@ -18,16 +18,6 @@ kubernetes_etcd_snapshot_retention: 5
|
|||||||
|
|
||||||
# host_external_ip: '' # Optional, String. External IP Address for host.
|
# host_external_ip: '' # Optional, String. External IP Address for host.
|
||||||
|
|
||||||
# Optional, Dict. Used to configure Kubernetes with OIDC Authentication.
|
|
||||||
# kubernetes_oidc:
|
|
||||||
# enabled: true # Mandatory, boolen. speaks for itself.
|
|
||||||
# issuer_url: https://domainname.com/realms/realm-name # Mandatory, String. URL of OIDC Provider
|
|
||||||
# client_id: kubernetes-test # Mandatory, string. OIDC Client ID
|
|
||||||
# username_claim: preferred_username # Mandatory, String. Claim name containing username.
|
|
||||||
# username_prefix: oidc # Optional, String. What to prefix to username
|
|
||||||
# groups_claim: roles # Mandatory, String. Claim name containing groups
|
|
||||||
# groups_prefix: '' # Optional, String. string to append to groups
|
|
||||||
|
|
||||||
kubernetes_type: k8s # Mandatory, String. choice K8s | k3s
|
kubernetes_type: k8s # Mandatory, String. choice K8s | k3s
|
||||||
|
|
||||||
|
|
||||||
@ -105,3 +95,12 @@ k3s:
|
|||||||
# node_token: !vault |
|
# node_token: !vault |
|
||||||
# $ANSIBLE_VAULT;1.2;AES256;kubernetes/cluster/production
|
# $ANSIBLE_VAULT;1.2;AES256;kubernetes/cluster/production
|
||||||
# {rest_of encrypted key}
|
# {rest_of encrypted key}
|
||||||
|
# oidc: # Used to configure Kubernetes with OIDC Authentication.
|
||||||
|
# enabled: true # Mandatory, boolen. speaks for itself.
|
||||||
|
# issuer_url: https://domainname.com/realms/realm-name # Mandatory, String. URL of OIDC Provider
|
||||||
|
# client_id: kubernetes-test # Mandatory, string. OIDC Client ID
|
||||||
|
# username_claim: preferred_username # Mandatory, String. Claim name containing username.
|
||||||
|
# username_prefix: oidc # Optional, String. What to prefix to username
|
||||||
|
# groups_claim: roles # Mandatory, String. Claim name containing groups
|
||||||
|
# groups_prefix: '' # Optional, String. string to append to groups
|
||||||
|
|
||||||
|
|||||||
@ -1,11 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: Wireguard Cluster Encryption
|
|
||||||
ansible.builtin.include_tasks:
|
|
||||||
file: k3s/wireguard.yaml
|
|
||||||
when: >
|
|
||||||
not kubernetes_installed_encryption | default(false) | bool
|
|
||||||
|
|
||||||
|
|
||||||
- name: Install Software
|
- name: Install Software
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: nfc_common
|
name: nfc_common
|
||||||
|
|||||||
@ -19,13 +19,13 @@ kube-apiserver-arg:
|
|||||||
- audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
|
- audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
|
||||||
- audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
|
- audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
|
||||||
# - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
|
# - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
|
||||||
{% if kubernetes_oidc.enabled | default(false) | bool -%}
|
{% if kubernetes_config.cluster.oidc.enabled | default(false) | bool -%}
|
||||||
- oidc-issuer-url={{ kubernetes_oidc.issuer_url }}
|
- oidc-issuer-url={{ kubernetes_config.cluster.oidc.issuer_url }}
|
||||||
- oidc-client-id={{ kubernetes_oidc.client_id }}
|
- oidc-client-id={{ kubernetes_config.cluster.oidc.client_id }}
|
||||||
- oidc-username-claim={{ kubernetes_oidc.username_claim }}
|
- oidc-username-claim={{ kubernetes_config.cluster.oidc.username_claim }}
|
||||||
{% if kubernetes_oidc.oidc_username_prefix | default('') != '' -%} - oidc-username-prefix={{ kubernetes_oidc.oidc_username_prefix }}{% endif %}
|
{% if kubernetes_config.cluster.oidc.oidc_username_prefix | default('') != '' -%} - oidc-username-prefix={{ kubernetes_config.cluster.oidc.oidc_username_prefix }}{% endif %}
|
||||||
- oidc-groups-claim={{ kubernetes_oidc.groups_claim }}
|
- oidc-groups-claim={{ kubernetes_config.cluster.oidc.groups_claim }}
|
||||||
{% if kubernetes_oidc.groups_prefix | default('') != '' %} - oidc-groups-prefix={{ kubernetes_oidc.groups_prefix }}{% endif %}
|
{% if kubernetes_config.cluster.oidc.groups_prefix | default('') != '' %} - oidc-groups-prefix={{ kubernetes_config.cluster.oidc.groups_prefix }}{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if host_external_ip | default('') %} node-external-ip: "{{ host_external_ip }}"{% endif %}
|
{% if host_external_ip | default('') %} node-external-ip: "{{ host_external_ip }}"{% endif %}
|
||||||
|
|||||||
Reference in New Issue
Block a user