Robert Kaussow
31d0675475
Author: Robert Kaussow <mail@thegeeklab.de> Date: Sun Jan 29 16:46:24 2023 +0100 feat: add cis recommendations and hardening options
5.0 KiB
5.0 KiB
title | type |
---|---|
k3s | docs |
Setup K3s cluster nodes.
- Default Variables
- k3s_init_log_enabled
- k3s_iscsi_enabled
- k3s_node_ip
- k3s_node_labels
- k3s_node_name
- k3s_packages
- k3s_packages_extra
- k3s_protect_kernel_defaults
- k3s_reset
- k3s_selinux_enabled
- k3s_server
- k3s_server_admission_configuration
- k3s_server_admission_plugins
- k3s_server_bind_ip
- k3s_server_cloud_controller_enabled
- k3s_server_components_disabled
- k3s_server_feature_gates
- k3s_server_flannel_backend_enabled
- k3s_server_manifests_templates
- k3s_server_manifests_urls
- k3s_server_network_policy_enabled
- k3s_server_nodes
- k3s_server_resource_creations
- k3s_server_resource_patches
- k3s_server_workload_enabled
- k3s_token
- k3s_version
- Discovered Tags
- Dependencies
Default Variables
k3s_init_log_enabled
Default value
k3s_init_log_enabled: false
k3s_iscsi_enabled
Default value
k3s_iscsi_enabled: false
k3s_node_ip
Default value
k3s_node_ip: '{{ ansible_default_ipv4.address }}'
k3s_node_labels
Default value
k3s_node_labels: {}
k3s_node_name
Default value
k3s_node_name: '{{ ansible_hostname }}'
k3s_packages
Default value
k3s_packages:
- epel-release
- python3-kubernetes
- container-selinux
- selinux-policy-base
k3s_packages_extra
Default value
k3s_packages_extra: []
k3s_protect_kernel_defaults
Default value
k3s_protect_kernel_defaults: false
k3s_reset
Default value
k3s_reset: false
k3s_selinux_enabled
Default value
k3s_selinux_enabled: false
k3s_server
Default value
k3s_server: true
k3s_server_admission_configuration
Default value
k3s_server_admission_configuration:
- name: EventRateLimit
configuration:
kind: Configuration
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
limits:
- type: Namespace
qps: 50
burst: 100
cacheSize: 2000
- type: User
qps: 10
burst: 50
k3s_server_admission_plugins
Default value
k3s_server_admission_plugins:
- NodeRestriction
- EventRateLimit
- ServiceAccount
- NamespaceLifecycle
k3s_server_bind_ip
Default value
k3s_server_bind_ip: 0.0.0.0
k3s_server_cloud_controller_enabled
Default value
k3s_server_cloud_controller_enabled: true
k3s_server_components_disabled
Default value
k3s_server_components_disabled:
- traefik
k3s_server_feature_gates
Default value
k3s_server_feature_gates: []
k3s_server_flannel_backend_enabled
Default value
k3s_server_flannel_backend_enabled: true
k3s_server_manifests_templates
Default value
k3s_server_manifests_templates: []
k3s_server_manifests_urls
Default value
k3s_server_manifests_urls: []
k3s_server_network_policy_enabled
Default value
k3s_server_network_policy_enabled: true
k3s_server_nodes
Default value
k3s_server_nodes:
- '{{ ansible_hostname }}'
k3s_server_resource_creations
Default value
k3s_server_resource_creations: []
k3s_server_resource_patches
Default value
k3s_server_resource_patches: []
k3s_server_workload_enabled
Default value
k3s_server_workload_enabled: true
k3s_token
Default value
k3s_token: secure-token
k3s_version
Default value
k3s_version: 1.25.3+k3s1
Discovered Tags
- skip_ansible_later
Dependencies
None.