-
Notifications
You must be signed in to change notification settings - Fork 0
/
htz1.yml
40 lines (40 loc) · 1.31 KB
/
htz1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
---
- name: Base setup - User setup, fail2ban, security.
hosts: all
become: yes
become_user: root
become_method: sudo
vars:
app_user: [rihards]
app_user_groups: []
# security_ssh_port: 3013
security_sudoers_passwordless: [rihards]
kubernetes_version: '1.29'
kubernetes_role: control_plane
kubernetes_ignore_preflight_errors: "all"
kubernetes_pod_network_cidr: "10.244.0.0/16"
kubernetes_allow_pods_on_master: True
kubernetes_config_kubelet_configuration:
failSwapOn: false
kubernetes_config_init_configuration:
apiserverCertExtraSans: rudenspavasaris.id.lv
# kubernetes_apt_repository: "deb https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /"
server_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
nerdctl_version: "1.7.5"
cni_plugin_version: "1.4.1"
handlers:
- import_tasks: handlers/containerd.yml
vars_files:
- vars/app_user.yml
pre_tasks:
- include_tasks: ./tasks/scaleway_dns.yml
- include_tasks: ./tasks/app_user.yml
- include_tasks: ./tasks/s3cfg.yml
- include_tasks: ./tasks/containerd.yml
- include_tasks: ./tasks/keep_clean.yml
- include_tasks: ./tasks/dirty_swap.yml
roles:
- geerlingguy.security
- geerlingguy.kubernetes
tasks:
- include_tasks: ./tasks/after_tasks.yml