richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7852 Commits
34 Branches
82 Tags
155 MiB
Tree: 2a52e5f08c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2a52e5f08c'
${ noResults }
kubespray/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml

390 lines
16 KiB
Raw Normal View History

Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Uncommented group_vars variables
8 years ago
Fix typos (no logic changes)
7 years ago
Revert "Fix: typos in docs and comments (#7805)" (#8592) This reverts commit 417180246c2dd414ba1f9d3d730217eaa2187f6f.
3 years ago
Fix typos (no logic changes)
7 years ago
Uncommented group_vars variables
8 years ago
Revert "Fix #4237: update kube cert path (#4354)" (#4369) This reverts commit ea7a6f1cf1d95732d8305d0ca8da0da8a0050e3d. This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
6 years ago
Uncommented group_vars variables
8 years ago
Support for disabling apiserver insecure port This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). Rework of #1937 with kubeadm support Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
7 years ago
Uncommented group_vars variables
8 years ago
bump k8s version (#11455)
6 months ago
Uncommented group_vars variables
8 years ago
feat: make kubernetes owner parametrized (#8952) * feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2 years ago
Uncommented group_vars variables
8 years ago
Fix typos (no logic changes)
7 years ago
Uncommented group_vars variables
8 years ago
Introducing credentials_dir in order to be able to override it
6 years ago
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655)
4 years ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Granular authentication Control It is now possible to deactivate selected authentication methods (basic auth, token auth) inside the cluster by adding removing the required arguments to the Kube API Server and generating the secrets accordingly. The x509 authentification is currently not optional because disabling it would affect the kubectl clients deployed on the master nodes.
8 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
Granular authentication Control It is now possible to deactivate selected authentication methods (basic auth, token auth) inside the cluster by adding removing the required arguments to the Kube API Server and generating the secrets accordingly. The x509 authentification is currently not optional because disabling it would affect the kubectl clients deployed on the master nodes.
8 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
Ansible var should be quoted (#3393) to fix the follow problem in case quote is not used: PLAY [k8s-cluster:etcd:calico-rr] ********************************************** ERROR! Syntax Error while loading YAML. expected <block end>, but found '<scalar>' The error appears to have been in '/tmp/vagrant-ansible/inventory/group_vars/k8s-cluster.yml': line 59, column 39, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: kube_oidc_ca_file: {{ kube_cert_dir }}/openid-ca.pem ^ here We could be wrong, but this one looks like it might be an issue with missing quotes. Always quote template expression brackets when they start a value. For instance: with_items: - {{ foo }} Should be written as: with_items: - "{{ foo }}" Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again.
6 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
Fix OpenId Connect example prefixes (#7527) Fixes "mapping values are not allowed in this context
3 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
Fix OpenId Connect example prefixes (#7527) Fixes "mapping values are not allowed in this context
3 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
Allow webhook authorization (#6502)
4 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
8 years ago
[kube-ovn]: update kube-ovn version and sync some feature (#8790) * [kube-ovn]: some feature kube-ovn vlan mode ipv6/ipv4 dual stack ... * remove unused env * fix readinessprobe
2 years ago
Uncommented group_vars variables
8 years ago
the url of multus has been moved (#9850) Signed-off-by: panguicai008 <1121906548@qq.com>
2 years ago
Add Setting Multi on group_vars (#4054)
6 years ago
Uncommented group_vars variables
8 years ago
Add comment clarifying network allocation and sizes (#6607) * Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes Signed-off-by: Mikael Johansson <mik.json@gmail.com> * Rewrite of the comment and added new examples Signed-off-by: Mikael Johansson <mik.json@gmail.com>
4 years ago
Uncommented group_vars variables
8 years ago
Changes to support Dual Stack networking
4 years ago
Uncommented group_vars variables
8 years ago
Hopefully final batches of ipaddr deprecation cleanup (#10822)
1 year ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Uncommented group_vars variables
8 years ago
Support ipvs mode for kube-proxy Support ipvs mode for kube-proxy
7 years ago
Update defaults to match k8s 1.12 suggestions (#3760) * Update defaults to match k8s 1.12 suggestions * Test if Netchecker works with node ip instead of localhost * Update defaults to ipvs and coredns * Update defaults for kube_apiserver_insecure_port * Update main.yaml
6 years ago
Add CoreDNS support with various fixes Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
7 years ago
MetalLB: fail if kube_proxy_strict_arp is false (#5180) When using IPVS, kube_proxy_strict_arp = true is required https://github.com/danderson/metallb/issues/153#issuecomment-518651132 Add kube_proxy_strict_arp to inventory/sample
5 years ago
kube-vip shoud fail if kube_proxy_strict_arp is false in arp mod (#9223) * fix-kube-vip-strict-arp * fix-kube-vip-strict-arp
2 years ago
MetalLB: fail if kube_proxy_strict_arp is false (#5180) When using IPVS, kube_proxy_strict_arp = true is required https://github.com/danderson/metallb/issues/153#issuecomment-518651132 Add kube_proxy_strict_arp to inventory/sample
5 years ago
Fix kube-proxy configuration for kubeadm (#3958) - Creates and defaults an ansible variable for every configuration option in the `kubeproxy.config.k8s.io/v1alpha1` type spec - Fixes vars that were orphaned by removing non-kubeadm - Fixes previously harcoded kubeadm values - Introduces a `main` directory for role default files per component (requires ansible 2.6.0+) - Split out just `kube-proxy.yml` in this first effort - Removes the kube-proxy server field patch task We should continue to pull out other components from `main.yml` into their own defaults files as I did here for `defaults/main/kube-proxy.yml`. I hope for and will need others to join me in this refactoring across the project until each component config template has a matching role defaults file, with shared defaults in `kubespray-defaults` or `downloads`
6 years ago
--nodeport-addresses added on kube-proxy.manifest.j2 Changed author
6 years ago
Fix kube_hostname_override inconsistencies (#4185)
6 years ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
project: fix var-spacing ansible rule (#10266) * project: fix var-spacing ansible rule Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing on the beginning/end of jinja template Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing of default filter Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing between filter arguments Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix double space at beginning/end of jinja Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix remaining jinja[spacing] ansible-lint warning Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Fix kube_hostname_override inconsistencies (#4185)
6 years ago
Encrypting Secret Data at Rest (#8574) * change default value for Encrypting Secret Data at Rest to secretbox, remove experimental flag and add documentation * fix MD012/no-multiple-blanks
3 years ago
Add CoreDNS support with various fixes Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
7 years ago
Support ipvs mode for kube-proxy Support ipvs mode for kube-proxy
7 years ago
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) * Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 * Add sample graceful shutdown parameters
3 years ago
Drop chech for kubelet_shutdown_grace_period (#7993) and kubelet_shutdown_grace_period_critical_pods as ansible cannot do sane time interval calculations
3 years ago
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) * Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 * Add sample graceful shutdown parameters
3 years ago
Uncommented group_vars variables
8 years ago
feat: allows users to have more control on DNS (#9270) Signed-off-by: eminaktas <eminaktas34@gmail.com> Signed-off-by: eminaktas <eminaktas34@gmail.com>
2 years ago
project: fix var-spacing ansible rule (#10266) * project: fix var-spacing ansible rule Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing on the beginning/end of jinja template Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing of default filter Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing between filter arguments Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix double space at beginning/end of jinja Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix remaining jinja[spacing] ansible-lint warning Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
feat: allows users to have more control on DNS (#9270) Signed-off-by: eminaktas <eminaktas34@gmail.com> Signed-off-by: eminaktas <eminaktas34@gmail.com>
2 years ago
Remove kubedns and dnsmasq. Move dns_late phase after apps (#4406) Both kubedns and dnsmasq modes are long not maintained. We should run dns_late steps at the end because sshd makes DNS lookups during Ansible run and has 2s timeouts for each failed lookup trying to connect to coredns before it is ready.
6 years ago
Update defaults to match k8s 1.12 suggestions (#3760) * Update defaults to match k8s 1.12 suggestions * Test if Netchecker works with node ip instead of localhost * Update defaults to ipvs and coredns * Update defaults for kube_apiserver_insecure_port * Update main.yaml
6 years ago
Add optional manual dns_mode (#2178)
7 years ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Add support for running a nodelocal dns cache (#3861) * Add support for running a nodelocal dns cache After encountering dns issues in a cluster I was recently working on I noticed Kubernetes 1.13 introduced support for running a nodelocal dns cache. I believe this can usefull for more people. https://github.com/kubernetes/kubernetes/commit/73b548db06c5e293533344c5b6171e955eac9ff1 https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/0030-nodelocal-dns-cache.md * Add requested changes * Add additional requested changes + documentation * Add requested changes after review * Replace incorrect variable
6 years ago
Enable nodelocaldns by default (#4461) * Enable nodelocaldns by default * Enable nodelocaldns by default * nodelocaldns is now default * Disable enable_nodelocaldns for the addons CI jobs Disable enable_nodelocaldns for the addons CI jobs to make sure things still work without nodelocaldns
5 years ago
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) * nodelocaldns: allow a secondary pod for nodelocaldns for local-HA * CI: add job to test nodelocaldns secondary
3 years ago
Set cluster DNS correctly in case of nodelocal dns cache (#3879) * Set cluster DNS correctly in case of nodelocal dns cache * Pass in cluster_ip based on dns mode * Disable nodelocaldns by default * Fix syntax error * Fix syntax issue * Add nodelocadns ip to vars of node installation * Change location of nodelocaldns_ip * Try to remove newlines from jinja template * Add debug for config file * Move parameter logic outside of template * Adapt templates after feedback * Remove debugging
6 years ago
nodelocaldns: allow to set health port, switch to 9254 by default (#4902) 8080 is a pretty common port, using nodelocaldns_ip:8080 still prevents node processes or hostNetwork=true processes to bind to *:8080 so switch to 9254 by default (prometheus port is 9253) Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
5 years ago
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) * nodelocaldns: allow a secondary pod for nodelocaldns for local-HA * CI: add job to test nodelocaldns secondary
3 years ago
nodelocaldns: allow binding metrics address to host IP (#7748)
3 years ago
nodelocaldns: allow a secondary pod for nodelocaldns for local-HA (#8100) * nodelocaldns: allow a secondary pod for nodelocaldns for local-HA * CI: add job to test nodelocaldns secondary
3 years ago
Add external zones in nodelocaldns configuration (#5591) Allows to configure additionnal zone for domains not resolved by `upstream_dns_servers`.
5 years ago
Add Support for Rewrite Plugin to CoreDNS/NodelocalDNS (#9245)
2 years ago
add k8s_external plugin to CoreDNS configuration (#4704)
5 years ago
Add CoreDNS endpoint_pod_names option (#5012)
5 years ago
Ability to define options for DNS upstream servers (#9311) * Ability to define options for DNS upstream servers * Doc and sample inventory vars
2 years ago
[feat] Add custom options to coredns kubernets plugin (#9608)
2 years ago
feat(coredns): Forward extra domains to coredns kubernetes plugin (#9635)
2 years ago
Add optional manual dns_mode (#2178)
7 years ago
Uncommented group_vars variables
8 years ago
containerd: change default resolvconf_mode to host_resolvconf (#8247) * containerd: change default resolvconf_mode to host_resolvconf * Wait for kube-apiserver to come back after pod refresh * Handle resolv.conf gracefully * Retain currently configured DNS entries to ensure we don't break the resolvers * Suse uses wickedd for network management so no dhcp hooks * Molecule: increase ansible timeout * CI: Increase ansible timeout to 120s for Packet jobs
3 years ago
Uncommented group_vars variables
8 years ago
Hopefully final batches of ipaddr deprecation cleanup (#10822)
1 year ago
Uncommented group_vars variables
8 years ago
Split group-variables
6 years ago
containerd support (#4664) * Add limited containerd support Containerd support for Ubuntu + Calico * Added CRI-O support for ubuntu * containerd support. * Reset containerd support. * fix lint. * implemented feedback * Change task name cri xx instead of cri-o in reset task and timeout condition. * set crictl to fixed version * Use docker-ce's container.io package for containerd. * Add check containerd is installable or not. * Avoid stop docker when use containerd and optimize retry for reset. * Add config.toml. * Fixed containerd for kubelet.env. * Merge PR #4629 * Remove unused ubuntu variable for containerd * Polish code for containerd and cri-o * Refactoring cri socket configuration. * Configurable conmon. * Remove unused crictl/runc download * Now crictl and runc is downloaded by common crictl.yml. * fixed yamllint error * Fixed brokenfiles by conflict. * Remove commented line in config.toml * Remove readded v1.12.x version * Fixed broken set_docker_image_facts * Fix yamllint errors. * Remove unused apt source * Fix crictl could not be installed * Add containerd config from skolekonov's PR #4601
5 years ago
Defaults: replace docker with containerd as our default container_manager (#8175) * Defaults: replace docker with containerd as our default container_manager * CI: Use docker for download_localhost test * Defaults: with container_manager=containerd we need etcd_deployment_type=host * CI: Run weave jobs with docker * CI: Vagrant don't download_force_cache * CI: Fix upgrade tests * should run compatible with old settings, this means docker * we need to run with a distro that has at least modern containerd, this means move from debian9 to debian10 to allow `containerd_version` to match between 2.17 and master
3 years ago
Update sample.
6 years ago
Add support for Kata Containers (#6256) * Install Kata Containers as additional container runtime * Create RuntimeClasses for Kata Containers * Updated Vagrant to optionally run without Docker as container manager * Updated Vagrant to optionally use Libvirt nested virtualization * Add Kata Containers documentation * Fix lint errors * Add kata_containers_enabled to kubespray-defaults * Fixed typo error * Fixed typo error
4 years ago
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
5 years ago
Uncommented group_vars variables
8 years ago
Support audit
6 years ago
Support dynamic kubelet config https://kubernetes.io/blog/2018/07/11/dynamic-kubelet-configuration/
6 years ago
Yamllint fixes (#4410) * Lint everything in the repository with yamllint * yamllint fixes: syntax fixes only * yamllint fixes: move comments to play names * yamllint fixes: indent comments in .gitlab-ci.yml file
6 years ago
Support dynamic kubelet config https://kubernetes.io/blog/2018/07/11/dynamic-kubelet-configuration/
6 years ago
Support multiple artifacts under individual inventory directory
7 years ago
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false)
7 years ago
UpCloud integration (#8653) * [upcloud] add upcloud csi-driver * Option to use ansible_host as api ip for kubueconfig
2 years ago
Support multiple artifacts under individual inventory directory
7 years ago
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false)
7 years ago
Fix enforce-node-allocatable option Closes #1228 pods is default enforcement see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ add update
7 years ago
Fix spelling mistakes in group_vars (#2166)
7 years ago
Fix enforce-node-allocatable option Closes #1228 pods is default enforcement see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ add update
7 years ago
Add possibility to insert more ip adresses in certificates (#1678) * Add possibility to insert more ip adresses in certificates * Add newline at end of files * Move supp ip parameters to k8s-cluster group file * Add supplementary addresses in kubeadm master role * Improve openssl indexes
7 years ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834) * node: fix default kubelet/runtime cgroups when kube_reserved is false (default) Commit 1c4db6132d9a2bf79e8d72c09cbdb12f3fef572a introduced a notion of kube_reserved. This introduced a breaking change defaulting to use kube.slice for the container_manager and the kubelet as if kube_reserved was always enabled whereas it is disabled by default. This commit fixes this by bringing back system.slice whenever kube_reserved is disabled. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * inventory/sample: change false for kube_reserved as its the default Changing the commented value in sample inventory to the actual default value. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2 years ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
fix kube_reserved so it only controls kubeReservedCgroup (#11367)
7 months ago
node: fix default kubelet/runtime cgroups when kube_reserved is false (#9834) * node: fix default kubelet/runtime cgroups when kube_reserved is false (default) Commit 1c4db6132d9a2bf79e8d72c09cbdb12f3fef572a introduced a notion of kube_reserved. This introduced a breaking change defaulting to use kube.slice for the container_manager and the kubelet as if kube_reserved was always enabled whereas it is disabled by default. This commit fixes this by bringing back system.slice whenever kube_reserved is disabled. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * inventory/sample: change false for kube_reserved as its the default Changing the commented value in sample inventory to the actual default value. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2 years ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
Rename master to control plane - non-breaking changes only (#11394) K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See https://github.com/kubernetes/community/blob/65d886bb3029e73d9729e1d4f27422a7985233ed/sig-architecture/naming/recommendations/001-master-control-plane.md
5 months ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
Add an option to reserve resources for OS system daemons (#5007)
5 years ago
optimize cgroups settings for node reserved (#9209) * optimize cgroups settings for node reserved * fix * set cgroup slice for multi container engine * set cgroup slice for crio * add reserved cgroups variables to sample files * Compatible with cgroup path for different container managers * add cgroups doc * fix markdown
2 years ago
Fix reserved memory unit in kubelet configuration (#6725) * Fix reserved memory unit in kubelet configuration Signed-off-by: Wang Zhen <lazybetrayer@gmail.com> * Move systemReserved default values from template Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
4 years ago
Add an option to reserve resources for OS system daemons (#5007)
5 years ago
support reserve ephemeral-storage (#8895)
2 years ago
Add an option to reserve resources for OS system daemons (#5007)
5 years ago
Fix reserved memory unit in kubelet configuration (#6725) * Fix reserved memory unit in kubelet configuration Signed-off-by: Wang Zhen <lazybetrayer@gmail.com> * Move systemReserved default values from template Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
4 years ago
Add an option to reserve resources for OS system daemons (#5007)
5 years ago
support reserve ephemeral-storage (#8895)
2 years ago
Add an option to reserve resources for OS system daemons (#5007)
5 years ago
feat: add eviction hard to kubelet config (#8421) Signed-off-by: Cyril Corbon <corboncyril@gmail.com>
3 years ago
move flexvolume plugin directory creation to preinstall (#4999) * move flexvolume plugin directory creation to preinstall * changes per pr feedback
5 years ago
Add possibility to insert more ip adresses in certificates (#1678) * Add possibility to insert more ip adresses in certificates * Add newline at end of files * Move supp ip parameters to k8s-cluster group file * Add supplementary addresses in kubeadm master role * Improve openssl indexes
7 years ago
Fix spelling mistakes in group_vars (#2166)
7 years ago
Add possibility to insert more ip adresses in certificates (#1678) * Add possibility to insert more ip adresses in certificates * Add newline at end of files * Move supp ip parameters to k8s-cluster group file * Add supplementary addresses in kubeadm master role * Improve openssl indexes
7 years ago
Added disable_volume_zone_conflict variable
7 years ago
Update all kubernetes-incubator/kubespray refs to kubernetes-sigs/kubespray (#3780)
6 years ago
Added disable_volume_zone_conflict variable
7 years ago
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
7 years ago
Azure Disk CSI deployment (#5833) * Azure Disk CSI deployment * Mention Azure CSI support * Fix: remove unnecessary file * Typo in documentation * Add newline to end of file
4 years ago
Split group-variables
6 years ago
Add support for GPU accelerator
6 years ago
Fix some typos (#3636) Signed-off-by: mooncake <xcoder@tenxcloud.com>
6 years ago
Add support for GPU accelerator
6 years ago
fix-typo (#5199)
5 years ago
Add support for GPU accelerator
6 years ago
Allow customizing container image path used in NVIDIA GPU addon. (#4229)
6 years ago
Upgrade to latest version of ubuntu-nvidia-driver-installer. (#4296) The lastest version of ubuntu-nvidia-driver-installer contains a fix for https://github.com/GoogleCloudPlatform/container-engine-accelerators/issues/90 which causes the installer pod to crash when driver is already loaded.
6 years ago
Allow customizing container image path used in NVIDIA GPU addon. (#4229)
6 years ago
[registry] Switch registry to use registry.k8s.io Please see the conversation here: https://groups.google.com/a/kubernetes.io/g/dev/c/DYZYNQ_A6_c
2 years ago
ADD tls cipher suites support (#6024) * ADD tls cipher suites support yaml lint yamllint * update test case * update test case
4 years ago
Correct the POLY1305 cipher suites by adding the suffix _SHA256 (#10641)
1 year ago
ADD tls cipher suites support (#6024) * ADD tls cipher suites support yaml lint yamllint * update test case * update test case
4 years ago
Correct the POLY1305 cipher suites by adding the suffix _SHA256 (#10641)
1 year ago
ADD tls cipher suites support (#6024) * ADD tls cipher suites support yaml lint yamllint * update test case * update test case
4 years ago
Add event-ttl duration (#6310) * Add event-ttl duration * Fix wrong location
4 years ago
Auto renew control plane certificates (#7358) While at it remove force_certificate_regeneration This boolean only forced the renewal of the apiserver certs Either manually use k8s-certs-renew.sh or set auto_renew_certificates Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
4 years ago
Add auto_renew_certificates_systemd_calendar (#7490) This allow to configure when K8S certificates renewal runs Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
3 years ago
Features/support kubeadm patches v1beta3 (#9326) * Support kubeadm patches in v1beta3 * Update kubeadm patches sample files in inventory * Fix pre-commit syntax * Set kubeadm_patches enabled to false in sample inventory
2 years ago
Document how to use kubeadm patches
5 months ago
Remove access to cluster from anonymous users (#11016) * feat: add user facing variable with default * feat: remove rolebinding to anonymous users after init and upgrade * feat: use file discovery for secondary control plane nodes * feat: use file discovery for nodes * fix: do not fail if rolebinding does not exist * docs: add warning about kube_api_anonymous_auth * style: improve readability of delegate_to parameter * refactor: rename discovery kubeconfig file * test: enable new variable in hardening and upgrade test cases * docs: add option to config parameters * test: multiple instances and upgrade
11 months ago
  1. ---
  2. # Kubernetes configuration dirs and system namespace.
  3. # Those are where all the additional config stuff goes
  4. # the kubernetes normally puts in /srv/kubernetes.
  5. # This puts them in a sane location and namespace.
  6. # Editing those values will almost surely break something.
  7. kube_config_dir: /etc/kubernetes
  8. kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
  9. kube_manifest_dir: "{{ kube_config_dir }}/manifests"
  11. # This is where all the cert scripts and certs will be located
  12. kube_cert_dir: "{{ kube_config_dir }}/ssl"
  14. # This is where all of the bearer tokens will be stored
  15. kube_token_dir: "{{ kube_config_dir }}/tokens"
  17. kube_api_anonymous_auth: true
  19. ## Change this to use another Kubernetes version, e.g. a current beta release
  20. kube_version: v1.30.4
  22. # Where the binaries will be downloaded.
  23. # Note: ensure that you've enough disk space (about 1G)
  24. local_release_dir: "/tmp/releases"
  25. # Random shifts for retrying failed ops like pushing/downloading
  26. retry_stagger: 5
  28. # This is the user that owns tha cluster installation.
  29. kube_owner: kube
  31. # This is the group that the cert creation scripts chgrp the
  32. # cert files to. Not really changeable...
  33. kube_cert_group: kube-cert
  35. # Cluster Loglevel configuration
  36. kube_log_level: 2
  38. # Directory where credentials will be stored
  39. credentials_dir: "{{ inventory_dir }}/credentials"
  41. ## It is possible to activate / deactivate selected authentication methods (oidc, static token auth)
  42. # kube_oidc_auth: false
  43. # kube_token_auth: false
  46. ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
  47. ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
  49. # kube_oidc_url: https:// ...
  50. # kube_oidc_client_id: kubernetes
  51. ## Optional settings for OIDC
  52. # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
  53. # kube_oidc_username_claim: sub
  54. # kube_oidc_username_prefix: 'oidc:'
  55. # kube_oidc_groups_claim: groups
  56. # kube_oidc_groups_prefix: 'oidc:'
  58. ## Variables to control webhook authn/authz
  59. # kube_webhook_token_auth: false
  60. # kube_webhook_token_auth_url: https://...
  61. # kube_webhook_token_auth_url_skip_tls_verify: false
  63. ## For webhook authorization, authorization_modes must include Webhook
  64. # kube_webhook_authorization: false
  65. # kube_webhook_authorization_url: https://...
  66. # kube_webhook_authorization_url_skip_tls_verify: false
  68. # Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin)
  69. # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
  70. kube_network_plugin: calico
  72. # Setting multi_networking to true will install Multus: https://github.com/k8snetworkplumbingwg/multus-cni
  73. kube_network_plugin_multus: false
  75. # Kubernetes internal network for services, unused block of space.
  76. kube_service_addresses: 10.233.0.0/18
  78. # internal network. When used, it will assign IP
  79. # addresses from this range to individual pods.
  80. # This network must be unused in your network infrastructure!
  81. kube_pods_subnet: 10.233.64.0/18
  83. # internal network node size allocation (optional). This is the size allocated
  84. # to each node for pod IP address allocation. Note that the number of pods per node is
  85. # also limited by the kubelet_max_pods variable which defaults to 110.
  86. #
  87. # Example:
  88. # Up to 64 nodes and up to 254 or kubelet_max_pods (the lowest of the two) pods per node:
  89. # - kube_pods_subnet: 10.233.64.0/18
  90. # - kube_network_node_prefix: 24
  91. # - kubelet_max_pods: 110
  92. #
  93. # Example:
  94. # Up to 128 nodes and up to 126 or kubelet_max_pods (the lowest of the two) pods per node:
  95. # - kube_pods_subnet: 10.233.64.0/18
  96. # - kube_network_node_prefix: 25
  97. # - kubelet_max_pods: 110
  98. kube_network_node_prefix: 24
  100. # Configure Dual Stack networking (i.e. both IPv4 and IPv6)
  101. enable_dual_stack_networks: false
  103. # Kubernetes internal network for IPv6 services, unused block of space.
  104. # This is only used if enable_dual_stack_networks is set to true
  105. # This provides 4096 IPv6 IPs
  106. kube_service_addresses_ipv6: fd85:ee78:d8a6:8607::1000/116
  108. # Internal network. When used, it will assign IPv6 addresses from this range to individual pods.
  109. # This network must not already be in your network infrastructure!
  110. # This is only used if enable_dual_stack_networks is set to true.
  111. # This provides room for 256 nodes with 254 pods per node.
  112. kube_pods_subnet_ipv6: fd85:ee78:d8a6:8607::1:0000/112
  114. # IPv6 subnet size allocated to each for pods.
  115. # This is only used if enable_dual_stack_networks is set to true
  116. # This provides room for 254 pods per node.
  117. kube_network_node_prefix_ipv6: 120
  119. # The port the API Server will be listening on.
  120. kube_apiserver_ip: "{{ kube_service_addresses | ansible.utils.ipaddr('net') | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address') }}"
  121. kube_apiserver_port: 6443 # (https)
  123. # Kube-proxy proxyMode configuration.
  124. # Can be ipvs, iptables
  125. kube_proxy_mode: ipvs
  127. # configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
  128. # must be set to true for MetalLB, kube-vip(ARP enabled) to work
  129. kube_proxy_strict_arp: false
  131. # A string slice of values which specify the addresses to use for NodePorts.
  132. # Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).
  133. # The default empty string slice ([]) means to use all local addresses.
  134. # kube_proxy_nodeport_addresses_cidr is retained for legacy config
  135. kube_proxy_nodeport_addresses: >-
  136. {%- if kube_proxy_nodeport_addresses_cidr is defined -%}
  137. [{{ kube_proxy_nodeport_addresses_cidr }}]
  138. {%- else -%}
  139. []
  140. {%- endif -%}
  142. # If non-empty, will use this string as identification instead of the actual hostname
  143. # kube_override_hostname: >-
  144. # {%- if cloud_provider is defined and cloud_provider in ['aws'] -%}
  145. # {%- else -%}
  146. # {{ inventory_hostname }}
  147. # {%- endif -%}
  149. ## Encrypting Secret Data at Rest
  150. kube_encrypt_secret_data: false
  152. # Graceful Node Shutdown (Kubernetes >= 1.21.0), see https://kubernetes.io/blog/2021/04/21/graceful-node-shutdown-beta/
  153. # kubelet_shutdown_grace_period had to be greater than kubelet_shutdown_grace_period_critical_pods to allow
  154. # non-critical podsa to also terminate gracefully
  155. # kubelet_shutdown_grace_period: 60s
  156. # kubelet_shutdown_grace_period_critical_pods: 20s
  158. # DNS configuration.
  159. # Kubernetes cluster name, also will be used as DNS domain
  160. cluster_name: cluster.local
  161. # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
  162. ndots: 2
  163. # dns_timeout: 2
  164. # dns_attempts: 2
  165. # Custom search domains to be added in addition to the default cluster search domains
  166. # searchdomains:
  167. # - svc.{{ cluster_name }}
  168. # - default.svc.{{ cluster_name }}
  169. # Remove default cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``).
  170. # remove_default_searchdomains: false
  171. # Can be coredns, coredns_dual, manual or none
  172. dns_mode: coredns
  173. # Set manual server if using a custom cluster DNS server
  174. # manual_dns_server: 10.x.x.x
  175. # Enable nodelocal dns cache
  176. enable_nodelocaldns: true
  177. enable_nodelocaldns_secondary: false
  178. nodelocaldns_ip: 169.254.25.10
  179. nodelocaldns_health_port: 9254
  180. nodelocaldns_second_health_port: 9256
  181. nodelocaldns_bind_metrics_host_ip: false
  182. nodelocaldns_secondary_skew_seconds: 5
  183. # nodelocaldns_external_zones:
  184. # - zones:
  185. # - example.com
  186. # - example.io:1053
  187. # nameservers:
  188. # - 1.1.1.1
  189. # - 2.2.2.2
  190. # cache: 5
  191. # - zones:
  192. # - https://mycompany.local:4453
  193. # nameservers:
  194. # - 192.168.0.53
  195. # cache: 0
  196. # - zones:
  197. # - mydomain.tld
  198. # nameservers:
  199. # - 10.233.0.3
  200. # cache: 5
  201. # rewrite:
  202. # - name website.tld website.namespace.svc.cluster.local
  203. # Enable k8s_external plugin for CoreDNS
  204. enable_coredns_k8s_external: false
  205. coredns_k8s_external_zone: k8s_external.local
  206. # Enable endpoint_pod_names option for kubernetes plugin
  207. enable_coredns_k8s_endpoint_pod_names: false
  208. # Set forward options for upstream DNS servers in coredns (and nodelocaldns) config
  209. # dns_upstream_forward_extra_opts:
  210. # policy: sequential
  211. # Apply extra options to coredns kubernetes plugin
  212. # coredns_kubernetes_extra_opts:
  213. # - 'fallthrough example.local'
  214. # Forward extra domains to the coredns kubernetes plugin
  215. # coredns_kubernetes_extra_domains: ''
  217. # Can be docker_dns, host_resolvconf or none
  218. resolvconf_mode: host_resolvconf
  219. # Deploy netchecker app to verify DNS resolve as an HTTP service
  220. deploy_netchecker: false
  221. # Ip address of the kubernetes skydns service
  222. skydns_server: "{{ kube_service_addresses | ansible.utils.ipaddr('net') | ansible.utils.ipaddr(3) | ansible.utils.ipaddr('address') }}"
  223. skydns_server_secondary: "{{ kube_service_addresses | ansible.utils.ipaddr('net') | ansible.utils.ipaddr(4) | ansible.utils.ipaddr('address') }}"
  224. dns_domain: "{{ cluster_name }}"
  226. ## Container runtime
  227. ## docker for docker, crio for cri-o and containerd for containerd.
  228. ## Default: containerd
  229. container_manager: containerd
  231. # Additional container runtimes
  232. kata_containers_enabled: false
  234. kubeadm_certificate_key: "{{ lookup('password', credentials_dir + '/kubeadm_certificate_key.creds length=64 chars=hexdigits') | lower }}"
  236. # K8s image pull policy (imagePullPolicy)
  237. k8s_image_pull_policy: IfNotPresent
  239. # audit log for kubernetes
  240. kubernetes_audit: false
  242. # define kubelet config dir for dynamic kubelet
  243. # kubelet_config_dir:
  244. default_kubelet_config_dir: "{{ kube_config_dir }}/dynamic_kubelet_dir"
  246. # Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts
  247. # kubeconfig_localhost: false
  248. # Use ansible_host as external api ip when copying over kubeconfig.
  249. # kubeconfig_localhost_ansible_host: false
  250. # Download kubectl onto the host that runs Ansible in {{ bin_dir }}
  251. # kubectl_localhost: false
  253. # A comma separated list of levels of node allocatable enforcement to be enforced by kubelet.
  254. # Acceptable options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "".
  255. # kubelet_enforce_node_allocatable: pods
  257. ## Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
  258. # kubelet_runtime_cgroups: "/{{ kube_service_cgroups }}/{{ container_manager }}.service"
  259. # kubelet_kubelet_cgroups: "/{{ kube_service_cgroups }}/kubelet.service"
  261. ## Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
  262. # kubelet_runtime_cgroups_cgroupfs: "/system.slice/{{ container_manager }}.service"
  263. # kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"
  265. # Whether to run kubelet and container-engine daemons in a dedicated cgroup.
  266. # kube_reserved: false
  267. ## Uncomment to override default values
  268. ## The following two items need to be set when kube_reserved is true
  269. # kube_reserved_cgroups_for_service_slice: kube.slice
  270. # kube_reserved_cgroups: "/{{ kube_reserved_cgroups_for_service_slice }}"
  271. # kube_memory_reserved: 256Mi
  272. # kube_cpu_reserved: 100m
  273. # kube_ephemeral_storage_reserved: 2Gi
  274. # kube_pid_reserved: "1000"
  275. # Reservation for control plane hosts
  276. # kube_master_memory_reserved: 512Mi
  277. # kube_master_cpu_reserved: 200m
  278. # kube_master_ephemeral_storage_reserved: 2Gi
  279. # kube_master_pid_reserved: "1000"
  281. ## Optionally reserve resources for OS system daemons.
  282. # system_reserved: true
  283. ## Uncomment to override default values
  284. ## The following two items need to be set when system_reserved is true
  285. # system_reserved_cgroups_for_service_slice: system.slice
  286. # system_reserved_cgroups: "/{{ system_reserved_cgroups_for_service_slice }}"
  287. # system_memory_reserved: 512Mi
  288. # system_cpu_reserved: 500m
  289. # system_ephemeral_storage_reserved: 2Gi
  290. ## Reservation for master hosts
  291. # system_master_memory_reserved: 256Mi
  292. # system_master_cpu_reserved: 250m
  293. # system_master_ephemeral_storage_reserved: 2Gi
  295. ## Eviction Thresholds to avoid system OOMs
  296. # https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds
  297. # eviction_hard: {}
  298. # eviction_hard_control_plane: {}
  300. # An alternative flexvolume plugin directory
  301. # kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
  303. ## Supplementary addresses that can be added in kubernetes ssl keys.
  304. ## That can be useful for example to setup a keepalived virtual IP
  305. # supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3]
  307. ## Running on top of openstack vms with cinder enabled may lead to unschedulable pods due to NoVolumeZoneConflict restriction in kube-scheduler.
  308. ## See https://github.com/kubernetes-sigs/kubespray/issues/2141
  309. ## Set this variable to true to get rid of this issue
  310. volume_cross_zone_attachment: false
  311. ## Add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI,
  312. ## AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI)
  313. persistent_volumes_enabled: false
  315. ## Container Engine Acceleration
  316. ## Enable container acceleration feature, for example use gpu acceleration in containers
  317. # nvidia_accelerator_enabled: true
  318. ## Nvidia GPU driver install. Install will by done by a (init) pod running as a daemonset.
  319. ## Important: if you use Ubuntu then you should set in all.yml 'docker_storage_options: -s overlay2'
  320. ## Array with nvida_gpu_nodes, leave empty or comment if you don't want to install drivers.
  321. ## Labels and taints won't be set to nodes if they are not in the array.
  322. # nvidia_gpu_nodes:
  323. # - kube-gpu-001
  324. # nvidia_driver_version: "384.111"
  325. ## flavor can be tesla or gtx
  326. # nvidia_gpu_flavor: gtx
  327. ## NVIDIA driver installer images. Change them if you have trouble accessing gcr.io.
  328. # nvidia_driver_install_centos_container: atzedevries/nvidia-centos-driver-installer:2
  329. # nvidia_driver_install_ubuntu_container: gcr.io/google-containers/ubuntu-nvidia-driver-installer@sha256:7df76a0f0a17294e86f691c81de6bbb7c04a1b4b3d4ea4e7e2cccdc42e1f6d63
  330. ## NVIDIA GPU device plugin image.
  331. # nvidia_gpu_device_plugin_container: "registry.k8s.io/nvidia-gpu-device-plugin@sha256:0842734032018be107fa2490c98156992911e3e1f2a21e059ff0105b07dd8e9e"
  333. ## Support tls min version, Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
  334. # tls_min_version: ""
  336. ## Support tls cipher suites.
  337. # tls_cipher_suites: {}
  338. # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  339. # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  340. # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  341. # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  342. # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  343. # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  344. # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  345. # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  346. # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  347. # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  348. # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  349. # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  350. # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  351. # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  352. # - TLS_ECDHE_RSA_WITH_RC4_128_SHA
  353. # - TLS_RSA_WITH_3DES_EDE_CBC_SHA
  354. # - TLS_RSA_WITH_AES_128_CBC_SHA
  355. # - TLS_RSA_WITH_AES_128_CBC_SHA256
  356. # - TLS_RSA_WITH_AES_128_GCM_SHA256
  357. # - TLS_RSA_WITH_AES_256_CBC_SHA
  358. # - TLS_RSA_WITH_AES_256_GCM_SHA384
  359. # - TLS_RSA_WITH_RC4_128_SHA
  361. ## Amount of time to retain events. (default 1h0m0s)
  362. event_ttl_duration: "1h0m0s"
  364. ## Automatically renew K8S control plane certificates on first Monday of each month
  365. auto_renew_certificates: false
  366. # First Monday of each month
  367. # auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
  369. kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
  370. kubeadm_patches: []
  371. # See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
  372. # Correspondance with this link
  373. # patchtype = type
  374. # target = target
  375. # suffix -> managed automatically
  376. # extension -> always "yaml"
  377. # kubeadm_patches:
  378. # - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
  379. # type: strategic(default)|json|merge
  380. # patch:
  381. # metadata:
  382. # annotations:
  383. # example.com/test: "true"
  384. # labels:
  385. # example.com/prod_level: "{{ prod_level }}"
  386. # - ...
  387. # Patches are applied in the order they are specified.
  389. # Set to true to remove the role binding to anonymous users created by kubeadm
  390. remove_anonymous_access: false