Updates Kuberef to use BMRA v21.08

[kuberef.git] / playbooks / roles / bmra-config / templates / all.j2

{#
SPDX-FileCopyrightText: 2021 Intel Corporation

SPDX-License-Identifier: Apache-2.0
#}

---
## BMRA primary playbook variables ##

# Kubernetes version
kubernetes: true
kube_version: v1.21.1
#kube_version: v1.20.6
#kube_version: v1.19.8

# Kubernetes container runtime: docker, containerd
container_runtime: {{ bmra.runtime }}

# Run system-wide package update (apt dist-upgrade, yum update, ...)
# Note: enabling this may lead to unexpected results
# Tip: you can set this per host using host_vars
update_all_packages: false
update_kernel: true

# Node Feature Discovery
nfd_enabled: {{ bmra.features.nfd }}
nfd_build_image_locally: false
nfd_namespace: kube-system
nfd_sleep_interval: 60s

# Intel CPU Manager for Kubernetes (CMK)
cmk_enabled: {{ bmra.features.cmk.enable }}
cmk_namespace: kube-system
cmk_use_all_hosts: false # 'true' will deploy CMK on the controller nodes too
#cmk_hosts_list: node1,node2 # allows to control where CMK nodes will run, leave this option commented out to deploy on all K8s nodes
cmk_shared_num_cores: {{ bmra.features.cmk.num_shared_cores }} # number of CPU cores to be assigned to the "shared" pool on each of the nodes
cmk_exclusive_num_cores: {{ bmra.features.cmk.num_exclusive_cores }} # number of CPU cores to be assigned to the "exclusive" pool on each of the nodes
# cmk_shared_mode: packed # choose between: packed, spread, default: packed
# cmk_exclusive_mode: packed # choose between: packed, spread, default: packed
autogenerate_isolcpus: {{ bmra.features.isolcpus.autogenerate }}

# Native CPU Manager (Kubernetes built-in)
# Note: Enabling CMK and built-in Native CPU Manager is NOT recommended.
# Setting this option as "true" enables the "static" policy, otherwise the default "none" policy is used.
# The reserved CPU cores settings are individual per each worker node, and therefore are available to configure in the host_vars file
native_cpu_manager_enabled: false

# Enable Kubernetes built-in Topology Manager
topology_manager_enabled: {{ bmra.features.topology_manager.enable }}
# There are four supported policies: none, best-effort, restricted, single-numa-node.
topology_manager_policy: "{{ bmra.features.topology_manager.policy }}"

# OpenShift SRIOV Network Operator
sriov_network_operator_enabled: false
sriov_network_operator_namespace: "sriov-network-operator"

# Intel SRIOV Network Device Plugin
sriov_net_dp_enabled: {{ bmra.features.sriov_net_dp }}
sriov_net_dp_namespace: kube-system
# whether to build and store image locally or use one from public external registry
sriov_net_dp_build_image_locally: true
# SR-IOV network device plugin configuration.
# For more information on supported configuration refer to: https://github.com/intel/sriov-network-device-plugin#configurations
sriovdp_config_data: |
    {
        "resourceList": [{
                "resourceName": "intel_sriov_netdevice",
                "selectors": {
                    "vendors": ["8086"],
                    "devices": ["154c", "10ed", "1889"],
                    "drivers": ["iavf", "ixgbevf"]
                }
            },
            {
                "resourceName": "intel_sriov_dpdk_700_series",
                "selectors": {
                    "vendors": ["8086"],
                    "devices": ["154c", "10ed"],
                    "drivers": ["vfio-pci"]
                }
            },
            {
                "resourceName": "intel_sriov_dpdk_800_series",
                "selectors": {
                    "vendors": ["8086"],
                    "devices": ["1889"],
                    "drivers": ["vfio-pci"]
                }
            },
            {
                "resourceName": "intel_fpga",
                "deviceType": "accelerator",
                "selectors": {
                    "vendors": ["8086"],
                    "devices": ["0d90"]
                }
            }
        ]
    }

# Intel Device Plugin Operator
intel_dp_namespace: kube-system # namespace will be applied for SGX DP and GPU DP

# Intel QAT Device Plugin for Kubernetes
qat_dp_enabled: {{ bmra.features.qat.enable }}
qat_dp_namespace: kube-system
qat_dp_build_image_locally: true

# This feature will enable OpenSSL*Engine
openssl_engine_enabled: false # To activate OpenSSL*Engine, install_openssl & update_qat_drivers must set to ‘true’ in host_vars

# Intel GPU Device Plugin for Kubernetes
gpu_dp_enabled: false
gpu_dp_kernel_version: "5.4.48+"
gpu_dp_build_image_locally: true

# Intel SGX Device Plugin for Kubernetes
sgx_dp_enabled: false
sgx_dp_build_image_locally: true
sgx_aesmd_namespace: kube-system
# ProvisionLimit is a number of containers that can share
# the same SGX provision device.
sgx_dp_provision_limit: 20
# EnclaveLimit is a number of containers that can share the
# same SGX enclave device.
sgx_dp_enclave_limit: 20

# KMRA (Key Management Reference Application)
kmra_enabled: false
# The PCCS uses this API key to request collaterals from Intel's Provisioning Certificate Service.
# User needs to subscribe first to obtain an API key.
# For how to subscribe to Intel Provisioning Certificate Service and receive an API key,
# goto https://api.portal.trustedservices.intel.com/provisioning-certification and click on 'Subscribe'.
kmra_pccs_api_key: "ffffffffffffffffffffffffffffffff"
# deploy KMRA demo workload (NGINX server)
kmra_deploy_demo_workload: true

# Intel Telemetry Aware Scheduling
tas_enabled: {{ bmra.features.tas.enable }}
tas_namespace: monitoring
# create and enable TAS demonstration policy: [true, false]
tas_enable_demo_policy: {{ bmra.features.tas.demo_policy }}

# Create reference net-attach-def objects
example_net_attach_defs:
  userspace_ovs_dpdk: false # Update to match host_vars CNI configuration
  userspace_vpp: false # Update to match host_vars CNI configuration
  sriov_net_dp: {{ bmra.features.sriov_net_dp }} # Update to match host_vars CNI configuration

## Proxy configuration ##
#http_proxy: "http://proxy.example.com:1080"
#https_proxy: "http://proxy.example.com:1080"
#additional_no_proxy: ".example.com,mirror_ip"

# (Ubuntu only) disables DNS stub listener which may cause issues on Ubuntu
dns_disable_stub_listener: false

# Kubernetes cluster name, also will be used as DNS domain
cluster_name: cluster.local

## Kubespray variables ##

# default network plugins and kube-proxy configuration
kube_network_plugin_multus: true
multus_version: v3.4.2
kube_network_plugin: flannel
kube_pods_subnet: 10.244.0.0/16
kube_service_addresses: 10.233.0.0/18
kube_proxy_mode: iptables

# comment this line out if you want to expose k8s services of type nodePort externally.
kube_proxy_nodeport_addresses_cidr: 127.0.0.0/8

# please leave it set to "true", otherwise Intel BMRA features deployed as Helm charts won't be installed
helm_enabled: true

# local Docker Hub mirror, if it exists
#docker_registry_mirrors:
#  - http://mirror_ip:mirror_port
#containerd_registries:
#  "docker.io":
#    - "https://registry-1.docker.io"
#    - "https://mirror_ip:mirror_port"

# Docker registry running on the cluster allows us to store images not avaialble on Docker Hub, e.g. CMK
# The range of valid ports is 30000-32767
registry_nodeport: 30500
{% raw %}
registry_local_address: "localhost:{{ registry_nodeport }}"
{% endraw %}

# Enable Pod Security Policy. This option enables PSP admission controller and creates minimal set of rules.
psp_enabled: {{ bmra.features.psp }}

# Set image pull policy to Always. Pulls images prior to starting containers. Valid credentials must be configured.
always_pull_enabled: true

# Telemetry configuration
collectd_scrap_interval: 30