You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

122 lines
5.1 KiB

  1. ---
  2. ## Directory where the binaries will be installed
  3. bin_dir: /usr/local/bin
  4. ## The access_ip variable is used to define how other nodes should access
  5. ## the node. This is used in flannel to allow other flannel nodes to see
  6. ## this node for example. The access_ip is really useful AWS and Google
  7. ## environments where the nodes are accessed remotely by the "public" ip,
  8. ## but don't know about that address themselves.
  9. # access_ip: 1.1.1.1
  10. ## External LB example config
  11. ## apiserver_loadbalancer_domain_name: "elb.some.domain"
  12. # loadbalancer_apiserver:
  13. # address: 1.2.3.4
  14. # port: 1234
  15. ## Internal loadbalancers for apiservers
  16. # loadbalancer_apiserver_localhost: true
  17. # valid options are "nginx" or "haproxy"
  18. # loadbalancer_apiserver_type: nginx # valid values "nginx" or "haproxy"
  19. ## If the cilium is going to be used in strict mode, we can use the
  20. ## localhost connection and not use the external LB. If this parameter is
  21. ## not specified, the first node to connect to kubeapi will be used.
  22. # use_localhost_as_kubeapi_loadbalancer: true
  23. ## Local loadbalancer should use this port
  24. ## And must be set port 6443
  25. loadbalancer_apiserver_port: 6443
  26. ## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx.
  27. loadbalancer_apiserver_healthcheck_port: 8081
  28. ### OTHER OPTIONAL VARIABLES
  29. ## Upstream dns servers
  30. # upstream_dns_servers:
  31. # - 8.8.8.8
  32. # - 8.8.4.4
  33. ## There are some changes specific to the cloud providers
  34. ## for instance we need to encapsulate packets with some network plugins
  35. ## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or 'external'
  36. ## When openstack is used make sure to source in the openstack credentials
  37. ## like you would do when using openstack-client before starting the playbook.
  38. # cloud_provider:
  39. ## When cloud_provider is set to 'external', you can set the cloud controller to deploy
  40. ## Supported cloud controllers are: 'openstack', 'vsphere' and 'hcloud'
  41. ## When openstack or vsphere are used make sure to source in the required fields
  42. # external_cloud_provider:
  43. ## Set these proxy values in order to update package manager and docker daemon to use proxies
  44. # http_proxy: ""
  45. # https_proxy: ""
  46. ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy
  47. # no_proxy: ""
  48. ## Some problems may occur when downloading files over https proxy due to ansible bug
  49. ## https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
  50. ## SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
  51. # download_validate_certs: False
  52. ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
  53. # additional_no_proxy: ""
  54. ## If you need to disable proxying of os package repositories but are still behind an http_proxy set
  55. ## skip_http_proxy_on_os_packages to true
  56. ## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos and in /etc/apt/apt.conf for debian/ubuntu
  57. ## Special information for debian/ubuntu - you have to set the no_proxy variable, then apt package will install from your source of wish
  58. # skip_http_proxy_on_os_packages: false
  59. ## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
  60. ## pods will restart) when adding or removing workers. To override this behaviour by only including master nodes in the
  61. ## no_proxy variable, set below to true:
  62. no_proxy_exclude_workers: false
  63. ## Certificate Management
  64. ## This setting determines whether certs are generated via scripts.
  65. ## Chose 'none' if you provide your own certificates.
  66. ## Option is "script", "none"
  67. # cert_management: script
  68. ## Set to true to allow pre-checks to fail and continue deployment
  69. # ignore_assert_errors: false
  70. ## The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
  71. # kube_read_only_port: 10255
  72. ## Set true to download and cache container
  73. # download_container: true
  74. ## Deploy container engine
  75. # Set false if you want to deploy container engine manually.
  76. # deploy_container_engine: true
  77. ## Red Hat Enterprise Linux subscription registration
  78. ## Add either RHEL subscription Username/Password or Organization ID/Activation Key combination
  79. ## Update RHEL subscription purpose usage, role and SLA if necessary
  80. # rh_subscription_username: ""
  81. # rh_subscription_password: ""
  82. # rh_subscription_org_id: ""
  83. # rh_subscription_activation_key: ""
  84. # rh_subscription_usage: "Development"
  85. # rh_subscription_role: "Red Hat Enterprise Server"
  86. # rh_subscription_sla: "Self-Support"
  87. ## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
  88. # ping_access_ip: true
  89. # sysctl_file_path to add sysctl conf to
  90. # sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
  91. ## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
  92. kube_webhook_token_auth: false
  93. kube_webhook_token_auth_url_skip_tls_verify: false
  94. # kube_webhook_token_auth_url: https://...
  95. ## base64-encoded string of the webhook's CA certificate
  96. # kube_webhook_token_auth_ca_data: "LS0t..."