freeleaps-ops/cluster/ansible/manifests/group_vars/all/all.yml

---
## Directory where the binaries will be installed
bin_dir: /usr/local/bin

## The access_ip variable is used to define how other nodes should access
## the node.  This is used in flannel to allow other flannel nodes to see
## this node for example.  The access_ip is really useful AWS and Google
## environments where the nodes are accessed remotely by the "public" ip,
## but don't know about that address themselves.
# access_ip: 1.1.1.1


## External LB example config
apiserver_loadbalancer_domain_name: "lb.mathmast.com"
loadbalancer_apiserver:
  address: 4.155.160.32
  port: 6443

## Internal loadbalancers for apiservers
loadbalancer_apiserver_localhost: false
# valid options are "nginx" or "haproxy"
# loadbalancer_apiserver_type: nginx  # valid values "nginx" or "haproxy"

## Local loadbalancer should use this port
## And must be set port 6443
loadbalancer_apiserver_port: 6443

## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx.
loadbalancer_apiserver_healthcheck_port: 8081

### OTHER OPTIONAL VARIABLES

## By default, Kubespray collects nameservers on the host. It then adds the previously collected nameservers in nameserverentries.
## If true, Kubespray does not include host nameservers in nameserverentries in dns_late stage. However, It uses the nameserver to make sure cluster installed safely in dns_early stage.
## Use this option with caution, you may need to define your dns servers. Otherwise, the outbound queries such as www.google.com may fail.
# disable_host_nameservers: false

## Upstream dns servers
# upstream_dns_servers:
#   - 8.8.8.8
#   - 8.8.4.4

## There are some changes specific to the cloud providers
## for instance we need to encapsulate packets with some network plugins
## If set the possible values only 'external' after K8s v1.31.
# cloud_provider:

## When cloud_provider is set to 'external', you can set the cloud controller to deploy
## Supported cloud controllers are: 'openstack', 'vsphere', 'huaweicloud' and 'hcloud'
## When openstack or vsphere are used make sure to source in the required fields
# external_cloud_provider:

## Set these proxy values in order to update package manager and docker daemon to use proxies and custom CA for https_proxy if needed
# http_proxy: ""
# https_proxy: ""
# https_proxy_cert_file: ""

## Refer to roles/kubespray-defaults/defaults/main/main.yml before modifying no_proxy
# no_proxy: ""

## Some problems may occur when downloading files over https proxy due to ansible bug
## https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
## SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
# download_validate_certs: False

## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
# additional_no_proxy: ""

## If you need to disable proxying of os package repositories but are still behind an http_proxy set
## skip_http_proxy_on_os_packages to true
## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos and in /etc/apt/apt.conf for debian/ubuntu
## Special information for debian/ubuntu - you have to set the no_proxy variable, then apt package will install from your source of wish
# skip_http_proxy_on_os_packages: false

## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
## pods will restart) when adding or removing workers.  To override this behaviour by only including control plane nodes
## in the no_proxy variable, set below to true:
no_proxy_exclude_workers: false

## Certificate Management
## This setting determines whether certs are generated via scripts.
## Chose 'none' if you provide your own certificates.
## Option is  "script", "none"
cert_management: script

## Set to true to allow pre-checks to fail and continue deployment
# ignore_assert_errors: false

## The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
# kube_read_only_port: 10255

## Set true to download and cache container
download_container: true

## Deploy container engine
# Set false if you want to deploy container engine manually.
deploy_container_engine: true

## Red Hat Enterprise Linux subscription registration
## Add either RHEL subscription Username/Password or Organization ID/Activation Key combination
## Update RHEL subscription purpose usage, role and SLA if necessary
# rh_subscription_username: ""
# rh_subscription_password: ""
# rh_subscription_org_id: ""
# rh_subscription_activation_key: ""
# rh_subscription_usage: "Development"
# rh_subscription_role: "Red Hat Enterprise Server"
# rh_subscription_sla: "Self-Support"

## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
# ping_access_ip: true

# sysctl_file_path to add sysctl conf to
# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"

## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
kube_webhook_token_auth: false
kube_webhook_token_auth_url_skip_tls_verify: false
# kube_webhook_token_auth_url: https://...
## base64-encoded string of the webhook's CA certificate
# kube_webhook_token_auth_ca_data: "LS0t..."

## NTP Settings
# Start the ntpd or chrony service and enable it at system boot.
ntp_enabled: true
ntp_manage_config: false
ntp_servers:
  - "0.pool.ntp.org iburst"
  - "1.pool.ntp.org iburst"
  - "2.pool.ntp.org iburst"
  - "3.pool.ntp.org iburst"

## Used to control no_log attribute
unsafe_show_logs: false

## If enabled it will allow kubespray to attempt setup even if the distribution is not supported. For unsupported distributions this can lead to unexpected failures in some cases.
allow_unsupported_distribution_setup: false

## Do not override system hostname
override_system_hostname: false
chore: code staging Signed-off-by: 孙振宇 <> 2025-01-09 18:35:25 +00:00			`---`
			`## Directory where the binaries will be installed`
			`bin_dir: /usr/local/bin`

			`## The access_ip variable is used to define how other nodes should access`
			`## the node. This is used in flannel to allow other flannel nodes to see`
			`## this node for example. The access_ip is really useful AWS and Google`
			`## environments where the nodes are accessed remotely by the "public" ip,`
			`## but don't know about that address themselves.`
			`# access_ip: 1.1.1.1`


			`## External LB example config`
feat(config): update load balancer configuration for apiserver Signed-off-by: 孙振宇 <> 2025-01-11 18:11:29 +00:00			`apiserver_loadbalancer_domain_name: "lb.mathmast.com"`
			`loadbalancer_apiserver:`
			`address: 4.155.160.32`
			`port: 6443`
chore: code staging Signed-off-by: 孙振宇 <> 2025-01-09 18:35:25 +00:00
			`## Internal loadbalancers for apiservers`
feat(config): update load balancer configuration for apiserver Signed-off-by: 孙振宇 <> 2025-01-11 18:11:29 +00:00			`loadbalancer_apiserver_localhost: false`
chore: code staging Signed-off-by: 孙振宇 <> 2025-01-09 18:35:25 +00:00			`# valid options are "nginx" or "haproxy"`
			`# loadbalancer_apiserver_type: nginx # valid values "nginx" or "haproxy"`

			`## Local loadbalancer should use this port`
			`## And must be set port 6443`
			`loadbalancer_apiserver_port: 6443`

			`## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx.`
			`loadbalancer_apiserver_healthcheck_port: 8081`

			`### OTHER OPTIONAL VARIABLES`

			`## By default, Kubespray collects nameservers on the host. It then adds the previously collected nameservers in nameserverentries.`
			`## If true, Kubespray does not include host nameservers in nameserverentries in dns_late stage. However, It uses the nameserver to make sure cluster installed safely in dns_early stage.`
			`## Use this option with caution, you may need to define your dns servers. Otherwise, the outbound queries such as www.google.com may fail.`
			`# disable_host_nameservers: false`

			`## Upstream dns servers`
			`# upstream_dns_servers:`
			`# - 8.8.8.8`
			`# - 8.8.4.4`

			`## There are some changes specific to the cloud providers`
			`## for instance we need to encapsulate packets with some network plugins`
			`## If set the possible values only 'external' after K8s v1.31.`
			`# cloud_provider:`

			`## When cloud_provider is set to 'external', you can set the cloud controller to deploy`
			`## Supported cloud controllers are: 'openstack', 'vsphere', 'huaweicloud' and 'hcloud'`
			`## When openstack or vsphere are used make sure to source in the required fields`
			`# external_cloud_provider:`

			`## Set these proxy values in order to update package manager and docker daemon to use proxies and custom CA for https_proxy if needed`
			`# http_proxy: ""`
			`# https_proxy: ""`
			`# https_proxy_cert_file: ""`

			`## Refer to roles/kubespray-defaults/defaults/main/main.yml before modifying no_proxy`
			`# no_proxy: ""`

			`## Some problems may occur when downloading files over https proxy due to ansible bug`
			`## https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable`
			`## SSL validation of get_url module. Note that kubespray will still be performing checksum validation.`
			`# download_validate_certs: False`

			`## If you need exclude all cluster nodes from proxy and other resources, add other resources here.`
			`# additional_no_proxy: ""`

			`## If you need to disable proxying of os package repositories but are still behind an http_proxy set`
			`## skip_http_proxy_on_os_packages to true`
			`## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos and in /etc/apt/apt.conf for debian/ubuntu`
			`## Special information for debian/ubuntu - you have to set the no_proxy variable, then apt package will install from your source of wish`
			`# skip_http_proxy_on_os_packages: false`

			`## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all`
			`## pods will restart) when adding or removing workers. To override this behaviour by only including control plane nodes`
			`## in the no_proxy variable, set below to true:`
			`no_proxy_exclude_workers: false`

			`## Certificate Management`
			`## This setting determines whether certs are generated via scripts.`
			`## Chose 'none' if you provide your own certificates.`
			`## Option is "script", "none"`
			`cert_management: script`

			`## Set to true to allow pre-checks to fail and continue deployment`
			`# ignore_assert_errors: false`

			`## The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.`
			`# kube_read_only_port: 10255`

			`## Set true to download and cache container`
feat(ansible): add init and activate scripts for virtual environment setup chore: add .gitignore for virtual environment files refactor: move etcd configuration to manifests and remove obsolete files Signed-off-by: 孙振宇 <> 2025-01-11 10:52:32 +00:00			`download_container: true`
chore: code staging Signed-off-by: 孙振宇 <> 2025-01-09 18:35:25 +00:00
			`## Deploy container engine`
			`# Set false if you want to deploy container engine manually.`
			`deploy_container_engine: true`

			`## Red Hat Enterprise Linux subscription registration`
			`## Add either RHEL subscription Username/Password or Organization ID/Activation Key combination`
			`## Update RHEL subscription purpose usage, role and SLA if necessary`
			`# rh_subscription_username: ""`
			`# rh_subscription_password: ""`
			`# rh_subscription_org_id: ""`
			`# rh_subscription_activation_key: ""`
			`# rh_subscription_usage: "Development"`
			`# rh_subscription_role: "Red Hat Enterprise Server"`
			`# rh_subscription_sla: "Self-Support"`

			`## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.`
			`# ping_access_ip: true`

			`# sysctl_file_path to add sysctl conf to`
			`# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"`

			`## Variables for webhook token auth https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication`
			`kube_webhook_token_auth: false`
			`kube_webhook_token_auth_url_skip_tls_verify: false`
			`# kube_webhook_token_auth_url: https://...`
			`## base64-encoded string of the webhook's CA certificate`
			`# kube_webhook_token_auth_ca_data: "LS0t..."`

			`## NTP Settings`
			`# Start the ntpd or chrony service and enable it at system boot.`
			`ntp_enabled: true`
			`ntp_manage_config: false`
			`ntp_servers:`
			`- "0.pool.ntp.org iburst"`
			`- "1.pool.ntp.org iburst"`
			`- "2.pool.ntp.org iburst"`
			`- "3.pool.ntp.org iburst"`

			`## Used to control no_log attribute`
			`unsafe_show_logs: false`

			`## If enabled it will allow kubespray to attempt setup even if the distribution is not supported. For unsupported distributions this can lead to unexpected failures in some cases.`
feat(config): add option to prevent overriding system hostname Signed-off-by: 孙振宇 <> 2025-01-11 18:06:45 +00:00			`allow_unsupported_distribution_setup: false`

			`## Do not override system hostname`
			`override_system_hostname: false`