update prod inventory

southbridgeio · Jul 26, 2020 · 13b91fd · 13b91fd
1 parent 151a19d
commit 13b91fd
Show file tree

Hide file tree

Showing 12 changed files with 102 additions and 6 deletions.
diff --git a/inventory/prod/group_vars/all/all.yml b/inventory/prod/group_vars/all/all.yml
@@ -1,4 +1,7 @@
 ---
+# min supported kube_version
+kube_version_min_required: v1.15.0
+
 ## Directory where etcd data stored
 etcd_data_dir: /var/lib/etcd
 

diff --git a/inventory/prod/group_vars/all/aws.yml b/inventory/prod/group_vars/all/aws.yml
@@ -0,0 +1,8 @@
+## To use AWS EBS CSI Driver to provision volumes, uncomment the first value
+## and configure the parameters below
+# aws_ebs_csi_enabled: true
+# aws_ebs_csi_enable_volume_scheduling: true
+# aws_ebs_csi_enable_volume_snapshot: false
+# aws_ebs_csi_enable_volume_resizing: false
+# aws_ebs_csi_controller_replicas: 1
+# aws_ebs_csi_plugin_image_tag: latest
diff --git a/inventory/prod/group_vars/all/containerd.yml b/inventory/prod/group_vars/all/containerd.yml
@@ -0,0 +1,15 @@
+---
+# Please see roles/container-engine/containerd/defaults/main.yml for more configuration options
+
+# containerd_config:
+#   grpc:
+#     max_recv_message_size: 16777216
+#     max_send_message_size: 16777216
+#   debug:
+#     level: ""
+#   registries:
+#     "docker.io": "https://registry-1.docker.io"
+#   max_container_log_line_size: -1
+#   metrics:
+#     address: ""
+#     grpc_histogram: false
diff --git a/inventory/prod/group_vars/all/docker.yml b/inventory/prod/group_vars/all/docker.yml
@@ -51,4 +51,4 @@ docker_rpm_keepcache: 0
 
 ## A string of extra options to pass to the docker daemon.
 ## This string should be exactly as you wish it to appear.
-docker_options: ""
+# docker_options: ""
diff --git a/inventory/prod/group_vars/all/download.yml b/inventory/prod/group_vars/all/download.yml
@@ -0,0 +1,2 @@
+download_run_once: True
+
diff --git a/inventory/prod/group_vars/all/gcp.yml b/inventory/prod/group_vars/all/gcp.yml
@@ -0,0 +1,10 @@
+## GCP compute Persistent Disk CSI Driver credentials and parameters
+## See docs/gcp-pd-csi.md for information about the implementation
+
+## Specify the path to the file containing the service account credentials
+# gcp_pd_csi_sa_cred_file: "/my/safe/credentials/directory/cloud-sa.json"
+
+## To enable GCP Persistent Disk CSI driver, uncomment below
+# gcp_pd_csi_enabled: true
+# gcp_pd_csi_controller_replicas: 1
+# gcp_pd_csi_driver_image_tag: "v0.7.0-gke.0"
diff --git a/inventory/prod/group_vars/k8s-cluster/addons.yml b/inventory/prod/group_vars/k8s-cluster/addons.yml
@@ -27,6 +27,8 @@ local_path_provisioner_enabled: false
 # local_path_provisioner_debug: false
 # local_path_provisioner_image_repo: "rancher/local-path-provisioner"
 # local_path_provisioner_image_tag: "v0.0.2"
+# local_path_provisioner_helper_image_repo: "busybox"
+# local_path_provisioner_helper_image_tag: "latest"
 
 # Local volume provisioner deployment
 local_volume_provisioner_enabled: false
@@ -35,6 +37,8 @@ local_volume_provisioner_enabled: false
 #   local-storage:
 #     host_dir: /mnt/disks
 #     mount_dir: /mnt/disks
+#     volume_mode: Filesystem
+#     fs_type: ext4
 #   fast-disks:
 #     host_dir: /mnt/fast-disks
 #     mount_dir: /mnt/fast-disks
@@ -79,7 +83,7 @@ rbd_provisioner_enabled: false
 ingress_nginx_enabled: true
 ingress_nginx_host_network: true
 ingress_nginx_nodeselector:
-  node-role.kubernetes.io/ingress: "true"
+  node-role.kubernetes.io/ingress: ""
 ingress_nginx_tolerations:
   - key: "node-role.kubernetes.io/ingress"
     operator: "Exists"
@@ -96,6 +100,15 @@ ingress_nginx_configmap:
 # ingress_nginx_configmap_udp_services:
 #   53: "kube-system/kube-dns:53"
 
+# ALB ingress controller deployment
+ingress_alb_enabled: false
+# alb_ingress_aws_region: "us-east-1"
+# alb_ingress_restrict_scheme: "false"
+# alb_ingress_log_level: "WARN"
+# Enables logging on all outbound requests sent to the AWS API.
+# If logging is desired, set to true.
+# alb_ingress_aws_debug: "false"
+
 # Cert manager deployment
 cert_manager_enabled: false
 # cert_manager_namespace: "cert-manager"
diff --git a/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml
@@ -19,7 +19,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.14.1
+kube_version: v1.18.3
 
 # kubernetes image repo define
 kube_image_repo: "gcr.io/google-containers"
@@ -216,5 +216,3 @@ persistent_volumes_enabled: false
 
 kubelet_authentication_token_webhook: true
 kubelet_authorization_mode_webhook: true
-
-preinstall_selinux_state: disabled
diff --git a/inventory/prod/group_vars/k8s-cluster/k8s-net-calico.yml b/inventory/prod/group_vars/k8s-cluster/k8s-net-calico.yml
@@ -11,6 +11,9 @@
 # add default ippool name
 # calico_pool_name: "default-pool"
 
+# add default ippool blockSize (defaults kube_network_node_prefix)
+# calico_pool_blocksize: 24
+
 # add default ippool CIDR (must be inside kube_pods_subnet, defaults to kube_pods_subnet otherwise)
 # calico_pool_cidr: 1.2.3.4/5
 
@@ -28,8 +31,37 @@
 # Choose data store type for calico: "etcd" or "kdd" (kubernetes datastore)
 # calico_datastore: "etcd"
 
+# Choose Calico iptables backend: "Iptables" or "NFT"
+# calico_iptables_backend: "Iptables"
+
 # Use typha (only with kdd)
 # typha_enabled: false
 
+# Generate TLS certs for secure typha<->calico-node communication
+# typha_secure: false
+
+# Scaling typha: 1 replica per 100 nodes is adequate
 # Number of typha replicas
 # typha_replicas: 1
+
+# Set max typha connections
+# typha_max_connections_lower_limit: 300
+
+# Set calico network backend: "bird", "vxlan" or "none"
+# bird enable BGP routing, required for ipip mode.
+# calico_network_backend: bird
+
+# IP in IP and VXLAN is mutualy exclusive modes.
+# set IP in IP encapsulation mode: "Always", "CrossSubnet", "Never"
+# calico_ipip_mode: 'Always'
+
+# set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
+# calico_vxlan_mode: 'Never'
+
+# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
+# * can-reach=DESTINATION
+# * interface=INTERFACE-REGEX
+# see https://docs.projectcalico.org/reference/node/configuration
+# calico_ip_auto_method: "interface=eth.*"
+# Choose the iptables insert mode for Calico: "Insert" or "Append".
+# calico_felix_chaininsertmode: Insert
diff --git a/inventory/prod/group_vars/k8s-cluster/k8s-net-kube-router.yml b/inventory/prod/group_vars/k8s-cluster/k8s-net-kube-router.yml
@@ -47,3 +47,12 @@
 
 # Array of common annotations for every node
 # kube_router_annotations_all: []
+
+# Enables scraping kube-router metrics with Prometheus
+# kube_router_enable_metrics: false
+
+# Path to serve Prometheus metrics on
+# kube_router_metrics_path: /metrics
+
+# Prometheus metrics port to use
+# kube_router_metrics_port: 9255
diff --git a/inventory/prod/group_vars/k8s-cluster/k8s-net-macvlan.yml b/inventory/prod/group_vars/k8s-cluster/k8s-net-macvlan.yml
@@ -0,0 +1,6 @@
+---
+# private interface, on a l2-network
+macvlan_interface: "eth1"
+
+# Enable nat in default gateway network interface
+enable_nat_default_gateway: true
diff --git a/inventory/prod/group_vars/kube-ingress.yml b/inventory/prod/group_vars/kube-ingress.yml
@@ -1,4 +1,4 @@
 node_labels:
-  node-role.kubernetes.io/ingress: "true"
+  node-role.kubernetes.io/ingress: ""
 node_taints:
   - "node-role.kubernetes.io/ingress=:NoSchedule"