A Bootstrap configuration file is a yaml file that acts as the sole source of truth for all the configs (e.g. information related to the primary store used by the Cluster) needed to properly install and initialize a new Octelium Cluster via the octops init command as follows:
octops init example.com --bootstrap /PATH/TO/BOOTSTRAP_CONFIG.yaml
Storage
Primary Storage
Octelium currently uses PostgreSQL as the primary store for all of its resources. Here is an example:
1spec:2primaryStorage:3postgresql:4username: postgres5password: password6host: 1.2.3.47port: 54328database: octelium9isTLS: true
Secondary Storage
Octelium currently uses Redis as the secondary store which is used for being a cache store as well as pub/sub infrastructure to send events and resource changes between the different Cluster components. Here is an example:
1spec:2secondaryStorage:3redis:4username: redis-user5password: password6host: 1.2.3.47port: 63798database: 09isTLS: true
Network
The Cluster's network range is the private network range that encompasses all ranges used by the Cluster's Services as well as private IP addresses assigned to Users whenever connected via the octelium CLI tool. By default, this range is dual-stack but you can override the mode to become IPv4-only or IPv6-only. The following Bootstrap configuration example sets the networking mode to IPv6-only:
1spec:2network:3mode: V6_ONLY
Note that V6_ONLY does not mean that the upstreams (i.e. the actual protected resource setting behind the Service and served through it) has to listen on IPv6. It means that the Services will be listening to only IPv6 and the WireGuard-based clients can only be assigned to IPv6 addresses when to connecting to the Cluster. The Service itself is implemented by an identity-aware proxy, Vigil, that can connect to the upstream at both IPv4 and IPv6 regardless of which IP version the downstreams/clients are using.
For IPv6 ranges, the Cluster currently automatically generates a random range within the fd00::/8 range.
For IPv4, the range 100.64.0.0/10 is currently used by default since it is rarely used by private networks. You can override that range to any other private range as long as it is large enough. Some examples are:
10.128.0.0/9172.16.0.0/12100.64.0.0/10(the current default range)
Here is a Bootstrap configuration example where 10.128.0.0/9 is used as the IPv4 Cluster network range. Please note that such IPv4 private ranges are generally not recommended for any production environment since they might easily collide with ranges used both at clients or at the Cluster itself.
1spec:2network:3v4:4clusterNetwork: 10.128.0.0/9
The octelium CLI tool always prefers IPv6-only when connecting to the Cluster as long as the Cluster supports IPv6, which is enabled by default, in order to not have any conflicts with the User's host routing tables as IPv4 ranges are scarce and may lead to conflicts with other applications. As mentioned above, even if the octelium client is using IPv6-only, it can still reach IPv4-only upstreams since it's the Service that talks to the upstream and not the downstream directly. In fact, we encourage you to try the IPv6-only mode in the Cluster configuration unless you're sure that you will have to deal with IPv4-only clients.
WireGuard
By default, the Cluster uses WireGuard for tunneling. By default the UDP port number 53820 is used by Gateways. You can override that number as follows:
1spec:2network:3wireguard:4gatewayPort: 34567
Also, currently an MTU value of 1280 is used by all Gateways. You can override that value as follows:
1spec:2network:3wireguard:4mtu: 1200
QUIC
By default, the Cluster uses WireGuard for tunneling. Moreover, Octelium currently supports a very experimental QUIC-based tunneling mode. Using this QUIC-based mode is currently not recommended in production. QUIC-based tunneling can be enabled in the Bootstrap configuration file as follows:
1spec:2network:3quicv0:4enable: true
By default, the Cluster uses the port 8443 for all Gateways. You can override the port number as follows:
1spec:2network:3quicv0:4enable: true5gatewayPort: 45678
Also, currently an MTU value of 1280 is used by all Gateways. You can override that value as follows:
1spec:2network:3quicv0:4enable: true5mtu: 1190