24 lines
1.2 KiB
YAML
24 lines
1.2 KiB
YAML
---
|
|
# noble_repo_root / noble_kubeconfig are set in playbooks (use **playbook_dir** magic var).
|
|
|
|
# When kubeconfig points at the API VIP but this workstation cannot reach the lab LAN (VPN off, etc.),
|
|
# set a reachable control-plane URL — same as: kubectl config set-cluster noble --server=https://<cp-ip>:6443
|
|
# Example: ansible-playbook playbooks/noble.yml -e 'noble_k8s_api_server_override=https://192.168.50.20:6443'
|
|
noble_k8s_api_server_override: ""
|
|
|
|
# When /healthz fails with **network unreachable** to the VIP and **override** is empty, retry using this URL (neon).
|
|
noble_k8s_api_server_auto_fallback: true
|
|
noble_k8s_api_server_fallback: "https://192.168.50.20:6443"
|
|
|
|
# Only if you must skip the kubectl /healthz preflight (not recommended).
|
|
noble_skip_k8s_health_check: false
|
|
|
|
# Pangolin / Newt — set true only after creating newt-pangolin-auth Secret (see clusters/noble/bootstrap/newt/README.md)
|
|
noble_newt_install: false
|
|
|
|
# cert-manager needs Secret cloudflare-dns-api-token in cert-manager namespace before ClusterIssuers work
|
|
noble_cert_manager_require_cloudflare_secret: true
|
|
|
|
# post_deploy.yml — apply Vault ClusterSecretStore only after Vault is initialized and K8s auth is configured
|
|
noble_apply_vault_cluster_secret_store: false
|