#
# K3s Configuration for running Kubernetes
#
# Managed By ansible/role/nfc_kubernetes
#
# Dont edit this file directly as it will be overwritten.
#

{% if Kubernetes_Master | default(false) -%}cluster-cidr: "{{ KubernetesPodSubnet }}"

{% if 
          kubernetes_config.cluster.domain_name is defined
            and
          kubernetes_config.cluster.domain_name | default('') != ''
    -%}
        cluster-domain: {{ kubernetes_config.cluster.domain_name }}
    {%- endif %}

cluster-init: true
disable-network-policy: true
disable:
  - traefik
  - metrics-server
etcd-snapshot-retention: {{ kubernetes_etcd_snapshot_retention | int }}
etcd-snapshot-schedule-cron: "{{ kubernetes_etcd_snapshot_cron_schedule }}"
flannel-backend: none
kube-apiserver-arg:
  - audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
  - audit-log-maxage={{ kube_apiserver_arg_audit_log_maxage }}
  - audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
  # - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
  {% if kubernetes_config.cluster.oidc.enabled | default(false) | bool -%}
  - oidc-issuer-url={{ kubernetes_config.cluster.oidc.issuer_url }}
  - oidc-client-id={{ kubernetes_config.cluster.oidc.client_id }}
  - oidc-username-claim={{ kubernetes_config.cluster.oidc.username_claim }}
{% if kubernetes_config.cluster.oidc.oidc_username_prefix | default('') != '' -%}  - oidc-username-prefix={{ kubernetes_config.cluster.oidc.oidc_username_prefix }}{% endif %}
  - oidc-groups-claim={{ kubernetes_config.cluster.oidc.groups_claim }}
{% if kubernetes_config.cluster.oidc.groups_prefix | default('') != '' %}  - oidc-groups-prefix={{ kubernetes_config.cluster.oidc.groups_prefix }}{% endif %}
{% endif %}
{% endif %}

kubelet-arg:
  - system-reserved=cpu={{ kubelet_arg_system_reserved_cpu }},memory={{ kubelet_arg_system_reserved_memory }},ephemeral-storage={{ kubelet_arg_system_reserved_storage }}
{% if host_external_ip | default('') %}node-external-ip: "{{ host_external_ip }}"{% endif %}

node-name: {{ inventory_hostname }}

{% if 
  groups[kubernetes_config.cluster.group_name] | default([]) | list | length > 0
-%}
server: {% for cluster_node in groups[kubernetes_config.cluster.group_name] +%}
  {% if
      cluster_node in groups['kubernetes_master'] 
    -%}
        - https://
        {%- if hostvars[cluster_node].host_external_ip is defined -%}

          {{ hostvars[cluster_node].host_external_ip }}

        {%- else -%}

          {{ hostvars[cluster_node].ansible_host }}

        {%- endif -%}
        :6443
    {%- endif -%}

  {%- endfor %}

{%- endif %}

{% if Kubernetes_Master | default(false) | bool -%}
servicelb-namespace: {{ kubernetes_config.cluster.networking.service_load_balancer_namespace | default('kube-system') }}
service-cidr: "{{ KubernetesServiceSubnet }}"
{% endif %}