# KubeSolo OS Cloud-Init — Full Configuration Reference
# Shows ALL supported KubeSolo parameters.
# Place at: /mnt/data/etc-kubesolo/cloud-init.yaml (on data partition)
# Or pass via boot param: kubesolo.cloudinit=/path/to/this.yaml

hostname: kubesolo-edge-01

network:
  mode: dhcp
  # interface: eth0    # Optional: specify interface (auto-detected if omitted)
  # dns:               # Optional: override DHCP-provided DNS
  #   - 8.8.8.8

kubesolo:
  # Enable local-path-provisioner for persistent volumes (default: true)
  local-storage: true

  # Shared path for local-path-provisioner storage
  local-storage-shared-path: "/mnt/shared"

  # Extra SANs for API server TLS certificate
  apiserver-extra-sans:
    - kubesolo-edge-01.local
    - 192.168.1.100

  # Enable verbose debug logging
  debug: false

  # Enable Go pprof profiling server
  pprof-server: false

  # Portainer Edge Agent connection (alternative to portainer.edge-agent section)
  # These generate --portainer-edge-id, --portainer-edge-key, --portainer-edge-async
  # CLI flags for KubeSolo's built-in Edge Agent support.
  portainer-edge-id: "your-edge-id"
  portainer-edge-key: "your-edge-key"
  portainer-edge-async: true

  # KubeSolo v1.1.4+: skip the edge-optimised overrides and use upstream
  # Kubernetes defaults. Useful for CI and high-spec machines. Default off.
  full: false

  # KubeSolo v1.1.5+: disable IPv6 throughout the cluster. Default off.
  disable-ipv6: false

  # KubeSolo v1.1.5+: detect SQLite WAL corruption at startup and recover
  # from unclean shutdowns (e.g. power loss). Recommended ON for edge
  # appliances that may lose power.
  db-wal-repair: true

  # Arbitrary extra flags passed directly to the KubeSolo binary
  # extra-flags: "--disable traefik --disable servicelb"

# Update agent settings (written to /etc/kubesolo/update.conf on first boot).
# Omit any subfield to leave the corresponding default in place.
updates:
  # Update server URL — HTTPS for the JSON+blob protocol, or an OCI registry
  # reference (e.g. ghcr.io/portainer/kubesolo-os) when OCI distribution
  # lands in v0.3.
  server: "https://updates.kubesolo.example.com"

  # Channel to track. "stable" is the default; "beta"/"edge" expose
  # pre-release artifacts. The agent refuses to apply metadata whose
  # channel doesn't match.
  channel: "stable"

  # Maintenance window (local time, HH:MM-HH:MM, wrapping midnight OK).
  # `apply` refuses to run outside this window unless --force is passed.
  # Leave empty (or omit) to allow updates at any time.
  maintenance_window: "03:00-05:00"

  # Path to Ed25519 public key for signature verification. Omit to disable
  # signature verification (NOT recommended for production fleets).
  # pubkey: "/etc/kubesolo/update-pubkey.hex"

  # Optional post-boot healthcheck probe URL. If set, healthcheck GETs it
  # and treats anything other than HTTP 200 as a failure. Useful when your
  # workload exposes its own readiness on a known endpoint.
  # healthcheck_url: "http://localhost:8000/ready"

  # Auto-rollback threshold: after N consecutive post-activation healthcheck
  # failures, the agent triggers a rollback on its own. 0 disables the
  # feature (the bootloader still does GRUB-counter-based rollback after
  # 3 failed boots). Recommended: 3 for production fleets.
  # auto_rollback_after: 3