--- # Set to true to allow pre-checks to fail and continue deployment ignore_assert_errors: false # Set to false to disable the backup parameter, set to true to accumulate backups of config files. leave_etc_backup_files: true nameservers: [] cloud_resolver: [] disable_host_nameservers: false # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf dns_late: false # Set to true if your network does not support IPv6 # This may be necessary for pulling Docker images from # GCE docker repository disable_ipv6_dns: false # Remove default cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``). remove_default_searchdomains: false kube_owner: kube kube_cert_group: kube-cert kube_config_dir: /etc/kubernetes kube_cert_dir: "{{ kube_config_dir }}/ssl" kube_cert_compat_dir: /etc/kubernetes/pki kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec # Flatcar Container Linux by Kinvolk cloud init config file to define /etc/resolv.conf content # for hostnet pods and infra needs resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf # sysctl_file_path to add sysctl conf to sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" # Minimal memory requirement in MB for safety checks minimal_node_memory_mb: 1024 minimal_master_memory_mb: 1500 ## NTP Settings # Manage the NTP configuration file. ntp_manage_config: false # Specify the NTP servers # Only takes effect when ntp_manage_config is true. ntp_servers: - "0.pool.ntp.org iburst" - "1.pool.ntp.org iburst" - "2.pool.ntp.org iburst" - "3.pool.ntp.org iburst" # Restrict NTP access to these hosts. # Only takes effect when ntp_manage_config is true. ntp_restrict: - "127.0.0.1" - "::1" # Specify whether to filter interfaces ntp_filter_interface: false # Specify the interfaces # Only takes effect when ntp_filter_interface is true # ntp_interfaces: # - ignore wildcard # - listen xxx # The NTP driftfile path # Only takes effect when ntp_manage_config is true. # Default value is `/var/lib/ntp/ntp.drift`, for ntpsec use '/var/lib/ntpsec/ntp.drift' ntp_driftfile: >- {% if ntp_package == "ntpsec" -%} /var/lib/ntpsec/ntp.drift {%- else -%} /var/lib/ntp/ntp.drift {%- endif -%} # Only takes effect when ntp_manage_config is true. ntp_tinker_panic: false # Force sync time immediately after the ntp installed, which is useful in a newly installed system. ntp_force_sync_immediately: false # Set the timezone for your server. eg: "Etc/UTC","Etc/GMT-8". If not set, the timezone will not change. ntp_timezone: "" # Currently known os distributions supported_os_distributions: - 'RedHat' - 'CentOS' - 'Fedora' - 'Ubuntu' - 'Debian' - 'Flatcar' - 'Flatcar Container Linux by Kinvolk' - 'Suse' - 'openSUSE Leap' - 'openSUSE Tumbleweed' - 'ClearLinux' - 'OracleLinux' - 'AlmaLinux' - 'Rocky' - 'Amazon' - 'Kylin Linux Advanced Server' - 'UnionTech' - 'UniontechOS' - 'openEuler' # Extending some distributions into the redhat os family redhat_os_family_extensions: - "UnionTech" - "UniontechOS" # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use" systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}" # Used to disable File Access Policy Daemon service. # If service is enabled, the CNI plugin installation will fail disable_fapolicyd: true