@ -13,6 +13,9 @@ KubernetesVersion_k3s_prefix: '+k3s1'
|
||||
|
||||
kubernetes_private_container_registry: [] # Optional, Array. if none use `[]`
|
||||
|
||||
kubernetes_etcd_snapshot_cron_schedule: '0 */12 * * *'
|
||||
kubernetes_etcd_snapshot_retention: 5
|
||||
|
||||
# host_external_ip: '' # Optional, String. External IP Address for host.
|
||||
|
||||
# Optional, Dict. Used to configure Kubernetes with OIDC Authentication.
|
||||
@ -79,7 +82,7 @@ k3s:
|
||||
- name: psa.yaml
|
||||
path: /var/lib/rancher/k3s/server
|
||||
content: ""
|
||||
# apiVersion: apiserver.config.k8s.io/v1
|
||||
# apiVersion: apiserver.conf0 */12 * * *ig.k8s.io/v1
|
||||
# kind: AdmissionConfiguration
|
||||
# plugins:
|
||||
# - name: PodSecurity
|
||||
|
||||
@ -15,7 +15,13 @@ This role deploys a K3s cluster. In addition it has the following features:
|
||||
|
||||
- CNI Setup
|
||||
|
||||
- Configurable Container Registries
|
||||
- Configurable:
|
||||
|
||||
- Container Registries
|
||||
|
||||
- etcd snapshot cron schedule
|
||||
|
||||
- etcd snapshot retention
|
||||
|
||||
- _[ToDo-#3](https://gitlab.com/nofusscomputing/projects/ansible/kubernetes/-/issues/3)_ Encryption between nodes (Wireguard)
|
||||
|
||||
|
||||
@ -14,6 +14,8 @@ service-cidr: "{{ KubernetesServiceSubnet }}"
|
||||
disable-network-policy: true
|
||||
disable:
|
||||
- traefik
|
||||
etcd-snapshot-retention: {{ kubernetes_etcd_snapshot_retention | int }}
|
||||
etcd-snapshot-schedule-cron: "{{ kubernetes_etcd_snapshot_cron_schedule }}"
|
||||
kube-apiserver-arg:
|
||||
- audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
|
||||
- audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
|
||||
|
||||
Reference in New Issue
Block a user