--- # Limits for coredns # uncomment the line below to customize the DNS cpu limit value # dns_cpu_limit: 300m dns_memory_limit: 300Mi dns_cpu_requests: 100m dns_memory_requests: 70Mi dns_min_replicas: "{{ [2, groups['k8s_cluster'] | length] | min }}" dns_nodes_per_replica: 16 dns_cores_per_replica: 256 dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas | int > 1 else 'false' }}" enable_coredns_reverse_dns_lookups: true coredns_ordinal_suffix: "" # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}] coredns_deployment_nodeselector: "kubernetes.io/os: linux" coredns_default_zone_cache_block: | cache 30 coredns_host_network: false coredns_port: 53 coredns_pod_disruption_budget: false # value for coredns pdb coredns_pod_disruption_budget_max_unavailable: "30%" # coredns_additional_configs adds any extra configuration to coredns # coredns_additional_configs: | # whoami # local # coredns_rewrite_block: | # rewrite stop { # name regex (.*)\.my\.domain {1}.svc.cluster.local # answer name (.*)\.svc\.cluster\.local {1}.my.domain # } # coredns_additional_error_config: | # consolidate 5m ".* i/o timeout$" warning # Configure coredns and nodelocaldns to correctly answer DNS queries when you changed # your 'dns_domain' and some workloads used it directly. old_dns_domains: [] # dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section # dns_upstream_forward_extra_opts: # policy: sequential # Apply extra options to coredns kubernetes plugin # coredns_kubernetes_extra_opts: # - 'fallthrough example.local' # nodelocaldns nodelocaldns_cpu_requests: 100m nodelocaldns_memory_limit: 200Mi nodelocaldns_memory_requests: 70Mi nodelocaldns_ds_nodeselector: "kubernetes.io/os: linux" nodelocaldns_prometheus_port: 9253 nodelocaldns_secondary_prometheus_port: 9255 # Limits for dns-autoscaler dns_autoscaler_cpu_requests: 20m dns_autoscaler_memory_requests: 10Mi dns_autoscaler_deployment_nodeselector: "kubernetes.io/os: linux" # dns_autoscaler_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}] # etcd metrics # etcd_metrics_service_labels: # k8s-app: etcd # app.kubernetes.io/managed-by: Kubespray # app: kube-prometheus-stack-kube-etcd # release: prometheus-stack # Netchecker deploy_netchecker: false netchecker_port: 31081 agent_report_interval: 15 netcheck_namespace: default # Limits for netchecker apps netchecker_agent_cpu_limit: 30m netchecker_agent_memory_limit: 100M netchecker_agent_cpu_requests: 15m netchecker_agent_memory_requests: 64M netchecker_server_cpu_limit: 100m netchecker_server_memory_limit: 256M netchecker_server_cpu_requests: 50m netchecker_server_memory_requests: 64M netchecker_etcd_cpu_limit: 200m netchecker_etcd_memory_limit: 256M netchecker_etcd_cpu_requests: 100m netchecker_etcd_memory_requests: 128M # SecurityContext (user/group) netchecker_agent_user: 1000 netchecker_server_user: 1000 netchecker_agent_group: 1000 netchecker_server_group: 1000 # Dashboard dashboard_replicas: 1 # Namespace for dashboard dashboard_namespace: kube-system # Limits for dashboard dashboard_cpu_limit: 100m dashboard_memory_limit: 256M dashboard_cpu_requests: 50m dashboard_memory_requests: 64M # Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that # contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs dashboard_use_custom_certs: false dashboard_certs_secret_name: kubernetes-dashboard-certs dashboard_tls_key_file: dashboard.key dashboard_tls_cert_file: dashboard.crt dashboard_master_toleration: true # Override dashboard default settings dashboard_token_ttl: 900 dashboard_skip_login: false # Policy Controllers # policy_controller_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]