---
# K3s installation defaults
# See https://docs.k3s.io/installation/configuration for all options.

k3s_version: "v1.31.5+k3s1"
k3s_install_script_url: "https://get.k3s.io"

# Disable K3s' built-in Traefik because the project's DMZ Traefik is already
# in front and we don't want two competing ingress controllers.
# Also disable servicelb (Klipper) since we route via the K3s node IP directly.
k3s_disable_components:
  - traefik
  - servicelb

# Bind kubeconfig readable for the deploy user (default vagrant).
# In production tighten this back to 600 and copy explicitly.
k3s_write_kubeconfig_mode: "0644"

# Channel selection. Use stable for PoC, lock to k3s_version above for prod.
k3s_channel: "stable"

# Cluster CIDRs (rarely need touching, set if conflicting with libvirt nets).
k3s_cluster_cidr: "10.42.0.0/16"
k3s_service_cidr: "10.43.0.0/16"

# Extra args appended to INSTALL_K3S_EXEC.
k3s_extra_args: []