Updates Kuberef to use BMRA v21.08

[kuberef.git] / playbooks / roles / bmra-config / templates / all.j2

diff --git a/playbooks/roles/bmra-config/templates/all.j2 b/playbooks/roles/bmra-config/templates/all.j2
index 1eca556..440b373 100644 (file)
--- a/playbooks/roles/bmra-config/templates/all.j2
+++ b/playbooks/roles/bmra-config/templates/all.j2
@@ -9,9 +9,12 @@ SPDX-License-Identifier: Apache-2.0
 
 # Kubernetes version
 kubernetes: true
-#kube_version: v1.20.4
-kube_version: v1.19.8
-#kube_version: v1.18.16
+kube_version: v1.21.1
+#kube_version: v1.20.6
+#kube_version: v1.19.8
+
+# Kubernetes container runtime: docker, containerd
+container_runtime: {{ bmra.runtime }}
 
 # Run system-wide package update (apt dist-upgrade, yum update, ...)
 # Note: enabling this may lead to unexpected results
@@ -47,6 +50,10 @@ topology_manager_enabled: {{ bmra.features.topology_manager.enable }}
 # There are four supported policies: none, best-effort, restricted, single-numa-node.
 topology_manager_policy: "{{ bmra.features.topology_manager.policy }}"
 
+# OpenShift SRIOV Network Operator
+sriov_network_operator_enabled: false
+sriov_network_operator_namespace: "sriov-network-operator"
+
 # Intel SRIOV Network Device Plugin
 sriov_net_dp_enabled: {{ bmra.features.sriov_net_dp }}
 sriov_net_dp_namespace: kube-system
@@ -91,19 +98,26 @@ sriovdp_config_data: |
         ]
     }
 
+# Intel Device Plugin Operator
+intel_dp_namespace: kube-system # namespace will be applied for SGX DP and GPU DP
+
 # Intel QAT Device Plugin for Kubernetes
 qat_dp_enabled: {{ bmra.features.qat.enable }}
 qat_dp_namespace: kube-system
 qat_dp_build_image_locally: true
 
+# This feature will enable OpenSSL*Engine
+openssl_engine_enabled: false # To activate OpenSSL*Engine, install_openssl & update_qat_drivers must set to ‘true’ in host_vars
+
 # Intel GPU Device Plugin for Kubernetes
 gpu_dp_enabled: false
-gpu_dp_namespace: kube-system
+gpu_dp_kernel_version: "5.4.48+"
 gpu_dp_build_image_locally: true
 
 # Intel SGX Device Plugin for Kubernetes
 sgx_dp_enabled: false
 sgx_dp_build_image_locally: true
+sgx_aesmd_namespace: kube-system
 # ProvisionLimit is a number of containers that can share
 # the same SGX provision device.
 sgx_dp_provision_limit: 20
@@ -111,6 +125,16 @@ sgx_dp_provision_limit: 20
 # same SGX enclave device.
 sgx_dp_enclave_limit: 20
 
+# KMRA (Key Management Reference Application)
+kmra_enabled: false
+# The PCCS uses this API key to request collaterals from Intel's Provisioning Certificate Service.
+# User needs to subscribe first to obtain an API key.
+# For how to subscribe to Intel Provisioning Certificate Service and receive an API key,
+# goto https://api.portal.trustedservices.intel.com/provisioning-certification and click on 'Subscribe'.
+kmra_pccs_api_key: "ffffffffffffffffffffffffffffffff"
+# deploy KMRA demo workload (NGINX server)
+kmra_deploy_demo_workload: true
+
 # Intel Telemetry Aware Scheduling
 tas_enabled: {{ bmra.features.tas.enable }}
 tas_namespace: monitoring
@@ -153,9 +177,17 @@ helm_enabled: true
 # local Docker Hub mirror, if it exists
 #docker_registry_mirrors:
 #  - http://mirror_ip:mirror_port
+#containerd_registries:
+#  "docker.io":
+#    - "https://registry-1.docker.io"
+#    - "https://mirror_ip:mirror_port"
 
 # Docker registry running on the cluster allows us to store images not avaialble on Docker Hub, e.g. CMK
-registry_local_address: "localhost:30500"
+# The range of valid ports is 30000-32767
+registry_nodeport: 30500
+{% raw %}
+registry_local_address: "localhost:{{ registry_nodeport }}"
+{% endraw %}
 
 # Enable Pod Security Policy. This option enables PSP admission controller and creates minimal set of rules.
 psp_enabled: {{ bmra.features.psp }}