# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######### apiVersion: v1 kind: ConfigMap metadata: name: setters annotations: config.kubernetes.io/local-config: "true" data: ########################## # Instructions ########################## # # Follow instructions specific to each section. # ########################## # Cient ########################## # # Name for the client, lowercase only # customization: required client-name: client1 # ########################## # Project ########################## # # The project id that was created by the client-project-setup. # The GKE cluster will be deployed in this project and the project id will also become the Anthos Fleet id # customization: required project-id: project-12345 # # the classification of the project, accepted values are: 'pbmm' OR 'nonp' (unclassified) # customization: required classification: nonp # # the network connectivity profile of the project, accepted values are: 'standard' OR 'sc2g' (future releases) # customization: optional network-connectivity-profile: standard # ########################## # Network Host Project ########################## # # the host project for this client created in client-landing-zone package deployment # customization: required host-project-id: host-project-12345 # ########################## # GKE ########################## # # name of this GKE cluster # customization: required cluster-name: autopilot1-gke # # the region where to deploy this GKE cluster # customization: optional location: northamerica-northeast1 # # the master control plane cidr for kind ContainerCluster # Must be unique within the VPC. Looking at the VPC's routing table can help determine this values # customization: optional masterIpv4CidrBlock: 192.168.0.0/28 # # the master control plane range for kind ComputeFirewall (same as masterIpv4CidrBlock but using list) # customization: optional masterIpv4Range: | - "192.168.0.0/28" # # the master authorized networks cidr - gke admin proxy ip # customization: required master-authorized-networks-cidr: | - cidrBlock: 10.1.1.5/32 displayName: gke-admin-proxy # # subnet primary IP range # Must be unique within the VPC. Looking at the VPC's routing table can help determine this value # customization: optional subnet-primary-cidr: 10.1.32.0/24 # # the subnet primary range for kind ComputeFirewall (same as subnet-primary-cidr but using list) # customization: optional primaryIpv4Range: | - "10.1.32.0/24" # # subnet secondary IP range for services # Must be unique within the VPC. Looking at the VPC's routing table can help determine this value # customization: optional subnet-services-cidr: 10.1.33.0/24 # # subnet secondary IP range for pods # Must be unique within the VPC. Looking at the VPC's routing table can help determine this value # customization: optional subnet-pod-cidr: 172.16.0.0/23 # # the subnet secondary IP range for pods for kind ComputeFirewall (same as subnet-pod-cidr but using list) # customization: optional podIpv4Range: | - "172.16.0.0/23" # # firewall policies priority, this cannot overlap with any existing policy id # can verify by checking the firewall policies for the host project # customization: required (only optional for the client's first cluster) gke-to-azdo-priority: 2000 gke-to-github-priority: 2001 gke-to-docker-priority: 2002 # # network tags to be assigned to GKE nodes # The "ids" tag is the recommended approach to ensure that the traffic reaching the GKE clusters is inspected by Cloud IDS. # Furthermore, you would need to have that "ids" tag listed under the mirroredresources of the packet mirroring policy. # See ids package for more details. # Warning: It is not applied using apply-setters but by starlark-update-containercluster # customization: optional if networktags-enabled is set to true. networktags-enabled: false networktags: - ids # # The group to enable Google groups for GKE RBAC as described in the link below. # The 'gke-security-groups@' must NOT be edited, only the domain. The group needs to be created manually. # https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac # customization: required security-group: gke-security-groups@<yourdomain.com> # ########################## # Config Sync ########################## # # Used for the initial root sync of the GKE cluster (GitHub, Azure DevOps, etc.) # The repo stores the manifests for the kubernetes resources to be deployed by this GKE cluster # # the git repo URL, for example # https://github.com/GITHUB-ORG/REPO-NAME # https://AZDO-ORG@dev.azure.com/AZDO-ORG/AZDO-PROJECT/_git/REPO-NAME # customization: required repo-url: tier34-repo-to-observe # # the branch to check out (usually main) # customization: optional repo-branch: main # # the directory to observe for YAML manifests # customization: required repo-dir: csync/tier3/kubernetes/_X-FLEET-ID/deploy/<env> # ########################## # End of Configurations ##########################