cluster.example.yml

hosts:
  - address: 1.1.1.1
    private_interface: eth1
    user: root
    ssh_key_path: ~/.ssh/my_key
    role: master
    container_runtime: cri-o
  - address: 2.2.2.2
    private_interface: eth1
    role: worker
    container_runtime: cri-o
    labels:
      disk: hdd
  - address: 3.3.3.3
    private_address: 10.10.1.3
    role: worker
    container_runtime: cri-o
    labels:
      disk: ssd
    environment:
      http_proxy: proxy.example.com
      NO_PROXY: 10.*
network:
  dns_replicas: 3
  service_cidr: 10.96.0.0/12
  pod_network_cidr: 10.32.0.0/12
  provider: weave
  trusted_subnets:
    - 10.10.0.0/16
authentication:
  token_webhook:
    config:
      cluster:
        name: token-reviewer
        server: http://localhost:9292/token
        certificate_authority: /path/to/ca.pem
      user:
        name: kube-apiserver
        client_key: /path/to/key.pem
        client_certificate: /path/to/cert.pem
    cache_ttl: 5m
audit:
 server: "http://webhook.site/c700f7c0-cf9e-4a2b-b110-8777809b520b"
kube_proxy:
  mode: ipvs
addons:
  ingress-nginx:
    enabled: true
    node_selector:
      # only provision to nodes having the label "zone: dmz"
      zone: dmz
    configmap:
      # see all supported options: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/configmap.md
      load-balance: least_conn
  cert-manager:
    enabled: true
    issuer:
      name: letsencrypt-staging
      server: https://acme-staging.api.letsencrypt.org/directory
      email: me@domain.com
  host-upgrades:
    enabled: true
    interval: 7d
  kured:
    enabled: true