-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathmain.yml
156 lines (149 loc) · 6.66 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Version to install or latest
kube_version: 1.24.17
# Type of node front or wn
kube_type_of_node: front
# How to install K8s: kubeadm or k3s
kube_install_method: kubeadm
# Servers to install and configure ntp. If [] ntp will not be configured
kube_ntp_servers: [ntp.upv.es, ntp.uv.es]
# IP address or name of the Kube front node
kube_server: "{{ ansible_default_ipv4.address }}"
# Token
kube_token: "kube01.{{ lookup('password', '/var/tmp/tokenpass chars=ascii_lowercase,digits length=16') }}"
# Token TTL duration (0 do not expire)
kube_token_ttl: 0
# POD network cidr
kube_pod_network_cidr: 10.244.0.0/16
# Type of network to install: currently supported: flannel, kube-router, calico, weave
kube_network: flannel
# Kubelet extra args
kubelet_extra_args: '' # deprecated move to kubelet_extra_args_dict
# dict of kubelet extra args, if set kubelet_extra_args is ignored
# A key in this map is the flag name as it appears on the command line except without leading dash(es).
kubelet_extra_args_dict: {}
# Kube API server options
kube_apiserver_options: []
# CRI runtime
kube_cri_runtime: docker # docker, containerd or crio
# Install CRI runtime
kube_cri_runtime_install: true
# CRI dockerd version
kube_cri_dockerd_version: "0.3.15"
# Flag to set HELM to be installed
kube_install_helm: true
# Helm version
kube_install_helm_version: "v3.8.2"
# Deploy the Dashboard
kube_deploy_dashboard: false
# Value to pass to the kubeadm init --apiserver-advertise-address option
kube_api_server: 0.0.0.0
# IP to wait the api server
kube_wait_api_server_ip: 127.0.0.1
# List of values with the information for creating persisten volumes
# Array variables needed: [ namespace : "", name : "", label : "", capacity_storage : "", nfs_path : "" ]
kube_persistent_volumes: []
# A set of git repos and paths to be applied in the cluster. Following this format:
# kube_apply_repos: [{repo: "https://github.com/kubernetes-incubator/metrics-server", version: "master", path: "deploy/1.8+/"}]
kube_apply_repos: []
# Flag to set Metrics-Server to be installed
kube_install_metrics: false
# Flag to set the nginx ingress controller to be installed
kube_install_ingress: false
# Flag to set add the nvidia support to the cluster
kube_nvidia_support: false
# Driver version to install: specific version or "latest"
kube_nvidia_driver_version: "515"
# Tag of the nvidia device plugin docker container
kube_nvidia_device_plugin_version: "v0.12.2"
# Flag to set the kubeapps UI to be installed
kube_install_kubeapps: false
# KubeApps chart version to install (or latest)
kube_kubeapps_chart_version: "12.2.10"
# Flag to set nfs-client-provisioner to be installed
kube_install_nfs_client: false
# NFS path used by nfs-client-provisioner
kube_nfs_path: /pv
# NFS server used by nfs-client-provisioner
kube_nfs_server: kubeserver.localdomain
# Set reclaimPolicy of NFS StorageClass Delete or Retain
kube_nfs_reclaim_policy: Delete
# Extra options for the flannel plugin
kube_flanneld_extra_args: []
# Enable to install and manage Certificates with Cert-manager
kube_cert_manager: false
# Public IP to use by the cert-manager (not needed if kube_public_dns_name is set)
kube_cert_public_ip: "{{ ansible_default_ipv4.address }}"
# Public DNS name to use in the dashboard tls certificate
kube_public_dns_name: ""
# Email to be used in the Let's Encrypt issuer
kube_cert_user_email: [email protected]
# Cert Manager type of challenge provider: http01 or dns01
kube_cert_manager_challenge: 'http01'
# In case of dns01 only Route53 is supported and this data is required
kube_cert_manager_challenge_dns01_domain: ''
kube_cert_manager_challenge_dns01_ak: ''
kube_cert_manager_challenge_dns01_sk: ''
# Optionally a wildcard dns certificate name can be set
kube_cert_manager_wildcard_cert_dns_name: ''
# Override default docker version
kube_docker_version: ""
# Options to add in the docker.json file
kube_docker_options: {}
# Nvidia docker options to add in the docker.json file
docker_nvidia_options:
default-runtime: nvidia
runtimes:
nvidia:
path: /usr/bin/nvidia-container-runtime
runtimeArgs: []
# Install docker with pip
kube_install_docker_pip: false
# Command flags to use for launching k3s in the systemd service
kube_k3_exec: ""
kube_install_kyverno: false
kyverno_crds_helm_chart_version: "2.0.3"
kyverno_helm_chart_version: "2.0.3"
kyverno_image: ghcr.io/kyverno/kyverno
kyverno_image_tag: "v1.4.3"
kyverno_initContainer_image: ghcr.io/kyverno/kyvernopre
kyverno_initContainer_image_tag: "v1.4.3"
# List of resource types to be skipped by kyverno policy engine. See: https://kyverno.io/docs/installation/#resource-filters
kyverno_config_notapplypolicies: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*]'
# Set desired pod security level privileged, baseline, restricted, custom. Set to restricted for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/
kyverno_podSecurityStandard: baseline
# Set desired pod security severity low, medium, high. Used severity level in PolicyReportResults for the selected pod security policie
kyverno_podSecuritySeverity: high
# Set to get response in failed validation check. Supported values are audit and enforce. See: https://kyverno.io/docs/writing-policies/validate/
kyverno_validationFailureAction: ensure
# Option to install Apache Yunikorn
kube_install_yunikorn: false
# Apache Yunikorn's version to be installed
kube_yunikorn_version: 1.1.0
cilium_debug_log: true
cilium_k8s_endpoint: "{{ ansible_default_ipv4.address }}"
# https://docs.cilium.io/en/stable/policy/intro/#policy-enforcement-modes. Values: default, always and never
cilium_policyEnforcementMode: "default"
cilium_nodeEncryption: true
cilium_nodeport_enable: true
cilium_nodeport_range: "30000,32767"
cilium_priorityClassName: "network"
cilium_prometheus_enable: false
cilium_hubble_certValidityDuration: 365
cilium_hubble_enable: false
cilium_hubble_ui_enable: false
cilium_hubble_priorityClassName: ""
cilium_hubble_ui_ingress_enable: true
cilium_hubble_ui_ingress_host: ""
cilium_hubble_ui_ingress_tls_host: ""
cilium_hubble_ui_ingress_path: "/"
cilium_hubble_ui_ingress_annotations: {}
# Longhorn support, if it is activated, the NFS client will be not installed
kube_install_longhorn: false
# Install ingress for Longhorn UI
kube_install_longhorn_ingress: false
# Default pass: longhorn_pass (openssl passwd -stdin -apr1)
kube_longhorn_ingress_auth: "longhorn:$apr1$e6BbrO3Q$llbCJ6cWJS/RWnLGYQhxX."
# Number of replicas for volumes in Longhorn
longhorn_num_replicas: 3
# Set reclaimPolicy of Longhorn StorageClass Delete or Retain
longhorn_reclaim_policy: Delete