# /etc/ananke/ananke.yaml
kubeconfig: /etc/ananke/kubeconfig
ssh_user: atlas
ssh_port: 2277
ssh_config_file: ""
ssh_identity_file: /home/atlas/.ssh/id_ed25519
ssh_node_hosts: {}
ssh_node_users: {}
ssh_managed_nodes: []
ssh_jump_host: ""
ssh_jump_user: ""
iac_repo_path: /opt/titan-iac
expected_flux_branch: main
expected_flux_source_url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git
control_planes:
  - titan-0a
  - titan-0b
  - titan-0c
workers: []
local_bootstrap_paths:
  - infrastructure/core
  - clusters/atlas/flux-system
  - infrastructure/sources/helm
  - infrastructure/metallb
  - infrastructure/traefik
  - infrastructure/cert-manager
  - infrastructure/vault-csi
  - infrastructure/vault-injector
  - services/vault
  - infrastructure/postgres
  - services/gitea
  - services/keycloak
  - services/oauth2-proxy
excluded_namespaces:
  - kube-system
  - kube-public
  - kube-node-lease
  - flux-system
  - traefik
  - metallb-system
  - cert-manager
  - longhorn-system
  - vault
  - postgres
  - maintenance
startup:
  api_wait_seconds: 1200
  api_poll_seconds: 2
  shutdown_cooldown_seconds: 45
  minimum_battery_percent: 20
  required_node_labels:
    titan-09:
      ananke.bstein.dev/harbor-bootstrap: "true"
  require_time_sync: true
  time_sync_wait_seconds: 240
  time_sync_poll_seconds: 5
  time_sync_mode: quorum
  time_sync_quorum: 2
  reconcile_access_on_boot: true
  auto_etcd_restore_on_api_failure: true
  etcd_restore_control_plane: titan-0a
  require_storage_ready: true
  storage_ready_wait_seconds: 420
  storage_ready_poll_seconds: 5
  storage_min_ready_nodes: 2
  storage_critical_pvcs:
    - vault/data-vault-0
    - postgres/postgres-data-postgres-0
    - gitea/gitea-data
    - sso/keycloak-data
  require_post_start_probes: true
  post_start_probe_wait_seconds: 240
  post_start_probe_poll_seconds: 5
  post_start_probes:
    - https://scm.bstein.dev/api/healthz
    - https://metrics.bstein.dev/api/health
  require_service_checklist: true
  service_checklist_wait_seconds: 420
  service_checklist_poll_seconds: 5
  service_checklist_stability_seconds: 120
  service_checklist:
    - name: gitea-api
      url: https://scm.bstein.dev/api/healthz
      accepted_statuses: [200]
      body_contains: pass
      timeout_seconds: 12
    - name: grafana-api
      url: https://metrics.bstein.dev/api/health
      accepted_statuses: [200]
      body_contains: '"database":"ok"'
      timeout_seconds: 12
    - name: keycloak-oidc
      url: https://sso.bstein.dev/realms/atlas/.well-known/openid-configuration
      accepted_statuses: [200]
      body_contains: '"issuer":"https://sso.bstein.dev/realms/atlas"'
      timeout_seconds: 12
    - name: harbor-registry
      url: https://registry.bstein.dev/v2/
      accepted_statuses: [401]
      body_contains: unauthorized
      timeout_seconds: 12
    - name: longhorn-auth
      url: https://longhorn.bstein.dev/
      accepted_statuses: [200, 302]
      timeout_seconds: 12
  require_flux_health: true
  flux_health_wait_seconds: 900
  flux_health_poll_seconds: 5
  ignore_flux_kustomizations: []
  require_workload_convergence: true
  workload_convergence_wait_seconds: 900
  workload_convergence_poll_seconds: 5
  ignore_workload_namespaces: []
  ignore_workloads: []
  ignore_unavailable_nodes: []
  auto_recycle_stuck_pods: true
  stuck_pod_grace_seconds: 180
  vault_unseal_key_file: /var/lib/ananke/vault-unseal.key
  vault_unseal_breakglass_command: ""
  vault_unseal_breakglass_timeout_seconds: 15
shutdown:
  default_budget_seconds: 1380
  history_min_samples: 3
  emergency_budget_seconds: 420
  emergency_history_min_samples: 3
  emergency_skip_etcd_snapshot: true
  emergency_skip_drain: true
  skip_etcd_snapshot: false
  skip_drain: false
  drain_parallelism: 6
  scale_parallelism: 8
  ssh_parallelism: 8
  poweroff_enabled: false
  poweroff_delay_seconds: 25
  poweroff_local_host: false
  extra_poweroff_hosts: []
ups:
  enabled: true
  provider: nut
  target: pyrphoros@localhost
  targets:
    - name: Pyrphoros
      target: pyrphoros@localhost
  poll_seconds: 5
  runtime_safety_factor: 1.25
  debounce_count: 3
  telemetry_timeout_seconds: 90
coordination:
  forward_shutdown_host: ""
  forward_shutdown_user: atlas
  forward_shutdown_config: /etc/ananke/ananke.yaml
  peer_hosts: []
  fallback_local_shutdown: true
  command_timeout_seconds: 25
  startup_guard_max_age_seconds: 900
  role: coordinator
  allow_startup_on_battery: false
metrics:
  enabled: true
  bind_addr: 0.0.0.0:9560
  path: /metrics
state:
  dir: /var/lib/ananke
  run_history_path: /var/lib/ananke/runs.json
  lock_path: /var/lib/ananke/ananke.lock
  intent_path: /var/lib/ananke/intent.json