# Sample variables file
To help get you started, a sample configuration is provided in the file inventory/group_vars/all/all.yml.sample:
###
# Copyright (2020) Hewlett Packard Enterprise Development LP
#
# Licensed under the Apache License, Version 2.0 (the "License");
# You may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
# Base Anthos Version
anthos_version: '1.4.0-gke.13'
# Proxy definitions -- gkeadm will have it's own. For now these are needed for post deploy configuration
proxy_enabled: true
proxy_address: '16.100.208.216'
proxy_port: '8888'
proxy_type: 'http'
no_proxy: '.hcilabs.hpecorp.net,.simplivt.local'
# Location of GCP keys created (.json files)
# vcenter(s) ssl certificates
# private docker registry certificates
# ssh keypair to be deployed to GKE Admin Workstation
# This directory is located under /home/<user> on the ansible controller.
secrets_directory: 'anthos_secrets'
# Name of whitelisted key for GCP
gke_whitelisted_key: 'whitelisted-key.json' # Must be in directory defined by 'secrets_directory'
#####
# Virtual Center Configuration that will be used to deploy GKE Admin Workstation
# and all GKE on-prem clusters (admin and user)
# All variables that contain a vault_ prefix should be entered in `inventory/group_vars/all/vault.yml'
#####
vcenter:
address: '10.1.223.196'
username: "{{ vault_vcenter_username }}"
password: "{{ vault_vcenter_password }}"
datacenter: 'Datacenter'
datastore: 'ds1'
cluster: "New_Cluster"
network: 'VM Network 2'
resourcepool: 'Anthos_1.4'
cacert: 'vcenter.pem' # Must be in directory defined by 'secrets_directory'
#####
# GKE Admin Workstation Configuration
#####
gke_admin_workstation:
ssh_private_key: 'vsphere_workstation' # Must be in directory defined by 'secrets_directory'
name: 'gke-adm-test14'
cpus: '4'
memoryMB: '8192'
diskGB: '50'
datadiskMB: '1024'
ntpServer: 'hou-ntp1.hcilabs.hpecorp.net'
ipAllocationMode: 'dhcp'
# For Static IP assignment uncomment and enter info below. Remove ipAllocationMode: 'dhcp' above.
#ipAllocationMode: 'static'
#ip: '192.168.1.10'
#gateway: '192.168.1.1'
#netmask: '255.255.255.0'
#dns:
# - nameserver_ip
# - nameserver_ip
# If you desire to deploy your GKE Admin Workstation to a different vsphere infrastructure, enter values here
# and set 'enable: true'. If 'enable: false' then values from global vcenter config will be used.
alt_vcenter:
enable: false
address: '10.1.223.196'
username: "{{ vault_gkeadm_vcenter_username }}"
password: "{{ vault_gkeadm_vcenter_password }}"
datacenter: 'Datacenter'
datastore: 'ds1'
cluster: 'New_Cluster'
network: 'VM Network 2'
resourcepool: 'Anthos_1.4'
cacert: 'gkeadm_alt_vcenter.pem' # Must be in directory defined by 'secrets_directory'
# Path to GKE Admin Workstation OVA file to install. If defined and valid gkeadm will use this file.
# If empty '' or invalid gkeadm will download the OVA into the directory defined by the variable 'output_directory:'
# gkeadm_ova_path: '/home/sgifford/Downloads/1.3.0-gke.16/gke-on-prem-admin-appliance-vsphere-1.3.0-gke.16.ova'
gkeadm_ova_path: ''
#####
# Post deploy configuration of GKE Admin Workstation
# These are site specific.
#####
# Docker bip (base IP) can be changed if the default conflict with your environment
docker_bip: '192.68.0.1/16'
# A private Docker registry is commonly used in Air-Gapped installations
private_docker_registry: true
private_reg_ip: '16.100.209.193'
private_reg_port: '5005'
private_reg_cert: 'registry.crt' # Must be in directory defined by 'secrets_directory'
private_reg_username: 'me'
private_reg_password: 'you'
# If desired, secrets can be pulled from git to the ansible controller by setting 'pull_enable: true'. The files will be copied to the
# GKE Admin Workstation during deployment. The files in this repo must match the name/structure described in README.md.
# As mentioned above, an ssh 'config' file and ssh key need to be configured to pull this repo.
anthos_userdata_git:
pull_enable: false
repo_name: anthos_secrets # Change to match your repo -- Files will be pulled to {{ secrets_directory }}
# Change this url to match your private user data repo path
repo_url: 'ssh://git@stash.simplivt.local:7999/~sgifford/anthos_secrets.git'
#####
# GKE on-prem cluster configuration
#####
# GCP project to set. gkeadm does not currently set this.
# gcloud_project is a default (main) project.
gcloud_project: 'deep-thought-259715'
# Individual projects can be configured for each of these areas. Projects must exist in
# GCP before trying to use them. They will default to gcloud_project if left undefined.
gke_connect_projectid: ''
gke_stackdriver_projectid: ''
gke_usagemetering_projectid: ''
gke_cloudauditlogging_projectid: ''
# Common variables to all clusters
gke_bundle_path: '/var/lib/gke/bundles/gke-onprem-vsphere-{{ anthos_version }}-full.tgz'
gke_data_disk_name: 'test14-deploy'
# These variables will be used for all clusters unless overridden in the gke_cluster_config section below
gke_network_internal: 'gke-internal' #vSphere network for VM's
gke_cluster_resource_pool: 'Anthos_1.4'
gke_cluster_gcp_region: 'us-east1'
gke_cluster_antiAffinity_enable: 'true'
gke_loadBalancerKind: 'F5BigIP'
enable_vpc: 'false'
enable_cloudrun: 'false'
#####
# GKE on-prem cluster configuration information.
# Only 1 admin cluster should be defined. Multiple user clusters can be defined.
# gkenode.net allows for dhcp or static network definition. If set to 'static' then all network information
# should be entered. If set for 'dhcp' the network information will be ignored.
#####
gke_cluster_config:
- name: 'admin'
type: 'admin'
state: present
loadBalancerKind: 'F5BigIP'
f5_partition: 'Spanned_VIP'
cluster_ctrl_vip: '172.17.0.21'
cluster_ingress_vip: '172.17.0.22'
datastore: '' #If left blank the global vcenter.datastore will be used
resource_pool: ''
cluster_network: ''
logging_metric_gcp_region: 'us-east1'
audit_logging_gcp_region: 'us-east1'
enable_vpc: 'false'
enable_cloudrun: 'false'
gkenode_net:
mode: 'dhcp'
dns: '192.168.1.1'
gateway: '192.168.1.1'
netmask: '255.255.255.0'
tod: 'hou-ntp1.hcilabs.hpecorp.net'
search_domain: 'my.local.com'
otherdns:
- 8.8.8.8
- 8.8.8.4
othertod:
- ntp.ubuntu.com
ips:
- ip: 192.168.1.10
hostname: admin-host1
- ip: 192.168.1.11
hostname: admin-host2
- ip: 192.168.1.12
hostname: admin-host3
- ip: 192.168.1.13
hostname: admin-host4
- ip: 192.168.1.14
hostname: admin-host5
- name: 'sg-test4-13'
type: 'user'
state: present
masternode_cpu: '6'
masternode_memory: '16000'
masternode_replicas: '1'
workernode_cpu: '6'
workernode_memory: '16000'
workernode_replicas: '3'
loadBalancerKind: 'F5BigIP'
f5_partition: 'Spanned_VIP_user'
cluster_ctrl_vip: '172.17.0.69'
cluster_ingress_vip: '172.17.0.72'
csi_storageclass_name: 'test4-3-sc'
csi_datastore_name: 'csi-3'
csi_datastore_size: '20'
datastore: ''
resource_pool: 'User-Cluster-1'
cluster_network: ''
logging_metric_gcp_region: 'us-east1'
audit_logging_gcp_region: 'us-east1'
enable_vpc: 'false'
enable_cloudrun: 'false'
anthos_service_mesh_enable: true
anthos_service_mesh_externalIP: '172.17.0.29' # example '172.17.0.29'
anthos_service_mesh_sidecar_enable:
- default
- test1
- test2 # This a list of namespaces to enable istio sidecar injection
gkenode_net:
mode: 'dhcp'
dns: '192.168.2.1'
gateway: '192.168.2.1'
netmask: '255.255.255.0'
tod: 'hou-ntp1.hcilabs.hpecorp.net'
search_domain: 'my.local.com'
otherdns:
- 8.8.8.8
- 8.8.8.4
othertod:
- ntp.ubuntu.com
ips:
- ip: 192.168.2.10
hostname: sg-test4-host1
- ip: 192.168.2.11
hostname: sg-test4-host2
- ip: 192.168.2.12
hostname: sg-test4-host3
- ip: 192.168.2.13
hostname: sg-test4-host4
- ip: 192.168.2.14
hostname: sg-test4-host5
# Enable/Disable/Flags for the gkectl check-config execution. Recommend to run at least the first time.
# Flags to be added to gkectl command. See docs for explanation.
enable_config_check: true
gkectl_check_flags: '--fast'
# Enable/Disable/Flags for the gkectl prepare execution. Required to run at least one time.
# Flags to be added to gkectl command. See docs for explanation.
gkectl_run_prepare: true
gkectl_prepare_flags: '--skip-validation-all'
# Enable/Disable/Flags for the gkectl create cluster execution. Required to enable admin at least on first run.
# Flags to be added to gkectl command. See docs for explanation.
create_admin_cluster: true
create_user_cluster: true
gkectl_create_flags: '--skip-validation-all'
#####
# F5 Configuration Information
# All variables that contain a vault_ prefix should be entered in `inventory/group_vars/all/vault.yml'
#####
f5:
provider:
user: admin
password: "{{ vault_f5_admin_password }}"
server: 10.1.222.170
validate_certs: no
server_port: 443
hostname: Morbo-F5-SG1.thehead.local
admin_username: admin
admin_password: "{{ vault_f5_admin_password }}"
# Set to true to ensure config is saved to f5. DO NOT CHANGE
save: true
internal_vlan_name: internal
internal_vlan_tag: 1700
internal_vlan_selfip: 172.17.0.16
internal_vlan_selfip_netmask: 255.255.224.0
internal_vlan_selfip_name: gke-internal
external_vlan_name: external
external_vlan_tag: 1732
external_vlan_selfip: 172.17.32.16
external_vlan_selfip_netmask: 255.255.224.0
external_vlan_selfip_name: gke-external
license:
- { key: "{{ vault_f5_license_key }}", state: present }
#####
# SimpliVity
#####
simplivity_validate_certs: false
simplivity_appliances:
- 10.1.222.46
- 10.1.222.47
- 10.1.222.57
#####
# Varibles defining the directory configuration on the GKE Admin Workstation.
# ======= DO NOT CHANGE =======
#####
# Base directory on GKE Admin Workstation to install files
gkeadm_basedir: '/home/ubuntu'
# Location of files generated by gkeadm during deployment of GKE Admin Workstation
output_directory: '{{ local_user_home }}/output'
# Location of files generated on GKE Admin Workstation by gkectl during GKE on-prem cluster creation
log_directory: '{{ gkeadm_basedir }}/logs'
# Location of secrets files on local ansible controller
local_user_home: "{{ lookup ('env', 'HOME') }}"
secrets_path: "{{ local_user_home }}/{{ secrets_directory | regex_replace('\\/$', '') }}"
# GKE Admin Workstation destination of admin and user cluster configuration yaml files.
cluster_configurations_path: '{{ gkeadm_basedir }}/cluster-configurations'
# GKE Admin Workstation destination of admin and user cluster kubeconfig files generated when gkectl deploys clusters
cluster_kubeconfig_path: '{{ gkeadm_basedir }}/kubeconfigs'
# Setting name of admin kubeconfig here to be able to use it programatically later
admin_cluster_kubeconfig: 'kubeconfig'
# Derived proxyUrl
proxyUrl: "{{ proxy_type }}://{{ proxy_address }}:{{ proxy_port }}" # Proxy vars defined elsewhere in this file.
# Path to ssh private key to install on GKE Admin Workstation
# This key will also be used by ansible to connect to admin workstation
ansible_ssh_private_key_file: '{{ secrets_path }}/{{ gke_admin_workstation.ssh_private_key }}'
# Path/Filename where ansible should create the yaml config file for deploying the GKE Admin Workstation
gkeadm_config: '{{ secrets_path }}/admin-ws-config-{{ gke_admin_workstation.name }}.yaml'
# Path to directory containing desired .ssh directory contents that will be copied to GKE Admin Workstaion.
# Used for git repo cloning.
ssh_config_path: '{{ local_user_home }}/.ssh'