The 23KE config secret
Via the 23ke-config secret, some basic parameters for the resulting Gardener installation are configured. In particular, values which should be kept secret such as dnsprovider credentials are set in 23k-config.
As the 23ke-config secret serves as input values for the pre-gardener-configuration and gardener-configuration helm charts (see architecture), the secret is defined as
apiVersion: v1
kind: Secret
metadata:
name: 23ke-config
namespace: flux-system
type: Opaque
stringData:
values.yaml: |
...
and the configuration needs to be inserted below stringData.values.yaml. The configuration options are listed and explained below.
| Field | Subfield | Subfield | Description |
|---|---|---|---|
clusterIdentity string | a unique identifier for your garden cluster | ||
dashboard | |||
clientSecret string | client secret e.g. some value obtained by openssl rand -hex 20 | ||
sessionSecret string | session secret e.g. some value obtained by openssl rand -hex 20 | ||
kubeApiServer | |||
basicAuthPassword string | basic auth password for kubeapiserver e.g. openssl rand -hex 20 | ||
issuer | |||
acme | |||
email string | Email address used for certificate handlin | ||
server string | acme server, letsencryp production by default | ||
ca | ca of the acme server, not needed when using letsencrypt production | ||
domains | |||
global | global means used for ingress, gardener defaultDomain and internalDomain | ||
domain string | domain for your gardener installation, e.g. the dashboard will appear under dashboard.domain | ||
provider string | DNS provider for your installation, e.g. azure-dns, aws-route53, openstack-designate etc. | ||
credentials dnscredentials | DNS provider credential, see examples | ||
registryOverwrite | See Guide Use different container registry |