---
kubernetes_node_name: "{{ inventory_hostname | replace('ch-', '') }}"

kubernetes_version: 1.28.5
kubernetes_container_runtime: containerd
containerd_pkg_provider: docker-com


kubernetes:
  cluster_name: chtest

  dedicated_controlplane_nodes: no
  api_extra_sans:
  - 192.168.28.21
  - 192.168.28.22
  - 192.168.28.29

  pod_ip_range: 172.18.0.0/16
  pod_ip_range_size: 24
  service_ip_range: 172.18.192.0/18

kubernetes_secrets:
  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"


### Kube-Router
#
#kubernetes_network_plugin: kube-router
#kubernetes_network_plugin_version: 1.5.1
#kubernetes_network_plugin_replaces_kube_proxy: yes
#kubernetes_enable_nodelocal_dnscache: yes

### kubeguard
#
#kubernetes_network_plugin: kubeguard
#kubernetes_network_plugin_replaces_kube_proxy: no
#kubernetes_kube_proxy_mode: ipvs
#kubernetes_enable_nodelocal_dnscache: yes
#kubeguard:
#  ## Mind that pod_ip_range and service_ip_range overlap and kubeguard
#  ## needs a /24 for addresses assigned to tunnel devices. This means that
#  ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible
#  ##
#  ## hardcoded hostnames are not nice but if we do this via host_vars
#  ## the info is spread over multiple files and this makes it more diffcult
#  ## to find mistakes, so it is nicer to keep it in one place...
#  node_index:
#    ch-calypso: 125
#    ch-thetys: 126
#    ch-k8s-ctrl: 127
#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"

### Cilium
#
kubernetes_network_plugin: cilium
kubernetes_network_plugin_version: 1.13.2
kubernetes_network_plugin_replaces_kube_proxy: yes
kubernetes_enable_nodelocal_dnscache: yes
kubernetes_cilium_config:
  ipam: kubernetes
  tunnel: disabled
  ipv4-native-routing-cidr: 192.168.28.0/24
  auto-direct-node-routes: yes
  enable-local-redirect-policy: yes
base_sysctl_config_user:
  net.ipv4.conf.all.rp_filter: 0
  net.ipv4.conf.default.rp_filter: 0

### None
#
#kubernetes_network_plugin: none
#kubernetes_network_plugin_replaces_kube_proxy: yes
#kubernetes_enable_nodelocal_dnscache: no


kubernetes_metrics_server_version: 0.6.3