Bootstrap configuration file¶
A YAML file can be supplied to the k8s join-cluster
command to configure and
customise the cluster. This reference section provides the format of this file
by listing all available options and their details. See below for an example.
Configuration options¶
cluster-config¶
Type: object
cluster-config.network¶
Type: object
Configuration options for the network feature.
cluster-config.network.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to true
cluster-config.dns¶
Type: object
Configuration options for the dns feature.
cluster-config.dns.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to true
cluster-config.dns.cluster-domain¶
Type: string
Sets the local domain of the cluster.
If omitted defaults to cluster.local
.
cluster-config.dns.service-ip¶
Type: string
Sets the IP address of the dns service. If omitted defaults to the IP address of the Kubernetes service created by the feature.
Can be used to point to an external dns server when feature is disabled.
cluster-config.dns.upstream-nameservers¶
Type: []string
Sets the upstream nameservers used to forward queries for out-of-cluster endpoints.
If omitted defaults to /etc/resolv.conf
and uses the nameservers of the node.
cluster-config.ingress¶
Type: object
Configuration options for the ingress feature.
cluster-config.ingress.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to false
cluster-config.ingress.default-tls-secret¶
Type: string
Sets the name of the secret to be used for providing default encryption to ingresses.
Ingresses can specify another TLS secret in their resource definitions, in which case the default secret won’t be used.
cluster-config.ingress.enable-proxy-protocol¶
Type: bool
Determines if the proxy protocol should be enabled for ingresses.
If omitted defaults to false
.
cluster-config.load-balancer¶
Type: object
Configuration options for the load-balancer feature.
cluster-config.load-balancer.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to false
.
cluster-config.load-balancer.cidrs¶
Type: []string
Sets the CIDRs used for assigning IP addresses to Kubernetes services with type
LoadBalancer
.
cluster-config.load-balancer.l2-mode¶
Type: bool
Determines if L2 mode should be enabled.
If omitted defaults to true
.
cluster-config.load-balancer.l2-interfaces¶
Type: []string
Sets the interfaces to be used for announcing IP addresses through ARP. If omitted all interfaces will be used.
cluster-config.load-balancer.bgp-mode¶
Type: bool
Determines if BGP mode should be enabled.
If omitted defaults to false
.
cluster-config.load-balancer.bgp-local-asn¶
Type: int
Sets the ASN to be used for the local virtual BGP router. Required if bgp-mode is true.
cluster-config.load-balancer.bgp-peer-address¶
Type: string
Sets the IP address of the BGP peer. Required if bgp-mode is true.
cluster-config.load-balancer.bgp-peer-asn¶
Type: int
Sets the ASN of the BGP peer. Required if bgp-mode is true.
cluster-config.load-balancer.bgp-peer-port¶
Type: int
Sets the port of the BGP peer. Required if bgp-mode is true.
cluster-config.local-storage¶
Type: object
Configuration options for the local-storage feature.
cluster-config.local-storage.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to false
.
cluster-config.local-storage.local-path¶
Type: string
Sets the path to be used for storing volume data.
If omitted defaults to /var/snap/k8s/common/rawfile-storage
cluster-config.local-storage.reclaim-policy¶
Type: string
Sets the reclaim policy of the storage class.
If omitted defaults to Delete
.
Possible values: Retain | Recycle | Delete
cluster-config.local-storage.default¶
Type: bool
Determines if the storage class should be set as default.
If omitted defaults to true
cluster-config.gateway¶
Type: object
Configuration options for the gateway feature.
cluster-config.gateway.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to true
.
cluster-config.metrics-server¶
Type: object
Configuration options for the metric server feature.
cluster-config.metrics-server.enabled¶
Type: bool
Determines if the feature should be enabled.
If omitted defaults to true
.
cluster-config.cloud-provider¶
Type: string
Sets the cloud provider to be used by the cluster.
When this is set as external
, node will wait for an external cloud provider to
do cloud specific setup and finish node initialisation.
Possible values: external
.
cluster-config.annotations¶
Type: map[string]string
Annotations is a map of strings that can be used to store arbitrary metadata configuration. Please refer to the annotations reference for further details on these options.
control-plane-taints¶
Type: []string
List of taints to be applied to control plane nodes.
pod-cidr¶
Type: string
The CIDR to be used for assigning pod addresses.
If omitted defaults to 10.1.0.0/16
.
service-cidr¶
Type: string
The CIDR to be used for assigning service addresses.
If omitted defaults to 10.152.183.0/24
.
disable-rbac¶
Type: bool
Determines if RBAC should be disabled.
If omitted defaults to false
.
secure-port¶
Type: int
The port number for kube-apiserver to use.
If omitted defaults to 6443
.
k8s-dqlite-port¶
Type: int
The port number for k8s-dqlite to use.
If omitted defaults to 9000
.
datastore-type¶
Type: string
The type of datastore to be used.
If omitted defaults to k8s-dqlite
.
Can be used to point to an external datastore like etcd.
Possible Values: k8s-dqlite | external
.
datastore-servers¶
Type: []string
The server addresses to be used when datastore-type
is set to external
.
datastore-ca-crt¶
Type: string
The CA certificate to be used when communicating with the external datastore.
datastore-client-crt¶
Type: string
The client certificate to be used when communicating with the external datastore.
datastore-client-key¶
Type: string
The client key to be used when communicating with the external datastore.
extra-sans¶
Type: []string
List of extra SANs to be added to certificates.
ca-crt¶
Type: string
The CA certificate to be used for Kubernetes services. If omitted defaults to an auto generated certificate.
ca-key¶
Type: string
The CA key to be used for Kubernetes services. If omitted defaults to an auto generated key.
client-ca-crt¶
Type: string
The client CA certificate to be used for Kubernetes services. If omitted defaults to an auto generated certificate.
client-ca-key¶
Type: string
The client CA key to be used for Kubernetes services. If omitted defaults to an auto generated key.
front-proxy-ca-crt¶
Type: string
The CA certificate to be used for the front proxy. If omitted defaults to an auto generated certificate.
front-proxy-ca-key¶
Type: string
The CA key to be used for the front proxy. If omitted defaults to an auto generated key.
front-proxy-client-crt¶
Type: string
The client certificate to be used for the front proxy. If omitted defaults to an auto generated certificate.
front-proxy-client-key¶
Type: string
The client key to be used for the front proxy. If omitted defaults to an auto generated key.
apiserver-kubelet-client-crt¶
Type: string
The client certificate to be used by kubelet for communicating with the kube-apiserver. If omitted defaults to an auto generated certificate.
apiserver-kubelet-client-key¶
Type: string
The client key to be used by kubelet for communicating with the kube-apiserver. If omitted defaults to an auto generated key.
admin-client-crt¶
Type: string
The admin client certificate to be used for Kubernetes services. If omitted defaults to an auto generated certificate.
admin-client-key¶
Type: string
The admin client key to be used for Kubernetes services. If omitted defaults to an auto generated key.
kube-proxy-client-crt¶
Type: string
The client certificate to be used for the kube-proxy. If omitted defaults to an auto generated certificate.
kube-proxy-client-key¶
Type: string
The client key to be used for the kube-proxy. If omitted defaults to an auto generated key.
kube-scheduler-client-crt¶
Type: string
The client certificate to be used for the kube-scheduler. If omitted defaults to an auto generated certificate.
kube-scheduler-client-key¶
Type: string
The client key to be used for the kube-scheduler. If omitted defaults to an auto generated key.
kube-controller-manager-client-crt¶
Type: string
The client certificate to be used for the Kubernetes controller manager. If omitted defaults to an auto generated certificate.
kube-controller-manager-client-key¶
Type: string
The client key to be used for the Kubernetes controller manager. If omitted defaults to an auto generated key.
service-account-key¶
Type: string
The key to be used by the default service account. If omitted defaults to an auto generated key.
apiserver-crt¶
Type: string
The certificate to be used for the kube-apiserver. If omitted defaults to an auto generated certificate.
apiserver-key¶
Type: string
The key to be used for the kube-apiserver. If omitted defaults to an auto generated key.
kubelet-crt¶
Type: string
The certificate to be used for the kubelet. If omitted defaults to an auto generated certificate.
kubelet-key¶
Type: string
The key to be used for the kubelet. If omitted defaults to an auto generated key.
kubelet-client-crt¶
Type: string
The certificate to be used for the kubelet client. If omitted defaults to an auto generated certificate.
kubelet-client-key¶
Type: string
The key to be used for the kubelet client. If omitted defaults to an auto generated key.
extra-node-config-files¶
Type: map[string]string
Additional files that are uploaded /var/snap/k8s/common/args/conf.d/<filename>
to a node on bootstrap. These files can then be referenced by Kubernetes
service arguments.
The format is map[<filename>]<filecontent>
.
extra-node-kube-apiserver-args¶
Type: map[string]string
Additional arguments that are passed to the kube-apiserver
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-kube-controller-manager-args¶
Type: map[string]string
Additional arguments that are passed to the kube-controller-manager
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-kube-scheduler-args¶
Type: map[string]string
Additional arguments that are passed to the kube-scheduler
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-kube-proxy-args¶
Type: map[string]string
Additional arguments that are passed to the kube-proxy
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-kubelet-args¶
Type: map[string]string
Additional arguments that are passed to the kubelet
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-containerd-args¶
Type: map[string]string
Additional arguments that are passed to containerd
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-k8s-dqlite-args¶
Type: map[string]string
Additional arguments that are passed to k8s-dqlite
only for that specific node.
A parameter that is explicitly set to null
is deleted.
The format is map[<--flag-name>]<value>
.
extra-node-containerd-config¶
Type: apiv1.MapStringAny
Extra configuration for the containerd config.toml
containerd-base-dir¶
Type: string
The base directory in which the containerd-related files are located.
Example¶
The following example configures and enables certain features, sets an external
cloud provider, marks the control plane nodes as unschedulable, changes the pod
and service CIDRs from the defaults and adds an extra SAN to the generated
certificates. It is also available to download here
.
cluster-config:
network:
enabled: true
dns:
enabled: true
cluster-domain: cluster.local
ingress:
enabled: true
load-balancer:
enabled: true
cidrs:
- 10.0.0.0/24
- 10.1.0.10-10.1.0.20
l2-mode: true
local-storage:
enabled: true
local-path: /storage/path
default: false
gateway:
enabled: true
metrics-server:
enabled: true
cloud-provider: external
control-plane-taints:
- node-role.kubernetes.io/control-plane:NoSchedule
pod-cidr: 10.100.0.0/16
service-cidr: 10.200.0.0/16
disable-rbac: false
secure-port: 6443
k8s-dqlite-port: 9090
datastore-type: k8s-dqlite
extra-sans:
- custom.kubernetes
extra-node-config-files:
bootstrap-extra-file.yaml: extra-args-test-file-content
extra-node-kube-apiserver-args:
--request-timeout: 2m
extra-node-kube-controller-manager-args:
--leader-elect-retry-period: 3s
extra-node-kube-scheduler-args:
--authorization-webhook-cache-authorized-ttl: 11s
extra-node-kube-proxy-args:
--config-sync-period: 14m
extra-node-kubelet-args:
--authentication-token-webhook-cache-ttl: 3m
extra-node-containerd-args:
--log-level: debug
extra-node-k8s-dqlite-args:
--watch-storage-available-size-interval: 6s