forked from gardener/gardener
-
Notifications
You must be signed in to change notification settings - Fork 0
/
90-shoot-azure.yaml
215 lines (215 loc) · 8 KB
/
90-shoot-azure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
---
apiVersion: garden.sapcloud.io/v1beta1
kind: Shoot
metadata:
name: johndoe-azure
namespace: garden-dev
spec:
cloud:
profile: azure
region: westeurope
secretBindingRef:
name: core-azure
azure:
# resourceGroup:
# name: mygroup
# machineImage: # this machine image is default machine image for all worker pools
# name: coreos
# version: 2023.5.0
networks:
vnet: # specify either 'name' or 'cidr'
# name: my-vnet
cidr: 10.250.0.0/16
workers: 10.250.0.0/19
workers:
- name: cpu-worker
machineType: Standard_D2_v3
volumeType: standard
volumeSize: 35Gi # must be at least 35Gi for Azure VMs
autoScalerMin: 2
autoScalerMax: 2
maxSurge: 1
maxUnavailable: 0
# kubelet:
# cpuCFSQuota: true
# cpuManagerPolicy: none
# podPidsLimit: 10
# maxPods: 110
# evictionPressureTransitionPeriod: 4m0s
# evictionMaxPodGracePeriod: 90
# evictionHard:
# memoryAvailable: 100Mi
# imageFSAvailable: 5%
# imageFSInodesFree: 5%
# nodeFSAvailable: 5%
# nodeFSInodesFree: 5%
# evictionSoft:
# memoryAvailable: 200Mi
# imageFSAvailable: 10%
# imageFSInodesFree: 10%
# nodeFSAvailable: 10%
# nodeFSInodesFree: 10%
# evictionSoftGracePeriod:
# memoryAvailable: 1m30s
# imageFSAvailable: 1m30s
# imageFSInodesFree: 1m30s
# nodeFSAvailable: 1m30s
# nodeFSInodesFree: 1m30s
# evictionMinimumReclaim:
# memoryAvailable: 0Mi
# imageFSAvailable: 0Mi
# imageFSInodesFree: 0Mi
# nodeFSAvailable: 0Mi
# nodeFSInodesFree: 0Mi
# featureGates:
# SomeKubernetesFeature: true
# machineImage:
# name: coreos
# version: 2023.5.0
# labels:
# key: value
# annotations:
# key: value
# taints: # See also https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
# - key: foo
# value: bar
# effect: NoSchedule
kubernetes:
# clusterAutoscaler:
# scaleDownUtilizationThreshold: 0.5
# scaleDownUnneededTime: 30m
# scaleDownDelayAfterAdd: 60m
# scaleDownDelayAfterFailure: 10m
# scaleDownDelayAfterDelete: 10s
# scanInterval: 10s
version: 1.15.2 # specify "major.minor" to get latest patch version
allowPrivilegedContainers: true # 'true' means that all authenticated users can use the "gardener.privileged" PodSecurityPolicy, allowing full unrestricted access to Pod features.
# kubeAPIServer:
# admissionPlugins:
# - name: PodNodeSelector
# config: |
# podNodeSelectorPluginConfig:
# clusterDefaultNodeSelector: <node-selectors-labels>
# namespace1: <node-selectors-labels>
# namespace2: <node-selectors-labels>
# auditConfig:
# auditPolicy:
# configMapRef:
# name: auditpolicy
# enableBasicAuthentication: true
# featureGates:
# SomeKubernetesFeature: true
# oidcConfig:
# caBundle: |
# -----BEGIN CERTIFICATE-----
# Li4u
# -----END CERTIFICATE-----
# clientID: client-id
# groupsClaim: groups-claim
# groupsPrefix: groups-prefix
# issuerURL: https://identity.example.com
# usernameClaim: username-claim
# usernamePrefix: username-prefix
# signingAlgs: RS256,some-other-algorithm
#-#-# only usable with Kubernetes >= 1.11
# requiredClaims:
# key: value
# runtimeConfig:
# scheduling.k8s.io/v1alpha1: true
#-#-# requires TokenRequest feature gate
#-#-# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# serviceAccountConfig:
# issuer: "https://johndoe-azure.garden-dev.example.com"
# signingKeySecretName: "service-account-signing-key"
# apiAudiences: ["some", "audiences"]
# cloudControllerManager:
# featureGates:
# SomeKubernetesFeature: true
# kubeControllerManager:
# featureGates:
# SomeKubernetesFeature: true
# The NodeCIRDMaskSize field is immutable due to https://github.com/kubernetes/kubernetes/issues/70957
# nodeCIDRMaskSize: 24
# horizontalPodAutoscaler:
# syncPeriod: 30s
# tolerance: 0.1
#-#-# only usable with Kubernetes < 1.12
# downscaleDelay: 15m0s
# upscaleDelay: 1m0s
#-#-# only usable with Kubernetes >= 1.12
# downscaleStabilization: 5m0s
# initialReadinessDelay: 30s
# cpuInitializationPeriod: 5m0s
# kubeScheduler:
# featureGates:
# SomeKubernetesFeature: true
# kubeProxy:
# featureGates:
# SomeKubernetesFeature: true
# mode: IPVS
# kubelet:
# cpuCFSQuota: true
# cpuManagerPolicy: none
# podPidsLimit: 10
# featureGates:
# SomeKubernetesFeature: true
dns:
domain: johndoe-azure.garden-dev.example.com # if not specified then Gardener will try to use the default domain for this shoot
# provider: aws-route53 # only relevant if a custom domain is used for this shoot
# secretName: my-dns-secret # only relevant if a custom domain is used for this shoot
# includeZones: [] # only relevant if a custom domain is used for this shoot
# excludeZones: [] # only relevant if a custom domain is used for this shoot
# hibernation:
# enabled: false
# schedules:
# - start: "0 20 * * *" # Start hibernation every day at 8PM
# end: "0 6 * * *" # Stop hibernation every day at 6AM
# location: "America/Los_Angeles" # Specify a location for the cron to run in
maintenance:
timeWindow:
begin: 220000+0100
end: 230000+0100
autoUpdate:
kubernetesVersion: true
machineImageVersion: true
# Backup configuration for Shoot clusters is deprecated and no longer supported.
# The responsibility for these settings has been shifted to Garden administrators.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. Please do not use this field anymore.
backup:
schedule: "0 */24 * * *"
maximum: 7
addons:
# nginx-ingress addon is still supported but deprecated.
# This field will be removed in the future. You should deploy your own ingress controller
# instead of enabling it here. You should not use this field anymore.
nginx-ingress:
enabled: false
loadBalancerSourceRanges: []
kubernetes-dashboard:
enabled: true
# authenticationMode: basic # allowed values: basic,token
# Heapster addon is deprecated and no longer supported. Gardener deploys the Kubernetes metrics-server
# into the kube-system namespace of shoots (cannot be turned off) for fetching metrics and enabling
# horizontal pod auto-scaling.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. Please do not use this field anymore.
heapster:
enabled: false
# cluster-autoscaler addon is automatically enabled if at least one of the configured
# worker pools (see above) uses max>min. You do not need to enable it separately anymore. Any value
# you put here has no effect. This field will be removed in the future. Please do not use it anymore.
cluster-autoscaler:
enabled: true
# kube-lego addon is still supported but deprecated.
# This field will be removed in the future. You should deploy your own kube-lego/cert-manager
# instead of enabling it here. You should not use this field anymore.
kube-lego:
enabled: false
email: john.doe@example.com
# Monocular addon is deprecated and no longer supported.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. You should deploy Monocular on your own instead of enabling it here.
# Please do not use this field anymore.
monocular:
enabled: false