richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1455 Commits
29 Branches
81 Tags
147 MiB
Tree: 09aa3e0e79
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '09aa3e0e79'
${ noResults }
kubespray/inventory/group_vars/all.yml

227 lines
8.5 KiB
Raw Normal View History

Disable fastestmirror on CentOS It actually slows down things dramatically when used in combination with Ansible.
8 years ago
combine bootstrap options, add xenial support
8 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
add missing vars file
9 years ago
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Fix typo
7 years ago
Address standalone kubelet config case Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Move kube_version to group_vars/all to allow easier changing of version Also allows to perform version dependent logic in Ansible roles.
8 years ago
Bump kube_version to v1.5.1
8 years ago
Move kube_version to group_vars/all to allow easier changing of version Also allows to perform version dependent logic in Ansible roles.
8 years ago
add missing vars file
9 years ago
Add retry_stagger var for failed download/pushes. * Add the retry_stagger var to tweak push and retry time strategies. * Add large deployments related docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Using one var file per environment is simplier
9 years ago
first version of CoreOS on GCE Please enter the commit message for your changes. Lines starting
8 years ago
moving kube-cert group into group_vars
8 years ago
Quickstart documentation
9 years ago
Pass --anonymous-auth to apiserver Fixes #732
8 years ago
fix typo: "explicetely"
7 years ago
Pass --anonymous-auth to apiserver Fixes #732
8 years ago
Due to the nsenter and other reworks, it appears that kubelet lost the ability to load kernel modules. This puts that back by adding the lib/modules mount to kubelet. The new variable kubelet_load_modules can be set to true to enable this item. It is OFF by default.
7 years ago
Make kubelet_load_modules always present but false. Update code and docs for that assumption.
7 years ago
Due to the nsenter and other reworks, it appears that kubelet lost the ability to load kernel modules. This puts that back by adding the lib/modules mount to kubelet. The new variable kubelet_load_modules can be set to true to enable this item. It is OFF by default.
7 years ago
Make kubelet_load_modules always present but false. Update code and docs for that assumption.
7 years ago
Due to the nsenter and other reworks, it appears that kubelet lost the ability to load kernel modules. This puts that back by adding the lib/modules mount to kubelet. The new variable kubelet_load_modules can be set to true to enable this item. It is OFF by default.
7 years ago
Using one var file per environment is simplier
9 years ago
fix api auth issue for ci tests
8 years ago
Quickstart documentation
9 years ago
fix api auth issue for ci tests
8 years ago
also use kube_api_pwd for root account This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).
7 years ago
fix api auth issue for ci tests
8 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add advanced net check for DNS K8s app * Add an option to deploy K8s app to test e2e network connectivity and cluster DNS resolve via Kubedns for nethost/simple pods (defaults to false). * Parametrize existing k8s apps templates with kube_namespace and kube_config_dir instead of hardcode. * For CoreOS, ensure nameservers from inventory to be put in the first place to allow hostnet pods connectivity via short names or FQDN and hostnet agents to pass as well, if netchecker deployed. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Using one var file per environment is simplier
9 years ago
fix typo: "pubilcally"
7 years ago
Add variables and defaults for multiple types of ip addresses. Each node can have 3 IPs. 1. ansible_default_ip4 - whatever ansible things is the first IPv4 address usually with the default gw. 2. ip - An address to use on the local node to bind listeners and do local communication. For example, Vagrant boxes have a first address that is the NAT bridge and is common for all nodes. The second address/interface should be used. 3. access_ip - An address to use for node-to-node access. This is assumed to be used by other nodes to access the node and may not be actually assigned on the node. For example, AWS public ip that is not assigned to node. This updates the places addresses are used to use either ip or access_ip and walk up the list to find an address.
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
Remove etcd-proxy from all nodes and use etcd multiaccess
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
use nginx proxy on non-master nodes to proxy apiserver traffic Also adds all masters by hostname and localhost/127.0.0.1 to apiserver SSL certificate. Includes documentation update on how localhost loadbalancer works.
8 years ago
Add etcd proxy support * Enforce a etcd-proxy role to a k8s-cluster group members. This provides an HA layout for all of the k8s cluster internal clients. * Proxies to be run on each node in the group as a separate etcd instances with a readwrite proxy mode and listen the given endpoint, which is either the access_ip:2379 or the localhost:2379. * A notion for the 'kube_etcd_multiaccess' is: ignore endpoints and loadbalancers and use the etcd members IPs as a comma-separated list. Otherwise, clients shall use the local endpoint provided by a etcd-proxy instances on each etcd node. A Netwroking plugins always use that access mode. * Fix apiserver's etcd servers args to use the etcd_access_endpoint. * Fix networking plugins flannel/calico to use the etcd_endpoint. * Fix name env var for non masters to be set as well. * Fix etcd_client_url was not used anywhere and other etcd_* facts evaluation was duplicated in a few places. * Define proxy modes only in the env file, if not a master. Del an automatic proxy mode decisions for etcd nodes in init/unit scripts. * Use Wants= instead of Requires= as "This is the recommended way to hook start-up of one unit to the start-up of another unit" * Make apiserver/calico Wants= etcd-proxy to keep it always up Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
Change default network plugin to Calico
7 years ago
Add pseudo network plugin called "cloud" to use cloud provider for network Allow to let the cloud provider configure proper routing for nodes.
8 years ago
Change default network plugin to Calico
7 years ago
split network plugins into distinct roles
8 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
Quickstart documentation
9 years ago
Using one var file per environment is simplier
9 years ago
fix kube_apiserver_ip/kube_apiserver_port description
7 years ago
Revert "Add HA/LB endpoints for kube-apiserver" This reverts commit a70c3b661e12d75ca01f8c0b38ef6af625d3383a.
8 years ago
fix kube_apiserver_ip/kube_apiserver_port description
7 years ago
Revert "Add HA/LB endpoints for kube-apiserver" This reverts commit a70c3b661e12d75ca01f8c0b38ef6af625d3383a.
8 years ago
Add a variable that defaults to kube_apiserver_port that defines the which port the local nginx proxy should listen on for HA local balancer configurations.
7 years ago
Revert "Add HA/LB endpoints for kube-apiserver" This reverts commit a70c3b661e12d75ca01f8c0b38ef6af625d3383a.
8 years ago
Using one var file per environment is simplier
9 years ago
Introduce dns_mode and resolvconf_mode and implement docker_dns mode Also update reset.yml to do more dns/network related cleanup.
7 years ago
upgrade to kubernetes version 1.4.0 test to change the machine type Revert "test to change the machine type" This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1. use google dns server when no upstream dns are defined comment upstream_dns_servers update documentation remove deprecated kubelet flags Revert "remove deprecated kubelet flags" This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
8 years ago
Introduce dns_mode and resolvconf_mode and implement docker_dns mode Also update reset.yml to do more dns/network related cleanup.
7 years ago
Quickstart documentation
9 years ago
Introduce dns_mode and resolvconf_mode and implement docker_dns mode Also update reset.yml to do more dns/network related cleanup.
7 years ago
Use dnsmasq inside pods
8 years ago
Use second ip address in order to avoid any ip range problem
9 years ago
kube-proxy loadbalancing, need an external loadbalancer
9 years ago
choose between gce and aws cloud providers
8 years ago
add basic azure support for kargo
8 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
8 years ago
add basic azure support for kargo
8 years ago
choose between gce and aws cloud providers
8 years ago
add basic azure support for kargo
8 years ago
Add check for azure_route_table_name and add it to all.yml
8 years ago
add basic azure support for kargo
8 years ago
example env allow insecure-registry Many use cases of k8s involve running a local registry, chances are the person running this will learn the hard way that they need to allow insecure registry on the `kube_service_addresses` network. We should just default to settings this in `inventory/group_vars/all.yml` to help reduce potential friction for first time users.
8 years ago
Docker Options Refactor
8 years ago
example env allow insecure-registry Many use cases of k8s involve running a local registry, chances are the person running this will learn the hard way that they need to allow insecure registry on the `kube_service_addresses` network. We should just default to settings this in `inventory/group_vars/all.yml` to help reduce potential friction for first time users.
8 years ago
Docker Options Refactor
8 years ago
Systemd units, limits, and bin path fixes * Add restart for weave service unit * Reuse docker_bin_dir everythere * Limit systemd managed docker containers by CPU/RAM. Do not configure native systemd limits due to the lack of consensus in the kernel community requires out-of-tree kernel patches. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
7 years ago
Add kubedns as default package to install
8 years ago
Allow to specify docker storage driver
8 years ago
Allow pre-downloaded images to be used effectively According to http://kubernetes.io/docs/user-guide/images/ : By default, the kubelet will try to pull each image from the specified registry. However, if the imagePullPolicy property of the container is set to IfNotPresent or Never, then a local\ image is used (preferentially or exclusively, respectively). Use IfNotPresent value to allow images prepared by the download role dependencies to be effectively used by kubelet without pull errors resulting apps to stay blocked in PullBackOff/Error state even when there are images on the localhost exist. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Add kubedns as default package to install
8 years ago
App deployer plugins
8 years ago
Add kubedns as default package to install
8 years ago
Adding initial rkt support
8 years ago
Minor fix to rkt version in group vars Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Adding initial rkt support
8 years ago
Allowing etcd to run via rkt
8 years ago
Adding initial rkt support
8 years ago
Vault security hardening and role isolation
7 years ago
Adding EFK logging stack
7 years ago
Adding the Vault role
7 years ago
Add kernel upgrade for CentOS
7 years ago
  1. # Valid bootstrap options (required): ubuntu, coreos, centos, none
  2. bootstrap_os: none
  4. # Directory where the binaries will be installed
  5. bin_dir: /usr/local/bin
  7. # Kubernetes configuration dirs and system namespace.
  8. # Those are where all the additional config stuff goes
  9. # the kubernetes normally puts in /srv/kubernets.
  10. # This puts them in a sane location and namespace.
  11. # Editing those values will almost surely break something.
  12. kube_config_dir: /etc/kubernetes
  13. kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
  14. kube_manifest_dir: "{{ kube_config_dir }}/manifests"
  15. system_namespace: kube-system
  17. # This is where all the cert scripts and certs will be located
  18. kube_cert_dir: "{{ kube_config_dir }}/ssl"
  20. # This is where all of the bearer tokens will be stored
  21. kube_token_dir: "{{ kube_config_dir }}/tokens"
  23. # This is where to save basic auth file
  24. kube_users_dir: "{{ kube_config_dir }}/users"
  26. ## Change this to use another Kubernetes version, e.g. a current beta release
  27. kube_version: v1.5.1
  29. # Where the binaries will be downloaded.
  30. # Note: ensure that you've enough disk space (about 1G)
  31. local_release_dir: "/tmp/releases"
  32. # Random shifts for retrying failed ops like pushing/downloading
  33. retry_stagger: 5
  35. # Uncomment this line for CoreOS only.
  36. # Directory where python binary is installed
  37. # ansible_python_interpreter: "/opt/bin/python"
  39. # This is the group that the cert creation scripts chgrp the
  40. # cert files to. Not really changable...
  41. kube_cert_group: kube-cert
  43. # Cluster Loglevel configuration
  44. kube_log_level: 2
  46. # Kubernetes 1.5 added a new flag to the apiserver to disable anonymous auth. In previos versions, anonymous auth was
  47. # not implemented. As the new flag defaults to true, we have to explicitly disable it. Change this line if you want the
  48. # 1.5 default behavior. The flag is actually only added if the used kubernetes version is >= 1.5
  49. kube_api_anonymous_auth: false
  51. #
  52. # For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed
  53. # for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes
  54. # processes. For example, ceph and rbd backed volumes. Set to true to allow kubelet to load kernel
  55. # modules.
  56. #
  57. kubelet_load_modules: false
  59. # Users to create for basic auth in Kubernetes API via HTTP
  60. kube_api_pwd: "changeme"
  61. kube_users:
  62. kube:
  63. pass: "{{kube_api_pwd}}"
  64. role: admin
  65. root:
  66. pass: "{{kube_api_pwd}}"
  67. role: admin
  69. # Kubernetes cluster name, also will be used as DNS domain
  70. cluster_name: cluster.local
  71. # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
  72. ndots: 2
  73. # Deploy netchecker app to verify DNS resolve as an HTTP service
  74. deploy_netchecker: false
  76. # For some environments, each node has a publicly accessible
  77. # address and an address it should bind services to. These are
  78. # really inventory level variables, but described here for consistency.
  79. #
  80. # When advertising access, the access_ip will be used, but will defer to
  81. # ip and then the default ansible ip when unspecified.
  82. #
  83. # When binding to restrict access, the ip variable will be used, but will
  84. # defer to the default ansible ip when unspecified.
  85. #
  86. # The ip variable is used for specific address binding, e.g. listen address
  87. # for etcd. This is use to help with environments like Vagrant or multi-nic
  88. # systems where one address should be preferred over another.
  89. # ip: 10.2.2.2
  90. #
  91. # The access_ip variable is used to define how other nodes should access
  92. # the node. This is used in flannel to allow other flannel nodes to see
  93. # this node for example. The access_ip is really useful AWS and Google
  94. # environments where the nodes are accessed remotely by the "public" ip,
  95. # but don't know about that address themselves.
  96. # access_ip: 1.1.1.1
  98. # Etcd access modes:
  99. # Enable multiaccess to configure clients to access all of the etcd members directly
  100. # as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers.
  101. # This may be the case if clients support and loadbalance multiple etcd servers natively.
  102. etcd_multiaccess: true
  104. # Assume there are no internal loadbalancers for apiservers exist and listen on
  105. # kube_apiserver_port (default 443)
  106. loadbalancer_apiserver_localhost: true
  108. # Choose network plugin (calico, canal, weave or flannel)
  109. # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
  110. kube_network_plugin: calico
  112. # Kubernetes internal network for services, unused block of space.
  113. kube_service_addresses: 10.233.0.0/18
  115. # internal network. When used, it will assign IP
  116. # addresses from this range to individual pods.
  117. # This network must be unused in your network infrastructure!
  118. kube_pods_subnet: 10.233.64.0/18
  120. # internal network total size (optional). This is the prefix of the
  121. # entire network. Must be unused in your environment.
  122. # kube_network_prefix: 18
  124. # internal network node size allocation (optional). This is the size allocated
  125. # to each node on your network. With these defaults you should have
  126. # room for 4096 nodes with 254 pods per node.
  127. kube_network_node_prefix: 24
  129. # With calico it is possible to distributed routes with border routers of the datacenter.
  130. peer_with_router: false
  131. # Warning : enabling router peering will disable calico's default behavior ('node mesh').
  132. # The subnets of each nodes will be distributed by the datacenter router
  134. # API Server service IP address in Kubernetes internal network.
  135. kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
  136. # The port the API Server will be listening on.
  137. kube_apiserver_port: 443 # (https)
  138. kube_apiserver_insecure_port: 8080 # (http)
  139. # local loadbalancer should use this port instead - default to kube_apiserver_port
  140. nginx_kube_apiserver_port: "{{ kube_apiserver_port }}"
  142. # Internal DNS configuration.
  143. # Kubernetes can create and mainatain its own DNS server to resolve service names
  144. # into appropriate IP addresses. It's highly advisable to run such DNS server,
  145. # as it greatly simplifies configuration of your applications - you can use
  146. # service names instead of magic environment variables.
  148. # Can be dnsmasq_kubedns, kubedns or none
  149. dns_mode: dnsmasq_kubedns
  151. # Can be docker_dns, host_resolvconf or none
  152. resolvconf_mode: docker_dns
  154. ## Upstream dns servers used by dnsmasq
  155. #upstream_dns_servers:
  156. # - 8.8.8.8
  157. # - 8.8.4.4
  159. dns_domain: "{{ cluster_name }}"
  161. # Ip address of the kubernetes skydns service
  162. skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
  163. dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
  165. # There are some changes specific to the cloud providers
  166. # for instance we need to encapsulate packets with some network plugins
  167. # If set the possible values are either 'gce', 'aws', 'azure' or 'openstack'
  168. # When openstack is used make sure to source in the openstack credentials
  169. # like you would do when using nova-client before starting the playbook.
  170. # When azure is used, you need to also set the following variables.
  171. # cloud_provider:
  173. # see docs/azure.md for details on how to get these values
  174. #azure_tenant_id:
  175. #azure_subscription_id:
  176. #azure_aad_client_id:
  177. #azure_aad_client_secret:
  178. #azure_resource_group:
  179. #azure_location:
  180. #azure_subnet_name:
  181. #azure_security_group_name:
  182. #azure_vnet_name:
  183. #azure_route_table_name:
  186. ## Set these proxy values in order to update docker daemon to use proxies
  187. # http_proxy: ""
  188. # https_proxy: ""
  189. # no_proxy: ""
  191. # Path used to store Docker data
  192. docker_daemon_graph: "/var/lib/docker"
  194. ## A string of extra options to pass to the docker daemon.
  195. ## This string should be exactly as you wish it to appear.
  196. ## An obvious use case is allowing insecure-registry access
  197. ## to self hosted registries like so:
  198. docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }}"
  199. docker_bin_dir: "/usr/bin"
  201. ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
  202. ## Please note that overlay2 is only supported on newer kernels
  203. #docker_storage_options: -s overlay2
  205. # K8s image pull policy (imagePullPolicy)
  206. k8s_image_pull_policy: IfNotPresent
  208. # default packages to install within the cluster
  209. kpm_packages: []
  210. # - name: kube-system/grafana
  212. # Settings for containerized control plane (etcd/kubelet)
  213. rkt_version: 1.21.0
  214. etcd_deployment_type: docker
  215. kubelet_deployment_type: docker
  216. vault_deployment_type: docker
  218. efk_enabled: false
  220. ## Certificate Management
  221. ## This setting determines whether certs are generated via scripts or whether a
  222. ## cluster of Hashicorp's Vault is started to issue certificates (using etcd
  223. ## as a backend). Options are "script" or "vault"
  224. cert_management: script
  226. # Please specify true if you want to perform a kernel upgrade
  227. kernel_upgrade: false