53 lines
1.7 KiB
Django/Jinja
53 lines
1.7 KiB
Django/Jinja
{% if 'Vpn' in group_names %}
|
|
flannel-backend: vxlan
|
|
{% else %}
|
|
flannel-backend: wireguard-native
|
|
{% endif %}
|
|
protect-kernel-defaults: true
|
|
{% if kubernetes_master|bool %}
|
|
secrets-encryption: true
|
|
kube-apiserver-arg:
|
|
- "enable-admission-plugins=NodeRestriction,AlwaysPullImages,EventRateLimit"
|
|
- 'admission-control-config-file=/etc/kubernetes/psa.yaml'
|
|
- 'audit-log-path=/var/log/apiserver/audit.log'
|
|
- 'audit-policy-file=/etc/kubernetes/policies/audit-policy.yaml'
|
|
- 'audit-log-maxage=30'
|
|
- 'audit-log-maxbackup=10'
|
|
- 'audit-log-maxsize=100'
|
|
# - "request-timeout=300s"
|
|
kube-controller-manager-arg:
|
|
- 'terminated-pod-gc-threshold=10'
|
|
cluster-cidr:
|
|
- {{ kubernetes_pods_network }}
|
|
service-cidr:
|
|
- {{ kubernetes_svc_network }}
|
|
{% if vars['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is not defined %}
|
|
cluster-init: true
|
|
{% else %}
|
|
server: https://{{ kubernetes_master }}:6443
|
|
token: ${NODE_TOKEN}
|
|
{% endif %}
|
|
{% else %}
|
|
server: https://{{ kubernetes_master }}:6443
|
|
token: ${NODE_TOKEN}
|
|
{% endif %}
|
|
kubelet-arg:
|
|
- 'streaming-connection-idle-timeout=5m'
|
|
- "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
|
|
{% if ansible_os_family == "RedHat" %}
|
|
selinux: true
|
|
{% endif %}
|
|
#embedded-registry: true
|
|
disable:
|
|
- traefik
|
|
{% if kubernetes_interface is defined %}
|
|
node-ip: {{ kubernetes_interface.address }}
|
|
#node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
|
|
{% endif %}
|
|
node-external-ip: {{ ansible_host }}
|
|
{% if false %}
|
|
# node-external-ip: 1.2.3.4
|
|
#node-label:
|
|
# - "foo=bar"
|
|
# - "something=amazing"
|
|
{% endif %}
|