okd/roles/openshift_aws/defaults/main.yml

---
openshift_aws_create_vpc: True
openshift_aws_create_s3: True
openshift_aws_create_iam_cert: True
openshift_aws_create_security_groups: True
openshift_aws_create_launch_config: True
openshift_aws_create_scale_group: True
openshift_aws_kubernetes_cluster_status: owned  # or shared
openshift_aws_node_group_type: master

openshift_aws_wait_for_ssh: True

openshift_aws_clusterid: default
openshift_aws_region: us-east-1
openshift_aws_vpc_name: "{{ openshift_aws_clusterid }}"
openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}"

openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external"
openshift_aws_iam_cert_path: ''
openshift_aws_iam_cert_chain_path: ''
openshift_aws_iam_cert_key_path: ''
openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}"

openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms"
openshift_aws_ami: ''
openshift_aws_ami_copy_wait: False
openshift_aws_ami_encrypt: False
openshift_aws_ami_copy_src_region: "{{ openshift_aws_region }}"
openshift_aws_ami_name: openshift-gi
openshift_aws_base_ami_name: ami_base

openshift_aws_launch_config_bootstrap_token: ''
openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}"

openshift_aws_users: []

openshift_aws_ami_tags:
  bootstrap: "true"
  openshift-created: "true"
  clusterid: "{{ openshift_aws_clusterid }}"

openshift_aws_s3_mode: create
openshift_aws_s3_bucket_name: "{{ openshift_aws_clusterid }}-docker-registry"

openshift_aws_elb_health_check:
  ping_protocol: tcp
  ping_port: 443
  response_timeout: 5
  interval: 30
  unhealthy_threshold: 2
  healthy_threshold: 2

openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}"
openshift_aws_elb_idle_timout: 400
openshift_aws_elb_scheme: internet-facing
openshift_aws_elb_cert_arn: ''

openshift_aws_elb_listeners:
  master:
    external:
    - protocol: tcp
      load_balancer_port: 80
      instance_protocol: ssl
      instance_port: 443
    - protocol: ssl
      load_balancer_port: 443
      instance_protocol: ssl
      instance_port: 443
      # ssl certificate required for https or ssl
      ssl_certificate_id: "{{ openshift_aws_elb_cert_arn }}"
    internal:
    - protocol: tcp
      load_balancer_port: 80
      instance_protocol: tcp
      instance_port: 80
    - protocol: tcp
      load_balancer_port: 443
      instance_protocol: tcp
      instance_port: 443

openshift_aws_node_group_config_master_volumes:
- device_name: /dev/sdb
  volume_size: 100
  device_type: gp2
  delete_on_termination: False

openshift_aws_node_group_config_node_volumes:
- device_name: /dev/sdb
  volume_size: 100
  device_type: gp2
  delete_on_termination: True

openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instance_tags(openshift_aws_kubernetes_cluster_status) }}"

openshift_aws_node_group_config:
  tags: "{{ openshift_aws_node_group_config_tags }}"
  master:
    instance_type: m4.xlarge
    ami: "{{ openshift_aws_ami }}"
    volumes: "{{ openshift_aws_node_group_config_master_volumes }}"
    health_check:
      period: 60
      type: EC2
    min_size: 3
    max_size: 3
    desired_size: 3
    tags:
      host-type: master
      sub-host-type: default
    wait_for_instances: True
  compute:
    instance_type: m4.xlarge
    ami: "{{ openshift_aws_ami }}"
    volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
    health_check:
      period: 60
      type: EC2
    min_size: 3
    max_size: 100
    desired_size: 3
    tags:
      host-type: node
      sub-host-type: compute
  infra:
    instance_type: m4.xlarge
    ami: "{{ openshift_aws_ami }}"
    volumes: "{{ openshift_aws_node_group_config_node_volumes }}"
    health_check:
      period: 60
      type: EC2
    min_size: 2
    max_size: 20
    desired_size: 2
    tags:
      host-type: node
      sub-host-type: infra

openshift_aws_elb_security_groups:
- "{{ openshift_aws_clusterid }}"
- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}"

openshift_aws_elb_instance_filter:
  "tag:clusterid": "{{ openshift_aws_clusterid }}"
  "tag:host-type": "{{ openshift_aws_node_group_type }}"
  instance-state-name: running

openshift_aws_node_security_groups:
  default:
    name: "{{ openshift_aws_clusterid }}"
    desc: "{{ openshift_aws_clusterid }} default"
    rules:
    - proto: tcp
      from_port: 22
      to_port: 22
      cidr_ip: 0.0.0.0/0
    - proto: all
      from_port: all
      to_port: all
      group_name: "{{ openshift_aws_clusterid }}"
  master:
    name: "{{ openshift_aws_clusterid }}_master"
    desc: "{{ openshift_aws_clusterid }} master instances"
    rules:
    - proto: tcp
      from_port: 80
      to_port: 80
      cidr_ip: 0.0.0.0/0
    - proto: tcp
      from_port: 443
      to_port: 443
      cidr_ip: 0.0.0.0/0
  compute:
    name: "{{ openshift_aws_clusterid }}_compute"
    desc: "{{ openshift_aws_clusterid }} compute node instances"
  infra:
    name: "{{ openshift_aws_clusterid }}_infra"
    desc: "{{ openshift_aws_clusterid }} infra node instances"
    rules:
    - proto: tcp
      from_port: 80
      to_port: 80
      cidr_ip: 0.0.0.0/0
    - proto: tcp
      from_port: 443
      to_port: 443
      cidr_ip: 0.0.0.0/0
    - proto: tcp
      from_port: 30000
      to_port: 32000
      cidr_ip: 0.0.0.0/0
  etcd:
    name: "{{ openshift_aws_clusterid }}_etcd"
    desc: "{{ openshift_aws_clusterid }} etcd instances"

openshift_aws_vpc_tags:
  Name: "{{ openshift_aws_vpc_name }}"

openshift_aws_subnet_name: us-east-1c

openshift_aws_vpc:
  name: "{{ openshift_aws_vpc_name }}"
  cidr: 172.31.0.0/16
  subnets:
    us-east-1:
    - cidr: 172.31.48.0/20
      az: "us-east-1c"
    - cidr: 172.31.32.0/20
      az: "us-east-1e"
    - cidr: 172.31.16.0/20
      az: "us-east-1a"