richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2984 Commits
29 Branches
81 Tags
150 MiB
Tree: addd67dc63
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'addd67dc63'
${ noResults }
kubespray/inventory/sample/group_vars/k8s-cluster.yml

243 lines
8.5 KiB
Raw Normal View History

Uncommented group_vars variables
7 years ago
Fix typos (no logic changes)
6 years ago
Uncommented group_vars variables
7 years ago
Fix typos (no logic changes)
6 years ago
Uncommented group_vars variables
7 years ago
Support for disabling apiserver insecure port This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). Rework of #1937 with kubeadm support Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
7 years ago
Uncommented group_vars variables
7 years ago
Upgraded kubernetes from 1.9.3 to 1.9.5
6 years ago
Uncommented group_vars variables
7 years ago
Fix typos (no logic changes)
6 years ago
Uncommented group_vars variables
7 years ago
Template out known_users.csv, optionally add groups
7 years ago
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446)
6 years ago
Uncommented group_vars variables
7 years ago
Add kube dashboard, enabled by default (#1643) * Add kube dashboard, enabled by default Also add rbac role for kube user * Update main.yml
7 years ago
Granular authentication Control It is now possible to deactivate selected authentication methods (basic auth, token auth) inside the cluster by adding removing the required arguments to the Kube API Server and generating the secrets accordingly. The x509 authentification is currently not optional because disabling it would affect the kubectl clients deployed on the master nodes.
7 years ago
Security best practice fixes (#1783) * Disable basic and token auth by default * Add recommended security params * allow basic auth to fail in tests * Enable TLS authentication for kubelet
7 years ago
Granular authentication Control It is now possible to deactivate selected authentication methods (basic auth, token auth) inside the cluster by adding removing the required arguments to the Kube API Server and generating the secrets accordingly. The x509 authentification is currently not optional because disabling it would affect the kubectl clients deployed on the master nodes.
7 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
7 years ago
Granular authentication Control It is now possible to deactivate selected authentication methods (basic auth, token auth) inside the cluster by adding removing the required arguments to the Kube API Server and generating the secrets accordingly. The x509 authentification is currently not optional because disabling it would affect the kubectl clients deployed on the master nodes.
7 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
7 years ago
Add oidc-user-prefix and oidc-group-prefix args
6 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
7 years ago
Add oidc-user-prefix and oidc-group-prefix args
6 years ago
Added Support for OpenID Connect Authentication To use OpenID Connect Authentication beside deploying an OpenID Connect Identity Provider it is necesarry to pass additional arguments to the Kube API Server. These required arguments were added to the kube apiserver manifest.
7 years ago
Added cilium support (#2236) * Added cilium support * Fix typo in debian test config * Remove empty lines * Changed cilium version from <latest> to <v1.0.0-rc3> * Add missing changes for cilium * Add cilium to CI pipeline * Fix wrong file name * Check kernel version for cilium * fixed ci error * fixed cilium-ds.j2 template * added waiting for cilium pods to run * Fixed missing EOF * Fixed trailing spaces * Fixed trailing spaces * Fixed trailing spaces * Fixed too many blank lines * Updated tolerations,annotations in cilium DS template * Set cilium_version to iptables-1.9 to see if bug is fixed in CI * Update cilium image tag to v1.0.0-rc4 * Update Cilium test case CI vars filenames * Add optional prometheus flag, adjust initial readiness delay * Update README.md with cilium info
6 years ago
Uncommented group_vars variables
7 years ago
Enable weave seed mode for kubespray (#1414) * Enable weave seed mode for kubespray * fix task Weave seed | Set peers if existing peers * fix mac address variabilisation * fix default values * fix include seed condition * change weave var to default values * fix Set peers if existing peers
7 years ago
Give more control over IPIP, but with same default behaviour
7 years ago
Added option to set MTU on Weave
6 years ago
Move calico-policy-controller into separate role By default Calico CNI does not create any network access policies or profiles if 'policy' is enabled in CNI config. And without any policies/profiles network access to/from PODs is blocked. K8s related policies are created by calico-policy-controller in such case. So we need to start it as soon as possible, before any real workloads. This patch also fixes kube-api port in calico-policy-controller yaml template. Closes #1132
7 years ago
Uncommented group_vars variables
7 years ago
Change kube-api default port from 443 to 6443 Operator can specify any port for kube-api (6443 default) This helps in case where some pods such as Ingress require 443 exclusively. Closes: 820 Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Uncommented group_vars variables
7 years ago
Support for disabling apiserver insecure port This allows `kube_apiserver_insecure_port` to be set to 0 (disabled). Rework of #1937 with kubeadm support Also, fixed an issue in `kubeadm-migrate-certs` where the old apiserver cert was copied as the kubeadm key
7 years ago
Uncommented group_vars variables
7 years ago
Support ipvs mode for kube-proxy Support ipvs mode for kube-proxy
6 years ago
Add CoreDNS support with various fixes Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
6 years ago
Support ipvs mode for kube-proxy Support ipvs mode for kube-proxy
6 years ago
Uncommented group_vars variables
7 years ago
Add CoreDNS support with various fixes Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
6 years ago
default to kubedns and set nxdomain in kubedns deployment if that's the dns_mode
7 years ago
Add optional manual dns_mode (#2178)
6 years ago
Uncommented group_vars variables
7 years ago
Add CoreDNS support with various fixes Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
6 years ago
Rename dns_server, add var for selinux. (#1572) * Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Uncommented group_vars variables
7 years ago
Add logging options to default docker options
7 years ago
Uncommented group_vars variables
7 years ago
Update to Kubernetes v1.7.3 (#1549) Change kubelet deploy mode to host Enable cri and qos per cgroup for kubelet Update CoreOS images Add upgrade hook for switching from kubelet deployment from docker to host. Bump machine type for ubuntu-rkt-sep
7 years ago
Uncommented group_vars variables
7 years ago
Set helm deployment type to host (#2012)
7 years ago
Uncommented group_vars variables
7 years ago
Kubernetes Dashboard v1.7.1 Refactor This version required changing the previous access model for dashboard completely but it's a change for the better. Docs were updated. * New login/auth options that use apiserver auth proxying by default * Requires RBAC in `authorization_modes` * Only serves over https * No longer available at https://first_master:6443/ui until apiserver is updated with the https proxy URL: * Can access from https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login you will be prompted for credentials * Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ * It is recommended to access dashboard from behind a gateway that enforces an authentication token, details and other access options here: https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
7 years ago
Add kube dashboard, enabled by default (#1643) * Add kube dashboard, enabled by default Also add rbac role for kube user * Update main.yml
7 years ago
Uncommented group_vars variables
7 years ago
Add helm deployment
7 years ago
Remove prometheus operator from Kubespray (#2658) Kubespray should not install any helm charts. This is a task that a user should do on his/her own through ansible or another tool. It opens the door to wrapping installation of any helm chart.
6 years ago
Add helm deployment
7 years ago
Fix enforce-node-allocatable option Closes #1228 pods is default enforcement see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ add update
7 years ago
New addon: local_volume_provisioner (#1909)
7 years ago
Add new addon Istio (#1744) * add istio addon * add addons to a ci job
7 years ago
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
6 years ago
Registry Addon Fixup
6 years ago
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
6 years ago
New addon: local_volume_provisioner (#1909)
7 years ago
Upgrade Local Volume Provisioner Addon to v2.0.0
6 years ago
FIXUP #2424: local_provisioner directory should be created only if enabled
6 years ago
Upgrade Local Volume Provisioner Addon to v2.0.0
6 years ago
New addon: local_volume_provisioner (#1909)
7 years ago
Add cephfs_provisioner Support for Kubespray
6 years ago
Add optional StorageClass name with cephfs_provisioner_storage_class
6 years ago
Add cephfs_provisioner Support for Kubespray
6 years ago
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
6 years ago
check if group kube-ingress is not empty fix spelling mistaker ingress_nginx_host_network set default value for ingress_nginx_host_network: false
6 years ago
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
6 years ago
Add Custom ConfigMap Support for ingress-nginx
6 years ago
Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
6 years ago
Integrate jetstack/cert-manager 0.2.3 to Kubespray
6 years ago
Default OpenStack Cinder Storage Class (#2083) Add possibility to create default OpenStack Cinder Storage Class Closes: #1609
7 years ago
Support multiple artifacts under individual inventory directory
6 years ago
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false)
7 years ago
Support multiple artifacts under individual inventory directory
6 years ago
Create admin credential kubeconfig (#1647) New files: /etc/kubernetes/admin.conf /root/.kube/config $GITDIR/artifacts/{kubectl,admin.conf} Optional method to download kubectl and admin.conf if kubeconfig_lcoalhost is set to true (default false)
7 years ago
Fix enforce-node-allocatable option Closes #1228 pods is default enforcement see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ add update
7 years ago
Fix spelling mistakes in group_vars (#2166)
6 years ago
Fix enforce-node-allocatable option Closes #1228 pods is default enforcement see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ add update
7 years ago
Add possibility to insert more ip adresses in certificates (#1678) * Add possibility to insert more ip adresses in certificates * Add newline at end of files * Move supp ip parameters to k8s-cluster group file * Add supplementary addresses in kubeadm master role * Improve openssl indexes
7 years ago
Fix spelling mistakes in group_vars (#2166)
6 years ago
Add possibility to insert more ip adresses in certificates (#1678) * Add possibility to insert more ip adresses in certificates * Add newline at end of files * Move supp ip parameters to k8s-cluster group file * Add supplementary addresses in kubeadm master role * Improve openssl indexes
7 years ago
Added disable_volume_zone_conflict variable
6 years ago
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
6 years ago
  1. # Kubernetes configuration dirs and system namespace.
  2. # Those are where all the additional config stuff goes
  3. # the kubernetes normally puts in /srv/kubernetes.
  4. # This puts them in a sane location and namespace.
  5. # Editing those values will almost surely break something.
  6. kube_config_dir: /etc/kubernetes
  7. kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
  8. kube_manifest_dir: "{{ kube_config_dir }}/manifests"
  10. # This is where all the cert scripts and certs will be located
  11. kube_cert_dir: "{{ kube_config_dir }}/ssl"
  13. # This is where all of the bearer tokens will be stored
  14. kube_token_dir: "{{ kube_config_dir }}/tokens"
  16. # This is where to save basic auth file
  17. kube_users_dir: "{{ kube_config_dir }}/users"
  19. kube_api_anonymous_auth: true
  21. ## Change this to use another Kubernetes version, e.g. a current beta release
  22. kube_version: v1.9.5
  24. # Where the binaries will be downloaded.
  25. # Note: ensure that you've enough disk space (about 1G)
  26. local_release_dir: "/tmp/releases"
  27. # Random shifts for retrying failed ops like pushing/downloading
  28. retry_stagger: 5
  30. # This is the group that the cert creation scripts chgrp the
  31. # cert files to. Not really changeable...
  32. kube_cert_group: kube-cert
  34. # Cluster Loglevel configuration
  35. kube_log_level: 2
  37. # Users to create for basic auth in Kubernetes API via HTTP
  38. # Optionally add groups for user
  39. kube_api_pwd: "{{ lookup('password', inventory_dir + '/credentials/kube_user.creds length=15 chars=ascii_letters,digits') }}"
  40. kube_users:
  41. kube:
  42. pass: "{{kube_api_pwd}}"
  43. role: admin
  44. groups:
  45. - system:masters
  47. ## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth)
  48. #kube_oidc_auth: false
  49. #kube_basic_auth: false
  50. #kube_token_auth: false
  53. ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
  54. ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
  56. # kube_oidc_url: https:// ...
  57. # kube_oidc_client_id: kubernetes
  58. ## Optional settings for OIDC
  59. # kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem
  60. # kube_oidc_username_claim: sub
  61. # kube_oidc_username_prefix: oidc:
  62. # kube_oidc_groups_claim: groups
  63. # kube_oidc_groups_prefix: oidc:
  66. # Choose network plugin (cilium, calico, contiv, weave or flannel)
  67. # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
  68. kube_network_plugin: calico
  70. # weave's network password for encryption
  71. # if null then no network encryption
  72. # you can use --extra-vars to pass the password in command line
  73. weave_password: EnterPasswordHere
  75. # Weave uses consensus mode by default
  76. # Enabling seed mode allow to dynamically add or remove hosts
  77. # https://www.weave.works/docs/net/latest/ipam/
  78. weave_mode_seed: false
  80. # This two variable are automatically changed by the weave's role, do not manually change these values
  81. # To reset values :
  82. # weave_seed: uninitialized
  83. # weave_peers: uninitialized
  84. weave_seed: uninitialized
  85. weave_peers: uninitialized
  87. # Set the MTU of Weave (default 1376, Jumbo Frames: 8916)
  88. weave_mtu: 1376
  90. # Enable kubernetes network policies
  91. enable_network_policy: false
  93. # Kubernetes internal network for services, unused block of space.
  94. kube_service_addresses: 10.233.0.0/18
  96. # internal network. When used, it will assign IP
  97. # addresses from this range to individual pods.
  98. # This network must be unused in your network infrastructure!
  99. kube_pods_subnet: 10.233.64.0/18
  101. # internal network node size allocation (optional). This is the size allocated
  102. # to each node on your network. With these defaults you should have
  103. # room for 4096 nodes with 254 pods per node.
  104. kube_network_node_prefix: 24
  106. # The port the API Server will be listening on.
  107. kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}"
  108. kube_apiserver_port: 6443 # (https)
  109. kube_apiserver_insecure_port: 8080 # (http)
  110. # Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true
  111. #kube_apiserver_insecure_port: 0 # (disabled)
  113. # Kube-proxy proxyMode configuration.
  114. # Can be ipvs, iptables
  115. kube_proxy_mode: iptables
  117. ## Encrypting Secret Data at Rest (experimental)
  118. kube_encrypt_secret_data: false
  120. # DNS configuration.
  121. # Kubernetes cluster name, also will be used as DNS domain
  122. cluster_name: cluster.local
  123. # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
  124. ndots: 2
  125. # Can be dnsmasq_kubedns, kubedns, coredns, coredns_dual, manual or none
  126. dns_mode: kubedns
  127. # Set manual server if using a custom cluster DNS server
  128. #manual_dns_server: 10.x.x.x
  130. # Can be docker_dns, host_resolvconf or none
  131. resolvconf_mode: docker_dns
  132. # Deploy netchecker app to verify DNS resolve as an HTTP service
  133. deploy_netchecker: false
  134. # Ip address of the kubernetes skydns service
  135. skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
  136. skydns_server_secondary: "{{ kube_service_addresses|ipaddr('net')|ipaddr(4)|ipaddr('address') }}"
  137. dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}"
  138. dns_domain: "{{ cluster_name }}"
  140. # Path used to store Docker data
  141. docker_daemon_graph: "/var/lib/docker"
  143. ## A string of extra options to pass to the docker daemon.
  144. ## This string should be exactly as you wish it to appear.
  145. ## An obvious use case is allowing insecure-registry access
  146. ## to self hosted registries like so:
  148. docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}"
  149. docker_bin_dir: "/usr/bin"
  151. # Settings for containerized control plane (etcd/kubelet/secrets)
  152. etcd_deployment_type: docker
  153. kubelet_deployment_type: host
  154. vault_deployment_type: docker
  155. helm_deployment_type: host
  157. # K8s image pull policy (imagePullPolicy)
  158. k8s_image_pull_policy: IfNotPresent
  160. # Kubernetes dashboard
  161. # RBAC required. see docs/getting-started.md for access details.
  162. dashboard_enabled: true
  164. # Monitoring apps for k8s
  165. efk_enabled: false
  167. # Helm deployment
  168. helm_enabled: false
  170. # Istio deployment
  171. istio_enabled: false
  173. # Registry deployment
  174. registry_enabled: false
  175. # registry_namespace: "{{ system_namespace }}"
  176. # registry_storage_class: ""
  177. # registry_disk_size: "10Gi"
  179. # Local volume provisioner deployment
  180. local_volume_provisioner_enabled: false
  181. # local_volume_provisioner_namespace: "{{ system_namespace }}"
  182. # local_volume_provisioner_base_dir: /mnt/disks
  183. # local_volume_provisioner_mount_dir: /mnt/disks
  184. # local_volume_provisioner_storage_class: local-storage
  186. # CephFS provisioner deployment
  187. cephfs_provisioner_enabled: false
  188. # cephfs_provisioner_namespace: "{{ system_namespace }}"
  189. # cephfs_provisioner_cluster: ceph
  190. # cephfs_provisioner_monitors:
  191. # - 172.24.0.1:6789
  192. # - 172.24.0.2:6789
  193. # - 172.24.0.3:6789
  194. # cephfs_provisioner_admin_id: admin
  195. # cephfs_provisioner_secret: secret
  196. # cephfs_provisioner_storage_class: cephfs
  198. # Nginx ingress controller deployment
  199. ingress_nginx_enabled: false
  200. # ingress_nginx_host_network: false
  201. # ingress_nginx_namespace: "ingress-nginx"
  202. # ingress_nginx_insecure_port: 80
  203. # ingress_nginx_secure_port: 443
  204. # ingress_nginx_configmap:
  205. # map-hash-bucket-size: "128"
  206. # ssl-protocols: "SSLv2"
  207. # ingress_nginx_configmap_tcp_services:
  208. # 9000: "default/example-go:8080"
  209. # ingress_nginx_configmap_udp_services:
  210. # 53: "kube-system/kube-dns:53"
  212. # Cert manager deployment
  213. cert_manager_enabled: false
  214. # cert_manager_namespace: "cert-manager"
  216. # Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now )
  217. persistent_volumes_enabled: false
  219. # Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts
  220. # kubeconfig_localhost: false
  221. # Download kubectl onto the host that runs Ansible in {{ bin_dir }}
  222. # kubectl_localhost: false
  224. # dnsmasq
  225. # dnsmasq_upstream_dns_servers:
  226. # - /resolvethiszone.with/10.0.4.250
  227. # - 8.8.8.8
  229. # Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created. (default true)
  230. # kubelet_cgroups_per_qos: true
  232. # A comma separated list of levels of node allocatable enforcement to be enforced by kubelet.
  233. # Acceptable options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "".
  234. # kubelet_enforce_node_allocatable: pods
  236. ## Supplementary addresses that can be added in kubernetes ssl keys.
  237. ## That can be useful for example to setup a keepalived virtual IP
  238. # supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3]
  240. ## Running on top of openstack vms with cinder enabled may lead to unschedulable pods due to NoVolumeZoneConflict restriction in kube-scheduler.
  241. ## See https://github.com/kubernetes-incubator/kubespray/issues/2141
  242. ## Set this variable to true to get rid of this issue
  243. volume_cross_zone_attachment: false