f806f8983a
Change-Id: I782762508f5fa8206751d7b9f719bcea448efe09
76 lines
2.4 KiB
YAML
76 lines
2.4 KiB
YAML
---
|
|
schema: promenade/Genesis/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: genesis
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
- src:
|
|
schema: promenade/EncryptionPolicy/v1
|
|
name: encryption-policy
|
|
path: .etcd
|
|
dest:
|
|
path: .apiserver.encryption
|
|
data:
|
|
hostname: n0
|
|
ip: 192.168.77.10
|
|
external_ip: 192.168.77.10
|
|
apiserver:
|
|
arguments:
|
|
- --authorization-mode=Node,RBAC
|
|
- --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,EventRateLimit,DefaultStorageClass,ResourceQuota
|
|
- --service-cluster-ip-range=10.96.0.0/16
|
|
- --endpoint-reconciler-type=lease
|
|
- --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml
|
|
- --encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml
|
|
- --v=3
|
|
armada:
|
|
target_manifest: cluster-bootstrap
|
|
etcd:
|
|
auxiliary_threshold: 3
|
|
labels:
|
|
dynamic:
|
|
- calico-etcd=enabled
|
|
- coredns=enabled
|
|
- kubernetes-apiserver=enabled
|
|
- kubernetes-controller-manager=enabled
|
|
- kubernetes-etcd=enabled
|
|
- kubernetes-scheduler=enabled
|
|
- promenade-genesis=enabled
|
|
- ucp-control-plane=enabled
|
|
haproxy:
|
|
run_as_user: 65534
|
|
images:
|
|
armada: quay.io/airshipit/armada:master-ubuntu_bionic
|
|
kubernetes:
|
|
apiserver: registry.k8s.io/kube-apiserver-amd64:v1.27.4
|
|
controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.27.4
|
|
etcd: quay.io/coreos/etcd:v3.5.6
|
|
scheduler: registry.k8s.io/kube-scheduler-amd64:v1.27.4
|
|
files:
|
|
- path: /var/lib/anchor/calico-etcd-bootstrap
|
|
content: "# placeholder for triggering calico etcd bootstrapping"
|
|
mode: 0644
|
|
# NOTE(mark-burnett): These are referenced by the apiserver arguments above.
|
|
- path: /etc/genesis/apiserver/acconfig.yaml
|
|
mode: 0444
|
|
content: |
|
|
kind: AdmissionConfiguration
|
|
apiVersion: apiserver.k8s.io/v1alpha1
|
|
plugins:
|
|
- name: EventRateLimit
|
|
path: eventconfig.yaml
|
|
- path: /etc/genesis/apiserver/eventconfig.yaml
|
|
mode: 0444
|
|
content: |
|
|
kind: Configuration
|
|
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
|
|
limits:
|
|
- type: Server
|
|
qps: 1000
|
|
burst: 10000
|
|
...
|