenant id>"
az_subscription_id: "<az subscription id>"
az_client_id: "<az client id>"
az_client_secret: "<az client secret>"
az_region: &az_region westeurope
az_cloudenv: public
variant_gcp:
# This project does NOT support Gardener on GCP yet!
# This information is only needed for the GCP seed configuration
# (necessary if you want to create shoots on GCP)
gcp_region: &gcp_region europe-west1
gcp_serviceaccount_json: "<gcp serviceaccount as json>"
# ---------------------------------------------------------------------------
# Settings required for Kubernetes cluster setup
# ---------------------------------------------------------------------------
clusters:
# name of the cluster
name: "<cluster name>"
# Where the base cluster (the one to install Gardener on) comes from
# possible values:
# - kubify
# A base cluster will be created using kubify.
# - custom
# Use this, if you get the cluster from anywhere else.
# Put the kubeconfig into the landscape folder (next to this file).
base_cluster: kubify
dns:
# domain name for cluster created by Kubify
domain_name: "<full domain name for cluster>"
# DNS provider (currently only route53 supported by these setup scripts)
# hosted zone for domain names and credentials (possibly the same ones
# as above)
hosted_zone_id: "<hosted zone id>"
access_key: "<access key for hosted zone>"
secret_key: "<secret key for hosted zone>"
master: # kubify only
# Properties for master nodes.
count: 3
volume_size: 50
worker: # kubify only
# Properties for worker nodes
count: 3
volume_size: 50
etcd_backup: # kubify only
storage_type: s3
region: eu-west-1
# If not provided, the route53 credentials will be used.
# access_key: <access key for s3 bucket>
# secret_key: <secret key for s3 bucket>
misc:
variant_all:
# use htpasswd to create password entries
# example here: admin: ********* (htpasswd -bn admin "chosen password")
dashboard_creds: "<credentials here>" # kubify only
variant_openstack:
os_fip_pool_name: "<floating ip pool name>"
# ---------------------------------------------------------------------------
# Helm charts for gardener, dasboard, and identity deployments
# ---------------------------------------------------------------------------
charts:
- name: gardener
- name: identity
# identity is the identity provider for the dashboard
# this addon specifies who can login into the dashboard and how
# there are basically two options:
# - you specify accounts in this file: see "staticPasswords"
# - you use a dex connector to use OAuth authentication for the dashboard: see "connectors"
# You need at least one entry in one of the categories, otherwise the dashboard won't be accessible!
values:
# You can either provide the password in clear text
# in the "password" key or provide bcrypted passsword in
# the "hash" key. Bcrypted password can be created with
# htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'
staticPasswords:
# example
- email: "<email address>"
hash: "<bcrypted password>"
username: "<username>"
userID: "<UUID>"
connectors:
# Example for a GitHub connector below
# You will need to configure your GitHub account accordingly
# see https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md for further information on the GitHub connector
# and https://github.com/coreos/dex/tree/master/Documentation/connectors for more connectors
# uncomment and fill in to add the github connector
# (Github needs to be able to access the redirectURI for this to work!)
# - type: github
# id: github
# name: GitHub
# config:
# clientID: <github client id or environment variable containing it>
# clientSecret: <github client secret or environment variable containing it>
# # redirectURI: <identity URL (with https!)>/callback
# # identity is usually located at identity.ingress. + clusters.dns.domain_name
# redirectURI: <redirect URI>
# # Only users which are members of at least one organization can authenticate
# orgs:
# - name: <name of github organization>
- name: certmanager
# Email address used for ACME registration
# see https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment for more information on ACME
email: "<email address>"
# Whether to use the letsencrypt live server
# - only the live server produces trusted certificates
# - live server has significantly stricter quotas than staging server
live: false
seed_config:
# all variants which are specified in "seeds" have to be configured in this section!
seeds:
# for every cloud provider listed here, a seed will be created
# all seeds are created on the kubify cluster
# possible values: aws, openstack, az, gcp
# default: the cloud provider specified at the beginning of this file
- *cloud_variant
variant_aws:
region: *aws_region
# This is a Container Linux image.
# Note that ami ids differ between regions
image: "ami-34237c4d"
zones:
- eu-west-1a
- eu-west-1b
- eu-west-1c
variant_openstack:
region: *os_region
# This is a Container Linux image.
# The available images depend on your openstack setup
image: "<image name>"
# zones need to be adapted to the region
zones:
- <zone1>
- <zone2>
- <...>
variant_azure:
region: *az_region
# CoreOS stable version number
image: 1745.7.0
# no zones in azure
variant_gcp:
region: *gcp_region
image: "projects/coreos-cloud/global/images/coreos-stable-1745-7-0-v20180614"
zones:
- europe-west1-b
- europe-west1-c
- europe-west1-d