apiVersion: run.tanzu.vmware.com/v1alpha3
kind: TkgServiceConfiguration
#valid config key must consist of alphanumeric characters, '-', '_' or '.'
metadata:
name: tkg-service-configuration-spec
spec:
#defaultCNI is the default CNI for all Tanzu Kubernetes
#clusters to use unless overridden on a per-cluster basis
#supported values are antrea, calico, antrea-nsx-routed
#defaults to antrea
defaultCNI: string
#proxy configures a proxy server to be used inside all
#clusters provisioned by this TKGS instance
#if implemented all fields are required
#if omitted no proxy is configured
proxy:
#httpProxy is the proxy URI for HTTP connections
#to endpionts outside the clusters
#takes the form http://<user>:<pwd>@<ip>:<port>
httpProxy: string
#httpsProxy is the proxy URI for HTTPS connections
#to endpoints outside the clusters
#takes the frorm http://<user>:<pwd>@<ip>:<port>
httpsProxy: string
#noProxy is the list of destination domain names, domains,
#IP addresses, and other network CIDRs to exclude from proxying
#must include from Workload Network: [Namespace Netowrk, Ingress, Egress]
noProxy: [string]
#trust configures additional trusted certificates
#for the clusters provisioned by this TKGS instance
#if omitted no additional certificate is configured
trust:
#additionalTrustedCAs are additional trusted certificates
#can be additional CAs or end certificates
additionalTrustedCAs:
#name is the name of the additional trusted certificate
#must match the name used in the filename
- name: string
#data holds the contents of the additional trusted cert
#PEM Public Certificate data encoded as a base64 string
data: string
#defaultNodeDrainTimeout is the total amount of time the
#controller spends draining a node; default is undefined
#which is the value of 0, meaning the node is drained
#without any time limitations; note that `nodeDrainTimeout`
#is different from `kubectl drain --timeout`
defaultNodeDrainTimeout: time
apiVersion: run.tanzu.vmware.com/v1alpha3
kind: TkgServiceConfiguration
metadata:
name: tkgserviceconfiguration_example
spec:
defaultCNI: calico
proxy:
#supported format is `http://<user>:<pwd>@<ip>:<port>`
httpProxy: http://admin:[email protected]:80
httpsProxy: http://admin:[email protected]:80
#noProxy vaulues are from Workload Network: [Namespace Network, Ingress, Egress]
noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20]
trust:
additionalTrustedCAs:
#name is the name of the public cert
- name: CompanyInternalCA-1
#data is base64-encoded string of a PEM encoded public cert
data: LS0tLS1C...LS0tCg==
#where "..." is the middle section of the long base64 string
- name: CompanyInternalCA-2
data: MTLtMT1C...MT0tPg==
defaultNodeDrainTimeout: 0