mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-11 17:04:22 -05:00
40 lines
1.0 KiB
YAML
40 lines
1.0 KiB
YAML
|
|
||
|
|
# Constellation Pod IP range to expose via VPN. The default is for GCP.
|
||
|
|
podCIDR: "10.10.0.0/16"
|
||
|
|
|
||
|
|
# Constellation Service IPs to expose via VPN. The default is for GCP.
|
||
|
|
serviceCIDR: "10.96.0.0/12"
|
||
|
|
|
||
|
|
# on-prem IP ranges to expose to Constellation. Must contain at least one CIDR.
|
||
|
|
peerCIDRs: []
|
||
|
|
|
||
|
|
|
||
|
|
# The sections below configure the VPN connectivity to the Constellation
|
||
|
|
# cluster. Exactly one `enabled` must be set to true.
|
||
|
|
|
||
|
|
# IPSec configuration
|
||
|
|
ipsec:
|
||
|
|
enabled: false
|
||
|
|
# pre-shared key used for authentication
|
||
|
|
psk: ""
|
||
|
|
# Address of the peer's gateway router.
|
||
|
|
peer: ""
|
||
|
|
|
||
|
|
# Wireguard configuration
|
||
|
|
wireguard:
|
||
|
|
enabled: false
|
||
|
|
|
||
|
|
# If Wireguard is enabled, these fields for the Constellation side must be populated.
|
||
|
|
private_key: ""
|
||
|
|
peer_key: ""
|
||
|
|
|
||
|
|
# Listening port of the Constellation Wireguard.
|
||
|
|
port: 51820
|
||
|
|
|
||
|
|
# Optional host:port of the on-prem Wireguard.
|
||
|
|
endpoint: ""
|
||
|
|
|
||
|
|
# Optional interval for keep-alive packets in seconds. Setting this helps the on-prem server to
|
||
|
|
# discover a restarted Constellation VPN frontend.
|
||
|
|
keepAlive: ""
|