openpai.yml

############## etcd configuration ##############

# etcd_deployment_type: docker

# etcd_version: v3.3.10

## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics.
# etcd_metrics: basic

## Etcd is restricted by default to 512M on systems under 4GB RAM, 512MB is not enough for much more than testing.
## Set this if your etcd nodes have less than 4GB but you want more RAM for etcd. Set to 0 for unrestricted RAM.
etcd_memory_limit: "0"

## Etcd has a default of 2G for its space quota. If you put a value in etcd_memory_limit which is less than
## etcd_quota_backend_bytes, you may encounter out of memory terminations of the etcd cluster. Please check
## etcd documentation for more information.
## https://etcd.io/docs/v3.4.0/op-guide/configuration/
etcd_quota_backend_bytes: "8589934592"

############## nginx configuration ##############

# Requests for load balancer app
loadbalancer_apiserver_memory_requests: 500M
loadbalancer_apiserver_cpu_requests: 500m

loadbalancer_apiserver_keepalive_timeout: 15m

## Internal loadbalancers for apiservers
# loadbalancer_apiserver_localhost: true

## valid options are "nginx" or "haproxy"
loadbalancer_apiserver_type: "nginx"
## applied if only external loadbalancer_apiserver is defined, otherwise ignored
# apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"

## Local loadbalancer should use this port
## And must be set port 6443
# loadbalancer_apiserver_port: 6443

## If loadbalancer_apiserver_healthcheck_port variable defined, enables proxy liveness check for nginx.
# loadbalancer_apiserver_healthcheck_port: 8081


############## DNS configuration ##############
## Kubernetes cluster name, also will be used as DNS domain
# cluster_name: cluster.local

## Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
# ndots: 2

## Can be coredns, coredns_dual, manual or none
# dns_mode: coredns

## Set manual server if using a custom cluster DNS server
## manual_dns_server: 10.x.x.x
## Enable nodelocal dns cache
enable_nodelocaldns: false
# nodelocaldns_ip: 169.254.25.10
# nodelocaldns_health_port: 9254

## Enable k8s_external plugin for CoreDNS
# enable_coredns_k8s_external: false
# coredns_k8s_external_zone: k8s_external.local

## Enable endpoint_pod_names option for kubernetes plugin
# enable_coredns_k8s_endpoint_pod_names: false

## Can be docker_dns, host_resolvconf or none
# resolvconf_mode: docker_dns

## Ip address of the kubernetes skydns service
# skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
# skydns_server_secondary: "{{ kube_service_addresses|ipaddr('net')|ipaddr(4)|ipaddr('address') }}"
# dns_domain: "{{ cluster_name }}"

# Limits for coredns
dns_memory_limit: 1000Mi
dns_cpu_requests: 1000m
dns_memory_requests: 500Mi
dns_min_replicas: 1
# dns_nodes_per_replica: 16
# dns_cores_per_replica: 256
# dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}"
# coredns_ordinal_suffix: ""

# nodelocaldns
# nodelocaldns_cpu_requests: 100m
# nodelocaldns_memory_limit: 170Mi
# nodelocaldnsdns_memory_requests: 70Mi

# Netchecker
## Deploy netchecker app to verify DNS resolve as an HTTP service
deploy_netchecker: false
# netchecker_port: 31081
# agent_report_interval: 15
# netcheck_namespace: default

# Limits for netchecker apps
# netchecker_agent_cpu_limit: 30m
# netchecker_agent_memory_limit: 100M
# netchecker_agent_cpu_requests: 15m
# netchecker_agent_memory_requests: 64M
# netchecker_server_cpu_limit: 100m
# netchecker_server_memory_limit: 256M
# netchecker_server_cpu_requests: 50m
# netchecker_server_memory_requests: 64M

# SecurityContext when PodSecurityPolicy is enabled
# netchecker_agent_user: 1000
# netchecker_server_user: 1000
# netchecker_agent_group: 1000
# netchecker_server_group: 1000


############## kubernetes configuration ##############

## Change this to use another Kubernetes version, e.g. a current beta release
# kube_version: v1.15.3

## Cluster Loglevel configuration
kube_log_level: 2

#kube_token_auth: true
#kube_basic_auth: true

## Make a copy of kubeconfig on the host that runs Ansible in {{ inventory_dir }}/artifacts
kubeconfig_localhost: true
## Download kubectl onto the host that runs Ansible in {{ bin_dir }}
kubectl_localhost: true

# kubelet_status_update_frequency: 10s

## For some things, kubelet needs to load kernel modules.  For example,
## dynamic kernel services are needed for mounting persistent volumes into containers.  These may not be
## loaded by preinstall kubernetes processes.  For example, ceph and rbd backed volumes.  Set this variable to
## true to let kubelet load kernel modules.
# kubelet_load_modules: false

## Configure the amount of pods able to run on single node
## default is equal to application default
# kubelet_max_pods: 110

## Support custom flags to be passed to kubelet
kubelet_custom_flags:
  - "--image-pull-progress-deadline=10m"

# kube_feature_gates: []

## Support custom flags to be passed to kubelet only on nodes, not masters
# kubelet_node_custom_flags: []

k8s_image_pull_policy: IfNotPresent

## extra runtime config
# kube_api_runtime_config: []

##### networking

# Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni
# kube_network_plugin_multus: false

## Scale: 4096 nodes, 100 pods per node

## Kubernetes internal network for services, unused block of space.
kube_service_addresses: 10.192.0.0/13

## internal network. When used, it will assign IP
## addresses from this range to individual pods.
## This network must be unused in your network infrastructure!
kube_pods_subnet: 10.200.0.0/13

## internal network node size allocation (optional). This is the size allocated
## to each node on your network.  With these defaults you should have
## room for 64 nodes with 254 pods per node.
## Example: Up to 256 nodes, 100 pods per node (/16 network):
##  - kube_service_addresses: 10.233.0.0/17
##  - kube_pods_subnet: 10.233.128.0/17
##  - kube_network_node_prefix: 25
## Example: Up to 4096 nodes, 100 pods per node (/12 network):
##  - kube_service_addresses: 10.192.0.0/13
##  - kube_pods_subnet: 10.200.0.0/13
##  - kube_network_node_prefix: 25
kube_network_node_prefix: 25

##### api-server

kube_kubeadm_apiserver_extra_args:
  cors-allowed-origins: ".*"
  storage-media-type: "application/json"
  max-requests-inflight: 1500
  max-mutating-requests-inflight: 500
  v: 2

## Extra control plane host volume mounts
## Example:
## apiserver_extra_volumes:
##  - name: name
##    hostPath: /host/path
##    mountPath: /mount/path
##    readOnly: true
# apiserver_extra_volumes: {}

## ETCD backend for k8s data
# kube_apiserver_storage_backend: etcd3

## change to 0.0.0.0 to enable insecure access from anywhere (not recommended)
# kube_apiserver_insecure_bind_address: 127.0.0.1

## By default the external API listens on all interfaces, this can be changed to
## listen on a specific address/interface.
# kube_apiserver_bind_address: 0.0.0.0

## A port range to reserve for services with NodePort visibility.
## Inclusive at both ends of the range.
# kube_apiserver_node_port_range: "30000-32767"

kube_apiserver_memory_limit: 20000M
kube_apiserver_cpu_limit: 10000m
kube_apiserver_memory_requests: 1024M
kube_apiserver_cpu_requests: 1000m
# kube_apiserver_request_timeout: "1m0s"

# 1.9 and below Admission control plug-ins
#kube_apiserver_admission_control:
#  - NamespaceLifecycle
#  - LimitRanger
#  - ServiceAccount
#  - DefaultStorageClass
#  - PersistentVolumeClaimResize
#  - MutatingAdmissionWebhook
#  - ValidatingAdmissionWebhook
#  - ResourceQuota
#  - DefaultTolerationSeconds
#  - DenyEscalatingExec

## 1.10+ admission plugins
# kube_apiserver_enable_admission_plugins: []

## 1.10+ list of disabled admission plugins
# kube_apiserver_disable_admission_plugins: []

##### controller

kube_kubeadm_controller_extra_args:
  v: 2
  large-cluster-size-threshold: 0
  secondary-node-eviction-rate: 0.05

# controller_manager_extra_volumes: {}

# kube_controller_manager_bind_address: 0.0.0.0

kube_controller_memory_limit: 20000M
kube_controller_cpu_limit: 10000m
kube_controller_memory_requests: 1024M
kube_controller_cpu_requests: 1000m
# kube_controller_node_monitor_grace_period: 40s
# kube_controller_node_monitor_period: 5s
# kube_controller_pod_eviction_timeout: 5m0s
# kube_controller_terminated_pod_gc_threshold: 12500

##### scheduler

kube_kubeadm_scheduler_extra_args:
  v: 2

# scheduler_extra_volumes: {}

# kube_scheduler_bind_address: 0.0.0.0

kube_scheduler_memory_limit: 200000M
kube_scheduler_cpu_limit: 10000m
kube_scheduler_memory_requests: 1024M
kube_scheduler_cpu_requests: 1000m


##### dashboard

dashboard_enabled: false
# dashboard_replicas: 1

# Limits for dashboard
# dashboard_cpu_limit: 100m
# dashboard_memory_limit: 256M
# dashboard_cpu_requests: 50m
# dashboard_memory_requests: 64M

# Set dashboard_use_custom_certs to true if overriding dashboard_certs_secret_name with a secret that
# contains dashboard_tls_key_file and dashboard_tls_cert_file instead of using the initContainer provisioned certs
# dashboard_use_custom_certs: false
# dashboard_certs_secret_name: kubernetes-dashboard-certs
# dashboard_tls_key_file: dashboard.key
# dashboard_tls_cert_file: dashboard.crt
# dashboard_master_toleration: true

# Override dashboard default settings
# dashboard_token_ttl: 900
# dashboard_skip_login: false


############## other configuration ##############

## Optionally reserve resources for OS system daemons.
# system_reserved: true
## Uncomment to override default values
# system_memory_reserved: 3072M
# system_cpu_reserved: 500m
## Reservation for master hosts
# system_master_memory_reserved: 256M
# system_master_cpu_reserved: 250m

############## addon configuration ##############

# Helm deployment
# helm_enabled: true

# Cert manager deployment
# cert_manager_enabled: true
# cert_manager_namespace: "cert-manager"

############## docker configuration ##############

# docker_version: latest

docker_dns_servers_strict: false

## Used to set docker daemon iptables options to true


docker_log_opts: "--log-opt max-size=2g --log-opt max-file=2 --log-driver=json-file"

docker_options: >-
    {%- if docker_insecure_registries is defined %}
    {{ docker_insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }}
    {%- endif %}
    {% if docker_registry_mirrors is defined %}
    {{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }}
    {%- endif %}
    {%- if docker_version != "latest" and docker_version is version('17.05', '<') %}
    --graph={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %}
    {%- else %}
    --data-root={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %}
    {%- endif %}
    {%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
    --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
    --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
    --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
    {%- endif -%}

docker_daemon_graph: "/mnt/docker"

# Choose network plugin (cilium, calico, contiv, weave or flannel. Use cni for generic cni plugin)
# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
kube_network_plugin: calico

kube_scheduler_memory_limit: 200000M
kube_scheduler_cpu_limit: 10000m
kube_scheduler_memory_requests: 1024M
kube_scheduler_cpu_requests: 1000m

this variables not found in kubespray