Skip to content

Instantly share code, notes, and snippets.

@micahlmartin
Last active July 30, 2018 14:01
Show Gist options
  • Save micahlmartin/5c8c77b3ee4c841ddf087ea69f565932 to your computer and use it in GitHub Desktop.
Save micahlmartin/5c8c77b3ee4c841ddf087ea69f565932 to your computer and use it in GitHub Desktop.
authentication:
variant_aws:
aws_access_key: ...
aws_availability_zone: b
aws_region: us-east-1
aws_secret_key: ...
variant_openstack:
os_auth_url: <openstack v3 api endpoint>
os_az: <availability zone>
os_domain_name: <domain name>
os_password: <openstack password>
os_region: <region name>
os_tenant_name: <tenant/project name>
os_user_name: <openstack username>
charts:
- name: gardener
- connectors:
- config:
clientID: ...
clientSecret: ...
redirectURI: https://.../dex/callback
id: github
name: GitHub
type: github
name: identity
staticPasswords:
- email: [email protected]
hash: $2a$10$zCiHlA8/eThSwVPZ122FEuIGNGzOxesV864iJ5Apgs4A2ggJTDJxK
username: admin
values: null
- email: [email protected]
name: certmanager
cloud:
variant: aws
clusters:
dns:
access_key: ...
domain_name: gardener
hosted_zone_id: ...
secret_key: ...
master:
count: 3
volume_size: 50
name: test
worker:
count: 3
volume_size: 50
etcd_backup:
region: us-east-1
storage_type: s3
misc:
variant_all:
dashboard_creds: password
variant_openstack:
os_fip_pool_name: <floating ip pool name>
seed_config:
variant_aws:
image: ami-928885ed
region: us-east-1
zones:
- us-east-1a
- us-east-1b
- us-east-1c
variant_openstack:
image: <image name>
region: <region name>
zones:
- <zone1>
- <zone2>
- <...>
# Copyright (c) 2018 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains parameters for setting up a minimal Gardener
# environment. Follow the instructions in the file to configure an
# installation
# Note: the purpose of this project is to provide a simple setup of the
# Gardener environment. It is not meant for productive environments
# ---------------------------------------------------------------------------
# Cloud Provider
# ---------------------------------------------------------------------------
cloud:
# currently only AWS and Openstack are supported, other cloud providers will follow
# for this setup (Azure, GCP, ...)
# Use lower case!
variant: aws
# Whenever there are "variant_XXX" nodes below, with XXX being a cloud provider,
# you only need to fill in the values for the provider chosen here.
authentication:
variant_aws:
# You need an AWS access key which has sufficient permissions to create a
# VPC, subnets, routing tables, VMs, etc.
aws_access_key: "..."
aws_secret_key: "..."
# AWS region where the Kubify cluster will be created
aws_region: &aws_region us-east-1
# Availability zone for the Kubify cluster
aws_availability_zone: b
variant_openstack:
os_user_name: "<openstack username>"
os_password: "<openstack password>"
os_auth_url: "<openstack v3 api endpoint>"
os_tenant_name: "<tenant/project name>"
os_domain_name: "<domain name>"
os_region: &os_region "<region name>"
os_az: "<availability zone>"
# ---------------------------------------------------------------------------
# Settings required for Kubernetes cluster setup with Kubify
# ---------------------------------------------------------------------------
clusters:
# name of the cluster
name: "test"
dns:
# domain name for cluster created by Kubify
domain_name: "gardener"
# DNS provider (currently only route53 supported by these setup scripts)
# hosted zone for domain names and credentials (possibly the same ones
# as above)
hosted_zone_id: "..."
access_key: "..."
secret_key: "..."
master:
# Properties for master nodes.
count: 3
volume_size: 50
worker:
# Properties for worker nodes
count: 3
volume_size: 50
etcd_backup:
storage_type: s3
region: us-east-1
access_key: "..."
secret_key: "..."
misc:
variant_all:
# use htpasswd to create password entries
# example here: admin: ********* (htpasswd -bn admin "chosen password")
dashboard_creds: "password"
variant_openstack:
os_fip_pool_name: "<floating ip pool name>"
# ---------------------------------------------------------------------------
# Helm charts for gardener, dasboard, and identity deployments
# ---------------------------------------------------------------------------
charts:
- name: gardener
- name: identity
# identity is the identity provider for the dashboard
# this addon specifies who can login into the dashboard and how
# there are basically two options:
# - you specify accounts in this file: see "staticPasswords"
# - you use a dex connector to use OAuth authentication for the dashboard: see "connectors"
# You need at least one entry in one of the categories, otherwise the dashboard won't be accessible!
values:
# You can either provide the password in clear text
# in the "password" key or provide bcrypted passsword in
# the "hash" key. Bcrypted password can be created with
# htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'
staticPasswords:
# example
- email: [email protected]
hash: "$2a$10$zCiHlA8/eThSwVPZ122FEuIGNGzOxesV864iJ5Apgs4A2ggJTDJxK"
username: "admin"
# userID: <UUID>
connectors:
# Example for a GitHub connector below
# You will need to configure your GitHub account accordingly
# see https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md for further information on the GitHub connector
# and https://github.com/coreos/dex/tree/master/Documentation/connectors for more connectors
# uncomment and fill in to add the github connector
# (Github needs to be able to access the redirectURI for this to work!)
- type: github
id: github
name: GitHub
config:
clientID: ...
clientSecret: ...
# redirectURI: <identity URL (with https!)>/callback
# identity is usually located at identity.ingress. + clusters.dns.domain_name
redirectURI: https://.../dex/callback
# Only users which are members of at least one organization can authenticate
# orgs:
# - name: <name of github organization>
- name: certmanager
# Email address used for ACME registration
# see https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment for more information on ACME
email: "[email protected]"
seed_config:
variant_aws:
# The cluster created by Kubify is registered as the seed cluster,
# this has to match the region from the authentication node above.
region: *aws_region
# This is a Container Linux image.
# Note that ami ids differ between regions
image: "ami-928885ed"
zones:
- us-east-1a
- us-east-1b
- us-east-1c
variant_openstack:
# The cluster created by Kubify is registered as the seed cluster,
# this has to match the region from the authentication node above.
region: *os_region
# This is a Container Linux image.
# The available images depend on your openstack setup
image: "<image name>"
# zones need to be adapted to the region
zones:
- <zone1>
- <zone2>
- <...>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment