nereid-1-config.yaml
1 version: v1alpha1 # Indicates the schema used to decode the contents. 2 debug: false # Enable verbose logging to the console. 3 persist: true 4 # Provides machine specific configuration options. 5 machine: 6 type: worker # Defines the role of the machine within the cluster. 7 token: ui64fq.ut2nac8qltq7eoiq # The `token` is used by a machine to join the PKI of the cluster. 8 # The root certificate authority of the PKI. 9 ca: 10 crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBaEI5UHlLeFhtUUYwS0JVV3lKSXNTekFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qUXdNakF5TURFeE5URTBXaGNOTXpRd01UTXdNREV4TlRFMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUtyRStETzFkeW51NzNzQ3pBc1BkU3JQY3BaeS91cU1GRUdmCm85SXRiTmNMbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRk4xRkE3U1ZMYVFOcnFhSApxZkVRdS9rTjZFWXRNQVVHQXl0bGNBTkJBS1g0YUZsU1d2Vzd1U25DLzdMbkkwVTY2MTU0emN4VkNLRFpMd2txClBrczNLOTlxSlFHSU01bmlmZi9iOVVDTW1CbUpRTVFNNng3SFRzUDRVL2p6ZlFvPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 11 key: "" 12 # Extra certificate subject alternative names for the machine's certificate. 13 certSANs: 14 - 5.75.234.65 15 # Used to provide additional options to the kubelet. 16 kubelet: 17 image: ghcr.io/siderolabs/kubelet:v1.29.0 # The `image` field is an optional reference to an alternative kubelet image. 18 # The `extraArgs` field is used to provide additional flags to the kubelet. 19 extraArgs: 20 rotate-server-certificates: "true" 21 # The `extraMounts` field is used to add additional mounts to the kubelet container. 22 extraMounts: 23 - destination: /var/lib/longhorn # Destination is the absolute path where the mount will be placed in the container. 24 type: bind # Type specifies the mount kind. 25 source: /var/lib/longhorn # Source specifies the source path of the mount. 26 # Options are fstab style mount options. 27 options: 28 - bind 29 - rshared 30 - rw 31 defaultRuntimeSeccompProfileEnabled: true # Enable container runtime default Seccomp profile. 32 disableManifestsDirectory: true # The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory. 33 34 # # The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list. 35 # clusterDNS: 36 # - 10.96.0.10 37 # - 169.254.2.53 38 39 # # The `extraConfig` field is used to provide kubelet configuration overrides. 40 # extraConfig: 41 # serverTLSBootstrap: true 42 43 # # The `KubeletCredentialProviderConfig` field is used to provide kubelet credential configuration. 44 # credentialProviderConfig: 45 # apiVersion: kubelet.config.k8s.io/v1 46 # kind: CredentialProviderConfig 47 # providers: 48 # - apiVersion: credentialprovider.kubelet.k8s.io/v1 49 # defaultCacheDuration: 12h 50 # matchImages: 51 # - '*.dkr.ecr.*.amazonaws.com' 52 # - '*.dkr.ecr.*.amazonaws.com.cn' 53 # - '*.dkr.ecr-fips.*.amazonaws.com' 54 # - '*.dkr.ecr.us-iso-east-1.c2s.ic.gov' 55 # - '*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov' 56 # name: ecr-credential-provider 57 58 # # The `nodeIP` field is used to configure `--node-ip` flag for the kubelet. 59 # nodeIP: 60 # # The `validSubnets` field configures the networks to pick kubelet node IP from. 61 # validSubnets: 62 # - 10.0.0.0/8 63 # - '!10.0.0.3/32' 64 # - fdc7::/16 65 # Provides machine specific network configuration options. 66 network: 67 hostname: nereid-1 # Used to statically set the hostname for the machine. 68 69 # # `interfaces` is used to define the network interface configuration. 70 # interfaces: 71 # - interface: enp0s1 # The interface name. 72 # # Assigns static IP addresses to the interface. 73 # addresses: 74 # - 192.168.2.0/24 75 # # A list of routes associated with the interface. 76 # routes: 77 # - network: 0.0.0.0/0 # The route's network (destination). 78 # gateway: 192.168.2.1 # The route's gateway (if empty, creates link scope route). 79 # metric: 1024 # The optional metric for the route. 80 # mtu: 1500 # The interface's MTU. 81 # 82 # # # Picks a network device using the selector. 83 84 # # # select a device with bus prefix 00:*. 85 # # deviceSelector: 86 # # busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard. 87 # # # select a device with mac address matching `*:f0:ab` and `virtio` kernel driver. 88 # # deviceSelector: 89 # # hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard. 90 # # driver: virtio # Kernel driver, supports matching by wildcard. 91 # # # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver. 92 # # deviceSelector: 93 # # - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard. 94 # # - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard. 95 # # driver: virtio # Kernel driver, supports matching by wildcard. 96 97 # # # Bond specific options. 98 # # bond: 99 # # # The interfaces that make up the bond. 100 # # interfaces: 101 # # - enp2s0 102 # # - enp2s1 103 # # # Picks a network device using the selector. 104 # # deviceSelectors: 105 # # - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard. 106 # # - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard. 107 # # driver: virtio # Kernel driver, supports matching by wildcard. 108 # # mode: 802.3ad # A bond option. 109 # # lacpRate: fast # A bond option. 110 111 # # # Bridge specific options. 112 # # bridge: 113 # # # The interfaces that make up the bridge. 114 # # interfaces: 115 # # - enxda4042ca9a51 116 # # - enxae2a6774c259 117 # # # A bridge option. 118 # # stp: 119 # # enabled: true # Whether Spanning Tree Protocol (STP) is enabled. 120 121 # # # Indicates if DHCP should be used to configure the interface. 122 # # dhcp: true 123 124 # # # DHCP specific options. 125 # # dhcpOptions: 126 # # routeMetric: 1024 # The priority of all routes received via DHCP. 127 128 # # # Wireguard specific configuration. 129 130 # # # wireguard server example 131 # # wireguard: 132 # # privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded). 133 # # listenPort: 51111 # Specifies a device's listening port. 134 # # # Specifies a list of peer configurations to apply to a device. 135 # # peers: 136 # # - publicKey: ABCDEF... # Specifies the public key of this peer. 137 # # endpoint: 192.168.1.3 # Specifies the endpoint of this peer entry. 138 # # # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. 139 # # allowedIPs: 140 # # - 192.168.1.0/24 141 # # # wireguard peer example 142 # # wireguard: 143 # # privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded). 144 # # # Specifies a list of peer configurations to apply to a device. 145 # # peers: 146 # # - publicKey: ABCDEF... # Specifies the public key of this peer. 147 # # endpoint: 192.168.1.2:51822 # Specifies the endpoint of this peer entry. 148 # # persistentKeepaliveInterval: 10s # Specifies the persistent keepalive interval for this peer. 149 # # # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. 150 # # allowedIPs: 151 # # - 192.168.1.0/24 152 153 # # # Virtual (shared) IP address configuration. 154 155 # # # layer2 vip example 156 # # vip: 157 # # ip: 172.16.199.55 # Specifies the IP address to be used. 158 159 # # Used to statically set the nameservers for the machine. 160 # nameservers: 161 # - 8.8.8.8 162 # - 1.1.1.1 163 164 # # Allows for extra entries to be added to the `/etc/hosts` file 165 # extraHostEntries: 166 # - ip: 192.168.1.100 # The IP of the host. 167 # # The host alias. 168 # aliases: 169 # - example 170 # - example.domain.tld 171 172 # # Configures KubeSpan feature. 173 # kubespan: 174 # enabled: true # Enable the KubeSpan feature. 175 # Used to partition, format and mount additional disks. 176 disks: 177 - device: /dev/nvme1n1 # The name of the disk to use. 178 # A list of partitions to create on the disk. 179 partitions: 180 - mountpoint: /var/mnt/ssd-2 # Where to mount the partition. 181 182 # # The size of partition: either bytes or human readable representation. If `size:` is omitted, the partition is sized to occupy the full disk. 183 184 # # Human readable representation. 185 # size: 100 MB 186 # # Precise value in bytes. 187 # size: 1073741824 188 - device: /dev/sda # The name of the disk to use. 189 # A list of partitions to create on the disk. 190 partitions: 191 - mountpoint: /var/mnt/hdd # Where to mount the partition. 192 193 # # The size of partition: either bytes or human readable representation. If `size:` is omitted, the partition is sized to occupy the full disk. 194 195 # # Human readable representation. 196 # size: 100 MB 197 # # Precise value in bytes. 198 # size: 1073741824 199 # Used to provide instructions for installations. 200 install: 201 disk: /dev/nvme0n1 # The disk used for installations. 202 # Allows for supplying extra kernel args via the bootloader. 203 extraKernelArgs: 204 - -console=ttyS0 205 image: ghcr.io/siderolabs/installer:v1.6.0 # Allows for supplying the image used to perform the installation. 206 wipe: false # Indicates if the installation disk should be wiped at installation time. 207 208 # # Look up disk using disk attributes like model, size, serial and others. 209 # diskSelector: 210 # size: 4GB # Disk size. 211 # model: WDC* # Disk model `/sys/block/<dev>/device/model`. 212 # busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 # Disk bus path. 213 214 # # Allows for supplying additional system extension images to install on top of base Talos image. 215 # extensions: 216 # - image: ghcr.io/siderolabs/gvisor:20220117.0-v1.0.0 # System extension image. 217 # Used to configure the machine's time settings. 218 time: 219 # Specifies time (NTP) servers to use for setting the system time. 220 servers: 221 - ntp1.hetzner.de 222 - ntp2.hetzner.com 223 - ntp3.hetzner.net 224 - 0.de.pool.ntp.org 225 - 1.de.pool.ntp.org 226 - time.cloudflare.com 227 # Used to configure the machine's container image registry mirrors. 228 registries: {} 229 # # Specifies mirror configuration for each registry host namespace. 230 # mirrors: 231 # ghcr.io: 232 # # List of endpoints (URLs) for registry mirrors to use. 233 # endpoints: 234 # - https://registry.insecure 235 # - https://ghcr.io/v2/ 236 237 # # Specifies TLS & auth configuration for HTTPS image registries. 238 # config: 239 # registry.insecure: 240 # # The TLS configuration for the registry. 241 # tls: 242 # insecureSkipVerify: true # Skip TLS server certificate verification (not recommended). 243 # 244 # # # Enable mutual TLS authentication with the registry. 245 # # clientIdentity: 246 # # crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t 247 # # key: LS0tIEVYQU1QTEUgS0VZIC0tLQ== 248 # 249 # # # The auth configuration for this registry. 250 # # auth: 251 # # username: username # Optional registry authentication. 252 # # password: password # Optional registry authentication. 253 254 # Features describe individual Talos features that can be switched on or off. 255 features: 256 rbac: true # Enable role-based access control (RBAC). 257 stableHostname: true # Enable stable default hostname. 258 apidCheckExtKeyUsage: true # Enable checks for extended key usage of client certificates in apid. 259 diskQuotaSupport: true # Enable XFS project quota support for EPHEMERAL partition and user disks. 260 # KubePrism - local proxy/load balancer on defined port that will distribute 261 kubePrism: 262 enabled: true # Enable KubePrism support - will start local load balacing proxy. 263 port: 7445 # KubePrism port. 264 265 # # Configure Talos API access from Kubernetes pods. 266 # kubernetesTalosAPIAccess: 267 # enabled: true # Enable Talos API access from Kubernetes pods. 268 # # The list of Talos API roles which can be granted for access from Kubernetes pods. 269 # allowedRoles: 270 # - os:reader 271 # # The list of Kubernetes namespaces Talos API access is available from. 272 # allowedKubernetesNamespaces: 273 # - kube-system 274 275 # # Provides machine specific control plane configuration options. 276 277 # # ControlPlane definition example. 278 # controlPlane: 279 # # Controller manager machine specific configuration options. 280 # controllerManager: 281 # disabled: false # Disable kube-controller-manager on the node. 282 # # Scheduler machine specific configuration options. 283 # scheduler: 284 # disabled: true # Disable kube-scheduler on the node. 285 286 # # Used to provide static pod definitions to be run by the kubelet directly bypassing the kube-apiserver. 287 288 # # nginx static pod. 289 # pods: 290 # - apiVersion: v1 291 # kind: pod 292 # metadata: 293 # name: nginx 294 # spec: 295 # containers: 296 # - image: nginx 297 # name: nginx 298 299 # # Allows the addition of user specified files. 300 301 # # MachineFiles usage example. 302 # files: 303 # - content: '...' # The contents of the file. 304 # permissions: 0o666 # The file's permissions in octal. 305 # path: /tmp/file.txt # The path of the file. 306 # op: append # The operation to use 307 308 # # The `env` field allows for the addition of environment variables. 309 310 # # Environment variables definition examples. 311 # env: 312 # GRPC_GO_LOG_SEVERITY_LEVEL: info 313 # GRPC_GO_LOG_VERBOSITY_LEVEL: "99" 314 # https_proxy: http://SERVER:PORT/ 315 # env: 316 # GRPC_GO_LOG_SEVERITY_LEVEL: error 317 # https_proxy: https://USERNAME:PASSWORD@SERVER:PORT/ 318 # env: 319 # https_proxy: http://DOMAIN\USERNAME:PASSWORD@SERVER:PORT/ 320 321 # # Used to configure the machine's sysctls. 322 323 # # MachineSysctls usage example. 324 # sysctls: 325 # kernel.domainname: talos.dev 326 # net.ipv4.ip_forward: "0" 327 # net/ipv6/conf/eth0.100/disable_ipv6: "1" 328 329 # # Used to configure the machine's sysfs. 330 331 # # MachineSysfs usage example. 332 # sysfs: 333 # devices.system.cpu.cpu0.cpufreq.scaling_governor: performance 334 335 # # Machine system disk encryption configuration. 336 # systemDiskEncryption: 337 # # Ephemeral partition encryption. 338 # ephemeral: 339 # provider: luks2 # Encryption provider to use for the encryption. 340 # # Defines the encryption keys generation and storage method. 341 # keys: 342 # - # Deterministically generated key from the node UUID and PartitionLabel. 343 # nodeID: {} 344 # slot: 0 # Key slot number for LUKS2 encryption. 345 # 346 # # # KMS managed encryption key. 347 # # kms: 348 # # endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key. 349 # 350 # # # Cipher kind to use for the encryption. Depends on the encryption provider. 351 # # cipher: aes-xts-plain64 352 353 # # # Defines the encryption sector size. 354 # # blockSize: 4096 355 356 # # # Additional --perf parameters for the LUKS2 encryption. 357 # # options: 358 # # - no_read_workqueue 359 # # - no_write_workqueue 360 361 # # Configures the udev system. 362 # udev: 363 # # List of udev rules to apply to the udev system 364 # rules: 365 # - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660" 366 367 # # Configures the logging system. 368 # logging: 369 # # Logging destination. 370 # destinations: 371 # - endpoint: tcp://1.2.3.4:12345 # Where to send logs. Supported protocols are "tcp" and "udp". 372 # format: json_lines # Logs format. 373 374 # # Configures the kernel. 375 # kernel: 376 # # Kernel modules to load. 377 # modules: 378 # - name: brtfs # Module name. 379 380 # # Configures the seccomp profiles for the machine. 381 # seccompProfiles: 382 # - name: audit.json # The `name` field is used to provide the file name of the seccomp profile. 383 # # The `value` field is used to provide the seccomp profile. 384 # value: 385 # defaultAction: SCMP_ACT_LOG 386 387 # # Configures the node labels for the machine. 388 389 # # node labels example. 390 # nodeLabels: 391 # exampleLabel: exampleLabelValue 392 393 # # Configures the node taints for the machine. Effect is optional. 394 395 # # node taints example. 396 # nodeTaints: 397 # exampleTaint: exampleTaintValue:NoSchedule 398 # Provides cluster specific configuration options. 399 cluster: 400 id: 0VuDSgHV_n3OHEIVssMoAbDTqu3Gn2QOy7YNY6ghhfM= # Globally unique identifier for this cluster (base64 encoded random 32 bytes). 401 secret: Ep4SdRWUrHQ6Xxkx1CX98/v3AZOs0hDYSjd+R1Rb2S0= # Shared secret of cluster (base64 encoded random 32 bytes). 402 # Provides control plane specific configuration options. 403 controlPlane: 404 endpoint: https://5.75.234.65:6443 # Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname. 405 # Provides cluster specific network configuration options. 406 network: 407 # The CNI used. 408 cni: 409 name: none # Name of CNI to use. 410 dnsDomain: cluster.local # The domain used by Kubernetes DNS. 411 # The pod subnet CIDR. 412 podSubnets: 413 - 10.244.0.0/16 414 # The service subnet CIDR. 415 serviceSubnets: 416 - 10.96.0.0/12 417 token: ufcct1.qc6r7delbd48169q # The [bootstrap token](https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/) used to join the cluster. 418 # The base64 encoded root certificate authority used by Kubernetes. 419 ca: 420 crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVMrZ0F3SUJBZ0lRRDJiSUNWdnk1b3cwcGFzR1dhV0kyekFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTBNREl3TWpBeE1UVXhORm9YRFRNME1ERXpNREF4TVRVeApORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCSHJHSzRoQ1FmVG5IblZiY0VPbytDMWpxOWtyQlhFTlg1N1IxSFBCT2RPVTVMV25Va3hacDhNNGQxeE4KelNMOS9Vc3VUaVZNVWxUUE1BQ2RxNHlJelFDallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVVHRU1TaWpMclA1Z0JnVDNvMEVMNUovNWU3UlV3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQU14QUZpVFQKWENBRDdzTUQwcitUUk9YNU4rSmhHZ3VDQm15Q09zdzE3b1A0QWlBQlU5QU1ad3dDS0J0UGh5MkdVWk5scDN4SQpEV1BkZVBSNVE1K3Vld3FmVlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 421 key: "" 422 # Kube-proxy server-specific configuration options 423 proxy: 424 disabled: true # Disable kube-proxy deployment on cluster bootstrap. 425 426 # # The container image used in the kube-proxy manifest. 427 # image: registry.k8s.io/kube-proxy:v1.29.0 428 # Configures cluster member discovery. 429 discovery: 430 enabled: true # Enable the cluster membership discovery feature. 431 # Configure registries used for cluster member discovery. 432 registries: 433 # Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional information 434 kubernetes: 435 disabled: true # Disable Kubernetes discovery registry. 436 # Service registry is using an external service to push and pull information about cluster members. 437 service: {} 438 # # External service endpoint. 439 # endpoint: https://discovery.talos.dev/ 440 # A list of urls that point to additional manifests. 441 extraManifests: 442 - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml 443 444 # # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). 445 446 # # Decryption secret example (do not use in production!). 447 # aescbcEncryptionSecret: z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM= 448 449 # # A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). 450 451 # # Decryption secret example (do not use in production!). 452 # secretboxEncryptionSecret: z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM= 453 454 # # The base64 encoded aggregator certificate authority used by Kubernetes for front-proxy certificate generation. 455 456 # # AggregatorCA example. 457 # aggregatorCA: 458 # crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t 459 # key: LS0tIEVYQU1QTEUgS0VZIC0tLQ== 460 461 # # The base64 encoded private key for service account token generation. 462 463 # # AggregatorCA example. 464 # serviceAccount: 465 # key: LS0tIEVYQU1QTEUgS0VZIC0tLQ== 466 467 # # API server specific configuration options. 468 # apiServer: 469 # image: registry.k8s.io/kube-apiserver:v1.29.0 # The container image used in the API server manifest. 470 # # Extra arguments to supply to the API server. 471 # extraArgs: 472 # feature-gates: ServerSideApply=true 473 # http2-max-streams-per-connection: "32" 474 # # Extra certificate subject alternative names for the API server's certificate. 475 # certSANs: 476 # - 1.2.3.4 477 # - 4.5.6.7 478 # # Configure the API server admission plugins. 479 # admissionControl: 480 # - name: PodSecurity # Name is the name of the admission controller. 481 # # Configuration is an embedded configuration object to be used as the plugin's 482 # configuration: 483 # apiVersion: pod-security.admission.config.k8s.io/v1alpha1 484 # defaults: 485 # audit: restricted 486 # audit-version: latest 487 # enforce: baseline 488 # enforce-version: latest 489 # warn: restricted 490 # warn-version: latest 491 # exemptions: 492 # namespaces: 493 # - kube-system 494 # runtimeClasses: [] 495 # usernames: [] 496 # kind: PodSecurityConfiguration 497 # # Configure the API server audit policy. 498 # auditPolicy: 499 # apiVersion: audit.k8s.io/v1 500 # kind: Policy 501 # rules: 502 # - level: Metadata 503 504 # # Controller manager server specific configuration options. 505 # controllerManager: 506 # image: registry.k8s.io/kube-controller-manager:v1.29.0 # The container image used in the controller manager manifest. 507 # # Extra arguments to supply to the controller manager. 508 # extraArgs: 509 # feature-gates: ServerSideApply=true 510 511 # # Scheduler server specific configuration options. 512 # scheduler: 513 # image: registry.k8s.io/kube-scheduler:v1.29.0 # The container image used in the scheduler manifest. 514 # # Extra arguments to supply to the scheduler. 515 # extraArgs: 516 # feature-gates: AllBeta=true 517 518 # # Etcd specific configuration options. 519 # etcd: 520 # image: gcr.io/etcd-development/etcd:v3.5.11 # The container image used to create the etcd service. 521 # # The `ca` is the root certificate authority of the PKI. 522 # ca: 523 # crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t 524 # key: LS0tIEVYQU1QTEUgS0VZIC0tLQ== 525 # # Extra arguments to supply to etcd. 526 # extraArgs: 527 # election-timeout: "5000" 528 # # The `advertisedSubnets` field configures the networks to pick etcd advertised IP from. 529 # advertisedSubnets: 530 # - 10.0.0.0/8 531 532 # # Core DNS specific configuration options. 533 # coreDNS: 534 # image: registry.k8s.io/coredns/coredns:v1.11.1 # The `image` field is an override to the default coredns image. 535 536 # # External cloud provider configuration. 537 # externalCloudProvider: 538 # enabled: true # Enable external cloud provider. 539 # # A list of urls that point to additional manifests for an external cloud provider. 540 # manifests: 541 # - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/rbac.yaml 542 # - https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/aws-cloud-controller-manager-daemonset.yaml 543 544 # # A map of key value pairs that will be added while fetching the extraManifests. 545 # extraManifestHeaders: 546 # Token: "1234567" 547 # X-ExtraInfo: info 548 549 # # A list of inline Kubernetes manifests. 550 # inlineManifests: 551 # - name: namespace-ci # Name of the manifest. 552 # contents: |- # Manifest contents as a string. 553 # apiVersion: v1 554 # kind: Namespace 555 # metadata: 556 # name: ci 557 558 # # Settings for admin kubeconfig generation. 559 # adminKubeconfig: 560 # certLifetime: 1h0m0s # Admin kubeconfig certificate lifetime (default is 1 year). 561 562 # # Allows running workload on control-plane nodes. 563 # allowSchedulingOnControlPlanes: true