e40368ae2b
Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
69 lines
2.1 KiB
YAML
69 lines
2.1 KiB
YAML
---
|
|
# Versions
|
|
kubedns_version: 1.14.8
|
|
kubednsautoscaler_version: 1.1.2
|
|
|
|
# Limits for dnsmasq/kubedns apps
|
|
dns_memory_limit: 170Mi
|
|
dns_cpu_requests: 100m
|
|
dns_memory_requests: 70Mi
|
|
kubedns_min_replicas: 2
|
|
kubedns_nodes_per_replica: 10
|
|
|
|
# CoreDNS
|
|
coredns_replicas: 2
|
|
|
|
# Images
|
|
kubedns_image_repo: "gcr.io/google_containers/k8s-dns-kube-dns-amd64"
|
|
kubedns_image_tag: "{{ kubedns_version }}"
|
|
dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64"
|
|
dnsmasq_nanny_image_tag: "{{ kubedns_version }}"
|
|
dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-amd64"
|
|
dnsmasq_sidecar_image_tag: "{{ kubedns_version }}"
|
|
kubednsautoscaler_image_repo: "gcr.io/google_containers/cluster-proportional-autoscaler-amd64"
|
|
kubednsautoscaler_image_tag: "{{ kubednsautoscaler_version }}"
|
|
|
|
# Netchecker
|
|
deploy_netchecker: false
|
|
netchecker_port: 31081
|
|
agent_report_interval: 15
|
|
netcheck_namespace: default
|
|
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_agent_tag }}"
|
|
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_server_tag }}"
|
|
|
|
# Limits for netchecker apps
|
|
netchecker_agent_cpu_limit: 30m
|
|
netchecker_agent_memory_limit: 100M
|
|
netchecker_agent_cpu_requests: 15m
|
|
netchecker_agent_memory_requests: 64M
|
|
netchecker_server_cpu_limit: 100m
|
|
netchecker_server_memory_limit: 256M
|
|
netchecker_server_cpu_requests: 50m
|
|
netchecker_server_memory_requests: 64M
|
|
|
|
# Dashboard
|
|
dashboard_enabled: true
|
|
dashboard_image_repo: gcr.io/google_containers/kubernetes-dashboard-amd64
|
|
dashboard_image_tag: v1.8.3
|
|
|
|
# Limits for dashboard
|
|
dashboard_cpu_limit: 100m
|
|
dashboard_memory_limit: 256M
|
|
dashboard_cpu_requests: 50m
|
|
dashboard_memory_requests: 64M
|
|
|
|
# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that
|
|
# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs
|
|
dashboard_use_custom_certs: false
|
|
dashboard_certs_secret_name: kubernetes-dashboard-certs
|
|
dashboard_tls_key_file: dashboard.key
|
|
dashboard_tls_cert_file: dashboard.crt
|
|
|
|
# SSL
|
|
etcd_cert_dir: "/etc/ssl/etcd/ssl"
|
|
canal_cert_dir: "/etc/canal/certs"
|
|
|
|
rbac_resources:
|
|
- sa
|
|
- clusterrole
|
|
- clusterrolebinding
|