Remove cis profile and add custom config back

fb56dbb6 · Rafael László · 6b4c231b · fb56dbb6 · fb56dbb6
Verified Commit fb56dbb6 authored 2 years ago by Rafael László
--- a/ansible/k8s/templates/custom-config.yaml.j2
+++ b/ansible/k8s/templates/custom-config.yaml.j2
+{% if active_server is defined %}
+server: https://{{ rke2_api_ip }}:9345
+{% endif %}
+token: {{ rke2_token }}
+data-dir: {{ rke2_data_path }}
+{% if inventory_hostname in groups[rke2_servers_group_name] %}
+cni: {{ rke2_cni }}
+disable-kube-proxy: {{ rke2_disable_kube_proxy }}
+tls-san:
+  - cluster.local
+  - {{ rke2_api_ip }}
+{% for san in rke2_additional_sans %}
+  - {{ san }}
+{% endfor %}
+{% endif %}
+{% if ( combined_node_taints is defined and combined_node_taints|length > 0) %}
+node-taint:
+{% for taint in combined_node_taints %}
+  - {{ taint }}
+{% endfor %}
+{% endif %}
+{% if rke2_disable and ( inventory_hostname|string() in groups[rke2_servers_group_name] ) %}
+disable: {{ rke2_disable }}
+{% endif %}
+{% if rke2_kube_apiserver_args is defined and inventory_hostname in groups[rke2_servers_group_name] %}
+kube-apiserver-arg: {{ rke2_kube_apiserver_args}}
+{% endif %}
+{% if ( k8s_node_label is defined ) %}
+node-label:
+{% for label in k8s_node_label %}
+  - {{ label }}
+{% endfor %}
+{% endif %}
+snapshotter: {{ rke2_snapshooter }}
+node-name: {{ inventory_hostname }}
+{% if 'cis' in rke2_cis_profile %}
+profile: {{ rke2_cis_profile }}
+{%endif%}
+{% if rke2_server_options is defined and inventory_hostname in groups[rke2_servers_group_name] %}
+{% for option in rke2_server_options %}
+{{ option }}
+{% endfor %}
+{% endif %}
+{% if rke2_agent_options is defined and inventory_hostname in groups[rke2_agents_group_name] %}
+{% for option in rke2_agent_options %}
+{{ option }}
+{% endfor %}
+{% endif %}
--- a/ansible/k8s/vars/main.yaml
+++ b/ansible/k8s/vars/main.yaml
@@ -136,7 +136,7 @@ rke2_custom_registry_mirrors:
 rke2_custom_registry_path: templates/registries.yaml.j2

 # Path to RKE2 config file template
-#rke2_config: templates/custom-config.yaml.j2
+rke2_config: templates/custom-config.yaml.j2

 # Etcd snapshot source directory
 rke2_etcd_snapshot_source_dir: etcd_snapshots
@@ -155,10 +155,11 @@ rke2_snapshooter: overlayfs

 # Deploy RKE2 with default CNI canal
 rke2_cni: cilium
+rke2_disable_kube_proxy: true

 # Validate system configuration against the selected benchmark
 # (Supported value is "cis-1.23" or eventually "cis-1.6" if you are running RKE2 prior 1.25)
-rke2_cis_profile: "cis-1.23"
+rke2_cis_profile: ""

 # Download Kubernetes config file to the Ansible controller
 rke2_download_kubeconf: false