k3s/defaults.jinja

{% set def_route_device = salt['cmd.run_stdout']('ip -j route list default | sed -r \'s/.+dev":"([^"]+)".+/\\1/g\'', python_shell=true) %}
{% set def_route_ip = salt['cmd.run_stdout']('ip -j addr show '+ def_route_device+ ' | sed -r \'s/.+"inet","local":"([^"]+)",.+/\\1/g\'', python_shell=true) %}
{% set admin_user= salt['cmd.run_stdout']('getent passwd 1000 | cut -d: -f1', python_shell=True)|d('k3s') %}
{% import_yaml "k3s/external.yml" as k3s_external %}

{% load_yaml as defaults %}
config:
  write-kubeconfig: /etc/rancher/k3s/kube.config.yaml
  write-kubeconfig-mode: 600
  node-ip: {{ def_route_ip }}
  data-dir: /var/lib/rancher/k3s
  default-local-storage-path: /opt/local-path-provisioner
  container-runtime-endpoint: /run/containerd/containerd.sock
  snapshotter: native
  private-registry: /etc/rancher/k3s/registries.yaml
{#
  # server options
  datastore-cafile: "TLS Certificate Authority file used to secure datastore backend communication"
  datastore-certfile: "TLS certification file used to secure datastore backend communication"
  datastore-keyfile: "TLS key file used to secure datastore backend communication"
  datastore-endpoint: "Specify etcd, Mysql, Postgres, or Sqlite (default) data source name"
  write-kubeconfig: "Write kubeconfig for admin client to this file"
  write-kubeconfig-mode: "Write kubeconfig with this mode.""

  # agent options
  node-ip: "IP address to advertise for node"
  node-external-ip: "External IP address to advertise for node"
  resolv-conf: "Kubelet resolv.conf file"
  node-label: "Registering and starting kubelet with set of labels"
  node-taint: "Registering kubelet with set of taints"

  # data-dir: Folder to hold state
  data-dir: "/var/lib/rancher/k3s" or "${HOME}/.rancher/k3s" if not root
  # default-local-storage-path: Default local storage path for local provisioner storage class
  default-local-storage-path:  "/opt/local-path-provisioner"

  container-runtime-endpoint: Disable embedded containerd and use alternative CRI implementation
  snapshotter: overlayfs  # Override default (overlayfs) containerd snapshotter, eg. "native" or "zfs"
  private-registry:	"Private registry configuration file"
  secrets-encryption: "Enable Secret encryption at rest"

  # lb-server-port: Local port for supervisor client load-balancer
  # If the supervisor and apiserver are not colocated an additional port 1 less
  # than this port will also be used for the apiserver client load-balancer.
  lb-server-port: 6444
 	bind-address: 0.0.0.0 # k3s bind address
  https-listen-port: 6443  # HTTPS listen port
  #	advertise-address: "IP address that apiserver uses to advertise to members of the cluster"
  advertise-address: node-external-ip/node-ip
  advertise-port: listen-port # Port that apiserver uses to advertise to members of the cluster
  tls-san: "Add additional hostname or IP as a Subject Alternative Name in the TLS cert"

  cluster-cidr: "10.42.0.0/16" 	# Network CIDR to use for pod IPs
  service-cidr: "10.43.0.0/16"  # Network CIDR to use for services IPs
  cluster-dns: "10.43.0.10"     # Cluster IP for coredns service. Should be in your service-cidr range
  cluster-domain: "cluster.local"   # Cluster Domain
  flannel-backend: "vxlan"      # One of ‘none’, ‘vxlan’, ‘ipsec’, ‘host-gw’, or ‘wireguard’

  kube-apiserver-arg: "Customized flag for kube-apiserver process"
  kube-scheduler-arg: "Customized flag for kube-scheduler process"
  kube-controller-manager-arg: "Customized flag for kube-controller-manager process"
  kube-cloud-controller-manager-arg: "Customized flag for kube-cloud-controller-manager process"
  kubelet-arg: "Customized flag for kubelet process"
  kube-proxy-arg: "Customized flag for kube-proxy process"
#}

admin:
  user: {{ admin_user }}
  "copy-kubeconfig": false

symlink:
  kubectl: true

env_file: /etc/systemd/system/k3s.env
k3s_config_file: /etc/rancher/k3s/config.yaml
kube_config_file: /etc/rancher/k3s/kube.config.yaml
server_options: "--config /etc/rancher/k3s/config.yaml"
kubelet_storage_path: /var/lib/kublet
external: {{ k3s_external.objects }}

{% endload %}

{% set settings=salt['grains.filter_by']({'none': defaults},
  grain='none', default= 'none', merge= salt['pillar.get']('k3s', {})) %}

{# expand ##version## in field external.*.download #}
{% for n,v in settings.external.items() %}
  {% set download=settings.external[n]['download']|regex_replace('##version##', v.version) %}
  {% do settings.external[n].update( {'download': download} ) %}
  {% if settings.external[n]['hash_url'] %}
    {% set hash_url=settings.external[n]['hash_url']|regex_replace('##version##', v.version) %}
    {% do settings.external[n].update( {'hash_url': hash_url} ) %}
  {% endif %}
{% endfor %}