-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcoreos_bootstrap.yml
50 lines (46 loc) · 1.74 KB
/
coreos_bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# This config is meant to be consumed by the config transpiler, which will
# generate the corresponding Ignition config. Do not pass this config directly
# to instances of Container Linux.
etcd:
# All options get passed as command line flags to etcd.
# Any information inside curly braces comes from the machine at boot time.
# multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
advertise_client_urls: "http://{PRIVATE_IPV4}:2379"
initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
# listen on both the official ports and the legacy ports
# legacy ports can be omitted if your application doesn't depend on them
listen_client_urls: "http://0.0.0.0:2379"
listen_peer_urls: "http://{PRIVATE_IPV4}:2380"
# generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
# specify the initial size of your cluster with ?size=X
discovery: "DISCOVERY"
passwd:
# Ensure all machines have a core user which can be accessed via the main key
users:
- name: core
ssh_authorized_keys:
- "SSH_TOKEN"
locksmith:
# Use a lock to reboot machines and only allow a max of 1 to reboot simultaneously
reboot_strategy: etcd-lock
systemd:
units:
- name: docker.service
command: start
enable: true
# TODO: replace this with a config that is TLS protected and listens on port 2376
- name: docker-tcp.socket
enable: true
contents: |
[Unit]
Description=Docker socket for the API
[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target
docker:
flags:
- --experimental=true
- --metrics-addr 0.0.0.0:9323