X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fkube_master%2Fdefaults%2Fmain.yaml;h=159479ae744401fd6542fdae901bfb18cdefc403;hb=8e96bec5552b3d1c6d8b761de5c9da246518609f;hp=95deb1a3f6bfcda7515b42241ca0c3e9fd3477bd;hpb=59efd48f37efd053cf700fb9efc68e458c4ccd86;p=ta%2Fcaas-kubernetes.git

diff --git a/ansible/roles/kube_master/defaults/main.yaml b/ansible/roles/kube_master/defaults/main.yaml
index 95deb1a..159479a 100644
--- a/ansible/roles/kube_master/defaults/main.yaml
+++ b/ansible/roles/kube_master/defaults/main.yaml
@@ -28,8 +28,8 @@ apiserver_admission_controllers:
 apiserver_feature_gates:
   CPUManager: false
   DevicePlugins: true
-  HugePages: true
   TokenRequest: true
+  SCTPSupport: true
 
 apiserver_params:
   - "--admission-control={{ apiserver_admission_controllers | join(',') }}"
@@ -39,14 +39,17 @@ apiserver_params:
   - "--apiserver-count={{ groups['caas_master']|length|int }}"
   - "--audit-policy-file={{ caas.caas_policy_directory }}/audit-policy.yaml"
   - "--audit-log-format=json"
-  - "--audit-log-maxbackup=10"
-  - "--audit-log-maxsize=100"
+  - "--audit-log-maxsize={{ caas.audit_log_file_size }}"
+  - "--audit-log-maxbackup={{ ((audit_disc_size.stdout|int*caas.caas_max_audit_size)/caas.audit_log_file_size)|int }}"
   - "--audit-log-path=/var/log/audit/kube_apiserver/kube-apiserver-audit.log"
   - "--authorization-mode=Node,RBAC"
   - "--bind-address={{ apiserver }}"
   - "--client-ca-file=/etc/openssl/ca.pem"
   - "--enable-bootstrap-token-auth=true"
-  - "--etcd-servers=http://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},http://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% endfor %}"
+  - "--etcd-cafile=/etc/etcd/ssl/ca.pem"
+  - "--etcd-certfile=/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
+  - "--etcd-keyfile=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
+  - "--etcd-servers=https://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},https://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% endfor %}"
   - "--experimental-encryption-provider-config={{ caas.cert_path }}/{{ caas._secrets_conf }}"
   - "--feature-gates={{ apiserver_feature_gates | get_kube_options }}"
   - "--insecure-port=0"
@@ -72,9 +75,7 @@ apiserver_params:
 controllermanager_feature_gates:
   CPUManager: false
   DevicePlugins: true
-  HugePages: true
 
 scheduler_feature_gates:
   CPUManager: false
   DevicePlugins: true
-  HugePages: true