c12s-kubespray/roles/kubernetes/node/defaults/main.yml

---
# change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
kube_apiserver_insecure_bind_address: 127.0.0.1

# advertised host IP for kubelet. This affects network plugin config. Take caution
kubelet_address: "{{ ip | default(fallback_ips[inventory_hostname]) }}{{ ',' + ip6 if enable_dual_stack_networks and ip6 is defined }}"

# bind address for kubelet. Set to 0.0.0.0 to listen on all interfaces
kubelet_bind_address: "{{ ip | default('0.0.0.0') }}"

# resolv.conf to base dns config
kube_resolv_conf: "/etc/resolv.conf"

# Set to empty to avoid cgroup creation
kubelet_enforce_node_allocatable: "\"\""

# Set runtime and kubelet cgroups when using systemd as cgroup driver (default)
kubelet_runtime_cgroups: "/systemd/system.slice"
kubelet_kubelet_cgroups: "/systemd/system.slice"

# Set runtime and kubelet cgroups when using cgroupfs as cgroup driver
kubelet_runtime_cgroups_cgroupfs: "/system.slice/containerd.service"
kubelet_kubelet_cgroups_cgroupfs: "/system.slice/kubelet.service"

### fail with swap on (default true)
kubelet_fail_swap_on: true

# Reserve this space for kube resources
kube_memory_reserved: 256Mi
kube_cpu_reserved: 100m
# Reservation for master hosts
kube_master_memory_reserved: 512Mi
kube_master_cpu_reserved: 200m

# Set to true to reserve resources for system daemons
system_reserved: false
system_memory_reserved: 512Mi
system_cpu_reserved: 500m
# Reservation for master hosts
system_master_memory_reserved: 256Mi
system_master_cpu_reserved: 250m

## Eviction Thresholds to avoid system OOMs
# https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/#eviction-thresholds
eviction_hard: {}
eviction_hard_control_plane: {}

kubelet_status_update_frequency: 10s

# kube-vip
kube_vip_version: v0.4.2

kube_vip_arp_enabled: false
kube_vip_interface:
kube_vip_services_interface:
kube_vip_cidr: 32
kube_vip_controlplane_enabled: false
kube_vip_ddns_enabled: false
kube_vip_services_enabled: false
kube_vip_leader_election_enabled: "{{ kube_vip_arp_enabled }}"
kube_vip_bgp_enabled: false
kube_vip_bgp_routerid:
kube_vip_local_as: 65000
kube_vip_bgp_peeraddress:
kube_vip_bgp_peerpass:
kube_vip_bgp_peeras:
kube_vip_bgppeers:
kube_vip_address:

# Requests for load balancer app
loadbalancer_apiserver_memory_requests: 32M
loadbalancer_apiserver_cpu_requests: 25m

loadbalancer_apiserver_keepalive_timeout: 5m

# Uncomment if you need to enable deprecated runtimes
# kube_api_runtime_config:
#   - apps/v1beta1=true
#   - apps/v1beta2=true
#   - extensions/v1beta1/daemonsets=true
#   - extensions/v1beta1/deployments=true
#   - extensions/v1beta1/replicasets=true
#   - extensions/v1beta1/networkpolicies=true
#   - extensions/v1beta1/podsecuritypolicies=true

# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"

# Configure the amount of pods able to run on single node
# default is equal to application default
kubelet_max_pods: 110

## Support parameters to be passed to kubelet via kubelet-config.yaml
kubelet_config_extra_args: {}

## Parameters to be passed to kubelet via kubelet-config.yaml when cgroupfs is used as cgroup driver
kubelet_config_extra_args_cgroupfs:
  systemCgroups: /system.slice
  cgroupRoot: /

## Support parameters to be passed to kubelet via kubelet-config.yaml only on nodes, not masters
kubelet_node_config_extra_args: {}

# Maximum number of container log files that can be present for a container.
kubelet_logfiles_max_nr: 5

# Maximum size of the container log file before it is rotated
kubelet_logfiles_max_size: 10Mi

## Support custom flags to be passed to kubelet
kubelet_custom_flags: []

## Support custom flags to be passed to kubelet only on nodes, not masters
kubelet_node_custom_flags: []

# If non-empty, will use this string as identification instead of the actual hostname
kube_override_hostname: >-
  {%- if cloud_provider is defined and cloud_provider in [ 'aws' ] -%}
  {%- else -%}
  {{ inventory_hostname }}
  {%- endif -%}

# The read-only port for the Kubelet to serve on with no authentication/authorization.
kube_read_only_port: 0

# Port for healthz for Kubelet
kubelet_healthz_port: 10248

# Bind address for healthz for Kubelet
kubelet_healthz_bind_address: 127.0.0.1

# sysctl_file_path to add sysctl conf to
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"

# For the openstack integration kubelet will need credentials to access
# openstack apis like nova and cinder. Per default this values will be
# read from the environment.
openstack_auth_url: "{{ lookup('env','OS_AUTH_URL')  }}"
openstack_username: "{{ lookup('env','OS_USERNAME')  }}"
openstack_password: "{{ lookup('env','OS_PASSWORD')  }}"
openstack_region: "{{ lookup('env','OS_REGION_NAME')  }}"
openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID')|default(lookup('env','OS_PROJECT_NAME'),true),true) }}"
openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"

# For the vsphere integration, kubelet will need credentials to access
# vsphere apis
# Documentation regarding these values can be found
# https://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/vsphere/vsphere.go#L105
vsphere_vcenter_ip: "{{ lookup('env', 'VSPHERE_VCENTER') }}"
vsphere_vcenter_port: "{{ lookup('env', 'VSPHERE_VCENTER_PORT') }}"
vsphere_user: "{{ lookup('env', 'VSPHERE_USER') }}"
vsphere_password: "{{ lookup('env', 'VSPHERE_PASSWORD') }}"
vsphere_datacenter: "{{ lookup('env', 'VSPHERE_DATACENTER') }}"
vsphere_datastore: "{{ lookup('env', 'VSPHERE_DATASTORE') }}"
vsphere_working_dir: "{{ lookup('env', 'VSPHERE_WORKING_DIR') }}"
vsphere_insecure: "{{ lookup('env', 'VSPHERE_INSECURE') }}"
vsphere_resource_pool: "{{ lookup('env', 'VSPHERE_RESOURCE_POOL') }}"

vsphere_scsi_controller_type: pvscsi
# vsphere_public_network is name of the network the VMs are joined to
vsphere_public_network: "{{ lookup('env', 'VSPHERE_PUBLIC_NETWORK')|default('') }}"

## When azure is used, you need to also set the following variables.
## see docs/azure.md for details on how to get these values
# azure_tenant_id:
# azure_subscription_id:
# azure_aad_client_id:
# azure_aad_client_secret:
# azure_resource_group:
# azure_location:
# azure_subnet_name:
# azure_security_group_name:
# azure_vnet_name:
# azure_route_table_name:
# supported values are 'standard' or 'vmss'
# azure_vmtype: standard
# Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
azure_loadbalancer_sku: basic
# excludes master nodes from standard load balancer.
azure_exclude_master_from_standard_lb: true
# disables the outbound SNAT for public load balancer rules
azure_disable_outbound_snat: false
# use instance metadata service where possible
azure_use_instance_metadata: true
# use specific Azure API endpoints
azure_cloud: AzurePublicCloud

## Support tls min version, Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
# tls_min_version: ""

## Support tls cipher suites.
# tls_cipher_suites:
#   - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
#   - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
#   - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#   - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
#   - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
#   - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
#   - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
#   - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
#   - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
#   - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
#   - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
#   - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
#   - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
#   - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
#   - TLS_ECDHE_RSA_WITH_RC4_128_SHA
#   - TLS_RSA_WITH_3DES_EDE_CBC_SHA
#   - TLS_RSA_WITH_AES_128_CBC_SHA
#   - TLS_RSA_WITH_AES_128_CBC_SHA256
#   - TLS_RSA_WITH_AES_128_GCM_SHA256
#   - TLS_RSA_WITH_AES_256_CBC_SHA
#   - TLS_RSA_WITH_AES_256_GCM_SHA384
#   - TLS_RSA_WITH_RC4_128_SHA