There is an attempt at refactoring the config.yaml
#1697
Comments
|
Here's everything under the cluster key: cluster:
api:
address: "" # Must be in the same subnet as the cluster.node_cidr
sans: []
cilium:
bgp:
enabled: false
node_asn: 64514
router_address: ""
router_asn: 64513
loadbalancer_mode: "dsr" # Must be one of dsr or snat
default_gateway: "" # Must be in the same subnet as the cluster.node_cidr
dns_servers: []
experimental:
dual_stack_ipv4_first: false
external_services:
cloudflare:
enabled: false
api_token: ""
domain: ""
letsencrypt_production: false
tunnel_ingress_address: "" # Cannot equal cluster.external_services.cloudflare.ingress_address or cluster.external_services.cloudflare.dns_address or cluster.api.address
dns_address: ""
ingress_address: ""
github:
repository: "" # Must match `[A-Za-z0-9-_]+/[A-Za-z0-9-_]+`
branch: "main"
push_token: ""
private: false
node_cidr: "" # Cannot equal pod_cidr or service_cidr
nodes: []
# - name: "" # (REQUIRED) Must match `^[a-z0-9][a-z0-9\\-]{0,61}[a-z0-9]$|^[a-z0-9]$` & !="global" & !="controller" & !="worker"
# address: "" # (REQUIRED) IP address of the node (must be in the same subnet as the cluster.node_cidr)
# controller: true # (REQUIRED) Set to true if this is a controller node
# disk: "" # (REQUIRED) Device path or serial number of the disk for this node (talosctl get disks -n <ip> --insecure)
# mac_addr: "" # (REQUIRED) Must match `^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$`
# schematic_id: "" # (REQUIRED) Must match `[a-z0-9]{64}`
# mtu: # (OPTIONAL): Must be greater than or equal to 1500 and less than or equal to 9000
# secureboot: false # (OPTIONAL)
# encrypt_disk: false # (OPTIONAL)
ntp_servers: []
networks:
pod_cidr: "" # Cannot equal cluster.node_cidr or cluster.networks.service_cidr and must be outside of the cluster.node_cidr network
service_cidr: "" # Cannot equal cluster.node_cidr or cluster.networks.pod_cidr and must be outside of the cluster.node_cidr network
vlan: # (OPTIONAL) Must be greater than or equal to 0 and less than or equal to 4095Noodling with Cue package config
import (
"net"
"list"
)
#Config: {
cluster: #Cluster
gitops: #GitOps
}
#Cluster: {
api: {
address: net.IPv4
sans?: [...net.FQDN]
}
network: {
dns_servers?: [...net.IPv4]
node_cidr: net.IPCIDR & !=service_cidr & !=pod_cidr
ntp_servers?: [...net.IPv4]
pod_cidr: net.IPCIDR & !=service_cidr & !=node_cidr
service_cidr: net.IPCIDR & !=pod_cidr & !=node_cidr
}
nodes: [...#Node]
_nodesCheck: {
controller: mod(len([for item in nodes if !item.controller {item.name}]), 2) != 0 & false
name: list.UniqueItems() & [for item in nodes {item.name}]
address: list.UniqueItems() & [for item in nodes {item.address}]
macAddr: list.UniqueItems() & [for item in nodes {item.mac_addr}]
}
}
#Node: {
address: net.IPv4
controller: bool
disk: string
mac_addr: =~"^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$"
name: =~"^[a-z0-9][a-z0-9\\-]{0,61}[a-z0-9]$|^[a-z0-9]$" & !="global" & !="controller" & !="worker"
schematic_id: string & =~"^[a-z0-9]{64}$"
}
#GitOps: {
enabled: bool
encryption: age: public_key: =~"^age1[a-z0-9]{58}$"
external_services: {
enabled: bool
dns: address: net.IPv4
ingress: address: net.IPv4
cloudflare: {
enabled: bool
domain: net.FQDN
token: string
acme: {
email: string
production: bool
}
tunnel: {
id: string
account_id: string
secret: string
ingress: address: net.IPv4
}
}
}
repository: {
url: =~"^(https://|ssh://git@)github\\.com/[a-zA-Z0-9._-]+/[a-zA-Z0-9._-]+\\.git$"
branch: string
auth: {
token: string & =~"^[a-z0-9]{32}$"
ssh_key?: string & =~"^-----BEGIN OPENSSH PRIVATE KEY-----"
}
}
}
#Configpackage config
import (
"net"
"list"
)
#Config: {
// API Server
controller_vip: net.IPv4
tls_sans?: [...net.FQDN]
// Networking
node_network: net.IPCIDR & !=pod_network & !=node_network
pod_network: net.IPCIDR & !=service_network & !=node_network
service_network: net.IPCIDR & !=pod_network & !=node_network
// DNS and NTP
dns_servers?: [...net.IPv4]
ntp_servers?: [...net.IPv4]
// Nodes
node_inventory: [...#Node]
_node_inventory_check: {
controller: mod(len([for item in node_inventory if !item.controller {item.name}]), 2) != 0 & false
name: list.UniqueItems() & [for item in node_inventory {item.name}]
address: list.UniqueItems() & [for item in node_inventory {item.address}]
macAddr: list.UniqueItems() & [for item in node_inventory {item.mac_addr}]
}
// Encryption
age_pubkey: =~"^age1[a-z0-9]{58}$"
// GitHub
github: #GitHub
// Cloudflare
cloudflare?: #Cloudflare
// Advanced
bgp?: #BGP
dual_stack_ipv4_first?: bool | *false
loadbalancer_mode?: "dsr" | "snat"
node_default_gateway?: net.IPv4
secureboot?: #SecureBoot
vlan?: >= 1 & <=4096
}
#Node: {
name: =~"^[a-z0-9][a-z0-9\\-]{0,61}[a-z0-9]$|^[a-z0-9]$" & !="global" & !="controller" & !="worker"
address: net.IPv4
controller: bool
disk: string
mac_addr: =~"^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$"
schematic_id: =~"^[a-z0-9]{64}$"
mtu?: int
}
#GitHub: {
address: =~"^(https://|ssh://git@)github\\.com/[a-zA-Z0-9._-]+/[a-zA-Z0-9._-]+\\.git$"
branch: string
webhook_token: =~"^[a-z0-9]{32}$"
private_key?: =~"^-----BEGIN OPENSSH PRIVATE KEY-----"
}
#Cloudflare: {
enabled: bool
domain: net.FQDN
token: string
acme: #Acme
ingress_vip: net.IPv4
gateway_vip: net.IPv4
tunnel: #Tunnel
}
#Acme: {
email: string
production: bool
}
#Tunnel: {
id: string
account_id: string
secret: string
ingress_vip: net.IPv4
}
#BGP: {
enabled: bool
peers?: [...string]
peer_asn?: string
local_asn?: string
peer_port?: int | *179
advertised_network?: string
}
#SecureBoot: {
enabled?: bool | *false
encrypt_disk?: bool | *false
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been trying to come up with better organization of options, it's still a single file but I split up the config into sections. Any feedback would be appreciated. I hope to use cue for most validation if it's not a huge burden
cilium
cluster
external_services
github
experimental
The text was updated successfully, but these errors were encountered: