main.yml

---

k8s_kernel_modules: [ br_netfilter ]

# Generate your own and put in vault
#   encryption_key: any 32-byte string
#   join_token: use kubeadm token create
vault_k8s:
  encryption_key: 01234567890123456789012345678901
  join_token: b0f7b8.8d1767876297d85c

k8s_defaults:
  admin_config: /etc/kubernetes/admin.conf
  config_fetch_always: false
  apt_repo:
    # TODO parameterize hardcoded 1.34 value
    repo: deb [signed-by=/etc/apt/keyrings/kubernetes.asc] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ /
    url: https://pkgs.k8s.io/core:/stable:/v1.34/deb/Release.key
  cplane_hostip: "{{ hostvars[groups['k8s_cplane'][0]]['ansible_default_ipv4']['address'] | default(groups['k8s_cplane'][0]) }}"
  cplane_vip: "{{ hostvars[groups['k8s_cplane'][0]]['ansible_default_ipv4']['address'] | default(groups['k8s_cplane'][0]) }}"
  # TODO: might be able to retire cri-dockerd
  #  probably need to update /etc/containerd/config.toml
  # criSocket: unix:///run/containerd/containerd.sock
  cri_socket: unix:///var/run/cri-dockerd.sock
  kubeadm_opts: ''
  local_vols: /var/lib/docker/k8s-volumes
  cplane: False
  pod_network: 10.244.0.0/16
  pod_infra_container_image: registry.k8s.io/pause:3.10.1
  service:
    enabled: yes
    name: kubelet
    state: restarted
  service_network: 10.96.0.0/12
  version: 1.34.3
  coredns_version: v1.11.3
  cni_version: 1.7.1
k8s_override: {}
k8s: "{{ k8s_defaults | combine(k8s_override) }}"

cri_dockerd:
  version: 0.3.20

oidc:
  client_id: client-not-yet-set
  issuer_url: https://accounts.google.com
  groups_claim: ""
  group_prefix: oidc_
  username_claim: email
  username_prefix: ""

sysctl:
  net.bridge.bridge-nf-call-iptables: 1
  vm.swappiness: 0
  
ubuntu_packages:
  - kubeadm={{ k8s.version }}-*
  - kubelet={{ k8s.version }}-*
  - kubernetes-cni={{ k8s.cni_version }}-*

ubuntu_package_additions: []