---
kubernetes_version: 1.23.1
kubernetes_cri_tools_pkg_version: 1.22.0-1
kubernetes_container_runtime: containerd
# kubernetes_network_plugin: kubeguard
# kubernetes_network_plugin_variant: with-kube-router
kubernetes_network_plugin: kube-router
kubernetes_network_plugin_version: 1.4.0
kubernetes_network_plugin_replaces_kube_proxy: true


kubernetes:
  cluster_name: chtest

  dedicated_master: True
  api_extra_sans:
  - 192.168.32.20

  pod_ip_range: 172.18.0.0/16
  pod_ip_range_size: 24
  service_ip_range: 172.18.192.0/18


kubernetes_secrets:
  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"


# kubeguard:
#   ## node_index must be in the range between 1 and 190 -> 189 hosts possible
#   ##
#   ## hardcoded hostnames are not nice but if we do this via host_vars
#   ## the info is spread over multiple files and this makes it more diffcult
#   ## to find mistakes, so it is nicer to keep it in one place...
#   node_index:
#     ch-dione: 111
#     ch-helene: 112
#     ch-k8s-master: 127

#   direct_net_zones:
#     encoder:
#       transfer_net: 172.18.191.0/24
#       node_interface:
#         ch-dione: eno2
#         ch-helene: eno2

# kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ipaddr(1) | ipaddr('address') }}"

kubernetes_metrics_server_version: 0.5.2