# change to 0.0.0.0 to enable insecure access from anywhere (not recommended) kube_apiserver_insecure_bind_address: 127.0.0.1 # resolv.conf to base dns config kube_resolv_conf: "/etc/resolv.conf" kube_proxy_mode: iptables # If using the pure iptables proxy, SNAT everything kube_proxy_masquerade_all: true # Limits for kube components and nginx load balancer app kubelet_memory_limit: 512M kubelet_cpu_limit: 100m kube_proxy_memory_limit: 2000M kube_proxy_cpu_limit: 500m kube_proxy_memory_requests: 256M kube_proxy_cpu_requests: 150m nginx_memory_limit: 512M nginx_cpu_limit: 300m nginx_memory_requests: 64M nginx_cpu_requests: 50m # kube_api_runtime_config: # - extensions/v1beta1/daemonsets=true # - extensions/v1beta1/deployments=true nginx_image_repo: nginx nginx_image_tag: 1.11.4-alpine etcd_config_dir: /etc/ssl/etcd # Linux capabilities to be dropped for container engines apps_drop_cap: - chown - dac_override - fowner - fsetid - kill - setgid - setuid - setpcap - sys_chroot - mknod - audit_write - setfcap