shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
							---
openshift_gcp_prefix: ''

openshift_gcp_create_network: True
openshift_gcp_create_registry_bucket: True
openshift_gcp_kubernetes_cluster_status: owned  # or shared
openshift_gcp_node_group_type: master

openshift_gcp_ssh_private_key: ''

openshift_gcp_project: ''
openshift_gcp_clusterid: default
openshift_gcp_region: us-central1
openshift_gcp_zone: us-central1-a

openshift_gcp_network_name: "{{ openshift_gcp_prefix }}network"

openshift_gcp_iam_service_account: ''
openshift_gcp_iam_service_account_keyfile: ''

openshift_gcp_master_lb_timeout: 2m

openshift_gcp_infra_network_instance_group: ig-i

openshift_gcp_image: 'rhel-7'
openshift_gcp_base_image: rhel-7

openshift_gcp_registry_bucket_keyfile: ''
openshift_gcp_registry_bucket_name: "{{ openshift_gcp_prefix }}-docker-registry"

openshift_gcp_master_dns_ttl: 300

openshift_gcp_node_group_config:
  - name: bootstrap
    suffix: b
    tags: ocp-bootstrap ocp-node
    machine_type: n1-standard-2
    boot_disk_size: 150
    scale: 1
  - name: master
    suffix: m
    tags: ocp-master ocp-node
    machine_type: n1-standard-2
    boot_disk_size: 150
    scale: 1
  - name: worker
    suffix: n
    tags: ocp-worker ocp-node
    machine_type: n1-standard-2
    boot_disk_size: 150
    scale: 3
  - name: node-flex
    suffix: nf
    tags: ocp-node
    machine_type: n1-standard-2
    boot_disk_size: 150
    scale: 0

openshift_gcp_startup_script_file: "{{ role_path }}/files/bootstrap-script.sh"
openshift_gcp_user_data_file: ''

openshift_gcp_multizone: False

provision_custom_repositories: []

mcd_port: 49500
openshift_gcp_kubernetes_api_port: 6443
openshift_gcp_master_healthcheck_port: 8080

openshift_gcp_firewall_rules:
  - rule: icmp
    allowed:
      - ip_protocol: 'icmp'
  - rule: ssh-external
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - '22'
  - rule: ssh-internal
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - '22'
    source_tags:
      - ssh-bastion
  - rule: master-internal
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - '2224'
          - '2379'
          - '2380'
          - '4001'
          #kube-system/kubelet:cadvisor
          - '4193'
          - "{{ openshift_gcp_kubernetes_api_port }}"
          - "{{ internal_console_port }}"
          - '8053'
          - '8444'
          - "{{ openshift_gcp_master_healthcheck_port }}"
          - '9100'
          - '10250'
          - '10255'
          - '24224'
          - "{{ mcd_port }}"
      - ip_protocol: 'udp'
        ports:
          - '4789'
          - '5404'
          - '5405'
          - '10255'
          - '24224'
    source_tags:
      - ocp
    target_tags:
      - ocp-master
      - ocp-bootstrap
  - rule: master-external
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - "{{ openshift_gcp_master_healthcheck_port }}"
          - "{{ openshift_gcp_kubernetes_api_port }}"
          - "{{ openshift_master_api_port }}"
          - "{{ mcd_port }}"
    target_tags:
      - ocp-master
      - ocp-bootstrap
  - rule: node-internal
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - '1936'
          - '10250'
          - '10255'
          - '9000-10000'
      - ip_protocol: 'udp'
        ports:
          - '4789'
          - '10255'
    source_tags:
      - ocp
    target_tags:
      - ocp-worker
  - rule: node-external
    allowed:
      - ip_protocol: 'tcp'
        ports:
          - "{{ openshift_node_port_range }}"
      - ip_protocol: 'udp'
        ports:
          - "{{ openshift_node_port_range }}"
    target_tags:
      - ocp-worker