constellation/docs/versioned_docs/version-1.5/reference/config.md
2022-09-02 11:52:42 +02:00

84 lines
4.6 KiB
Markdown

# Configuration file
Constellation CLI reads all configuration options from `constellation-conf.yaml`.
> The Constellation CLI can generate a default configuration file. This should be the preferred way, so that the configuration matches the used CLI version.
A sample configuration for a Constellation cluster on Azure looks like this:
```yaml
version: v1 # Schema version of this configuration file.
autoscalingNodeGroupMin: 1 # Minimum number of worker nodes in autoscaling group.
autoscalingNodeGroupMax: 10 # Maximum number of worker nodes in autoscaling group.
stateDiskSizeGB: 30 # Size (in GB) of a node's disk to store the non-volatile state.
# Ingress firewall rules for node network.
ingressFirewall:
- name: bootstrapper # Name of rule.
description: bootstrapper default port # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 9000 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
- name: ssh # Name of rule.
description: SSH # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 22 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
- name: nodeport # Name of rule.
description: NodePort # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 30000 # Start port of a range.
toport: 32767 # End port of a range, or 0 if a single port is given by fromport.
- name: kubernetes # Name of rule.
description: Kubernetes # Description for rule.
protocol: tcp # Protocol, such as 'udp' or 'tcp'.
iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
fromport: 6443 # Start port of a range.
toport: 0 # End port of a range, or 0 if a single port is given by fromport.
# Supported cloud providers and their specific configurations.
provider:
# Configuration for Azure as provider.
azure:
subscription: "" # Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
tenant: "" # Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
location: "" # Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
image: /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos/versions/0.0.1659453699 # Machine image used to create Constellation nodes.
stateDiskType: StandardSSD_LRS # Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
# Expected confidential VM measurements.
measurements:
11: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
12: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
userAssignedIdentity: "" # Authorize spawned VMs to access Azure API. See: https://docs.edgeless.systems/constellation/getting-started/install#authorization
kubernetesVersion: "1.24" # Kubernetes version installed in the cluster.
# # Egress firewall rules for node network.
# egressFirewall:
# - name: rule#1 # Name of rule.
# description: the first rule # Description for rule.
# protocol: tcp # Protocol, such as 'udp' or 'tcp'.
# iprange: 0.0.0.0/0 # CIDR range for which this rule is applied.
# fromport: 443 # Start port of a range.
# toport: 443 # End port of a range, or 0 if a single port is given by fromport.
# # Create SSH users on Constellation nodes.
# sshUsers:
# - username: Alice # Username of new SSH user.
# publicKey: ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com # Public key of new SSH user.
```
## Required customizations
Most options of a generated configuration can be kept at their default values. However, you must edit some cloud provider options.
### Azure
Set the `subscription` and `tenant` IDs of your subscription.
Set the `userAssignedIdentity` that you [created for Constellation](../getting-started/install.md#azure).
### GCP
Set the `project` that you want to use for your Constellation cluster.