apiVersion: k0sctl.k0sproject.io/v1beta1
kind: Cluster
metadata:
  name: k0s-cluster
  user: admin
spec:
  hosts:
  - ssh:
      address: k1.lab.smig.tech
      user: smig
      port: 22
      keyPath: ~/.ssh/id_ed25519
    role: controller
  - ssh:
      address: k2.lab.smig.tech
      user: smig
      port: 22
      keyPath: ~/.ssh/id_ed25519
    role: worker
  - ssh:
      address: k3.lab.smig.tech
      user: smig
      port: 22
      keyPath: ~/.ssh/id_ed25519
    role: worker
  - ssh:
      address: k4.lab.smig.tech
      user: smig
      port: 22
      keyPath: ~/.ssh/id_ed25519
    role: worker
  k0s:
    config:
      apiVersion: k0s.k0sproject.io/v1beta1
      kind: Cluster
      metadata:
        name: k0s
      spec:
        api:
          k0sApiPort: 9443
          port: 6443
        installConfig:
          users:
            etcdUser: etcd
            kineUser: kube-apiserver
            konnectivityUser: konnectivity-server
            kubeAPIserverUser: kube-apiserver
            kubeSchedulerUser: kube-scheduler
        konnectivity:
          adminPort: 8133
          agentPort: 8132
        network:
          kubeProxy:
            disabled: true
            # mode: iptables
          kuberouter:
            autoMTU: true
            mtu: 0
            peerRouterASNs: ""
            peerRouterIPs: ""
          podCIDR: 10.244.0.0/16
          provider: custom
          serviceCIDR: 10.96.0.0/12
        podSecurityPolicy:
          defaultPolicy: 00-k0s-privileged
        storage:
          type: etcd
        telemetry:
          enabled: false
        extensions:
          helm:
            repositories:
              - name: cilium
                url: https://helm.cilium.io/
              - name: cert-manager
                url: https://charts.jetstack.io
            charts:
              - name: cert-manager
                chartName: cert-manager/cert-manager
                version: "v1.17.2"
                namespace: cert-manager
                values: |
                  crds:
                    enabled: true
              - name: cilium
                chartName: cilium/cilium
                namespace: kube-system
                version: "1.18.0-pre.3"
                values: |
                  cluster:
                    name: k0s-cluster
                  envoy:
                    enabled: true
                    image:
                      digest: sha256:e265e4b2e10eaa19c4a5a305086f81bbe0f9f5f41fff60ab0ec6effdb21e2a79
                      repository: git.thecodedom.com/smig/cilium-envoy
                      tag: latest
                  k8sServiceHost: k1.lab.smig.tech
                  k8sServicePort: 6443
                  kubeProxyReplacement: true
                  operator:
                    replicas: 1
                  routingMode: tunnel
                  tunnelProtocol: vxlan
                  nodeIPAM:
                    enabled: true
                  defaultLBServiceIPAM: nodeipam
                  gatewayAPI:
                    enabled: true
                  ingressController:
                    enabled: true
                    service:
                      externalTrafficPolicy: Cluster
  options:
    wait:
      enabled: true
    drain:
      enabled: true
      gracePeriod: 2m0s
      timeout: 5m0s
      force: true
      ignoreDaemonSets: true
      deleteEmptyDirData: true
      podSelector: ""
      skipWaitForDeleteTimeout: 0s
    concurrency:
      limit: 30
      workerDisruptionPercent: 10
      uploads: 5
    evictTaint:
      enabled: false
      taint: k0sctl.k0sproject.io/evict=true
      effect: NoExecute
      controllerWorkers: false