Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
214 lines (214 sloc) 7.72 KB
---
apiVersion: garden.sapcloud.io/v1beta1
kind: Shoot
metadata:
name: johndoe-azure
namespace: garden-dev
spec:
cloud:
profile: azure
region: westeurope
secretBindingRef:
name: core-azure
azure:
# resourceGroup:
# name: mygroup
# machineImage: # this machine image is default machine image for all worker pools
# name: coreos
# version: 2023.5.0
networks:
vnet: # specify either 'name' and 'resourceGroup' or 'cidr'
# name: my-vnet
# resourceGroup: my-vnet-resource-group
cidr: 10.250.0.0/16
workers: 10.250.0.0/19
workers:
- name: cpu-worker
machineType: Standard_D2_v3
volumeType: standard
volumeSize: 35Gi # must be at least 35Gi for Azure VMs
autoScalerMin: 2
autoScalerMax: 2
maxSurge: 1
maxUnavailable: 0
# kubelet:
# cpuCFSQuota: true
# cpuManagerPolicy: none
# podPidsLimit: 10
# maxPods: 110
# evictionPressureTransitionPeriod: 4m0s
# evictionMaxPodGracePeriod: 90
# evictionHard:
# memoryAvailable: 100Mi
# imageFSAvailable: 5%
# imageFSInodesFree: 5%
# nodeFSAvailable: 5%
# nodeFSInodesFree: 5%
# evictionSoft:
# memoryAvailable: 200Mi
# imageFSAvailable: 10%
# imageFSInodesFree: 10%
# nodeFSAvailable: 10%
# nodeFSInodesFree: 10%
# evictionSoftGracePeriod:
# memoryAvailable: 1m30s
# imageFSAvailable: 1m30s
# imageFSInodesFree: 1m30s
# nodeFSAvailable: 1m30s
# nodeFSInodesFree: 1m30s
# evictionMinimumReclaim:
# memoryAvailable: 0Mi
# imageFSAvailable: 0Mi
# imageFSInodesFree: 0Mi
# nodeFSAvailable: 0Mi
# nodeFSInodesFree: 0Mi
# featureGates:
# SomeKubernetesFeature: true
# machineImage:
# name: coreos
# version: 2023.5.0
# labels:
# key: value
# annotations:
# key: value
# taints: # See also https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
# - key: foo
# value: bar
# effect: NoSchedule
kubernetes:
# clusterAutoscaler:
# scaleDownUtilizationThreshold: 0.5
# scaleDownUnneededTime: 30m
# scaleDownDelayAfterAdd: 60m
# scaleDownDelayAfterFailure: 10m
# scaleDownDelayAfterDelete: 10s
# scanInterval: 10s
version: 1.17.0 # specify "major.minor" to get latest patch version
allowPrivilegedContainers: true # 'true' means that all authenticated users can use the "gardener.privileged" PodSecurityPolicy, allowing full unrestricted access to Pod features.
# kubeAPIServer:
# admissionPlugins:
# - name: PodNodeSelector
# config:
# podNodeSelectorPluginConfig:
# clusterDefaultNodeSelector: <node-selectors-labels>
# namespace1: <node-selectors-labels>
# namespace2: <node-selectors-labels>
# auditConfig:
# auditPolicy:
# configMapRef:
# name: auditpolicy
# enableBasicAuthentication: true
# featureGates:
# SomeKubernetesFeature: true
# oidcConfig:
# caBundle: |
# -----BEGIN CERTIFICATE-----
# Li4u
# -----END CERTIFICATE-----
# clientID: client-id
# groupsClaim: groups-claim
# groupsPrefix: groups-prefix
# issuerURL: https://identity.example.com
# usernameClaim: username-claim
# usernamePrefix: username-prefix
# signingAlgs: [RS256,some-other-algorithm]
#-#-# only usable with Kubernetes >= 1.11
# requiredClaims:
# key: value
# runtimeConfig:
# scheduling.k8s.io/v1alpha1: true
#-#-# requires TokenRequest feature gate
#-#-# See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# serviceAccountConfig:
# issuer: "https://johndoe-azure.garden-dev.example.com"
# signingKeySecretName: "service-account-signing-key"
# apiAudiences: ["some", "audiences"]
# cloudControllerManager:
# featureGates:
# SomeKubernetesFeature: true
# kubeControllerManager:
# featureGates:
# SomeKubernetesFeature: true
# The NodeCIRDMaskSize field is immutable due to https://github.com/kubernetes/kubernetes/issues/70957
# nodeCIDRMaskSize: 24
# horizontalPodAutoscaler:
# syncPeriod: 30s
# tolerance: 0.1
#-#-# only usable with Kubernetes < 1.12
# downscaleDelay: 15m0s
# upscaleDelay: 1m0s
#-#-# only usable with Kubernetes >= 1.12
# downscaleStabilization: 5m0s
# initialReadinessDelay: 30s
# cpuInitializationPeriod: 5m0s
# kubeScheduler:
# featureGates:
# SomeKubernetesFeature: true
# kubeProxy:
# featureGates:
# SomeKubernetesFeature: true
# mode: IPVS
# kubelet:
# cpuCFSQuota: true
# cpuManagerPolicy: none
# podPidsLimit: 10
# featureGates:
# SomeKubernetesFeature: true
dns:
domain: johndoe-azure.garden-dev.example.com # if not specified then Gardener will try to use the default domain for this shoot
# provider: aws-route53 # only relevant if a custom domain is used for this shoot
# secretName: my-dns-secret # only relevant if a custom domain is used for this shoot
# includeZones: [] # only relevant if a custom domain is used for this shoot
# excludeZones: [] # only relevant if a custom domain is used for this shoot
# hibernation:
# enabled: false
# schedules:
# - start: "0 20 * * *" # Start hibernation every day at 8PM
# end: "0 6 * * *" # Stop hibernation every day at 6AM
# location: "America/Los_Angeles" # Specify a location for the cron to run in
maintenance:
timeWindow:
begin: 220000+0100
end: 230000+0100
autoUpdate:
kubernetesVersion: true
machineImageVersion: true
monitoring:
alerting:
emailReceivers:
- john.doe@example.com
addons:
nginx-ingress:
enabled: false
loadBalancerSourceRanges: []
# externalTrafficPolicy: Cluster
# config:
# enable-access-log-for-default-backend: "false"
kubernetes-dashboard:
enabled: true
# authenticationMode: basic # allowed values: basic,token
# Heapster addon is deprecated and no longer supported. Gardener deploys the Kubernetes metrics-server
# into the kube-system namespace of shoots (cannot be turned off) for fetching metrics and enabling
# horizontal pod auto-scaling.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. Please do not use this field anymore.
heapster:
enabled: false
# cluster-autoscaler addon is automatically enabled if at least one of the configured
# worker pools (see above) uses max>min. You do not need to enable it separately anymore. Any value
# you put here has no effect. This field will be removed in the future. Please do not use it anymore.
cluster-autoscaler:
enabled: true
# kube-lego addon is deprecated and no longer supported.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. You should deploy kube-lego on your own instead of enabling it here.
# Please do not use this field anymore.
kube-lego:
enabled: false
email: john.doe@example.com
# Monocular addon is deprecated and no longer supported.
# This field will be removed in the future and is only kept for API compatibility reasons. It is not
# evaluated or respected at all. You should deploy Monocular on your own instead of enabling it here.
# Please do not use this field anymore.
monocular:
enabled: false
You can’t perform that action at this time.