summaryrefslogtreecommitdiff
path: root/inventory/group_vars/k8s-chtest/vars.yml
blob: ecc9de630bf8ff12838351e5210783419b105a52 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
---
kubernetes_node_name: "{{ inventory_hostname | replace('ch-', '') }}"

kubernetes_version: 1.27.1
kubernetes_cri_tools_pkg_version: 1.26.0-00
kubernetes_container_runtime: containerd
containerd_pkg_provider: docker-com


kubernetes:
  cluster_name: chtest

  dedicated_controlplane_nodes: no
  api_extra_sans:
  - 192.168.28.21
  - 192.168.28.22
  - 192.168.28.29

  pod_ip_range: 172.18.0.0/16
  pod_ip_range_size: 24
  service_ip_range: 172.18.192.0/18

kubernetes_secrets:
  encryption_config_keys: "{{ vault_kubernetes_encryption_config_keys }}"


### Kube-Router
#
#kubernetes_network_plugin: kube-router
#kubernetes_network_plugin_version: 1.5.1
#kubernetes_network_plugin_replaces_kube_proxy: yes
#kubernetes_enable_nodelocal_dnscache: yes

### kubeguard
#
#kubernetes_network_plugin: kubeguard
#kubernetes_network_plugin_replaces_kube_proxy: no
#kubernetes_kube_proxy_mode: ipvs
#kubernetes_enable_nodelocal_dnscache: yes
#kubeguard:
#  ## Mind that pod_ip_range and service_ip_range overlap and kubeguard
#  ## needs a /24 for addresses assigned to tunnel devices. This means that
#  ## node_indeces must be in the range between 1 and 191 -> 190 hosts possible
#  ##
#  ## hardcoded hostnames are not nice but if we do this via host_vars
#  ## the info is spread over multiple files and this makes it more diffcult
#  ## to find mistakes, so it is nicer to keep it in one place...
#  node_index:
#    ch-calypso: 125
#    ch-thetys: 126
#    ch-k8s-ctrl: 127
#kubernetes_overlay_node_ip: "{{ kubernetes.pod_ip_range | ansible.utils.ipsubnet(kubernetes.pod_ip_range_size, kubeguard.node_index[inventory_hostname]) | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"

### Cilium
#
kubernetes_network_plugin: cilium
kubernetes_network_plugin_version: 1.13.2
kubernetes_network_plugin_replaces_kube_proxy: yes
kubernetes_enable_nodelocal_dnscache: yes
kubernetes_cilium_config:
  ipam: kubernetes
  tunnel: disabled
  ipv4-native-routing-cidr: 192.168.28.0/24
  auto-direct-node-routes: yes
  enable-local-redirect-policy: yes
base_sysctl_config_user:
  net.ipv4.conf.all.rp_filter: 0
  net.ipv4.conf.default.rp_filter: 0

### None
#
#kubernetes_network_plugin: none
#kubernetes_network_plugin_replaces_kube_proxy: yes
#kubernetes_enable_nodelocal_dnscache: no


kubernetes_metrics_server_version: 0.6.3