dciangot/fe_cypher.yaml

## fe_cypher.yaml
---
- hosts: localhost
  connection: local
  vars:
    vnode_prefix: vnode-
  pre_tasks:
    - name: Create auth file dir
      file: path=/etc/kubernetes/pki state=directory mode=755 recurse=yes
    - name: Create auth data file with an admin user
      copy: content='{{kube_admin_token}},{{kube_admin_username}},100,"users,system:masters"' dest=/etc/kubernetes/pki/auth mode=600

  roles:
    - role: indigo-dc.openvpn
      openvpn_type_of_node: "front"
      openvpn_frontname: "kubeserver"
      when: fe_hybrid_cluster
    - role: dodas.kubernetes
      kube_server: "{{ kube_front_end_ip }}"
      kube_api_server: "{{ kube_front_end_ip }}"
      kube_apiserver_options:
        [
          { option: "--service-node-port-range", value: "8000-35000" },
          { option: "--insecure-port", value: "8080" },
          { option: "--token-auth-file", value: "/etc/kubernetes/pki/auth" },
          { option: "--tls-cipher-suites", value: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA" },
        ]
      kube_deploy_dashboard: k8s
      network_manager: flannel
      nginx_ingress:
        enabled: true
        master_private_ip: "{{ kube_front_end_ip }}"
        master_public_ip: "{{ kube_api_server_public }}"
	---
	- hosts: localhost
	connection: local
	vars:
	vnode_prefix: vnode-
	pre_tasks:
	- name: Create auth file dir
	file: path=/etc/kubernetes/pki state=directory mode=755 recurse=yes
	- name: Create auth data file with an admin user
	copy: content='{{kube_admin_token}},{{kube_admin_username}},100,"users,system:masters"' dest=/etc/kubernetes/pki/auth mode=600

	roles:
	- role: indigo-dc.openvpn
	openvpn_type_of_node: "front"
	openvpn_frontname: "kubeserver"
	when: fe_hybrid_cluster
	- role: dodas.kubernetes
	kube_server: "{{ kube_front_end_ip }}"
	kube_api_server: "{{ kube_front_end_ip }}"
	kube_apiserver_options:
	[
	{ option: "--service-node-port-range", value: "8000-35000" },
	{ option: "--insecure-port", value: "8080" },
	{ option: "--token-auth-file", value: "/etc/kubernetes/pki/auth" },
	{ option: "--tls-cipher-suites", value: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_RC4_128_SHA" },
	]
	kube_deploy_dashboard: k8s
	network_manager: flannel
	nginx_ingress:
	enabled: true
	master_private_ip: "{{ kube_front_end_ip }}"
	master_public_ip: "{{ kube_api_server_public }}"