diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-05-16 09:00:25 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-05-16 09:01:32 +0200 |
| commit | d2c5dc5e47a95115a5edd31e154c2699912d9c14 (patch) | |
| tree | f22ac03f5fa14123371d250cd7fd21df860ff231 /inventory/group_vars | |
| parent | according to EDIS support downloading custom isos now correctly reports statu... (diff) | |
cosmetic fixes
Diffstat (limited to 'inventory/group_vars')
| -rw-r--r-- | inventory/group_vars/k8s-chtest/vars.yml | 73 |
1 files changed, 37 insertions, 36 deletions
diff --git a/inventory/group_vars/k8s-chtest/vars.yml b/inventory/group_vars/k8s-chtest/vars.yml index 8ffa66b8..edc7e232 100644 --- a/inventory/group_vars/k8s-chtest/vars.yml +++ b/inventory/group_vars/k8s-chtest/vars.yml @@ -7,29 +7,48 @@ kubernetes_container_runtime: containerd containerd_pkg_provider: docker-com +kubernetes: + cluster_name: chtest + + dedicated_controlplane_nodes: no + api_extra_sans: + - 192.168.28.21 + - 192.168.28.22 + - 192.168.28.29 + + pod_ip_range: 172.18.0.0/16 + pod_ip_range_size: 24 + service_ip_range: 172.18.192.0/18 + +kubernetes_secrets: + encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}" + + ### Kube-Router # -kubernetes_network_plugin: kube-router -kubernetes_network_plugin_version: 1.5.1 -kubernetes_network_plugin_replaces_kube_proxy: yes -kubernetes_enable_nodelocal_dnscache: yes +#kubernetes_network_plugin: kube-router +#kubernetes_network_plugin_version: 1.5.1 +#kubernetes_network_plugin_replaces_kube_proxy: yes +#kubernetes_enable_nodelocal_dnscache: yes ### kubeguard # -#kubernetes_network_plugin: kubeguard -#kubernetes_network_plugin_replaces_kube_proxy: no -#kubernetes_enable_nodelocal_dnscache: yes -#kubeguard: -# ## node_index must be in the range between 1 and 190 -> 189 hosts possible -# ## -# ## hardcoded hostnames are not nice but if we do this via host_vars -# ## the info is spread over multiple files and this makes it more diffcult -# ## to find mistakes, so it is nicer to keep it in one place... -# node_index: -# ch-calypso: 125 -# ch-thetys: 126 -# ch-k8s-ctrl: 127 -#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}" +kubernetes_network_plugin: kubeguard +kubernetes_network_plugin_replaces_kube_proxy: no +kubernetes_enable_nodelocal_dnscache: yes +kubeguard: + ## Mind that pod_ip_range and service_ip_range overlap and kubeguard + ## needs a /24 for addresses assigned to tunnel devices. This means that + ## node_indeces must be in the range between 1 and 191 -> 189 hosts possible + ## + ## hardcoded hostnames are not nice but if we do this via host_vars + ## the info is spread over multiple files and this makes it more diffcult + ## to find mistakes, so it is nicer to keep it in one place... + node_index: + ch-calypso: 125 + ch-thetys: 126 + ch-k8s-ctrl: 127 +kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}" ### Cilium # @@ -52,22 +71,4 @@ kubernetes_enable_nodelocal_dnscache: yes #kubernetes_network_plugin_replaces_kube_proxy: yes #kubernetes_enable_nodelocal_dnscache: no - -kubernetes: - cluster_name: chtest - - dedicated_controlplane_nodes: no - api_extra_sans: - - 192.168.28.21 - - 192.168.28.22 - - 192.168.28.29 - - pod_ip_range: 172.18.0.0/16 - pod_ip_range_size: 24 - service_ip_range: 172.18.192.0/18 - - -kubernetes_secrets: - encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}" - kubernetes_metrics_server_version: 0.6.3 |