{# SPDX-FileCopyrightText: 2021 Intel Corporation SPDX-License-Identifier: Apache-2.0 #} --- ## BMRA primary playbook variables ## # Kubernetes version kubernetes: true kube_version: v1.21.1 #kube_version: v1.20.6 #kube_version: v1.19.8 # Kubernetes container runtime: docker, containerd container_runtime: {{ bmra.runtime }} # Run system-wide package update (apt dist-upgrade, yum update, ...) # Note: enabling this may lead to unexpected results # Tip: you can set this per host using host_vars update_all_packages: false update_kernel: true # Node Feature Discovery nfd_enabled: {{ bmra.features.nfd }} nfd_build_image_locally: false nfd_namespace: kube-system nfd_sleep_interval: 60s # Intel CPU Manager for Kubernetes (CMK) cmk_enabled: {{ bmra.features.cmk.enable }} cmk_namespace: kube-system cmk_use_all_hosts: false # 'true' will deploy CMK on the controller nodes too #cmk_hosts_list: node1,node2 # allows to control where CMK nodes will run, leave this option commented out to deploy on all K8s nodes cmk_shared_num_cores: {{ bmra.features.cmk.num_shared_cores }} # number of CPU cores to be assigned to the "shared" pool on each of the nodes cmk_exclusive_num_cores: {{ bmra.features.cmk.num_exclusive_cores }} # number of CPU cores to be assigned to the "exclusive" pool on each of the nodes # cmk_shared_mode: packed # choose between: packed, spread, default: packed # cmk_exclusive_mode: packed # choose between: packed, spread, default: packed autogenerate_isolcpus: {{ bmra.features.isolcpus.autogenerate }} # Native CPU Manager (Kubernetes built-in) # Note: Enabling CMK and built-in Native CPU Manager is NOT recommended. # Setting this option as "true" enables the "static" policy, otherwise the default "none" policy is used. # The reserved CPU cores settings are individual per each worker node, and therefore are available to configure in the host_vars file native_cpu_manager_enabled: false # Enable Kubernetes built-in Topology Manager topology_manager_enabled: {{ bmra.features.topology_manager.enable }} # There are four supported policies: none, best-effort, restricted, single-numa-node. topology_manager_policy: "{{ bmra.features.topology_manager.policy }}" # OpenShift SRIOV Network Operator sriov_network_operator_enabled: false sriov_network_operator_namespace: "sriov-network-operator" # Intel SRIOV Network Device Plugin sriov_net_dp_enabled: {{ bmra.features.sriov_net_dp }} sriov_net_dp_namespace: kube-system # whether to build and store image locally or use one from public external registry sriov_net_dp_build_image_locally: true # SR-IOV network device plugin configuration. # For more information on supported configuration refer to: https://github.com/intel/sriov-network-device-plugin#configurations sriovdp_config_data: | { "resourceList": [{ "resourceName": "intel_sriov_netdevice", "selectors": { "vendors": ["8086"], "devices": ["154c", "10ed", "1889"], "drivers": ["iavf", "ixgbevf"] } }, { "resourceName": "intel_sriov_dpdk_700_series", "selectors": { "vendors": ["8086"], "devices": ["154c", "10ed"], "drivers": ["vfio-pci"] } }, { "resourceName": "intel_sriov_dpdk_800_series", "selectors": { "vendors": ["8086"], "devices": ["1889"], "drivers": ["vfio-pci"] } }, { "resourceName": "intel_fpga", "deviceType": "accelerator", "selectors": { "vendors": ["8086"], "devices": ["0d90"] } } ] } # Intel Device Plugin Operator intel_dp_namespace: kube-system # namespace will be applied for SGX DP and GPU DP # Intel QAT Device Plugin for Kubernetes qat_dp_enabled: {{ bmra.features.qat.enable }} qat_dp_namespace: kube-system qat_dp_build_image_locally: true # This feature will enable OpenSSL*Engine openssl_engine_enabled: false # To activate OpenSSL*Engine, install_openssl & update_qat_drivers must set to ‘true’ in host_vars # Intel GPU Device Plugin for Kubernetes gpu_dp_enabled: false gpu_dp_kernel_version: "5.4.48+" gpu_dp_build_image_locally: true # Intel SGX Device Plugin for Kubernetes sgx_dp_enabled: false sgx_dp_build_image_locally: true sgx_aesmd_namespace: kube-system # ProvisionLimit is a number of containers that can share # the same SGX provision device. sgx_dp_provision_limit: 20 # EnclaveLimit is a number of containers that can share the # same SGX enclave device. sgx_dp_enclave_limit: 20 # KMRA (Key Management Reference Application) kmra_enabled: false # The PCCS uses this API key to request collaterals from Intel's Provisioning Certificate Service. # User needs to subscribe first to obtain an API key. # For how to subscribe to Intel Provisioning Certificate Service and receive an API key, # goto https://api.portal.trustedservices.intel.com/provisioning-certification and click on 'Subscribe'. kmra_pccs_api_key: "ffffffffffffffffffffffffffffffff" # deploy KMRA demo workload (NGINX server) kmra_deploy_demo_workload: true # Intel Telemetry Aware Scheduling tas_enabled: {{ bmra.features.tas.enable }} tas_namespace: monitoring # create and enable TAS demonstration policy: [true, false] tas_enable_demo_policy: {{ bmra.features.tas.demo_policy }} # Create reference net-attach-def objects example_net_attach_defs: userspace_ovs_dpdk: false # Update to match host_vars CNI configuration userspace_vpp: false # Update to match host_vars CNI configuration sriov_net_dp: {{ bmra.features.sriov_net_dp }} # Update to match host_vars CNI configuration ## Proxy configuration ## #http_proxy: "http://proxy.example.com:1080" #https_proxy: "http://proxy.example.com:1080" #additional_no_proxy: ".example.com,mirror_ip" # (Ubuntu only) disables DNS stub listener which may cause issues on Ubuntu dns_disable_stub_listener: false # Kubernetes cluster name, also will be used as DNS domain cluster_name: cluster.local ## Kubespray variables ## # default network plugins and kube-proxy configuration kube_network_plugin_multus: true multus_version: v3.4.2 kube_network_plugin: flannel kube_pods_subnet: 10.244.0.0/16 kube_service_addresses: 10.233.0.0/18 kube_proxy_mode: iptables # comment this line out if you want to expose k8s services of type nodePort externally. kube_proxy_nodeport_addresses_cidr: 127.0.0.0/8 # please leave it set to "true", otherwise Intel BMRA features deployed as Helm charts won't be installed helm_enabled: true # local Docker Hub mirror, if it exists #docker_registry_mirrors: # - http://mirror_ip:mirror_port #containerd_registries: # "docker.io": # - "https://registry-1.docker.io" # - "https://mirror_ip:mirror_port" # Docker registry running on the cluster allows us to store images not avaialble on Docker Hub, e.g. CMK # The range of valid ports is 30000-32767 registry_nodeport: 30500 {% raw %} registry_local_address: "localhost:{{ registry_nodeport }}" {% endraw %} # Enable Pod Security Policy. This option enables PSP admission controller and creates minimal set of rules. psp_enabled: {{ bmra.features.psp }} # Set image pull policy to Always. Pulls images prior to starting containers. Valid credentials must be configured. always_pull_enabled: true # Telemetry configuration collectd_scrap_interval: 30