48 lines
1.3 KiB
YAML
48 lines
1.3 KiB
YAML
---
|
|
#k8s_cluster_name: default
|
|
k8s_cluster_name: rnt-cad-cluster
|
|
k8s_cluster_url: rnt-cad-cluster-control.realitynetwork.store
|
|
k8s_taint_servers: true
|
|
|
|
k8s_acme_email: "{{ support_email }}"
|
|
|
|
k8s_disable:
|
|
- traefik
|
|
|
|
k8s_manifests:
|
|
# ingress controller, replaces traefik which is explicitly disabled
|
|
- name: ingress-nginx
|
|
type: url
|
|
source: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/cloud/deploy.yaml
|
|
|
|
# cert-manager, required for letsencrypt
|
|
- name: cert-manager
|
|
type: url
|
|
source: https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
|
|
|
|
# issuer for basic http certs
|
|
- name: letsencrypt-prod
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: http
|
|
ingress: nginx
|
|
|
|
# issuer for wildcard dns certs
|
|
- name: letsencrypt-prod-wild
|
|
type: template
|
|
source: shared/clusterissuer-acme.yaml
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
solvers:
|
|
- type: dns
|
|
provider: digitalocean
|
|
tokenref: tokenSecretRef
|
|
secret_name: digitalocean-dns
|
|
secret_key: access-token
|
|
|
|
# initiate wildcard cert
|
|
- name: pwa.realitynetwork.store
|
|
type: file
|
|
source: wildcard-pwa-realitynetwork.yaml
|