2016-01-19 22:23:19 +08:00
|
|
|
---
|
2017-03-04 04:30:37 +08:00
|
|
|
# Set to false to only do certificate management
|
|
|
|
etcd_cluster_setup: true
|
2018-04-02 00:58:08 +08:00
|
|
|
etcd_events_cluster_setup: false
|
2017-03-04 04:30:37 +08:00
|
|
|
|
2018-06-18 21:19:12 +08:00
|
|
|
# Set to true to separate k8s events to a different etcd cluster
|
|
|
|
etcd_events_cluster_enabled: false
|
|
|
|
|
2017-06-27 21:12:34 +08:00
|
|
|
etcd_backup_prefix: "/var/backups"
|
2017-02-24 22:58:54 +08:00
|
|
|
etcd_data_dir: "/var/lib/etcd"
|
2018-03-01 16:39:14 +08:00
|
|
|
etcd_events_data_dir: "/var/lib/etcd-events"
|
2016-11-09 18:44:41 +08:00
|
|
|
|
|
|
|
etcd_config_dir: /etc/ssl/etcd
|
|
|
|
etcd_cert_dir: "{{ etcd_config_dir }}/ssl"
|
2017-02-06 20:58:54 +08:00
|
|
|
etcd_cert_group: root
|
2018-01-09 19:37:34 +08:00
|
|
|
# Note: This does not set up DNS entries. It simply adds the following DNS
|
|
|
|
# entries to the certificate
|
|
|
|
etcd_cert_alt_names:
|
2018-03-30 19:29:13 +08:00
|
|
|
- "etcd.kube-system.svc.{{ dns_domain }}"
|
|
|
|
- "etcd.kube-system.svc"
|
|
|
|
- "etcd.kube-system"
|
2018-01-09 19:37:34 +08:00
|
|
|
- "etcd"
|
2018-08-31 20:34:13 +08:00
|
|
|
etcd_cert_alt_ips: []
|
2016-11-09 18:44:41 +08:00
|
|
|
|
|
|
|
etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
|
2016-12-23 22:44:44 +08:00
|
|
|
|
2017-02-07 22:46:02 +08:00
|
|
|
etcd_heartbeat_interval: "250"
|
|
|
|
etcd_election_timeout: "5000"
|
|
|
|
|
2018-03-28 22:30:00 +08:00
|
|
|
# etcd_snapshot_count: "10000"
|
2018-03-26 22:25:51 +08:00
|
|
|
|
|
|
|
# Parameters for ionice
|
|
|
|
# -c takes an integer between 0 and 3 or one of the strings none, realtime, best-effort or idle.
|
|
|
|
# -n takes an integer between 0 (highest priority) and 7 (lowest priority)
|
2018-03-28 22:30:00 +08:00
|
|
|
# etcd_ionice: "-c2 -n0"
|
2018-03-26 22:25:51 +08:00
|
|
|
|
2017-07-24 16:25:38 +08:00
|
|
|
etcd_metrics: "basic"
|
|
|
|
|
2018-04-19 01:16:42 +08:00
|
|
|
## A dictionary of extra environment variables to add to etcd.env, formatted like:
|
|
|
|
## etcd_extra_vars:
|
|
|
|
## ETCD_VAR1: "value1"
|
|
|
|
## ETCD_VAR2: "value2"
|
|
|
|
etcd_extra_vars: {}
|
|
|
|
|
2016-12-23 22:44:44 +08:00
|
|
|
# Limits
|
2017-10-25 17:25:15 +08:00
|
|
|
# Limit memory only if <4GB memory on host. 0=unlimited
|
|
|
|
etcd_memory_limit: "{% if ansible_memtotal_mb < 4096 %}512M{% else %}0{% endif %}"
|
2017-02-07 22:46:02 +08:00
|
|
|
|
2018-08-04 19:56:25 +08:00
|
|
|
# etcd_quota_backend_bytes: "2G"
|
|
|
|
|
2017-02-07 22:46:02 +08:00
|
|
|
# Uncomment to set CPU share for etcd
|
2017-08-24 17:09:52 +08:00
|
|
|
# etcd_cpu_limit: 300m
|
2017-02-09 05:41:36 +08:00
|
|
|
|
2017-09-25 19:20:24 +08:00
|
|
|
etcd_blkio_weight: 1000
|
|
|
|
|
2018-02-22 20:08:50 +08:00
|
|
|
etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr', [])) | union(groups.get('vault', [])) }}"
|
2017-06-14 16:39:38 +08:00
|
|
|
|
2017-08-20 18:55:48 +08:00
|
|
|
etcd_compaction_retention: "8"
|
2017-08-30 21:03:22 +08:00
|
|
|
|
2017-11-07 22:06:16 +08:00
|
|
|
# Force clients like etcdctl to use TLS certs (different than peer security)
|
|
|
|
etcd_secure_client: true
|
2018-01-12 02:07:43 +08:00
|
|
|
|
|
|
|
# Enable peer client cert authentication
|
|
|
|
etcd_peer_client_auth: true
|
2020-02-11 17:38:01 +08:00
|
|
|
|
|
|
|
# Number of loop retries
|
|
|
|
etcd_retries: 4
|