Robert Kaussow
31d0675475
Author: Robert Kaussow <mail@thegeeklab.de> Date: Sun Jan 29 16:46:24 2023 +0100 feat: add cis recommendations and hardening options
294 lines
5.0 KiB
Markdown
294 lines
5.0 KiB
Markdown
---
|
|
title: k3s
|
|
type: docs
|
|
---
|
|
|
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.k3s) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.k3s?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.k3s) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.k3s/src/branch/main/LICENSE)
|
|
|
|
Setup K3s cluster nodes.
|
|
|
|
<!--more-->
|
|
|
|
- [Default Variables](#default-variables)
|
|
- [k3s_init_log_enabled](#k3s_init_log_enabled)
|
|
- [k3s_iscsi_enabled](#k3s_iscsi_enabled)
|
|
- [k3s_node_ip](#k3s_node_ip)
|
|
- [k3s_node_labels](#k3s_node_labels)
|
|
- [k3s_node_name](#k3s_node_name)
|
|
- [k3s_packages](#k3s_packages)
|
|
- [k3s_packages_extra](#k3s_packages_extra)
|
|
- [k3s_protect_kernel_defaults](#k3s_protect_kernel_defaults)
|
|
- [k3s_reset](#k3s_reset)
|
|
- [k3s_selinux_enabled](#k3s_selinux_enabled)
|
|
- [k3s_server](#k3s_server)
|
|
- [k3s_server_admission_configuration](#k3s_server_admission_configuration)
|
|
- [k3s_server_admission_plugins](#k3s_server_admission_plugins)
|
|
- [k3s_server_bind_ip](#k3s_server_bind_ip)
|
|
- [k3s_server_cloud_controller_enabled](#k3s_server_cloud_controller_enabled)
|
|
- [k3s_server_components_disabled](#k3s_server_components_disabled)
|
|
- [k3s_server_feature_gates](#k3s_server_feature_gates)
|
|
- [k3s_server_flannel_backend_enabled](#k3s_server_flannel_backend_enabled)
|
|
- [k3s_server_manifests_templates](#k3s_server_manifests_templates)
|
|
- [k3s_server_manifests_urls](#k3s_server_manifests_urls)
|
|
- [k3s_server_network_policy_enabled](#k3s_server_network_policy_enabled)
|
|
- [k3s_server_nodes](#k3s_server_nodes)
|
|
- [k3s_server_resource_creations](#k3s_server_resource_creations)
|
|
- [k3s_server_resource_patches](#k3s_server_resource_patches)
|
|
- [k3s_server_workload_enabled](#k3s_server_workload_enabled)
|
|
- [k3s_token](#k3s_token)
|
|
- [k3s_version](#k3s_version)
|
|
- [Discovered Tags](#discovered-tags)
|
|
- [Dependencies](#dependencies)
|
|
|
|
---
|
|
|
|
## Default Variables
|
|
|
|
### k3s_init_log_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_init_log_enabled: false
|
|
```
|
|
|
|
### k3s_iscsi_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_iscsi_enabled: false
|
|
```
|
|
|
|
### k3s_node_ip
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_node_ip: '{{ ansible_default_ipv4.address }}'
|
|
```
|
|
|
|
### k3s_node_labels
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_node_labels: {}
|
|
```
|
|
|
|
### k3s_node_name
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_node_name: '{{ ansible_hostname }}'
|
|
```
|
|
|
|
### k3s_packages
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_packages:
|
|
- epel-release
|
|
- python3-kubernetes
|
|
- container-selinux
|
|
- selinux-policy-base
|
|
```
|
|
|
|
### k3s_packages_extra
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_packages_extra: []
|
|
```
|
|
|
|
### k3s_protect_kernel_defaults
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_protect_kernel_defaults: false
|
|
```
|
|
|
|
### k3s_reset
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_reset: false
|
|
```
|
|
|
|
### k3s_selinux_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_selinux_enabled: false
|
|
```
|
|
|
|
### k3s_server
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server: true
|
|
```
|
|
|
|
### k3s_server_admission_configuration
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_admission_configuration:
|
|
- name: EventRateLimit
|
|
configuration:
|
|
kind: Configuration
|
|
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
|
|
limits:
|
|
- type: Namespace
|
|
qps: 50
|
|
burst: 100
|
|
cacheSize: 2000
|
|
- type: User
|
|
qps: 10
|
|
burst: 50
|
|
```
|
|
|
|
### k3s_server_admission_plugins
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_admission_plugins:
|
|
- NodeRestriction
|
|
- EventRateLimit
|
|
- ServiceAccount
|
|
- NamespaceLifecycle
|
|
```
|
|
|
|
### k3s_server_bind_ip
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_bind_ip: 0.0.0.0
|
|
```
|
|
|
|
### k3s_server_cloud_controller_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_cloud_controller_enabled: true
|
|
```
|
|
|
|
### k3s_server_components_disabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_components_disabled:
|
|
- traefik
|
|
```
|
|
|
|
### k3s_server_feature_gates
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_feature_gates: []
|
|
```
|
|
|
|
### k3s_server_flannel_backend_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_flannel_backend_enabled: true
|
|
```
|
|
|
|
### k3s_server_manifests_templates
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_manifests_templates: []
|
|
```
|
|
|
|
### k3s_server_manifests_urls
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_manifests_urls: []
|
|
```
|
|
|
|
### k3s_server_network_policy_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_network_policy_enabled: true
|
|
```
|
|
|
|
### k3s_server_nodes
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_nodes:
|
|
- '{{ ansible_hostname }}'
|
|
```
|
|
|
|
### k3s_server_resource_creations
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_resource_creations: []
|
|
```
|
|
|
|
### k3s_server_resource_patches
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_resource_patches: []
|
|
```
|
|
|
|
### k3s_server_workload_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_server_workload_enabled: true
|
|
```
|
|
|
|
### k3s_token
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_token: secure-token
|
|
```
|
|
|
|
### k3s_version
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
k3s_version: 1.25.3+k3s1
|
|
```
|
|
|
|
## Discovered Tags
|
|
|
|
skip_ansible_later
|
|
:
|
|
|
|
|
|
## Dependencies
|
|
|
|
None.
|