| classes: |
| - system.etcd.server.cluster |
| - system.haproxy.proxy.listen.kubernetes.apiserver |
| - system.keepalived.cluster.instance.kube_api_server_vip |
| - system.salt.minion.cert.etcd_server |
| - system.kubernetes.master.cluster |
| - system.kubernetes.master.auth.rbac |
| - system.kubernetes.control.roles.cluster-admin |
| - system.kubernetes.control.roles.genie-pod-patch |
| - cluster.k8s-ha-calico-flannel-virtlet.kubernetes.common |
| - cluster.k8s-ha-calico-flannel-virtlet.kubernetes.networking.virtual |
| - cluster.k8s-ha-calico-flannel-virtlet |
| parameters: |
| _param: |
| keepalived_k8s_apiserver_vip_interface: ${_param:control_interface} |
| keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address} |
| keepalived_k8s_apiserver_vip_password: password |
| etcd: |
| server: |
| setup: |
| calico: |
| key: /calico/ipam/v2/assignment/ipv4/block/${_param:calico_private_network}-${_param:calico_private_netmask} |
| value: '{"masquerade":true,"cidr":"${_param:calico_private_network}/${_param:calico_private_netmask}"}' |
| kubernetes: |
| master: |
| apiserver: |
| insecure_address: 0.0.0.0 |
| kubelet: |
| address: ${_param:single_address} |
| fail_on_swap: ${_param:kubelet_fail_on_swap} |
| etcd: |
| ssl: |
| enabled: true |
| network: |
| genie: |
| enabled: ${_param:kubernetes_genie_enabled} |
| default_plugin: calico |
| flannel: |
| enabled: ${_param:kubernetes_flannel_enabled} |
| private_ip_range: 10.20.0.0/16 |
| calico: |
| enabled: true |
| image: ${_param:kubernetes_calico_image} |
| calicoctl_image: ${_param:kubernetes_calico_calicoctl_image} |
| cni_image: ${_param:kubernetes_calico_cni_image} |
| kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image} |
| etcd: |
| ssl: |
| enabled: true |
| policy: |
| enabled: ${_param:kubernetes_calico_policy_enabled} |
| namespace: |
| netchecker: |
| enabled: true |