Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
2529323910
constellation/docs/versioned_docs/version-1.5/reference/config.md
Fabian Kammel 106635a9ee
Restructure config docs (#44) 
* more guided UX when generating and filling in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 17:11:06 +02:00

4.5 KiB
Raw Blame History

Configuration file

Constellation CLI reads all configuration options from constellation-conf.yaml.

The Constellation CLI can generate a default configuration file. This should be the preferred way, so that the configuration matches the used CLI version.

A sample configuration for a Constellation cluster on Azure looks like this:

version: v1 # Schema version of this configuration file.
autoscalingNodeGroupMin: 1 # Minimum number of worker nodes in autoscaling group.
autoscalingNodeGroupMax: 10 # Maximum number of worker nodes in autoscaling group.
stateDiskSizeGB: 30 # Size (in GB) of a node's disk to store the non-volatile state.
# Ingress firewall rules for node network.
ingressFirewall:
    - name: bootstrapper # Name of rule.
      description: bootstrapper default port # Description for rule.
      protocol: tcp # Protocol, such as 'udp' or 'tcp'.
      iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
      fromport: 9000 # Start port of a range.
      toport: 0 # End port of a range, or 0 if a single port is given by fromport.
    - name: ssh # Name of rule.
      description: SSH # Description for rule.
      protocol: tcp # Protocol, such as 'udp' or 'tcp'.
      iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
      fromport: 22 # Start port of a range.
      toport: 0 # End port of a range, or 0 if a single port is given by fromport.
    - name: nodeport # Name of rule.
      description: NodePort # Description for rule.
      protocol: tcp # Protocol, such as 'udp' or 'tcp'.
      iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
      fromport: 30000 # Start port of a range.
      toport: 32767 # End port of a range, or 0 if a single port is given by fromport.
    - name: kubernetes # Name of rule.
      description: Kubernetes # Description for rule.
      protocol: tcp # Protocol, such as 'udp' or 'tcp'.
      iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
      fromport: 6443 # Start port of a range.
      toport: 0 # End port of a range, or 0 if a single port is given by fromport.
# Supported cloud providers and their specific configurations.
provider:
    # Configuration for Azure as provider.
    azure:
        subscription: "" # Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
        tenant: "" # Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
        location: "" # Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
        image: /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos/versions/0.0.1659453699 # Machine image used to create Constellation nodes.
        stateDiskType: StandardSSD_LRS # Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
        # Expected confidential VM measurements.
        measurements:
            11: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
            12: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
        userAssignedIdentity: "" # Authorize spawned VMs to access Azure API.
kubernetesVersion: "1.24" # Kubernetes version installed in the cluster.

# # Egress firewall rules for node network.
# egressFirewall:
#     - name: rule#1 # Name of rule.
#       description: the first rule # Description for rule.
#       protocol: tcp # Protocol, such as 'udp' or 'tcp'.
#       iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
#       fromport: 443 # Start port of a range.
#       toport: 443 # End port of a range, or 0 if a single port is given by fromport.

# # Create SSH users on Constellation nodes.
# sshUsers:
#     - username: Alice # Username of new SSH user.
#       publicKey: ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com # Public key of new SSH user.

Required customizations

Most options of a generated configuration can be kept at their default values. However, you must edit some cloud provider options.

Azure

Set the subscription and tenant IDs of your subscription.

Set the userAssignedIdentity that you created for Constellation.

GCP

Set the project that you want to use for your Constellation cluster.