136 lines
4.9 KiB
YAML
136 lines
4.9 KiB
YAML
---
|
|
cluster_name: dolo
|
|
|
|
k3s_version: v1.30.2+k3s2
|
|
# this is the user that has ssh access to these machines
|
|
ansible_user: ubuntu
|
|
systemd_dir: /etc/systemd/system
|
|
|
|
lvm:
|
|
pv_disks:
|
|
- /dev/sdb
|
|
vg_name: vg1
|
|
lv_name: pvs
|
|
lv_size: +100%FREE
|
|
fs_type: ext4
|
|
mount_path: /mnt/lvm-pvs
|
|
|
|
# Set your timezone
|
|
system_timezone: America/Vancouver
|
|
|
|
# interface which will be used for flannel
|
|
flannel_iface: eth0
|
|
|
|
# if using calico or cilium, you may specify the cluster pod cidr pool
|
|
cluster_cidr: 10.52.0.0/16
|
|
|
|
# enable cilium bgp control plane for lb services and pod cidrs. disables metallb.
|
|
cilium_bgp: false
|
|
|
|
# enable kube-vip ARP broadcasts
|
|
kube_vip_arp: true
|
|
|
|
# apiserver_endpoint is virtual ip-address which will be configured on each master
|
|
apiserver_endpoint: 10.0.185.1
|
|
|
|
# k3s_token is required masters can talk together securely
|
|
# this token should be alpha numeric only
|
|
k3s_token: "{{ secrets.k3s_token }}"
|
|
|
|
# The IP on which the node is reachable in the cluster.
|
|
# Here, a sensible default is provided, you can still override
|
|
# it for each of your hosts, though.
|
|
k3s_node_ip: "{{ ansible_facts[flannel_iface]['ipv4']['address'] }}"
|
|
|
|
# Disable the taint manually by setting: k3s_master_taint = false
|
|
k3s_master_taint: "{{ true if groups['node'] | default([]) | length >= 1 else false }}"
|
|
|
|
# these arguments are recommended for servers as well as agents:
|
|
extra_args: >-
|
|
{{ '--flannel-iface=' + flannel_iface if calico_iface is not defined and cilium_iface is not defined else '' }}
|
|
--node-ip={{ k3s_node_ip }}
|
|
|
|
# change these to your liking, the only required are: --disable servicelb, --tls-san {{ apiserver_endpoint }}
|
|
# the contents of the if block is also required if using calico or cilium
|
|
extra_server_args: >-
|
|
{{ extra_args }}
|
|
{{ '--node-taint node-role.kubernetes.io/master=true:NoSchedule' if k3s_master_taint else '' }}
|
|
{% if calico_iface is defined or cilium_iface is defined %}
|
|
--flannel-backend=none
|
|
--disable-network-policy
|
|
--cluster-cidr={{ cluster_cidr | default('10.52.0.0/16') }}
|
|
{% endif %}
|
|
--tls-san {{ apiserver_endpoint }}
|
|
--disable servicelb
|
|
--disable traefik
|
|
|
|
extra_agent_args: >-
|
|
{{ extra_args }}
|
|
|
|
# image tag for kube-vip
|
|
kube_vip_tag_version: v0.8.2
|
|
|
|
# metallb type frr or native
|
|
metal_lb_type: native
|
|
|
|
# metallb mode layer2 or bgp
|
|
metal_lb_mode: layer2
|
|
|
|
# image tag for metal lb
|
|
metal_lb_speaker_tag_version: v0.14.8
|
|
metal_lb_controller_tag_version: v0.14.8
|
|
|
|
# metallb ip range for load balancer
|
|
metal_lb_ip_range: 10.0.185.128-10.0.185.136
|
|
|
|
# Only enable if your nodes are proxmox LXC nodes, make sure to configure your proxmox nodes
|
|
# in your hosts.ini file.
|
|
# Please read https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185 before using this.
|
|
# Most notably, your containers must be privileged, and must not have nesting set to true.
|
|
# Please note this script disables most of the security of lxc containers, with the trade off being that lxc
|
|
# containers are significantly more resource efficient compared to full VMs.
|
|
# Mixing and matching VMs and lxc containers is not supported, ymmv if you want to do this.
|
|
# I would only really recommend using this if you have particularly low powered proxmox nodes where the overhead of
|
|
# VMs would use a significant portion of your available resources.
|
|
proxmox_lxc_configure: false
|
|
|
|
# Only enable this if you have set up your own container registry to act as a mirror / pull-through cache
|
|
# (harbor / nexus / docker's official registry / etc).
|
|
# Can be beneficial for larger dev/test environments (for example if you're getting rate limited by docker hub),
|
|
# or air-gapped environments where your nodes don't have internet access after the initial setup
|
|
# (which is still needed for downloading the k3s binary and such).
|
|
# k3s's documentation about private registries here: https://docs.k3s.io/installation/private-registry
|
|
custom_registries: false
|
|
# The registries can be authenticated or anonymous, depending on your registry server configuration.
|
|
# If they allow anonymous access, simply remove the following bit from custom_registries_yaml
|
|
# configs:
|
|
# "registry.domain.com":
|
|
# auth:
|
|
# username: yourusername
|
|
# password: yourpassword
|
|
# The following is an example that pulls all images used in this playbook through your private registries.
|
|
# It also allows you to pull your own images from your private registry, without having to use imagePullSecrets
|
|
# in your deployments.
|
|
# If all you need is your own images and you don't care about caching the docker/quay/ghcr.io images,
|
|
# you can just remove those from the mirrors: section.
|
|
custom_registries_yaml: |
|
|
mirrors:
|
|
docker.io:
|
|
endpoint:
|
|
- "https://registry.domain.com/v2/dockerhub"
|
|
quay.io:
|
|
endpoint:
|
|
- "https://registry.domain.com/v2/quayio"
|
|
ghcr.io:
|
|
endpoint:
|
|
- "https://registry.domain.com/v2/ghcrio"
|
|
registry.domain.com:
|
|
endpoint:
|
|
- "https://registry.domain.com"
|
|
|
|
configs:
|
|
"registry.domain.com":
|
|
auth:
|
|
username: yourusername
|
|
password: yourpassword
|