84 lines
2.2 KiB
YAML
84 lines
2.2 KiB
YAML
|
---
|
||
|
# this toggle provides a dangerous way to quickly destroy an entire cluster
|
||
|
# ansible-playbook -i prod/ site.yml --tags=k8s --extra-vars 'k8s_action=destroy' --limit=k3s_innocent_cluster
|
||
|
# create | destroy
|
||
|
k8s_action: create
|
||
|
|
||
|
# k3s | rke2
|
||
|
k8s_type: k3s
|
||
|
k8s_channel: stable
|
||
|
|
||
|
k8s_cluster_name: default
|
||
|
k8s_cluster_url: localhost
|
||
|
|
||
|
# bootstrap | server | agent
|
||
|
k8s_node_type: bootstrap
|
||
|
k8s_node_ip: "{{ ansible_host }}"
|
||
|
|
||
|
# sysctl set fs.inotify.max_user_instances
|
||
|
k8s_inotify_max: 1024
|
||
|
|
||
|
# hardcoded kublet default value is 110
|
||
|
k8s_pod_limit: 110
|
||
|
|
||
|
# we can set this by platform later
|
||
|
k8s_selinux: false
|
||
|
|
||
|
# if the host is using network manager, see vars/sys/ for overrides
|
||
|
k8s_has_nm: false
|
||
|
|
||
|
# if the host is using an http proxy
|
||
|
k8s_http_proxy: false
|
||
|
|
||
|
# cni
|
||
|
# k8s_cni_type:
|
||
|
|
||
|
k8s_config_mode: 600
|
||
|
k8s_api_port: 6443
|
||
|
k8s_debug: false
|
||
|
k8s_skip_start: false
|
||
|
k8s_taint_servers: false
|
||
|
k8s_flannel_wireguard: false
|
||
|
k8s_disable_kube_proxy: false
|
||
|
|
||
|
# paths
|
||
|
k8s_install_script: /usr/local/bin/{{ k8s_type }}-install.sh
|
||
|
k8s_config_path: "/etc/rancher/{{ k8s_type }}"
|
||
|
k8s_cmd_path: /usr/local/bin
|
||
|
k8s_nm_path: /etc/NetworkManager/conf.d
|
||
|
|
||
|
k8s_manifests_path: "/var/lib/rancher/{{ k8s_type }}/server/manifests/"
|
||
|
|
||
|
# if defined, install manifests
|
||
|
# k8s_manifests:
|
||
|
# - name: cert-manager
|
||
|
# path: https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml
|
||
|
|
||
|
# Override
|
||
|
# k8s_cluster_name
|
||
|
# k8s_cluster_url
|
||
|
|
||
|
# Define
|
||
|
# k8s_cluster_token
|
||
|
# you can pre-generate this ina vault with the token.sh script
|
||
|
|
||
|
# k8s_node_taints
|
||
|
# --node-taint CriticalAddonsOnly=true:NoExecute
|
||
|
# k8s_node_taints:
|
||
|
# - name: CriticalAddonsOnly
|
||
|
# value: true
|
||
|
# effect: NoExecute
|
||
|
|
||
|
# these are provided simply for the opportunity to override in cases where some ajustment isnt supported by the config templates
|
||
|
# k8s_install_bootstrap: >-
|
||
|
# server --cluster-init --tls-san {{ k8s_cluster_url }} --node-taint CriticalAddonsOnly=true:NoExecute
|
||
|
# {% if k8s_disable is defined %}
|
||
|
# {% for disable in k8s_disable %}
|
||
|
# --disable={{ disable }}
|
||
|
# {% endfor %}
|
||
|
# {% endif %}
|
||
|
|
||
|
# k8s_install_agent: >-
|
||
|
# agent --kubelet-arg=config=/etc/rancher/k3s/kubelet.config --node-ip={{ ansible_host }}
|
||
|
# {% if k8s_external_ip is defined %}--node-external-ip={{ k8s_external_ip }}{% endif %}
|