Created
August 11, 2020 07:29
-
-
Save JosephKang/a59864bbdf205af8eab61408dcb50373 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############## etcd configuration ############## | |
# etcd_deployment_type: docker | |
# etcd_version: v3.3.10 | |
## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics. | |
# etcd_metrics: basic | |
## Etcd is restricted by default to 512M on systems under 4GB RAM, 512MB is not enough for much more than testing. | |
## Set this if your etcd nodes have less than 4GB but you want more RAM for etcd. Set to 0 for unrestricted RAM. | |
etcd_memory_limit: "0" | |
## Etcd has a default of 2G for its space quota. If you put a value in etcd_memory_limit which is less than | |
## etcd_quota_backend_bytes, you may encounter out of memory terminations of the etcd cluster. Please check | |
## etcd documentation for more information. | |
## https://etcd.io/docs/v3.4.0/op-guide/configuration/ | |
etcd_quota_backend_bytes: "8589934592" | |
############## nginx configuration ############## | |
# Requests for load balancer app | |
loadbalancer_apiserver_memory_requests: 500M | |
loadbalancer_apiserver_cpu_requests: 500m | |
loadbalancer_apiserver_keepalive_timeout: 15m | |
## Internal loadbalancers for apiservers | |
# loadbalancer_apiserver_localhost: true | |
## valid options are "nginx" or "haproxy" | |
loadbalancer_apiserver_type: "nginx" | |
## applied if only external loadbalancer_apiserver is defined, otherwise ignored | |
# apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local" | |
## Local loadbalancer should use this port | |
## And must be set port 6443 | |
# loadbalancer_apiserver_port: 6443 | |
## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx. | |
# loadbalancer_apiserver_healthcheck_port: 8081 | |
############## DNS configuration ############## | |
## Kubernetes cluster name, also will be used as DNS domain | |
# cluster_name: cluster.local | |
## Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods | |
# ndots: 2 | |
## Can be coredns, coredns_dual, manual or none | |
# dns_mode: coredns | |
## Set manual server if using a custom cluster DNS server | |
## manual_dns_server: 10.x.x.x | |
## Enable nodelocal dns cache | |
enable_nodelocaldns: false | |
# nodelocaldns_ip: 169.254.25.10 | |
# nodelocaldns_health_port: 9254 | |
## Enable k8s_external plugin for CoreDNS | |
# enable_coredns_k8s_external: false | |
# coredns_k8s_external_zone: k8s_external.local | |
## Enable endpoint_pod_names option for kubernetes plugin | |
# enable_coredns_k8s_endpoint_pod_names: false | |
## Can be docker_dns, host_resolvconf or none | |
# resolvconf_mode: docker_dns | |
## Ip address of the kubernetes skydns service | |
# skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" | |
# skydns_server_secondary: "{{ kube_service_addresses|ipaddr('net')|ipaddr(4)|ipaddr('address') }}" | |
# dns_domain: "{{ cluster_name }}" | |
# Limits for coredns | |
dns_memory_limit: 1000Mi | |
dns_cpu_requests: 1000m | |
dns_memory_requests: 500Mi | |
dns_min_replicas: 1 | |
# dns_nodes_per_replica: 16 | |
# dns_cores_per_replica: 256 | |
# dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}" | |
# coredns_ordinal_suffix: "" | |
# nodelocaldns | |
# nodelocaldns_cpu_requests: 100m | |
# nodelocaldns_memory_limit: 170Mi | |
# nodelocaldnsdns_memory_requests: 70Mi | |
# Netchecker | |
## Deploy netchecker app to verify DNS resolve as an HTTP service | |
deploy_netchecker: false | |
# netchecker_port: 31081 | |
# agent_report_interval: 15 | |
# netcheck_namespace: default | |
# Limits for netchecker apps | |
# netchecker_agent_cpu_limit: 30m | |
# netchecker_agent_memory_limit: 100M | |
# netchecker_agent_cpu_requests: 15m | |
# netchecker_agent_memory_requests: 64M | |
# netchecker_server_cpu_limit: 100m | |
# netchecker_server_memory_limit: 256M | |
# netchecker_server_cpu_requests: 50m | |
# netchecker_server_memory_requests: 64M | |
# SecurityContext when PodSecurityPolicy is enabled | |
# netchecker_agent_user: 1000 | |
# netchecker_server_user: 1000 | |
# netchecker_agent_group: 1000 | |
# netchecker_server_group: 1000 | |
############## kubernetes configuration ############## | |
## Change this to use another Kubernetes version, e.g. a current beta release | |
# kube_version: v1.15.3 | |
## Cluster Loglevel configuration | |
kube_log_level: 2 | |
#kube_token_auth: true | |
#kube_basic_auth: true | |
## Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts | |
kubeconfig_localhost: true | |
## Download kubectl onto the host that runs Ansible in {{ bin_dir }} | |
kubectl_localhost: true | |
# kubelet_status_update_frequency: 10s | |
## For some things, kubelet needs to load kernel modules. For example, | |
## dynamic kernel services are needed for mounting persistent volumes into containers. These may not be | |
## loaded by preinstall kubernetes processes. For example, ceph and rbd backed volumes. Set this variable to | |
## true to let kubelet load kernel modules. | |
# kubelet_load_modules: false | |
## Configure the amount of pods able to run on single node | |
## default is equal to application default | |
# kubelet_max_pods: 110 | |
## Support custom flags to be passed to kubelet | |
kubelet_custom_flags: | |
- "--image-pull-progress-deadline=10m" | |
# kube_feature_gates: [] | |
## Support custom flags to be passed to kubelet only on nodes, not masters | |
# kubelet_node_custom_flags: [] | |
k8s_image_pull_policy: IfNotPresent | |
## extra runtime config | |
# kube_api_runtime_config: [] | |
##### networking | |
# Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni | |
# kube_network_plugin_multus: false | |
## Scale: 4096 nodes, 100 pods per node | |
## Kubernetes internal network for services, unused block of space. | |
kube_service_addresses: 10.192.0.0/13 | |
## internal network. When used, it will assign IP | |
## addresses from this range to individual pods. | |
## This network must be unused in your network infrastructure! | |
kube_pods_subnet: 10.200.0.0/13 | |
## internal network node size allocation (optional). This is the size allocated | |
## to each node on your network. With these defaults you should have | |
## room for 64 nodes with 254 pods per node. | |
## Example: Up to 256 nodes, 100 pods per node (/16 network): | |
## - kube_service_addresses: 10.233.0.0/17 | |
## - kube_pods_subnet: 10.233.128.0/17 | |
## - kube_network_node_prefix: 25 | |
## Example: Up to 4096 nodes, 100 pods per node (/12 network): | |
## - kube_service_addresses: 10.192.0.0/13 | |
## - kube_pods_subnet: 10.200.0.0/13 | |
## - kube_network_node_prefix: 25 | |
kube_network_node_prefix: 25 | |
##### api-server | |
kube_kubeadm_apiserver_extra_args: | |
cors-allowed-origins: ".*" | |
storage-media-type: "application/json" | |
max-requests-inflight: 1500 | |
max-mutating-requests-inflight: 500 | |
v: 2 | |
## Extra control plane host volume mounts | |
## Example: | |
## apiserver_extra_volumes: | |
## - name: name | |
## hostPath: /host/path | |
## mountPath: /mount/path | |
## readOnly: true | |
# apiserver_extra_volumes: {} | |
## ETCD backend for k8s data | |
# kube_apiserver_storage_backend: etcd3 | |
## change to 0.0.0.0 to enable insecure access from anywhere (not recommended) | |
# kube_apiserver_insecure_bind_address: 127.0.0.1 | |
## By default the external API listens on all interfaces, this can be changed to | |
## listen on a specific address/interface. | |
# kube_apiserver_bind_address: 0.0.0.0 | |
## A port range to reserve for services with NodePort visibility. | |
## Inclusive at both ends of the range. | |
# kube_apiserver_node_port_range: "30000-32767" | |
kube_apiserver_memory_limit: 20000M | |
kube_apiserver_cpu_limit: 10000m | |
kube_apiserver_memory_requests: 1024M | |
kube_apiserver_cpu_requests: 1000m | |
# kube_apiserver_request_timeout: "1m0s" | |
# 1.9 and below Admission control plug-ins | |
#kube_apiserver_admission_control: | |
# - NamespaceLifecycle | |
# - LimitRanger | |
# - ServiceAccount | |
# - DefaultStorageClass | |
# - PersistentVolumeClaimResize | |
# - MutatingAdmissionWebhook | |
# - ValidatingAdmissionWebhook | |
# - ResourceQuota | |
# - DefaultTolerationSeconds | |
# - DenyEscalatingExec | |
## 1.10+ admission plugins | |
# kube_apiserver_enable_admission_plugins: [] | |
## 1.10+ list of disabled admission plugins | |
# kube_apiserver_disable_admission_plugins: [] | |
##### controller | |
kube_kubeadm_controller_extra_args: | |
v: 2 | |
large-cluster-size-threshold: 0 | |
secondary-node-eviction-rate: 0.05 | |
# controller_manager_extra_volumes: {} | |
# kube_controller_manager_bind_address: 0.0.0.0 | |
kube_controller_memory_limit: 20000M | |
kube_controller_cpu_limit: 10000m | |
kube_controller_memory_requests: 1024M | |
kube_controller_cpu_requests: 1000m | |
# kube_controller_node_monitor_grace_period: 40s | |
# kube_controller_node_monitor_period: 5s | |
# kube_controller_pod_eviction_timeout: 5m0s | |
# kube_controller_terminated_pod_gc_threshold: 12500 | |
##### scheduler | |
kube_kubeadm_scheduler_extra_args: | |
v: 2 | |
# scheduler_extra_volumes: {} | |
# kube_scheduler_bind_address: 0.0.0.0 | |
kube_scheduler_memory_limit: 200000M | |
kube_scheduler_cpu_limit: 10000m | |
kube_scheduler_memory_requests: 1024M | |
kube_scheduler_cpu_requests: 1000m | |
##### dashboard | |
dashboard_enabled: false | |
# dashboard_replicas: 1 | |
# Limits for dashboard | |
# dashboard_cpu_limit: 100m | |
# dashboard_memory_limit: 256M | |
# dashboard_cpu_requests: 50m | |
# dashboard_memory_requests: 64M | |
# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that | |
# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs | |
# dashboard_use_custom_certs: false | |
# dashboard_certs_secret_name: kubernetes-dashboard-certs | |
# dashboard_tls_key_file: dashboard.key | |
# dashboard_tls_cert_file: dashboard.crt | |
# dashboard_master_toleration: true | |
# Override dashboard default settings | |
# dashboard_token_ttl: 900 | |
# dashboard_skip_login: false | |
############## other configuration ############## | |
## Optionally reserve resources for OS system daemons. | |
# system_reserved: true | |
## Uncomment to override default values | |
# system_memory_reserved: 3072M | |
# system_cpu_reserved: 500m | |
## Reservation for master hosts | |
# system_master_memory_reserved: 256M | |
# system_master_cpu_reserved: 250m | |
############## addon configuration ############## | |
# Helm deployment | |
# helm_enabled: true | |
# Cert manager deployment | |
# cert_manager_enabled: true | |
# cert_manager_namespace: "cert-manager" | |
############## docker configuration ############## | |
# docker_version: latest | |
docker_dns_servers_strict: false | |
## Used to set docker daemon iptables options to true | |
docker_log_opts: "--log-opt max-size=2g --log-opt max-file=2 --log-driver=json-file" | |
docker_options: >- | |
{%- if docker_insecure_registries is defined %} | |
{{ docker_insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }} | |
{%- endif %} | |
{% if docker_registry_mirrors is defined %} | |
{{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }} | |
{%- endif %} | |
{%- if docker_version != "latest" and docker_version is version('17.05', '<') %} | |
--graph={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %} | |
{%- else %} | |
--data-root={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %} | |
{%- endif %} | |
{%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %} | |
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current | |
--default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd | |
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false | |
{%- endif -%} | |
docker_daemon_graph: "/mnt/docker" | |
# Choose network plugin (cilium, calico, contiv, weave or flannel. Use cni for generic cni plugin) | |
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing | |
kube_network_plugin: calico |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this variables not found in kubespray