b46ddf35fc
* fix-kube-vip-strict-arp * fix-kube-vip-strict-arp
118 lines
4.7 KiB
YAML
118 lines
4.7 KiB
YAML
---
|
|
# bind address for kube-proxy
|
|
kube_proxy_bind_address: '0.0.0.0'
|
|
|
|
# acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
|
|
# default value of 'application/json'. This field will control all connections to the server used by a particular
|
|
# client.
|
|
kube_proxy_client_accept_content_types: ''
|
|
|
|
# burst allows extra queries to accumulate when a client is exceeding its rate.
|
|
kube_proxy_client_burst: 10
|
|
|
|
# contentType is the content type used when sending data to the server from this client.
|
|
kube_proxy_client_content_type: application/vnd.kubernetes.protobuf
|
|
|
|
# kubeconfig is the path to a KubeConfig file.
|
|
# Leave as empty string to generate from other fields
|
|
kube_proxy_client_kubeconfig: ''
|
|
|
|
# qps controls the number of queries per second allowed for this connection.
|
|
kube_proxy_client_qps: 5
|
|
|
|
# How often configuration from the apiserver is refreshed. Must be greater than 0.
|
|
kube_proxy_config_sync_period: 15m0s
|
|
|
|
### Conntrack
|
|
# maxPerCore is the maximum number of NAT connections to track
|
|
# per CPU core (0 to leave the limit as-is and ignore min).
|
|
kube_proxy_conntrack_max_per_core: 32768
|
|
|
|
# min is the minimum value of connect-tracking records to allocate,
|
|
# regardless of conntrackMaxPerCore (set maxPerCore=0 to leave the limit as-is).
|
|
kube_proxy_conntrack_min: 131072
|
|
|
|
# tcpCloseWaitTimeout is how long an idle conntrack entry
|
|
# in CLOSE_WAIT state will remain in the conntrack
|
|
# table. (e.g. '60s'). Must be greater than 0 to set.
|
|
kube_proxy_conntrack_tcp_close_wait_timeout: 1h0m0s
|
|
|
|
# tcpEstablishedTimeout is how long an idle TCP connection will be kept open
|
|
# (e.g. '2s'). Must be greater than 0 to set.
|
|
kube_proxy_conntrack_tcp_established_timeout: 24h0m0s
|
|
|
|
# Enables profiling via web interface on /debug/pprof handler.
|
|
# Profiling handlers will be handled by metrics server.
|
|
kube_proxy_enable_profiling: false
|
|
|
|
# bind address for kube-proxy health check
|
|
kube_proxy_healthz_bind_address: 0.0.0.0:10256
|
|
|
|
# If using the pure iptables proxy, SNAT everything. Note that it breaks any
|
|
# policy engine.
|
|
kube_proxy_masquerade_all: false
|
|
|
|
# If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with.
|
|
# Must be within the range [0, 31].
|
|
kube_proxy_masquerade_bit: 14
|
|
|
|
# The minimum interval of how often the iptables or ipvs rules can be refreshed as
|
|
# endpoints and services change (e.g. '5s', '1m', '2h22m').
|
|
kube_proxy_min_sync_period: 0s
|
|
|
|
# The maximum interval of how often iptables or ipvs rules are refreshed (e.g. '5s', '1m', '2h22m').
|
|
# Must be greater than 0.
|
|
kube_proxy_sync_period: 30s
|
|
|
|
# A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules.
|
|
kube_proxy_exclude_cidrs: []
|
|
|
|
# The ipvs scheduler type when proxy mode is ipvs
|
|
# rr: round-robin
|
|
# lc: least connection
|
|
# dh: destination hashing
|
|
# sh: source hashing
|
|
# sed: shortest expected delay
|
|
# nq: never queue
|
|
kube_proxy_scheduler: rr
|
|
|
|
# configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface
|
|
# must be set to true for MetalLB, kube-vip(ARP enabled) to work
|
|
kube_proxy_strict_arp: false
|
|
|
|
# kube_proxy_tcp_timeout is the timeout value used for idle IPVS TCP sessions.
|
|
# The default value is 0, which preserves the current timeout value on the system.
|
|
kube_proxy_tcp_timeout: 0s
|
|
|
|
# kube_proxy_tcp_fin_timeout is the timeout value used for IPVS TCP sessions after receiving a FIN.
|
|
# The default value is 0, which preserves the current timeout value on the system.
|
|
kube_proxy_tcp_fin_timeout: 0s
|
|
|
|
# kube_proxy_udp_timeout is the timeout value used for IPVS UDP packets.
|
|
# The default value is 0, which preserves the current timeout value on the system.
|
|
kube_proxy_udp_timeout: 0s
|
|
|
|
# The IP address and port for the metrics server to serve on
|
|
# (set to 0.0.0.0 for all IPv4 interfaces and `::` for all IPv6 interfaces)
|
|
kube_proxy_metrics_bind_address: 127.0.0.1:10249
|
|
|
|
# A string slice of values which specify the addresses to use for NodePorts.
|
|
# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32).
|
|
# The default empty string slice ([]) means to use all local addresses.
|
|
kube_proxy_nodeport_addresses: >-
|
|
{%- if kube_proxy_nodeport_addresses_cidr is defined -%}
|
|
[{{ kube_proxy_nodeport_addresses_cidr }}]
|
|
{%- else -%}
|
|
[]
|
|
{%- endif -%}
|
|
|
|
# oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
|
|
kube_proxy_oom_score_adj: -999
|
|
|
|
# portRange is the range of host ports (beginPort-endPort, inclusive) that may be consumed
|
|
# in order to proxy service traffic. If unspecified, 0, or (0-0) then ports will be randomly chosen.
|
|
kube_proxy_port_range: ''
|
|
|
|
# udpIdleTimeout is how long an idle UDP connection will be kept open (e.g. '250ms', '2s').
|
|
# Must be greater than 0. Only applicable for proxyMode=userspace.
|
|
kube_proxy_udp_idle_timeout: 250ms
|