0dc38ff9b3
* Add a flag "authorization_method", when set to "RBAC" enables role based access control. * Add required cluster roles and bindings for kube-dns * Patch tiller deployment to use a service account with proper credentials. * Add a flag to regenerate kubernetes certs on the nodes.
50 lines
No EOL
1.4 KiB
YAML
50 lines
No EOL
1.4 KiB
YAML
# Versions
|
|
kubedns_version: 1.9
|
|
kubednsmasq_version: 1.3
|
|
exechealthz_version: 1.1
|
|
|
|
# Limits for dnsmasq/kubedns apps
|
|
dns_cpu_limit: 100m
|
|
dns_memory_limit: 170Mi
|
|
dns_cpu_requests: 70m
|
|
dns_memory_requests: 50Mi
|
|
kubedns_min_replicas: 1
|
|
kubedns_nodes_per_replica: 10
|
|
|
|
# Images
|
|
kubedns_image_repo: "gcr.io/google_containers/kubedns-amd64"
|
|
kubedns_image_tag: "{{ kubedns_version }}"
|
|
kubednsmasq_image_repo: "gcr.io/google_containers/kube-dnsmasq-amd64"
|
|
kubednsmasq_image_tag: "{{ kubednsmasq_version }}"
|
|
exechealthz_image_repo: "gcr.io/google_containers/exechealthz-amd64"
|
|
exechealthz_image_tag: "{{ exechealthz_version }}"
|
|
|
|
# Netchecker
|
|
deploy_netchecker: false
|
|
netchecker_port: 31081
|
|
agent_report_interval: 15
|
|
netcheck_namespace: default
|
|
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_agent_tag }}"
|
|
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_server_tag }}"
|
|
|
|
# Limits for netchecker apps
|
|
netchecker_agent_cpu_limit: 30m
|
|
netchecker_agent_memory_limit: 100M
|
|
netchecker_agent_cpu_requests: 15m
|
|
netchecker_agent_memory_requests: 64M
|
|
netchecker_server_cpu_limit: 100m
|
|
netchecker_server_memory_limit: 256M
|
|
netchecker_server_cpu_requests: 50m
|
|
netchecker_server_memory_requests: 64M
|
|
|
|
# SSL
|
|
etcd_cert_dir: "/etc/ssl/etcd/ssl"
|
|
canal_cert_dir: "/etc/canal/certs"
|
|
|
|
# RBAC
|
|
rbac_resources:
|
|
- clusterrole,
|
|
- clusterrolebinding,
|
|
- sa
|
|
|
|
rbac_enabled: "{{ authorization_mode == 'RBAC' }}" |