c12s-kubespray/roles/kubernetes/node/defaults/main.yml

47 lines
1 KiB
YAML
Raw Normal View History

# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1
# resolv.conf to base dns config
kube_resolv_conf: "/etc/resolv.conf"
2016-07-12 08:20:43 +00:00
kube_proxy_mode: iptables
# If using the pure iptables proxy, SNAT everything
kube_proxy_masquerade_all: true
# Limits for kube components and nginx load balancer app
kubelet_memory_limit: 512M
kubelet_cpu_limit: 100m
kube_proxy_memory_limit: 2000M
kube_proxy_cpu_limit: 500m
kube_proxy_memory_requests: 256M
kube_proxy_cpu_requests: 150m
nginx_memory_limit: 512M
nginx_cpu_limit: 300m
nginx_memory_requests: 64M
nginx_cpu_requests: 50m
2016-03-17 09:22:52 +00:00
# kube_api_runtime_config:
# - extensions/v1beta1/daemonsets=true
# - extensions/v1beta1/deployments=true
nginx_image_repo: nginx
nginx_image_tag: 1.11.4-alpine
etcd_config_dir: /etc/ssl/etcd
# Linux capabilities to be dropped for container engines
apps_drop_cap:
- chown
- dac_override
- fowner
- fsetid
- kill
- setgid
- setuid
- setpcap
- sys_chroot
- mknod
- audit_write
- setfcap