X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=playbooks%2Froles%2Fbmra-config%2Ftemplates%2Fall.j2;h=440b3736d05294b69ae674d608c8b43f22e8526f;hb=cb5c652c37763043e695f123808a3ee9c512689d;hp=1eca5566c0e9b10483ac0fb7eb2d35bd8190d9b8;hpb=4c6fe2cf6e1bbb279dcf5698cff315740ea6d8e8;p=kuberef.git diff --git a/playbooks/roles/bmra-config/templates/all.j2 b/playbooks/roles/bmra-config/templates/all.j2 index 1eca556..440b373 100644 --- a/playbooks/roles/bmra-config/templates/all.j2 +++ b/playbooks/roles/bmra-config/templates/all.j2 @@ -9,9 +9,12 @@ SPDX-License-Identifier: Apache-2.0 # Kubernetes version kubernetes: true -#kube_version: v1.20.4 -kube_version: v1.19.8 -#kube_version: v1.18.16 +kube_version: v1.21.1 +#kube_version: v1.20.6 +#kube_version: v1.19.8 + +# Kubernetes container runtime: docker, containerd +container_runtime: {{ bmra.runtime }} # Run system-wide package update (apt dist-upgrade, yum update, ...) # Note: enabling this may lead to unexpected results @@ -47,6 +50,10 @@ topology_manager_enabled: {{ bmra.features.topology_manager.enable }} # There are four supported policies: none, best-effort, restricted, single-numa-node. topology_manager_policy: "{{ bmra.features.topology_manager.policy }}" +# OpenShift SRIOV Network Operator +sriov_network_operator_enabled: false +sriov_network_operator_namespace: "sriov-network-operator" + # Intel SRIOV Network Device Plugin sriov_net_dp_enabled: {{ bmra.features.sriov_net_dp }} sriov_net_dp_namespace: kube-system @@ -91,19 +98,26 @@ sriovdp_config_data: | ] } +# Intel Device Plugin Operator +intel_dp_namespace: kube-system # namespace will be applied for SGX DP and GPU DP + # Intel QAT Device Plugin for Kubernetes qat_dp_enabled: {{ bmra.features.qat.enable }} qat_dp_namespace: kube-system qat_dp_build_image_locally: true +# This feature will enable OpenSSL*Engine +openssl_engine_enabled: false # To activate OpenSSL*Engine, install_openssl & update_qat_drivers must set to ‘true’ in host_vars + # Intel GPU Device Plugin for Kubernetes gpu_dp_enabled: false -gpu_dp_namespace: kube-system +gpu_dp_kernel_version: "5.4.48+" gpu_dp_build_image_locally: true # Intel SGX Device Plugin for Kubernetes sgx_dp_enabled: false sgx_dp_build_image_locally: true +sgx_aesmd_namespace: kube-system # ProvisionLimit is a number of containers that can share # the same SGX provision device. sgx_dp_provision_limit: 20 @@ -111,6 +125,16 @@ sgx_dp_provision_limit: 20 # same SGX enclave device. sgx_dp_enclave_limit: 20 +# KMRA (Key Management Reference Application) +kmra_enabled: false +# The PCCS uses this API key to request collaterals from Intel's Provisioning Certificate Service. +# User needs to subscribe first to obtain an API key. +# For how to subscribe to Intel Provisioning Certificate Service and receive an API key, +# goto https://api.portal.trustedservices.intel.com/provisioning-certification and click on 'Subscribe'. +kmra_pccs_api_key: "ffffffffffffffffffffffffffffffff" +# deploy KMRA demo workload (NGINX server) +kmra_deploy_demo_workload: true + # Intel Telemetry Aware Scheduling tas_enabled: {{ bmra.features.tas.enable }} tas_namespace: monitoring @@ -153,9 +177,17 @@ helm_enabled: true # local Docker Hub mirror, if it exists #docker_registry_mirrors: # - http://mirror_ip:mirror_port +#containerd_registries: +# "docker.io": +# - "https://registry-1.docker.io" +# - "https://mirror_ip:mirror_port" # Docker registry running on the cluster allows us to store images not avaialble on Docker Hub, e.g. CMK -registry_local_address: "localhost:30500" +# The range of valid ports is 30000-32767 +registry_nodeport: 30500 +{% raw %} +registry_local_address: "localhost:{{ registry_nodeport }}" +{% endraw %} # Enable Pod Security Policy. This option enables PSP admission controller and creates minimal set of rules. psp_enabled: {{ bmra.features.psp }}