---
# Instance settings
cloud_image: centos-7
mode: ha

# Kubespray settings
kubeadm_certificate_key: 3998c58db6497dd17d909394e62d515368c06ec617710d02edea31c06d741085
kube_proxy_mode: iptables
kube_network_plugin: flannel
download_localhost: false
download_run_once: true
helm_enabled: true
kubernetes_audit: true
container_manager: containerd
etcd_events_cluster_enabled: true
local_volume_provisioner_enabled: true
etcd_deployment_type: host
deploy_netchecker: true
dns_min_replicas: 1
kube_encrypt_secret_data: true
ingress_nginx_enabled: true
cert_manager_enabled: true
# Disable as health checks are still unstable and slow to respond.
metrics_server_enabled: false
metrics_server_kubelet_insecure_tls: true
kube_token_auth: true
enable_nodelocaldns: false
kubelet_rotate_server_certificates: true

kube_oidc_url: https://accounts.google.com/.well-known/openid-configuration
kube_oidc_client_id: kubespray-example

tls_min_version: "VersionTLS12"
tls_cipher_suites:
  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

# test etcd tls cipher suites
etcd_tls_cipher_suites:
  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384