Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v2.27.0
  • v2.25.1
  • v2.24.3
  • v2.26.0
  • v2.24.2
  • v2.25.0
  • v2.24.1
  • v2.22.2
  • v2.23.3
  • v2.24.0
  • v2.23.2
  • v2.23.1
  • v2.23.0
  • v2.22.1
  • v2.22.0
  • v2.21.0
  • v2.20.0
  • v2.19.1
  • v2.18.2
  • v2.19.0
21 results
Blame Permalink
main.yml 6.92 KiB 
---
# disable upgrade cluster
upgrade_cluster_setup: false

# Experimental kubeadm etcd deployment mode. Available only for new deployment
etcd_kubeadm_enabled: false

# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1

# By default the external API listens on all interfaces, this can be changed to
# listen on a specific address/interface.
kube_apiserver_bind_address: 0.0.0.0

# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"

# ETCD backend for k8s data
kube_apiserver_storage_backend: etcd3

kube_etcd_cacert_file: ca.pem
kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem

# Associated interfaces must be reachable by the rest of the cluster, and by
# CLI/web clients.
kube_controller_manager_bind_address: 0.0.0.0
kube_scheduler_bind_address: 0.0.0.0

# Leader election lease durations and timeouts for scheduler and controller-manager
kube_controller_manager_leader_elect_lease_duration: 15s
kube_controller_manager_leader_elect_renew_deadline: 10s

kube_scheduler_leader_elect_lease_duration: 15s
kube_scheduler_leader_elect_renew_deadline: 10s

# discovery_timeout modifies the discovery timeout
discovery_timeout: 5m0s

# Instruct first master to refresh kubeadm token
kubeadm_refresh_token: true

# Scale down coredns replicas to 0 if not using coredns dns_mode
kubeadm_scale_down_coredns_enabled: true

# audit support
kubernetes_audit: false
# path to audit log file
audit_log_path: /var/log/audit/kube-apiserver-audit.log
# num days
audit_log_maxage: 30
# the num of audit logs to retain
audit_log_maxbackups: 1
# the max size in MB to retain
audit_log_maxsize: 100
# policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: |
#   - level: None
#     users: []
#     verbs: []
#     resources: []

# audit log hostpath
audit_log_name: audit-logs
audit_log_hostpath: /var/log/kubernetes/audit
audit_log_mountpath: "{{ audit_log_path | dirname }}"