Skip to content

Instantly share code, notes, and snippets.

@sapphirelin

sapphirelin/kapp-controller-config.yaml

Last active December 6, 2021 08:03
Show Gist options
  • Save sapphirelin/3c72e41af56ae90181c83cc431296ab9 to your computer and use it in GitHub Desktop.
Save sapphirelin/3c72e41af56ae90181c83cc431296ab9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kapp-controller-config.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: tkg-system
---
apiVersion: v1
kind: ConfigMap
metadata:
# Name must be `kapp-controller-config` for kapp controller to pick it up
name: kapp-controller-config
# Namespace must match the namespace kapp-controller is deployed to
namespace: tkg-system
data:
# A cert chain of trusted ca certs. These will be added to the system-wide
# cert pool of trusted ca's (optional)
caCerts: |
-----BEGIN CERTIFICATE-----
Certificate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Certificate 2
-----END CERTIFICATE-----
# The url/ip of a proxy for kapp controller to use when making network
# requests (optional)
httpProxy: ""
# The url/ip of a tls capable proxy for kapp controller to use when
# making network requests (optional)
httpsProxy: ""
# A comma delimited list of domain names which kapp controller should
# bypass the proxy for when making requests (optional)
noProxy: "localhost,127.0.0.1,kubernetes.default.svc,.svc,cluster.local,.local,195..100.0/12"
# A comma delimited list of hostnames for which kapp controller should
# skip TLS verification (optional)
dangerousSkipTLSVerify: ""
@sapphirelin
Copy link
Author

記得 Proxy server’s IP address 不能跟 Pod or Service CIDR overlap

@sapphirelin
Copy link
Author

注意此處 noProxy 跟 TkgServiceConfiguration 設定時不一樣,TkgServiceConfiguration 中的不用排除:主管叢集 Service CIDR、客體叢集 Service & POD CIDR 及 .local & 127.0.0.1,後兩項是自動會新增。

參考資料 Configuration Parameters for the Tanzu Kubernetes Grid Service API

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment