You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

142 lines
7.1 KiB

  1. Configurable Parameters in Kubespray
  2. ================================
  3. #### Generic Ansible variables
  4. You can view facts gathered by Ansible automatically
  5. [here](http://docs.ansible.com/ansible/playbooks_variables.html#information-discovered-from-systems-facts).
  6. Some variables of note include:
  7. * *ansible_user*: user to connect to via SSH
  8. * *ansible_default_ipv4.address*: IP address Ansible automatically chooses.
  9. Generated based on the output from the command ``ip -4 route get 8.8.8.8``
  10. #### Common vars that are used in Kubespray
  11. * *calico_version* - Specify version of Calico to use
  12. * *calico_cni_version* - Specify version of Calico CNI plugin to use
  13. * *docker_version* - Specify version of Docker to used (should be quoted
  14. string)
  15. * *etcd_version* - Specify version of ETCD to use
  16. * *ipip* - Enables Calico ipip encapsulation by default
  17. * *hyperkube_image_repo* - Specify the Docker repository where Hyperkube
  18. resides
  19. * *hyperkube_image_tag* - Specify the Docker tag where Hyperkube resides
  20. * *kube_network_plugin* - Sets k8s network plugin (default Calico)
  21. * *kube_proxy_mode* - Changes k8s proxy mode to iptables mode
  22. * *kube_version* - Specify a given Kubernetes hyperkube version
  23. * *searchdomains* - Array of DNS domains to search when looking up hostnames
  24. * *nameservers* - Array of nameservers to use for DNS lookup
  25. * *preinstall_selinux_state* - Set selinux state, permitted values are permissive and disabled.
  26. #### Addressing variables
  27. * *ip* - IP to use for binding services (host var)
  28. * *access_ip* - IP for other hosts to use to connect to. Often required when
  29. deploying from a cloud, such as OpenStack or GCE and you have separate
  30. public/floating and private IPs.
  31. * *ansible_default_ipv4.address* - Not Kubespray-specific, but it is used if ip
  32. and access_ip are undefined
  33. * *loadbalancer_apiserver* - If defined, all hosts will connect to this
  34. address instead of localhost for kube-masters and kube-master[0] for
  35. kube-nodes. See more details in the
  36. [HA guide](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ha-mode.md).
  37. * *loadbalancer_apiserver_localhost* - makes all hosts to connect to
  38. the apiserver internally load balanced endpoint. Mutual exclusive to the
  39. `loadbalancer_apiserver`. See more details in the
  40. [HA guide](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/ha-mode.md).
  41. #### Cluster variables
  42. Kubernetes needs some parameters in order to get deployed. These are the
  43. following default cluster paramters:
  44. * *cluster_name* - Name of cluster (default is cluster.local)
  45. * *domain_name* - Name of cluster DNS domain (default is cluster.local)
  46. * *kube_network_plugin* - Plugin to use for container networking
  47. * *kube_service_addresses* - Subnet for cluster IPs (default is
  48. 10.233.0.0/18). Must not overlap with kube_pods_subnet
  49. * *kube_pods_subnet* - Subnet for Pod IPs (default is 10.233.64.0/18). Must not
  50. overlap with kube_service_addresses.
  51. * *kube_network_node_prefix* - Subnet allocated per-node for pod IPs. Remainin
  52. bits in kube_pods_subnet dictates how many kube-nodes can be in cluster.
  53. * *dns_setup* - Enables dnsmasq
  54. * *dnsmasq_dns_server* - Cluster IP for dnsmasq (default is 10.233.0.2)
  55. * *skydns_server* - Cluster IP for DNS (default is 10.233.0.3)
  56. * *skydns_server_secondary* - Secondary Cluster IP for CoreDNS used with coredns_dual deployment (default is 10.233.0.4)
  57. * *cloud_provider* - Enable extra Kubelet option if operating inside GCE or
  58. OpenStack (default is unset)
  59. * *kube_hostpath_dynamic_provisioner* - Required for use of PetSets type in
  60. Kubernetes
  61. * *kube_feature_gates* - A list of key=value pairs that describe feature gates for
  62. alpha/experimental Kubernetes features. (defaults is `[]`)
  63. * *authorization_modes* - A list of [authorization mode](
  64. https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
  65. that the cluster should be configured for. Defaults to `['Node', 'RBAC']`
  66. (Node and RBAC authorizers).
  67. Note: `Node` and `RBAC` are enabled by default. Previously deployed clusters can be
  68. converted to RBAC mode. However, your apps which rely on Kubernetes API will
  69. require a service account and cluster role bindings. You can override this
  70. setting by setting authorization_modes to `[]`.
  71. Note, if cloud providers have any use of the ``10.233.0.0/16``, like instances'
  72. private addresses, make sure to pick another values for ``kube_service_addresses``
  73. and ``kube_pods_subnet``, for example from the ``172.18.0.0/16``.
  74. #### DNS variables
  75. By default, dnsmasq gets set up with 8.8.8.8 as an upstream DNS server and all
  76. other settings from your existing /etc/resolv.conf are lost. Set the following
  77. variables to match your requirements.
  78. * *upstream_dns_servers* - Array of upstream DNS servers configured on host in
  79. addition to Kubespray deployed DNS
  80. * *nameservers* - Array of DNS servers configured for use in dnsmasq
  81. * *searchdomains* - Array of up to 4 search domains
  82. * *skip_dnsmasq* - Don't set up dnsmasq (use only KubeDNS)
  83. For more information, see [DNS
  84. Stack](https://github.com/kubernetes-incubator/kubespray/blob/master/docs/dns-stack.md).
  85. #### Other service variables
  86. * *docker_options* - Commonly used to set
  87. ``--insecure-registry=myregistry.mydomain:5000``
  88. * *http_proxy/https_proxy/no_proxy* - Proxy variables for deploying behind a
  89. proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
  90. that correspond to each node.
  91. * *kubelet_deployment_type* - Controls which platform to deploy kubelet on.
  92. Available options are ``host``, ``rkt``, and ``docker``. ``docker`` mode
  93. is unlikely to work on newer releases. Starting with Kubernetes v1.7
  94. series, this now defaults to ``host``. Before v1.7, the default was Docker.
  95. This is because of cgroup [issues](https://github.com/kubernetes/kubernetes/issues/43704).
  96. * *kubelet_load_modules* - For some things, kubelet needs to load kernel modules. For example,
  97. dynamic kernel services are needed for mounting persistent volumes into containers. These may not be
  98. loaded by preinstall kubernetes processes. For example, ceph and rbd backed volumes. Set this variable to
  99. true to let kubelet load kernel modules.
  100. * *kubelet_cgroup_driver* - Allows manual override of the
  101. cgroup-driver option for Kubelet. By default autodetection is used
  102. to match Docker configuration.
  103. ##### Custom flags for Kube Components
  104. For all kube components, custom flags can be passed in. This allows for edge cases where users need changes to the default deployment that may not be applicable to all deployments. This can be done by providing a list of flags. Example:
  105. ```
  106. kubelet_custom_flags:
  107. - "--eviction-hard=memory.available<100Mi"
  108. - "--eviction-soft-grace-period=memory.available=30s"
  109. - "--eviction-soft=memory.available<300Mi"
  110. ```
  111. The possible vars are:
  112. * *apiserver_custom_flags*
  113. * *controller_mgr_custom_flags*
  114. * *scheduler_custom_flags*
  115. * *kubelet_custom_flags*
  116. #### User accounts
  117. By default, a user with admin rights is created, named `kube`.
  118. The password can be viewed after deployment by looking at the file
  119. `PATH_TO_KUBESPRAY/credentials/kube_user.creds`. This contains a randomly generated
  120. password. If you wish to set your own password, just precreate/modify this
  121. file yourself or change `kube_api_pwd` var.