3a39904011
By default Calico CNI does not create any network access policies or profiles if 'policy' is enabled in CNI config. And without any policies/profiles network access to/from PODs is blocked. K8s related policies are created by calico-policy-controller in such case. So we need to start it as soon as possible, before any real workloads. This patch also fixes kube-api port in calico-policy-controller yaml template. Closes #1132
43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
# Versions
|
|
kubedns_version: 1.9
|
|
kubednsmasq_version: 1.3
|
|
exechealthz_version: 1.1
|
|
|
|
# Limits for dnsmasq/kubedns apps
|
|
dns_cpu_limit: 100m
|
|
dns_memory_limit: 170Mi
|
|
dns_cpu_requests: 70m
|
|
dns_memory_requests: 50Mi
|
|
kubedns_min_replicas: 1
|
|
kubedns_nodes_per_replica: 10
|
|
|
|
# Images
|
|
kubedns_image_repo: "gcr.io/google_containers/kubedns-amd64"
|
|
kubedns_image_tag: "{{ kubedns_version }}"
|
|
kubednsmasq_image_repo: "gcr.io/google_containers/kube-dnsmasq-amd64"
|
|
kubednsmasq_image_tag: "{{ kubednsmasq_version }}"
|
|
exechealthz_image_repo: "gcr.io/google_containers/exechealthz-amd64"
|
|
exechealthz_image_tag: "{{ exechealthz_version }}"
|
|
|
|
# Netchecker
|
|
deploy_netchecker: false
|
|
netchecker_port: 31081
|
|
agent_report_interval: 15
|
|
netcheck_namespace: default
|
|
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_tag }}"
|
|
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_tag }}"
|
|
|
|
# Limits for netchecker apps
|
|
netchecker_agent_cpu_limit: 30m
|
|
netchecker_agent_memory_limit: 100M
|
|
netchecker_agent_cpu_requests: 15m
|
|
netchecker_agent_memory_requests: 64M
|
|
netchecker_server_cpu_limit: 100m
|
|
netchecker_server_memory_limit: 256M
|
|
netchecker_server_cpu_requests: 50m
|
|
netchecker_server_memory_requests: 64M
|
|
|
|
# SSL
|
|
etcd_cert_dir: "/etc/ssl/etcd/ssl"
|
|
canal_cert_dir: "/etc/canal/certs"
|