0c6f172e75
This version required changing the previous access model for dashboard completely but it's a change for the better. Docs were updated. * New login/auth options that use apiserver auth proxying by default * Requires RBAC in `authorization_modes` * Only serves over https * No longer available at https://first_master:6443/ui until apiserver is updated with the https proxy URL: * Can access from https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login you will be prompted for credentials * Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ * It is recommended to access dashboard from behind a gateway that enforces an authentication token, details and other access options here: https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
62 lines
1.8 KiB
YAML
62 lines
1.8 KiB
YAML
---
|
|
# Versions
|
|
kubedns_version: 1.14.7
|
|
kubednsautoscaler_version: 1.1.1
|
|
|
|
# Limits for dnsmasq/kubedns apps
|
|
dns_memory_limit: 170Mi
|
|
dns_cpu_requests: 100m
|
|
dns_memory_requests: 70Mi
|
|
kubedns_min_replicas: 2
|
|
kubedns_nodes_per_replica: 10
|
|
|
|
# Images
|
|
kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-amd64"
|
|
kubedns_image_tag: "{{ kubedns_version }}"
|
|
dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64"
|
|
dnsmasq_nanny_image_tag: "{{ kubedns_version }}"
|
|
dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-amd64"
|
|
dnsmasq_sidecar_image_tag: "{{ kubedns_version }}"
|
|
kubednsautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-amd64"
|
|
kubednsautoscaler_image_tag: "{{ kubednsautoscaler_version }}"
|
|
|
|
# Netchecker
|
|
deploy_netchecker: false
|
|
netchecker_port: 31081
|
|
agent_report_interval: 15
|
|
netcheck_namespace: default
|
|
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_agent_tag }}"
|
|
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_server_tag }}"
|
|
|
|
# Limits for netchecker apps
|
|
netchecker_agent_cpu_limit: 30m
|
|
netchecker_agent_memory_limit: 100M
|
|
netchecker_agent_cpu_requests: 15m
|
|
netchecker_agent_memory_requests: 64M
|
|
netchecker_server_cpu_limit: 100m
|
|
netchecker_server_memory_limit: 256M
|
|
netchecker_server_cpu_requests: 50m
|
|
netchecker_server_memory_requests: 64M
|
|
|
|
# Dashboard
|
|
dashboard_enabled: false
|
|
dashboard_image_repo: gcr.io/google_containers/kubernetes-dashboard-amd64
|
|
dashboard_image_tag: v1.7.1
|
|
dashboard_init_image_repo: gcr.io/google_containers/kubernetes-dashboard-init-amd64
|
|
dashboard_init_image_tag: v1.0.1
|
|
|
|
# Limits for dashboard
|
|
dashboard_cpu_limit: 100m
|
|
dashboard_memory_limit: 256M
|
|
dashboard_cpu_requests: 50m
|
|
dashboard_memory_requests: 64M
|
|
|
|
# SSL
|
|
etcd_cert_dir: "/etc/ssl/etcd/ssl"
|
|
canal_cert_dir: "/etc/canal/certs"
|
|
|
|
rbac_resources:
|
|
- sa
|
|
- clusterrole
|
|
- clusterrolebinding
|