68 lines
2.7 KiB
Django/Jinja
68 lines
2.7 KiB
Django/Jinja
#
|
|
# K3s Configuration for running Kubernetes
|
|
#
|
|
# Managed By ansible/role/nfc_kubernetes
|
|
#
|
|
# Dont edit this file directly as it will be overwritten.
|
|
#
|
|
|
|
{% if Kubernetes_Prime | default(false) | bool -%}
|
|
cluster-cidr: "{{ KubernetesPodSubnet }}"
|
|
|
|
{% if
|
|
kubernetes_config.cluster.domain_name is defined
|
|
and
|
|
kubernetes_config.cluster.domain_name | default('') != ''
|
|
-%}
|
|
cluster-domain: {{ kubernetes_config.cluster.domain_name }}
|
|
{%- endif %}
|
|
|
|
{%- endif %}
|
|
|
|
{% if Kubernetes_Master | default(false) -%}cluster-init: true
|
|
disable-network-policy: true
|
|
disable:
|
|
- traefik
|
|
etcd-snapshot-retention: {{ kubernetes_etcd_snapshot_retention | int }}
|
|
etcd-snapshot-schedule-cron: "{{ kubernetes_etcd_snapshot_cron_schedule }}"
|
|
flannel-backend: none
|
|
kube-apiserver-arg:
|
|
- audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log
|
|
- audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml
|
|
# - admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml
|
|
{% if kubernetes_config.cluster.oidc.enabled | default(false) | bool -%}
|
|
- oidc-issuer-url={{ kubernetes_config.cluster.oidc.issuer_url }}
|
|
- oidc-client-id={{ kubernetes_config.cluster.oidc.client_id }}
|
|
- oidc-username-claim={{ kubernetes_config.cluster.oidc.username_claim }}
|
|
{% if kubernetes_config.cluster.oidc.oidc_username_prefix | default('') != '' -%} - oidc-username-prefix={{ kubernetes_config.cluster.oidc.oidc_username_prefix }}{% endif %}
|
|
- oidc-groups-claim={{ kubernetes_config.cluster.oidc.groups_claim }}
|
|
{% if kubernetes_config.cluster.oidc.groups_prefix | default('') != '' %} - oidc-groups-prefix={{ kubernetes_config.cluster.oidc.groups_prefix }}{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
kubelet-arg:
|
|
- system-reserved=cpu={{ kubelet_arg_system_reserved_cpu }},memory={{ kubelet_arg_system_reserved_memory }},ephemeral-storage={{ kubelet_arg_system_reserved_storage }}
|
|
{% if host_external_ip | default('') %}node-external-ip: "{{ host_external_ip }}"{% endif %}
|
|
|
|
{% if
|
|
kubernetes_config.hosts[inventory_hostname].labels is defined
|
|
and
|
|
kubernetes_config.hosts[inventory_hostname].labels | default([]) | list | length > 0
|
|
-%}
|
|
node-label:
|
|
{% for node_label in kubernetes_config.hosts[inventory_hostname].labels | dict2items %}
|
|
- {{ node_label.key }}={{ node_label.value }}
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
|
|
{% if not Kubernetes_Prime | default(false) | bool -%}
|
|
server: https://{{ hostvars[kubernetes_config.cluster.prime.name].ansible_host }}:6443
|
|
{%- endif %}
|
|
|
|
{% if kubernetes_config.cluster.prime.name == inventory_hostname -%}
|
|
servicelb-namespace: {{ kubernetes_config.cluster.networking.service_load_balancer_namespace | default('kube-system') }}
|
|
{% endif %}
|
|
|
|
{% if Kubernetes_Master | default(false) | bool -%}
|
|
service-cidr: "{{ KubernetesServiceSubnet }}"
|
|
{% endif %}
|