-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathignition.example.toml
More file actions
67 lines (55 loc) · 2.12 KB
/
ignition.example.toml
File metadata and controls
67 lines (55 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
data-dir = "./data"
[api]
host = "127.0.0.1"
port = 5100
jwt-secret = "dGVtcF9qd3Rfc2VjcmV0" # base64 "temp_jwt_secret"
[registry]
service = "<your registry public host>"
registry-robot-hmac-secret = "EHlRu-ZUj_N3qGCeOkb8IcNjMJlAoCPNBITfy7CsYhc" # generated with `cargo run --bin generate-hmac-secret-tool -- "temp hmac secret"`
registry-token-key-path = "./registry-stack/certs/token-signing.key"
registry-token-cert-path = "./registry-stack/certs/token-root.pem"
[net]
# check docs/net.md for more info on how to configure the network
bridge-name = "ltbr0"
vm-ip-cidr = "10.0.0.0/16"
service-ip-cidr = "10.1.0.0/16"
[proxy]
external-bind-address = "<your public ip>" # TODO: autodiscover
# check docs/cert.md for more info on how to generate certs
default-tls-cert-path = "./certs/server.cert"
default-tls-key-path = "./certs/server.key"
# TCP port range for dynamic allocation (optional)
# When specified, TCP services will automatically get ports allocated from this range
# HTTP/HTTPS/TLS services cannot use ports in this range
# Format: [start_port, end_port]
tcp-port-range = [35000, 40000]
[machine]
kernel-path = "../linux/vmlinux"
initrd-path = "./target/takeoff.cpio"
# any additional kernel cmdline arguments
# append-cmd-line = ""
[dns]
zone-suffix = "lttle.local"
default-ttl = 300
# Upstream DNS servers for resolving external domains (optional)
# If not specified, external DNS resolution will not work
upstream-dns-servers = ["8.8.8.8:53", "8.8.4.4:53"]
# The root domain for the region (e.g., "my-region.my-cloud.com")
region-root-domain = "my-region.my-cloud.com"
[logs]
otel-ingest-endpoint = "http://host.lttle.local:3100/otlp/v1/logs" # TODO: for now this needs to be resolvable from takeoff
[logs.store]
type = "loki"
url = "http://localhost:3100"
# [openai]
# api-key = "sk-proj-..."
# default-model = "gpt-4o"
# [build]
# ca-cert-path = "./build-stack/certs/ca.pem"
# ca-key-path = "./build-stack/certs/ca.key"
# pool = ["builder.lttle.local"]
[[cert-provider]]
name = "letsencrypt-staging"
acme-base-url = "https://acme-staging-v02.api.letsencrypt.org/directory"
default-email = "ssl-notifications@example.com"
environment = "staging"