-
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c0ee3b6
commit 3835c48
Showing
1 changed file
with
103 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,103 @@ | ||
| --- | ||
| all: | ||
| vars: | ||
| install_rke2_version: v1.31.0+rke2r1 | ||
| # # In air-gapped envs, it might be convenient to download the tar files from custom URLs | ||
| # rke2_tarball_url: https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2.linux-amd64.tar.gz | ||
| # rke2_image_tar_urls: | ||
| # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-canal.linux-amd64.tar.zst | ||
| # - https://github.com/rancher/rke2/releases/download/v1.26.15%2Brke2r1/rke2-images-core.linux-amd64.tar.zst | ||
|
|
||
| rke2_cluster: | ||
| children: | ||
| rke2_servers: | ||
| vars: | ||
| # # Set generic rke2_config at the group level. | ||
| # # Every host in this group will inherit these rke2 configurations | ||
| # # See https://docs.rke2.io/reference/server_config for more options | ||
| # # These options can also be set in the group_vars folder | ||
| rke2_config: | ||
| node-label: | ||
| - serverGroupLabel=true | ||
| # profile: cis-1.6 | ||
| # kube-controller-manager-arg: | ||
| # - "tls-min-version=VersionTLS12" | ||
| # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | ||
| # kube-scheduler-arg: | ||
| # - "tls-min-version=VersionTLS12" | ||
| # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | ||
| # kube-apiserver-arg: | ||
| # - "tls-min-version=VersionTLS12" | ||
| # - "tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | ||
| # - "enable-admission-plugins=ValidatingAdmissionWebhook,NodeRestriction,PodSecurityPolicy" | ||
| # - "request-timeout=300s" | ||
| # # Enable only when auditing is enabled, blocks API when audit fails | ||
| # #- "audit-log-mode=blocking-strict" | ||
| # | ||
| # kubelet-arg: | ||
| # - "feature-gates=DynamicKubeletConfig=false" | ||
| # - "protect-kernel-defaults=true" | ||
| # - "streaming-connection-idle-timeout=5m" | ||
| # | ||
| # etcd-extra-env: | ||
| # - "ETCD_AUTO_TLS=false" | ||
| # - "ETCD_PEER_AUTO_TLS=false" | ||
| # | ||
| # write-kubeconfig-mode: "0640" | ||
| # # See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ | ||
| # # Add a policy configuration file by specifying the file path on the control host | ||
| # audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml" | ||
| # # See https://docs.rke2.io/install/containerd_registry_configuration/ | ||
| # # Add a registry configuration file by specifying the file path on the control host | ||
| # registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml" | ||
| # # See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts | ||
| # # Add manifest files by specifying the directory path on the control host | ||
| # manifest_config_file_path: "{{ playbook_dir }}/sample_files/manifest/" | ||
| hosts: | ||
| # # Optional hostvars that can be pased in to individual nodes include | ||
| # # node_ip, node_name, bind_address, advertise_address, node_taints=[], | ||
| # # node_labels=[], and node_external_ip | ||
| 10.128.0.22: | ||
| node_name: "master1" | ||
| ansible_user: root | ||
| node_labels: | ||
| - server0Label=true | ||
| 10.128.0.23: | ||
| node_name: "master2" | ||
| ansible_user: root | ||
| node_labels: | ||
| - server0Label=true | ||
| 10.162.0.2: | ||
| node_name: "master3" | ||
| ansible_user: root | ||
| node_labels: | ||
| - server0Label=true | ||
| # node_ip: "10.10.10.10" | ||
| # node_name: "server0.example.com" | ||
| # bind_address: "10.10.10.10" | ||
| # advertise_address: "10.10.10.10" | ||
| # node_external_ip: "52.52.52.52" | ||
| # node_taints: | ||
| # - CriticalAddonsOnly=true:NoSchedule | ||
| # cloud_provider_name: "aws" | ||
| rke2_agents: | ||
| vars: | ||
| rke2_config: | ||
| node-label: | ||
| - agentGroupLabel=true | ||
| hosts: | ||
| 10.128.0.24: | ||
| node_name: "node1" | ||
| ansible_user: root | ||
| node_labels: | ||
| - agent0Label=true | ||
| 10.188.0.2: | ||
| node_name: "node2" | ||
| ansible_user: root | ||
| node_labels: | ||
| - agent1Label=true | ||
| 10.188.0.3: | ||
| node_name: "node3" | ||
| ansible_user: root | ||
| node_labels: | ||
| - agent1Label=true |