@ -18,16 +18,6 @@ kubernetes_etcd_snapshot_retention: 5
|
||||
|
||||
# host_external_ip: '' # Optional, String. External IP Address for host.
|
||||
|
||||
# Optional, Dict. Used to configure Kubernetes with OIDC Authentication.
|
||||
# kubernetes_oidc:
|
||||
# enabled: true # Mandatory, boolen. speaks for itself.
|
||||
# issuer_url: https://domainname.com/realms/realm-name # Mandatory, String. URL of OIDC Provider
|
||||
# client_id: kubernetes-test # Mandatory, string. OIDC Client ID
|
||||
# username_claim: preferred_username # Mandatory, String. Claim name containing username.
|
||||
# username_prefix: oidc # Optional, String. What to prefix to username
|
||||
# groups_claim: roles # Mandatory, String. Claim name containing groups
|
||||
# groups_prefix: '' # Optional, String. string to append to groups
|
||||
|
||||
kubernetes_type: k8s # Mandatory, String. choice K8s | k3s
|
||||
|
||||
|
||||
@ -105,3 +95,12 @@ k3s:
|
||||
# node_token: !vault |
|
||||
# $ANSIBLE_VAULT;1.2;AES256;kubernetes/cluster/production
|
||||
# {rest_of encrypted key}
|
||||
# oidc: # Used to configure Kubernetes with OIDC Authentication.
|
||||
# enabled: true # Mandatory, boolen. speaks for itself.
|
||||
# issuer_url: https://domainname.com/realms/realm-name # Mandatory, String. URL of OIDC Provider
|
||||
# client_id: kubernetes-test # Mandatory, string. OIDC Client ID
|
||||
# username_claim: preferred_username # Mandatory, String. Claim name containing username.
|
||||
# username_prefix: oidc # Optional, String. What to prefix to username
|
||||
# groups_claim: roles # Mandatory, String. Claim name containing groups
|
||||
# groups_prefix: '' # Optional, String. string to append to groups
|
||||
|
||||
|
||||
@ -1,11 +1,4 @@
|
||||
---
|
||||
- name: Wireguard Cluster Encryption
|
||||
ansible.builtin.include_tasks:
|
||||
file: k3s/wireguard.yaml
|
||||
when: >
|
||||
not kubernetes_installed_encryption | default(false) | bool
|
||||
|
||||
|
||||
- name: Install Software
|
||||
ansible.builtin.include_role:
|
||||
name: nfc_common
|
||||
|
||||
@ -19,13 +19,13 @@ kube-apiserver-arg:
|
||||
- audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
|
||||
- audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
|
||||
# - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
|
||||
{% if kubernetes_oidc.enabled | default(false) | bool -%}
|
||||
- oidc-issuer-url={{ kubernetes_oidc.issuer_url }}
|
||||
- oidc-client-id={{ kubernetes_oidc.client_id }}
|
||||
- oidc-username-claim={{ kubernetes_oidc.username_claim }}
|
||||
{% if kubernetes_oidc.oidc_username_prefix | default('') != '' -%} - oidc-username-prefix={{ kubernetes_oidc.oidc_username_prefix }}{% endif %}
|
||||
- oidc-groups-claim={{ kubernetes_oidc.groups_claim }}
|
||||
{% if kubernetes_oidc.groups_prefix | default('') != '' %} - oidc-groups-prefix={{ kubernetes_oidc.groups_prefix }}{% endif %}
|
||||
{% if kubernetes_config.cluster.oidc.enabled | default(false) | bool -%}
|
||||
- oidc-issuer-url={{ kubernetes_config.cluster.oidc.issuer_url }}
|
||||
- oidc-client-id={{ kubernetes_config.cluster.oidc.client_id }}
|
||||
- oidc-username-claim={{ kubernetes_config.cluster.oidc.username_claim }}
|
||||
{% if kubernetes_config.cluster.oidc.oidc_username_prefix | default('') != '' -%} - oidc-username-prefix={{ kubernetes_config.cluster.oidc.oidc_username_prefix }}{% endif %}
|
||||
- oidc-groups-claim={{ kubernetes_config.cluster.oidc.groups_claim }}
|
||||
{% if kubernetes_config.cluster.oidc.groups_prefix | default('') != '' %} - oidc-groups-prefix={{ kubernetes_config.cluster.oidc.groups_prefix }}{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if host_external_ip | default('') %} node-external-ip: "{{ host_external_ip }}"{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user