56 lines
1.8 KiB
YAML
56 lines
1.8 KiB
YAML
---
|
|
# default context is used for stack orchestrator deployments, for testing a custom context name can be usefull
|
|
#k8s_cluster_name: msp-cad-cluster
|
|
k8s_cluster_name: default
|
|
k8s_cluster_url: msp-cad-cluster-control.example.com
|
|
k8s_taint_servers: false
|
|
|
|
k8s_acme_email: "{{ support_email }}"
|
|
|
|
# k3s bundles traefik as the default ingress controller, we will disable it and use nginx instead
|
|
k8s_disable:
|
|
- traefik
|
|
|
|
# secrets can be stored in a file or as a template, the template secrets gets dynamically base64 encoded while file based secrets must be encoded by hand
|
|
k8s_secrets:
|
|
- name: digitalocean-dns
|
|
type: file
|
|
source: secret-digitalocean-dns.yaml
|
|
|
|
k8s_manifests:
|
|
# ingress controller, replaces traefik which is explicitly disabled
|
|
- name: ingress-nginx
|
|
type: url
|
|
source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
|
|
|
|
# cert-manager, required for letsencrypt
|
|
- name: cert-manager
|
|
type: url
|
|
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
|
|
|
|
# issuer for basic http certs
|
|
- name: letsencrypt-prod
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: http
|
|
ingress: nginx
|
|
|
|
# issuer for wildcard dns certs
|
|
- name: letsencrypt-prod-wild
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: dns
|
|
provider: digitalocean
|
|
tokenref: tokenSecretRef
|
|
secret_name: digitalocean-dns
|
|
secret_key: access-token
|
|
|
|
# initiate wildcard cert
|
|
- name: pwa.example.com
|
|
type: file
|
|
source: wildcard-pwa-example.yaml
|