github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/group_vars/all.yaml (about) 1 #=============================================================================== 2 # VERSIONS 3 kubernetes_yum_version: "{{ versions.kubernetes_yum }}" 4 kubernetes_deb_version: "{{ versions.kubernetes_deb }}" 5 docker_ce_yum_version: 17.03.2.ce-1.el7.centos 6 docker_ce_apt_version: 17.03.2~ce-0~ubuntu-xenial 7 glusterfs_server_version_rhel: "3.8.15-2.el7" 8 glusterfs_server_version_ubuntu: "3.8.15-ubuntu1~xenial1" 9 10 #=============================================================================== 11 # common variables for all hosts 12 init_system_dir: /etc/systemd/system 13 init_system_file_extenstion: service 14 bin_dir: /usr/bin 15 #=============================================================================== 16 # service ports 17 etcd_k8s_client_port: 2379 18 etcd_networking_client_port: 6666 19 kubernetes_master_secure_port: 6443 20 kubernetes_proxy_insecure_port: 10256 21 kubernetes_scheduler_insecure_port: 10251 22 kubernetes_controller_mgr_insecure_port: 10252 23 #=============================================================================== 24 # common variables for etcd 25 # etcd-certificates 26 etcd_certificates: 27 ca: "{{ etcd_install_dir }}/ca.pem" 28 etcd: "{{ etcd_install_dir }}/etcd.pem" 29 etcd_key: "{{ etcd_install_dir }}/etcd-key.pem" 30 etcd_client: "{{ etcd_install_dir }}/etcd-client.pem" 31 etcd_client_key: "{{ etcd_install_dir }}/etcd-client-key.pem" 32 owner: root 33 group: root 34 mode: "0660" 35 # etcd-install 36 etcd_install_executable_owner: "1000" 37 etcd_install_executable_group: "1000" 38 etcd_install_executable_mode: "0775" 39 etcd_service_owner: root 40 etcd_service_group: root 41 etcd_service_mode: "0664" 42 # etcd cluster setup 43 etcd_service_cluster_string: "{% for host in groups['etcd'] %}{{ host }}=https://{{ hostvars[host]['internal_ipv4'] }}:{{ etcd_service_peer_port }}{% if not loop.last %},{% endif %}{% endfor %}" 44 #=============================================================================== 45 # docker-install 46 docker_install_dir: /etc/docker 47 docker_self_signed_cert_dir: "{{ docker_install_dir }}/certs.d/{{ docker_registry_full_url }}" 48 docker_service_file: "docker.{{ init_system_file_extenstion }}" 49 docker_service_path: "{{ init_system_dir }}/{{ docker_service_file }}" 50 docker_certificates_ca_file_name: ca.pem 51 docker_certificates_cert_file_name: docker.pem 52 docker_certificates_key_file_name: docker-key.pem 53 docker_certificates_cert_path: "{{ docker_install_dir }}/{{ docker_certificates_cert_file_name }}" 54 docker_certificates_key_path: "{{ docker_install_dir }}/{{ docker_certificates_key_file_name }}" 55 #=============================================================================== 56 # docker configuration 57 docker_system_d: /etc/systemd/system/docker.service.d 58 #=============================================================================== 59 # calico 60 # directories 61 calico_dir: /etc/calico 62 # paths 63 calicoctl_conf_path: "{{ calico_dir }}/calicoctl.cfg" 64 #file modes 65 calico_executable_mode: "0775" 66 # weave 67 weave_dir: /etc/weave 68 #networking 69 kubernetes_dns_service_addr: https://{{kubernetes_dns_service_ip}}:{{kubernetes_master_secure_port}} 70 #=============================================================================== 71 # contiv 72 contiv: 73 certs: 74 proxy_server_key_filename: "contiv-proxy-server-key.pem" 75 proxy_server_cert_filename: "contiv-proxy-server.pem" 76 dir: 77 config: /etc/contiv 78 var: /var/contiv 79 proxy_server_certs_secret_name: "contiv-proxy-server-certs" 80 vlan_iface: "" 81 #=============================================================================== 82 # kubernetes 83 # directories 84 kubernetes_install_dir: /etc/kubernetes 85 kubernetes_spec_dir: /etc/kubernetes/specs 86 network_cni_dir: /etc/cni 87 network_plugin_dir: "{{ network_cni_dir }}/net.d" 88 kubernetes_auth_dir: /etc/kubernetes/auth 89 kubelet_lib_dir: /var/lib/kubelet 90 kubelet_pod_manifests_dir: /etc/kubernetes/manifests 91 kubelet_pod_manifests_backup_dir: /etc/kubernetes/manifests-backup 92 kubernetes_kubectl_config_dir: /root/.kube 93 # paths 94 kubernetes_basic_auth_path: "{{kubernetes_auth_dir}}/basicauth.csv" 95 kubernetes_authorization_policy_path: "{{kubernetes_auth_dir}}/authorization-policy.json" 96 kubernetes_services_kubeconfig_path: "{{kubelet_lib_dir}}/kubeconfig" 97 98 kubernetes_kubeconfig: 99 kubectl: "{{kubernetes_kubectl_config_dir}}/config" 100 controller_manager: "{{kubernetes_install_dir}}/controller-manager.conf" 101 scheduler: "{{kubernetes_install_dir}}/scheduler.conf" 102 kubelet: "{{kubernetes_install_dir}}/kubelet.conf" 103 rescheduler: "{{kubernetes_install_dir}}/rescheduler.conf" 104 105 # file modes 106 kubernetes_executable_mode: "0775" 107 kubernetes_service_mode: "0664" 108 kubernetes_certificates_mode: "0660" 109 docker_certificate_mode: "0660" 110 network_environment_mode: "0660" 111 # owner/group 112 kubernetes_owner: root 113 kubernetes_group: root 114 kubernetes_certificates_owner: root 115 kubernetes_certificates_group: root 116 docker_certificates_owner: root 117 docker_certificates_group: root 118 # kubernetes cluster config 119 kubernetes_master_apiserver_count: "{{ groups['master'] | length }}" 120 local_kubernetes_master_ip: https://127.0.0.1:{{ kubernetes_master_secure_port }} 121 kubernetes_master_ip: https://{{ kubernetes_load_balanced_fqdn }}:{{ kubernetes_master_secure_port }} 122 kubernetes_schedulable: "{% if 'worker' in group_names %}true{% else %}false{% endif %}" 123 # cloud provider 124 cloud_config: "{% if cloud_config_local is defined and cloud_config_local != '' %}{{ kubernetes_install_dir }}/cloud-provider.conf{% else %}{% endif %}" 125 126 # kubernetes certificate config 127 # TODO: Do we want to change this? 128 kubernetes_certificates_dir: "{{ kubernetes_install_dir }}/pki" 129 flexvolume_plugin_dir: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/" 130 kubernetes_certificates: 131 ca: "{{ kubernetes_certificates_dir }}/ca.pem" 132 proxy_client_ca: "{{ kubernetes_certificates_dir }}/proxy-client-ca.pem" 133 admin: "{{ kubernetes_certificates_dir }}/admin.pem" 134 admin_key: "{{ kubernetes_certificates_dir }}/admin-key.pem" 135 api_server: "{{ kubernetes_certificates_dir }}/api-server.pem" 136 api_server_key: "{{ kubernetes_certificates_dir }}/api-server-key.pem" 137 etcd_client: "{{ kubernetes_certificates_dir }}/etcd-client.pem" 138 etcd_client_key: "{{ kubernetes_certificates_dir }}/etcd-client-key.pem" 139 controller_manager: "{{ kubernetes_certificates_dir }}/controller-manager.pem" 140 controller_manager_key: "{{ kubernetes_certificates_dir }}/controller-manager-key.pem" 141 scheduler: "{{ kubernetes_certificates_dir }}/scheduler.pem" 142 scheduler_key: "{{ kubernetes_certificates_dir }}/scheduler-key.pem" 143 kubelet: "{{ kubernetes_certificates_dir }}/kubelet.pem" 144 kubelet_key: "{{ kubernetes_certificates_dir }}/kubelet-key.pem" 145 kube_apiserver_kubelet_client: "{{ kubernetes_certificates_dir }}/apiserver-kubelet-client.pem" 146 kube_apiserver_kubelet_client_key: "{{ kubernetes_certificates_dir }}/apiserver-kubelet-client-key.pem" 147 proxy_client: "{{ kubernetes_certificates_dir }}/proxy-client.pem" 148 proxy_client_key: "{{ kubernetes_certificates_dir }}/proxy-client-key.pem" 149 service_account: "{{ kubernetes_certificates_dir }}/service-account.pem" 150 service_account_key: "{{ kubernetes_certificates_dir }}/service-account-key.pem" 151 152 kubernetes_api_server_option_defaults: 153 "advertise-address": "{{ internal_ipv4 }}" 154 "allow-privileged": "true" 155 "apiserver-count": "{{ kubernetes_master_apiserver_count }}" 156 "authorization-mode": "Node,RBAC{% if kubernetes_admin_password is defined and kubernetes_admin_password != '' %},ABAC{% endif %}" #TODO remove ABAC 157 "authorization-policy-file": "{% if kubernetes_admin_password is defined and kubernetes_admin_password != '' %}{{ kubernetes_authorization_policy_path }}{% endif %}" 158 "basic-auth-file": "{% if kubernetes_admin_password is defined and kubernetes_admin_password != '' %}{{ kubernetes_basic_auth_path }}{% endif %}" 159 "bind-address": "0.0.0.0" 160 "client-ca-file": "{{ kubernetes_certificates.ca }}" 161 "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota" 162 "requestheader-client-ca-file": "{{ kubernetes_certificates.proxy_client_ca }}" 163 "proxy-client-cert-file": "{{ kubernetes_certificates.proxy_client }}" 164 "proxy-client-key-file": "{{ kubernetes_certificates.proxy_client_key }}" 165 "profiling": "false" 166 "repair-malformed-updates" : "false" 167 "requestheader-allowed-names": "" 168 "requestheader-extra-headers-prefix": "X-Remote-Extra-" 169 "requestheader-group-headers": "X-Remote-Group" 170 "requestheader-username-headers": "X-Remote-User" 171 "cloud-provider": "{{ cloud_provider }}" 172 "cloud-config": "{{ cloud_config }}" 173 "enable-swagger-ui": "true" 174 "etcd-cafile": "{{ kubernetes_certificates.ca }}" 175 "etcd-certfile": "{{ kubernetes_certificates.etcd_client }}" 176 "etcd-keyfile": "{{ kubernetes_certificates.etcd_client_key }}" 177 "etcd-servers": "{{ etcd_k8s_cluster_ip_list }}" 178 "insecure-port": "0" 179 "kubelet-certificate-authority": "{{ kubernetes_certificates.ca }}" 180 "kubelet-client-certificate": "{{ kubernetes_certificates.kube_apiserver_kubelet_client }}" 181 "kubelet-client-key": "{{ kubernetes_certificates.kube_apiserver_kubelet_client_key }}" 182 "kubelet-preferred-address-types": "{% if modify_hosts_file is defined and modify_hosts_file|bool == true %}InternalIP,ExternalIP,Hostname{% endif %}" 183 "runtime-config": "extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true,authentication.k8s.io/v1beta1=true" 184 "secure-port": "{{ kubernetes_master_secure_port }}" 185 "service-account-key-file": "{{ kubernetes_certificates.service_account_key }}" 186 "service-cluster-ip-range": "{{ kubernetes_services_cidr }}" 187 "tls-cert-file": "{{ kubernetes_certificates.api_server }}" 188 "tls-private-key-file": "{{ kubernetes_certificates.api_server_key }}" 189 "v": "2" 190 191 kube_controller_manager_option_defaults: 192 "allocate-node-cidrs": "true" 193 "cloud-provider": "{{ cloud_provider }}" 194 "cloud-config": "{{ cloud_config }}" 195 "cluster-cidr": "{{ kubernetes_pods_cidr }}" 196 "cluster-name": "{{ kubernetes_cluster_name }}" 197 "kubeconfig": "{{ kubernetes_kubeconfig.controller_manager }}" 198 "leader-elect": "true" 199 "profiling": "false" 200 "root-ca-file": "{{ kubernetes_certificates.ca }}" 201 "service-account-private-key-file": "{{ kubernetes_certificates.service_account_key }}" 202 "service-cluster-ip-range": "{{ kubernetes_services_cidr }}" 203 "use-service-account-credentials": "true" 204 "v": "2" 205 206 kube_scheduler_option_defaults: 207 "kubeconfig": "{{ kubernetes_kubeconfig.scheduler }}" 208 "leader-elect": "true" 209 "profiling": "false" 210 "v": "2" 211 212 kube_proxy_option_defaults: 213 "cluster-cidr": "{{ kubernetes_pods_cidr }}" 214 "hostname-override": "$(NODE_NAME)" 215 "profiling": "false" 216 "proxy-mode": "iptables" 217 "v": "2" 218 219 kubelet_defaults: 220 "allow-privileged": "true" 221 "authentication-token-webhook": "true" 222 "authorization-mode": "Webhook" 223 "event-qps": "0" 224 "cadvisor-port" : "0" 225 "client-ca-file": "{{ kubernetes_certificates.ca }}" 226 "cloud-provider": "{{ cloud_provider }}" 227 "cloud-config": "{{ cloud_config }}" 228 "cluster-dns": "{{ kubernetes_dns_service_ip }}" 229 "cluster-domain": "cluster.local" 230 "container-runtime": "docker" 231 "cni-bin-dir": "{% if cni.enabled|bool == true %}/opt/cni/bin{% endif %}" 232 "cni-conf-dir": "{% if cni.enabled|bool == true %}{{ network_plugin_dir }}{% endif %}" 233 "make-iptables-util-chains": "true" 234 "network-plugin": "{% if cni.enabled|bool == true %}cni{% endif %}" 235 "docker": "unix:///var/run/docker.sock" 236 "hostname-override": "{{ inventory_hostname }}" 237 "kubeconfig": "{{ kubernetes_kubeconfig.kubelet }}" 238 "node-labels": "{% if 'master' in group_names %},node-role.kubernetes.io/master={% endif %}" 239 "node-ip": "{{ internal_ipv4 }}" 240 "pod-infra-container-image": "{{ images.pause }}" 241 "pod-manifest-path": "{{ kubelet_pod_manifests_dir }}" 242 "read-only-port": "0" 243 "register-schedulable": "{{ kubernetes_schedulable }}" 244 "serialize-image-pulls": "false" 245 "streaming-connection-idle-timeout": "0" 246 "tls-cert-file": "{{ kubernetes_certificates.kubelet }}" 247 "tls-private-key-file": "{{ kubernetes_certificates.kubelet_key }}" 248 "volume-plugin-dir": "{{ flexvolume_plugin_dir }}" 249 "v": "2" 250 251 # etcd IPs 252 etcd_networking_cluster_ip_list: "{% for host in groups['etcd'] %}https://{{ host }}:{{ etcd_networking_client_port }}{% if not loop.last %},{% endif %}{% endfor %}" 253 etcd_k8s_cluster_ip_list: "{% for host in groups['etcd'] %}https://{{ host }}:{{ etcd_k8s_client_port }}{% if not loop.last %},{% endif %}{% endfor %}" 254 255 #=============================================================================== 256 load_private_images: "{{ configure_docker_with_private_registry is defined and configure_docker_with_private_registry|bool == true and disconnected_installation is defined and disconnected_installation|bool == true }}" 257 258 official_versioned_images: 259 etcd: "{{official_images.etcd.name}}:{{official_images.etcd.version}}" 260 kube_proxy: "{{official_images.kube_proxy.name}}:{{official_images.kube_proxy.version}}" 261 kube_controller_manager: "{{official_images.kube_controller_manager.name}}:{{official_images.kube_controller_manager.version}}" 262 kube_scheduler: "{{official_images.kube_scheduler.name}}:{{official_images.kube_scheduler.version}}" 263 kube_apiserver: "{{official_images.kube_apiserver.name}}:{{official_images.kube_apiserver.version}}" 264 calico_node: "{{official_images.calico_node.name}}:{{official_images.calico_node.version}}" 265 calico_ctl: "{{official_images.calico_ctl.name}}:{{official_images.calico_ctl.version}}" 266 calico_cni: "{{official_images.calico_cni.name}}:{{official_images.calico_cni.version}}" 267 calico_kube_controller: "{{official_images.calico_kube_controller.name}}:{{official_images.calico_kube_controller.version}}" 268 cni_bin: "{{official_images.cni_bin.name}}:{{official_images.cni_bin.version}}" 269 contiv_netplugin: "{{official_images.contiv_netplugin.name}}:{{official_images.contiv_netplugin.version}}" 270 contiv_authproxy: "{{official_images.contiv_authproxy.name}}:{{official_images.contiv_authproxy.version}}" 271 weave: "{{official_images.weave.name}}:{{official_images.weave.version}}" 272 weave_npc: "{{official_images.weave_npc.name}}:{{official_images.weave_npc.version}}" 273 defaultbackend: "{{official_images.defaultbackend.name}}:{{official_images.defaultbackend.version}}" 274 nginx_ingress_controller: "{{official_images.nginx_ingress_controller.name}}:{{official_images.nginx_ingress_controller.version}}" 275 nginx: "{{official_images.nginx.name}}:{{official_images.nginx.version}}" 276 busybox: "{{official_images.busybox.name}}:{{official_images.busybox.version}}" 277 pause: "{{official_images.pause.name}}:{{official_images.pause.version}}" 278 kubedns: "{{official_images.kubedns.name}}:{{official_images.kubedns.version}}" 279 kube_dnsmasq: "{{official_images.kube_dnsmasq.name}}:{{official_images.kube_dnsmasq.version}}" 280 kubedns_sidecar: "{{official_images.kubedns_sidecar.name}}:{{official_images.kubedns_sidecar.version}}" 281 coredns: "{{official_images.coredns.name}}:{{official_images.coredns.version}}" 282 kubernetes_dashboard: "{{official_images.kubernetes_dashboard.name}}:{{official_images.kubernetes_dashboard.version}}" 283 apprenda_tcp_healthz: "{{official_images.apprenda_tcp_healthz.name}}:{{official_images.apprenda_tcp_healthz.version}}" 284 helm: "{{official_images.helm.name}}:{{official_images.helm.version}}" 285 heapster: "{{official_images.heapster.name}}:{{official_images.heapster.version}}" 286 influxdb: "{{official_images.influxdb.name}}:{{official_images.influxdb.version}}" 287 rescheduler: "{{official_images.rescheduler.name}}:{{official_images.rescheduler.version}}" 288 metrics_server: "{{official_images.metrics_server.name}}:{{official_images.metrics_server.version}}" 289 290 images: 291 etcd: "{{ official_versioned_images.etcd | final_image(docker_registry_full_url, load_private_images) }}" 292 kube_proxy: "{{official_versioned_images.kube_proxy | final_image(docker_registry_full_url, load_private_images) }}" 293 kube_controller_manager: "{{ official_versioned_images.kube_controller_manager | final_image(docker_registry_full_url, load_private_images) }}" 294 kube_scheduler: "{{ official_versioned_images.kube_scheduler | final_image(docker_registry_full_url, load_private_images) }}" 295 kube_apiserver: "{{ official_versioned_images.kube_apiserver | final_image(docker_registry_full_url, load_private_images) }}" 296 calico_node: "{{ official_versioned_images.calico_node | final_image(docker_registry_full_url, load_private_images) }}" 297 calico_ctl: "{{ official_versioned_images.calico_ctl | final_image(docker_registry_full_url, load_private_images) }}" 298 calico_cni: "{{ official_versioned_images.calico_cni | final_image(docker_registry_full_url, load_private_images) }}" 299 calico_kube_controller: "{{ official_versioned_images.calico_kube_controller | final_image(docker_registry_full_url, load_private_images) }}" 300 cni_bin: "{{ official_versioned_images.cni_bin | final_image(docker_registry_full_url, load_private_images) }}" 301 contiv_netplugin: "{{ official_versioned_images.contiv_netplugin | final_image(docker_registry_full_url, load_private_images) }}" 302 contiv_authproxy: "{{ official_versioned_images.contiv_authproxy | final_image(docker_registry_full_url, load_private_images) }}" 303 weave: "{{ official_versioned_images.weave | final_image(docker_registry_full_url, load_private_images) }}" 304 weave_npc: "{{ official_versioned_images.weave_npc | final_image(docker_registry_full_url, load_private_images) }}" 305 defaultbackend: "{{ official_versioned_images.defaultbackend | final_image(docker_registry_full_url, load_private_images) }}" 306 nginx_ingress_controller: "{{ official_versioned_images.nginx_ingress_controller | final_image(docker_registry_full_url, load_private_images) }}" 307 nginx: "{{ official_versioned_images.nginx | final_image(docker_registry_full_url, load_private_images) }}" 308 busybox: "{{ official_versioned_images.busybox | final_image(docker_registry_full_url, load_private_images) }}" 309 pause: "{{ official_versioned_images.pause | final_image(docker_registry_full_url, load_private_images) }}" 310 kubedns: "{{ official_versioned_images.kubedns | final_image(docker_registry_full_url, load_private_images) }}" 311 kube_dnsmasq: "{{ official_versioned_images.kube_dnsmasq | final_image(docker_registry_full_url, load_private_images) }}" 312 kubedns_sidecar: "{{ official_versioned_images.kubedns_sidecar | final_image(docker_registry_full_url, load_private_images) }}" 313 coredns: "{{ official_versioned_images.coredns | final_image(docker_registry_full_url, load_private_images) }}" 314 kubernetes_dashboard: "{{ official_versioned_images.kubernetes_dashboard | final_image(docker_registry_full_url, load_private_images) }}" 315 apprenda_tcp_healthz: "{{ official_versioned_images.apprenda_tcp_healthz | final_image(docker_registry_full_url, load_private_images) }}" 316 helm: "{{ official_versioned_images.helm | final_image(docker_registry_full_url, load_private_images) }}" 317 heapster: "{{ official_versioned_images.heapster | final_image(docker_registry_full_url, load_private_images) }}" 318 influxdb: "{{ official_versioned_images.influxdb | final_image(docker_registry_full_url, load_private_images) }}" 319 rescheduler: "{{ official_versioned_images.rescheduler | final_image(docker_registry_full_url, load_private_images) }}" 320 metrics_server: "{{ official_versioned_images.metrics_server | final_image(docker_registry_full_url, load_private_images) }}" 321 322 #=============================================================================== 323 # docker packages 324 docker_yum_repository_url: "https://download.docker.com/linux/centos/7/x86_64/stable/" 325 docker_yum_gpg_key_url: "https://download.docker.com/linux/centos/gpg" 326 docker_deb_repository_url: "https://download.docker.com/linux/ubuntu" 327 docker_deb_gpg_key_url: "https://download.docker.com/linux/ubuntu/gpg" 328 329 # kubernetes packages 330 kubernetes_yum_repository_url: "https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64" 331 kubernetes_yum_gpg_key_url: "https://packages.cloud.google.com/yum/doc/yum-key.gpg\nhttps://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" # \n is used to provide 2 keys 332 kubernetes_deb_repository_url: "https://packages.cloud.google.com/apt/" 333 kubernetes_deb_gpg_key_url: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" 334 335 #=============================================================================== 336 337 # Gluster 338 volume_mount: / 339 volume_base_dir: data/ 340 volume_mode: "0777" 341 volume_replica_count: 2 342 volume_distribution_count: 1 343 344 proxy_env: 345 HTTPS_PROXY: "{{ https_proxy }}" 346 https_proxy: "{{ https_proxy }}" 347 HTTP_PROXY: "{{ http_proxy }}" 348 http_proxy: "{{ http_proxy }}" 349 NO_PROXY: "{{ no_proxy }}" 350 no_proxy: "{{ no_proxy }}" 351 352 #=============================================================================== 353 # reset 354 flush_iptables: true