kubespray/roles/kubernetes-apps/ansible/defaults/main.yml

128 lines
3.9 KiB
YAML
Raw Normal View History

---
# Limits for coredns
# uncomment the line below to customize the DNS cpu limit value
# dns_cpu_limit: 300m
dns_memory_limit: 300Mi
dns_cpu_requests: 100m
dns_memory_requests: 70Mi
dns_min_replicas: "{{ [2, groups['k8s_cluster'] | length] | min }}"
dns_nodes_per_replica: 16
dns_cores_per_replica: 256
dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas | int > 1 else 'false' }}"
enable_coredns_reverse_dns_lookups: true
coredns_ordinal_suffix: ""
# dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
coredns_deployment_nodeselector: "kubernetes.io/os: linux"
coredns_default_zone_cache_block: |
cache 30
coredns_pod_disruption_budget: false
# value for coredns pdb
coredns_pod_disruption_budget_max_unavailable: "30%"
# coredns_additional_configs adds any extra configuration to coredns
# coredns_additional_configs: |
# whoami
# local
# coredns_rewrite_block: |
# rewrite stop {
# name regex (.*)\.my\.domain {1}.svc.cluster.local
# answer name (.*)\.svc\.cluster\.local {1}.my.domain
# }
# coredns_additional_error_config: |
# consolidate 5m ".* i/o timeout$" warning
# Configure coredns and nodelocaldns to correctly answer DNS queries when you changed
# your 'dns_domain' and some workloads used it directly.
old_dns_domains: []
# dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section
# dns_upstream_forward_extra_opts:
# policy: sequential
# Apply extra options to coredns kubernetes plugin
# coredns_kubernetes_extra_opts:
# - 'fallthrough example.local'
# nodelocaldns
nodelocaldns_cpu_requests: 100m
nodelocaldns_memory_limit: 200Mi
nodelocaldns_memory_requests: 70Mi
nodelocaldns_ds_nodeselector: "kubernetes.io/os: linux"
nodelocaldns_prometheus_port: 9253
nodelocaldns_secondary_prometheus_port: 9255
# Limits for dns-autoscaler
dns_autoscaler_cpu_requests: 20m
dns_autoscaler_memory_requests: 10Mi
dns_autoscaler_deployment_nodeselector: "kubernetes.io/os: linux"
# dns_autoscaler_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
# etcd metrics
# etcd_metrics_service_labels:
# k8s-app: etcd
# app.kubernetes.io/managed-by: Kubespray
# app: kube-prometheus-stack-kube-etcd
# release: prometheus-stack
# Netchecker
deploy_netchecker: false
netchecker_port: 31081
agent_report_interval: 15
netcheck_namespace: default
# Limits for netchecker apps
netchecker_agent_cpu_limit: 30m
netchecker_agent_memory_limit: 100M
netchecker_agent_cpu_requests: 15m
netchecker_agent_memory_requests: 64M
netchecker_server_cpu_limit: 100m
netchecker_server_memory_limit: 256M
netchecker_server_cpu_requests: 50m
netchecker_server_memory_requests: 64M
netchecker_etcd_cpu_limit: 200m
netchecker_etcd_memory_limit: 256M
netchecker_etcd_cpu_requests: 100m
netchecker_etcd_memory_requests: 128M
# SecurityContext (user/group)
netchecker_agent_user: 1000
netchecker_server_user: 1000
netchecker_agent_group: 1000
netchecker_server_group: 1000
# Log levels
netchecker_agent_log_level: 5
netchecker_server_log_level: 5
netchecker_etcd_log_level: info
# Dashboard
dashboard_replicas: 1
# Namespace for dashboard
dashboard_namespace: kube-system
# Limits for dashboard
dashboard_cpu_limit: 100m
dashboard_memory_limit: 256M
dashboard_cpu_requests: 50m
dashboard_memory_requests: 64M
2017-12-18 23:07:19 +08:00
# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that
# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs
dashboard_use_custom_certs: false
dashboard_certs_secret_name: kubernetes-dashboard-certs
dashboard_tls_key_file: dashboard.key
dashboard_tls_cert_file: dashboard.crt
dashboard_master_toleration: true
2017-12-18 23:07:19 +08:00
# Override dashboard default settings
dashboard_token_ttl: 900
dashboard_skip_login: false
# Policy Controllers
# policy_controller_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]