Last active
July 30, 2018 14:01
-
-
Save micahlmartin/5c8c77b3ee4c841ddf087ea69f565932 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
authentication: | |
variant_aws: | |
aws_access_key: ... | |
aws_availability_zone: b | |
aws_region: us-east-1 | |
aws_secret_key: ... | |
variant_openstack: | |
os_auth_url: <openstack v3 api endpoint> | |
os_az: <availability zone> | |
os_domain_name: <domain name> | |
os_password: <openstack password> | |
os_region: <region name> | |
os_tenant_name: <tenant/project name> | |
os_user_name: <openstack username> | |
charts: | |
- name: gardener | |
- connectors: | |
- config: | |
clientID: ... | |
clientSecret: ... | |
redirectURI: https://.../dex/callback | |
id: github | |
name: GitHub | |
type: github | |
name: identity | |
staticPasswords: | |
- email: [email protected] | |
hash: $2a$10$zCiHlA8/eThSwVPZ122FEuIGNGzOxesV864iJ5Apgs4A2ggJTDJxK | |
username: admin | |
values: null | |
- email: [email protected] | |
name: certmanager | |
cloud: | |
variant: aws | |
clusters: | |
dns: | |
access_key: ... | |
domain_name: gardener | |
hosted_zone_id: ... | |
secret_key: ... | |
master: | |
count: 3 | |
volume_size: 50 | |
name: test | |
worker: | |
count: 3 | |
volume_size: 50 | |
etcd_backup: | |
region: us-east-1 | |
storage_type: s3 | |
misc: | |
variant_all: | |
dashboard_creds: password | |
variant_openstack: | |
os_fip_pool_name: <floating ip pool name> | |
seed_config: | |
variant_aws: | |
image: ami-928885ed | |
region: us-east-1 | |
zones: | |
- us-east-1a | |
- us-east-1b | |
- us-east-1c | |
variant_openstack: | |
image: <image name> | |
region: <region name> | |
zones: | |
- <zone1> | |
- <zone2> | |
- <...> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# This file contains parameters for setting up a minimal Gardener | |
# environment. Follow the instructions in the file to configure an | |
# installation | |
# Note: the purpose of this project is to provide a simple setup of the | |
# Gardener environment. It is not meant for productive environments | |
# --------------------------------------------------------------------------- | |
# Cloud Provider | |
# --------------------------------------------------------------------------- | |
cloud: | |
# currently only AWS and Openstack are supported, other cloud providers will follow | |
# for this setup (Azure, GCP, ...) | |
# Use lower case! | |
variant: aws | |
# Whenever there are "variant_XXX" nodes below, with XXX being a cloud provider, | |
# you only need to fill in the values for the provider chosen here. | |
authentication: | |
variant_aws: | |
# You need an AWS access key which has sufficient permissions to create a | |
# VPC, subnets, routing tables, VMs, etc. | |
aws_access_key: "..." | |
aws_secret_key: "..." | |
# AWS region where the Kubify cluster will be created | |
aws_region: &aws_region us-east-1 | |
# Availability zone for the Kubify cluster | |
aws_availability_zone: b | |
variant_openstack: | |
os_user_name: "<openstack username>" | |
os_password: "<openstack password>" | |
os_auth_url: "<openstack v3 api endpoint>" | |
os_tenant_name: "<tenant/project name>" | |
os_domain_name: "<domain name>" | |
os_region: &os_region "<region name>" | |
os_az: "<availability zone>" | |
# --------------------------------------------------------------------------- | |
# Settings required for Kubernetes cluster setup with Kubify | |
# --------------------------------------------------------------------------- | |
clusters: | |
# name of the cluster | |
name: "test" | |
dns: | |
# domain name for cluster created by Kubify | |
domain_name: "gardener" | |
# DNS provider (currently only route53 supported by these setup scripts) | |
# hosted zone for domain names and credentials (possibly the same ones | |
# as above) | |
hosted_zone_id: "..." | |
access_key: "..." | |
secret_key: "..." | |
master: | |
# Properties for master nodes. | |
count: 3 | |
volume_size: 50 | |
worker: | |
# Properties for worker nodes | |
count: 3 | |
volume_size: 50 | |
etcd_backup: | |
storage_type: s3 | |
region: us-east-1 | |
access_key: "..." | |
secret_key: "..." | |
misc: | |
variant_all: | |
# use htpasswd to create password entries | |
# example here: admin: ********* (htpasswd -bn admin "chosen password") | |
dashboard_creds: "password" | |
variant_openstack: | |
os_fip_pool_name: "<floating ip pool name>" | |
# --------------------------------------------------------------------------- | |
# Helm charts for gardener, dasboard, and identity deployments | |
# --------------------------------------------------------------------------- | |
charts: | |
- name: gardener | |
- name: identity | |
# identity is the identity provider for the dashboard | |
# this addon specifies who can login into the dashboard and how | |
# there are basically two options: | |
# - you specify accounts in this file: see "staticPasswords" | |
# - you use a dex connector to use OAuth authentication for the dashboard: see "connectors" | |
# You need at least one entry in one of the categories, otherwise the dashboard won't be accessible! | |
values: | |
# You can either provide the password in clear text | |
# in the "password" key or provide bcrypted passsword in | |
# the "hash" key. Bcrypted password can be created with | |
# htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/' | |
staticPasswords: | |
# example | |
- email: [email protected] | |
hash: "$2a$10$zCiHlA8/eThSwVPZ122FEuIGNGzOxesV864iJ5Apgs4A2ggJTDJxK" | |
username: "admin" | |
# userID: <UUID> | |
connectors: | |
# Example for a GitHub connector below | |
# You will need to configure your GitHub account accordingly | |
# see https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md for further information on the GitHub connector | |
# and https://github.com/coreos/dex/tree/master/Documentation/connectors for more connectors | |
# uncomment and fill in to add the github connector | |
# (Github needs to be able to access the redirectURI for this to work!) | |
- type: github | |
id: github | |
name: GitHub | |
config: | |
clientID: ... | |
clientSecret: ... | |
# redirectURI: <identity URL (with https!)>/callback | |
# identity is usually located at identity.ingress. + clusters.dns.domain_name | |
redirectURI: https://.../dex/callback | |
# Only users which are members of at least one organization can authenticate | |
# orgs: | |
# - name: <name of github organization> | |
- name: certmanager | |
# Email address used for ACME registration | |
# see https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment for more information on ACME | |
email: "[email protected]" | |
seed_config: | |
variant_aws: | |
# The cluster created by Kubify is registered as the seed cluster, | |
# this has to match the region from the authentication node above. | |
region: *aws_region | |
# This is a Container Linux image. | |
# Note that ami ids differ between regions | |
image: "ami-928885ed" | |
zones: | |
- us-east-1a | |
- us-east-1b | |
- us-east-1c | |
variant_openstack: | |
# The cluster created by Kubify is registered as the seed cluster, | |
# this has to match the region from the authentication node above. | |
region: *os_region | |
# This is a Container Linux image. | |
# The available images depend on your openstack setup | |
image: "<image name>" | |
# zones need to be adapted to the region | |
zones: | |
- <zone1> | |
- <zone2> | |
- <...> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment