-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdevice-configs.yaml
More file actions
225 lines (216 loc) · 5.23 KB
/
device-configs.yaml
File metadata and controls
225 lines (216 loc) · 5.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
# Device configuration files for the Cisco Virtual Kubelet (local / dev use).
#
# These files describe the DEVICE only. Runtime settings (node name, kubeconfig,
# log level) are supplied via CLI flags or environment variables:
#
# --nodename / VKUBELET_NODE_NAME Kubernetes node name
# (default: cisco-vk-<device-address>)
# --config / -c Path to this file
# (default: /etc/virtual-kubelet/config.yaml)
# --kubeconfig / KUBECONFIG Path to kubeconfig
# --log-level / LOG_LEVEL debug | info | warn | error
#
# Credentials:
# device.password may be inlined for local development. In production use
# VK_DEVICE_PASSWORD env var (takes precedence) or, in controller mode,
# spec.credentialSecretRef on the CiscoDevice CR (see ciscodevice-cr.yaml).
#
# Driver-specific networking lives under the driver key (e.g. "xe:").
---
# Example 1: VirtualPortGroup with DHCP
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
# password: injected via VK_DEVICE_PASSWORD env var
tls:
enabled: true
insecureSkipVerify: true
xe:
networking:
interface:
type: VirtualPortGroup
virtualPortGroup:
dhcp: true
interface: "0"
guestInterface: 0
---
# Example 2: VirtualPortGroup with static IP from podCIDR
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
podCIDR: "10.0.0.0/24"
xe:
networking:
interface:
type: VirtualPortGroup
virtualPortGroup:
dhcp: false
interface: "0"
guestInterface: 0
---
# Example 3: AppGigabitEthernet access with DHCP (Catalyst 9000 front-panel)
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
xe:
networking:
interface:
type: AppGigabitEthernet
appGigabitEthernet:
mode: access
dhcp: true
guestInterface: 0
---
# Example 4: AppGigabitEthernet trunk with static IP on a tagged VLAN
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
podCIDR: "10.0.0.0/24"
xe:
networking:
interface:
type: AppGigabitEthernet
appGigabitEthernet:
mode: trunk
vlanIf:
dhcp: false
vlan: 200
guestInterface: 0
---
# Example 5: AppGigabitEthernet trunk with DHCP on a tagged VLAN
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
xe:
networking:
interface:
type: AppGigabitEthernet
appGigabitEthernet:
mode: trunk
vlanIf:
dhcp: true
vlan: 200
guestInterface: 0
---
# Example 6: Management interface with DHCP
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
xe:
networking:
interface:
type: Management
management:
dhcp: true
guestInterface: 0
---
# Example 7: Management interface with static IP from podCIDR
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
podCIDR: "10.0.0.0/24"
xe:
networking:
interface:
type: Management
management:
dhcp: false
guestInterface: 0
---
# Example 8: With resource limits and node topology
# Sets defaults/maximums advertised as node capacity; labels and taints
# are applied to the virtual node for scheduling control.
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
region: "edge-east"
zone: "edge-east-1"
labels:
environment: production
hw.type: catalyst-9000
taints:
- key: workload
value: edge
effect: NoSchedule
maxPods: 16
resourceLimits:
defaultCPU: "500m"
defaultMemory: "512Mi"
defaultStorage: "500Mi"
maxCPU: "2000m"
maxMemory: "4Gi"
maxStorage: "2Gi"
xe:
networking:
interface:
type: VirtualPortGroup
virtualPortGroup:
dhcp: true
interface: "0"
guestInterface: 0
---
# Example 9: With OpenTelemetry topology export and allowUnsignedApps
# The OTEL exporter sends topology traces (CDP/OSPF neighbors, hosted apps)
# to an OTLP gRPC collector on the configured interval. Enabling
# allowUnsignedApps bypasses the pkg-policy-invalid guard during installs;
# use only when the device is not enforcing signed-verification.
device:
driver: XE
address: "192.168.1.100"
port: 443
username: admin
tls:
enabled: true
insecureSkipVerify: true
allowUnsignedApps: true
otel:
enabled: true
endpoint: "otel-collector.observability.svc:4317"
insecure: true
serviceName: "cisco-network"
intervalSecs: 60
xe:
networking:
interface:
type: VirtualPortGroup
virtualPortGroup:
dhcp: true
interface: "0"
guestInterface: 0