Newer
Older
# Valid options: docker (default), rkt, or host
# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1
# advertised host IP for kubelet. This affects network plugin config. Take caution
kubelet_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
# bind address for kubelet. Set to 0.0.0.0 to listen on all interfaces
kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"
# resolv.conf to base dns config
kube_resolv_conf: "/etc/resolv.conf"
# If using the pure iptables proxy, SNAT everything. Note that it breaks any
# policy engine.
kube_proxy_masquerade_all: false
# These options reflect limitations of running kubelet in a container.
# Modify at your own risk
kubelet_enable_cri: true
kubelet_cgroups_per_qos: true
# Set to empty to avoid cgroup creation
# Set false to enable sharing a pid namespace between containers in a pod.
# Note that PID namespace sharing requires docker >= 1.13.1.
kubelet_disable_shared_pid: true
### fail with swap on (default true)
kubelet_fail_swap_on: true
# Reserve this space for kube resources
kube_memory_reserved: 256M
kube_cpu_reserved: 100m
# Reservation for master hosts
kube_master_memory_reserved: 512M
kube_master_cpu_reserved: 200m
kubelet_status_update_frequency: 10s
# Limits for kube components and nginx load balancer app
kube_proxy_memory_limit: 2000M
kube_proxy_cpu_limit: 500m
kube_proxy_cpu_requests: 150m
nginx_memory_limit: 512M
nginx_cpu_limit: 300m
# kube_api_runtime_config:
# - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true
nginx_image_repo: nginx
etcd_config_dir: /etc/ssl/etcd
kubelet_flexvolumes_plugins_dir: /var/lib/kubelet/volume-plugins
# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"
kubelet_load_modules: false
## Support custom flags to be passed to kubelet
# This setting is used for rkt based kubelet for deploying hyperkube
# from a docker based registry ( controls --insecure and docker:// )
## Empty vaule for quay.io containers
## docker for docker registry containers
kube_hyperkube_image_repo: ""
# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
{%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
{%- else -%}
{%- endif -%}
Jonas Kongslund
committed
# The read-only port for the Kubelet to serve on with no authentication/authorization.
kube_read_only_port: 0