Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-14 02:14:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
05f94b4c46
constellation/internal/helm/values.go

239 lines
7.0 KiB
Go
Raw Normal View History

add license headers sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w .
2022-09-05 03:06:08 -04:00
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
package helm
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
import "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
cli: add doc comments for helm
2023-03-03 06:43:33 -05:00
// Values for the Cilium Helm releases for AWS.
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
var ciliumVals = map[string]map[string]any{
cloudprovider.AWS.String(): {
"endpointRoutes": map[string]any{
"enabled": true,
},
cilium: also encryption control-planes When enabling node-to-node encryption, Cilium does not encrypt control-plane to control-plane traffic by default since they say that they cannot gurantee that the generated private key for a node is persisted across reboots. In Constellation we use stateful VMs which when rebooted still have the cilium_wg0 interface containing the private key. Therefore, we can enable this type of encryption.
2023-10-25 07:54:32 -04:00
"extraArgs": []string{"--node-encryption-opt-out-labels=invalid.label"},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"encryption": map[string]any{
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"enabled": true,
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
cilium: don't allow remote node identities The Cilium strict mode has a special mode which loosens the security a slight bit. For compatability this mode is enabled by default. But we don't need it for strict node-to-node encryption. Therefore, we disable it.
2023-10-25 18:33:48 -04:00
"enabled": true,
"allowRemoteNodeIdentities": false,
"podCIDRList": []string{"10.244.0.0/16"},
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
},
"l7Proxy": false,
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
cilium: AWS support
2022-10-21 08:41:31 -04:00
},
},
"image": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"digest": "sha256:eebf631fd0f27e1f28f1fdeb2e049f2c83b887381466245c4b3e26440daefa27",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
cilium: AWS support
2022-10-21 08:41:31 -04:00
},
Replace interface{} -> any (#370)
2022-10-25 09:51:23 -04:00
"operator": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"genericDigest": "sha256:bfaeac2e05e8c38f439b0fbc36558fd8d11602997f2641423e8d86bd7ac6a88c",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
},
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
cloudprovider.Azure.String(): {
"endpointRoutes": map[string]any{
"enabled": true,
},
cilium: also encryption control-planes When enabling node-to-node encryption, Cilium does not encrypt control-plane to control-plane traffic by default since they say that they cannot gurantee that the generated private key for a node is persisted across reboots. In Constellation we use stateful VMs which when rebooted still have the cilium_wg0 interface containing the private key. Therefore, we can enable this type of encryption.
2023-10-25 07:54:32 -04:00
"extraArgs": []string{"--node-encryption-opt-out-labels=invalid.label"},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"encryption": map[string]any{
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"enabled": true,
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
cilium: don't allow remote node identities The Cilium strict mode has a special mode which loosens the security a slight bit. For compatability this mode is enabled by default. But we don't need it for strict node-to-node encryption. Therefore, we disable it.
2023-10-25 18:33:48 -04:00
"enabled": true,
"allowRemoteNodeIdentities": false,
"podCIDRList": []string{"10.244.0.0/16"},
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
},
"l7Proxy": false,
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
},
},
Replace interface{} -> any (#370)
2022-10-25 09:51:23 -04:00
"image": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"digest": "sha256:eebf631fd0f27e1f28f1fdeb2e049f2c83b887381466245c4b3e26440daefa27",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
},
"operator": map[string]any{
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"genericDigest": "sha256:bfaeac2e05e8c38f439b0fbc36558fd8d11602997f2641423e8d86bd7ac6a88c",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
},
},
"egressMasqueradeInterfaces": "eth0",
"enableIPv4Masquerade": true,
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
},
cloudprovider.GCP.String(): {
"endpointRoutes": map[string]any{
"enabled": true,
},
cilium: also encryption control-planes When enabling node-to-node encryption, Cilium does not encrypt control-plane to control-plane traffic by default since they say that they cannot gurantee that the generated private key for a node is persisted across reboots. In Constellation we use stateful VMs which when rebooted still have the cilium_wg0 interface containing the private key. Therefore, we can enable this type of encryption.
2023-10-25 07:54:32 -04:00
"extraArgs": []string{"--node-encryption-opt-out-labels=invalid.label"},
"tunnel": "disabled",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"encryption": map[string]any{
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"enabled": true,
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
cilium: don't allow remote node identities The Cilium strict mode has a special mode which loosens the security a slight bit. For compatability this mode is enabled by default. But we don't need it for strict node-to-node encryption. Therefore, we disable it.
2023-10-25 18:33:48 -04:00
"enabled": true,
"allowRemoteNodeIdentities": false,
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
},
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
},
Replace interface{} -> any (#370)
2022-10-25 09:51:23 -04:00
"image": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"digest": "sha256:eebf631fd0f27e1f28f1fdeb2e049f2c83b887381466245c4b3e26440daefa27",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
},
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
"operator": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"genericDigest": "sha256:bfaeac2e05e8c38f439b0fbc36558fd8d11602997f2641423e8d86bd7ac6a88c",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
},
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"l7Proxy": false,
"ipam": map[string]any{
"mode": "kubernetes",
},
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
cloudprovider.OpenStack.String(): {
"endpointRoutes": map[string]any{
"enabled": true,
},
cilium: also encryption control-planes When enabling node-to-node encryption, Cilium does not encrypt control-plane to control-plane traffic by default since they say that they cannot gurantee that the generated private key for a node is persisted across reboots. In Constellation we use stateful VMs which when rebooted still have the cilium_wg0 interface containing the private key. Therefore, we can enable this type of encryption.
2023-10-25 07:54:32 -04:00
"extraArgs": []string{"--node-encryption-opt-out-labels=invalid.label"},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"encryption": map[string]any{
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"enabled": true,
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
cilium: use strict cidrs from state file For the strict modes we need to dynamically use the CIDR used in the Terraform files. Therefore, we write them to our statefile and use them when installing Cilium.
2023-10-23 09:59:19 -04:00
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
},
"l7Proxy": false,
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
},
},
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
"image": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"digest": "sha256:eebf631fd0f27e1f28f1fdeb2e049f2c83b887381466245c4b3e26440daefa27",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"operator": map[string]any{
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"genericDigest": "sha256:bfaeac2e05e8c38f439b0fbc36558fd8d11602997f2641423e8d86bd7ac6a88c",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
},
},
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
helm: add OpenStack charts
2023-03-17 04:52:23 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
cloudprovider.QEMU.String(): {
"endpointRoutes": map[string]any{
"enabled": true,
},
"encryption": map[string]any{
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"enabled": true,
"type": "wireguard",
"nodeEncryption": true,
"strictMode": map[string]any{
cilium: use strict cidrs from state file For the strict modes we need to dynamically use the CIDR used in the Terraform files. Therefore, we write them to our statefile and use them when installing Cilium.
2023-10-23 09:59:19 -04:00
"enabled": true,
"podCIDRList": []string{"10.244.0.0/16"},
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
},
Replace interface{} -> any (#370)
2022-10-25 09:51:23 -04:00
"image": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"repository": "ghcr.io/3u13r/cilium",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"digest": "sha256:eebf631fd0f27e1f28f1fdeb2e049f2c83b887381466245c4b3e26440daefa27",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
fix qemu initialization
2022-09-02 14:19:20 -04:00
},
metadata: move subnetCIDR to InstanceMetadata
2022-10-24 18:49:58 -04:00
"operator": map[string]any{
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"image": map[string]any{
"repository": "ghcr.io/3u13r/operator",
"suffix": "",
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork.
2023-10-16 13:14:53 -04:00
"tag": "v1.15.0-pre.2-edg.1",
"genericDigest": "sha256:bfaeac2e05e8c38f439b0fbc36558fd8d11602997f2641423e8d86bd7ac6a88c",
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"useDigest": true,
},
},
"ipam": map[string]any{
"operator": map[string]any{
"clusterPoolIPv4PodCIDRList": []string{
"10.244.0.0/16",
},
metadata: move subnetCIDR to InstanceMetadata
2022-10-24 18:49:58 -04:00
},
},
Move CSI charts to separate chart and cleanup loader code Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-26 04:13:28 -04:00
"kubeProxyReplacement": "strict",
"enableCiliumEndpointSlice": true,
"kubeProxyReplacementHealthzBindAddr": "0.0.0.0:10256",
"l7Proxy": false,
metadata: move subnetCIDR to InstanceMetadata
2022-10-24 18:49:58 -04:00
},
deploy cilium via helmchart (#321)
2022-08-12 04:20:19 -04:00
}
Move control-plane tolerations var Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-20 03:33:45 -04:00
aws: use new LB controller to fix SecurityGroup cleanup on K8s service deletion (#2090) * add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
2023-07-24 04:30:53 -04:00
var controlPlaneNodeSelector = map[string]any{"node-role.kubernetes.io/control-plane": ""}
Move control-plane tolerations var Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-20 03:33:45 -04:00
var controlPlaneTolerations = []map[string]any{
{
"key": "node-role.kubernetes.io/control-plane",
"effect": "NoSchedule",
"operator": "Exists",
},
{
"key": "node-role.kubernetes.io/master",
"effect": "NoSchedule",
"operator": "Exists",
},
}
Reference in New Issue Copy Permalink