X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fkube_master%2Fdefaults%2Fmain.yaml;h=38e3f47ee27cca40d5824766a9042ca63fbafd2f;hb=b71b415e681f1418557ed00ae47d080f8320e15c;hp=6aeadaa91c46c35dc97b5fb72ec655b5adf56602;hpb=fcc3c0d7a61ecbc72d9e3d23f4028d856db52f7c;p=ta%2Fcaas-kubernetes.git diff --git a/ansible/roles/kube_master/defaults/main.yaml b/ansible/roles/kube_master/defaults/main.yaml index 6aeadaa..38e3f47 100644 --- a/ansible/roles/kube_master/defaults/main.yaml +++ b/ansible/roles/kube_master/defaults/main.yaml @@ -40,14 +40,17 @@ apiserver_params: - "--apiserver-count={{ groups['caas_master']|length|int }}" - "--audit-policy-file={{ caas.caas_policy_directory }}/audit-policy.yaml" - "--audit-log-format=json" - - "--audit-log-maxbackup=10" - - "--audit-log-maxsize=100" + - "--audit-log-maxsize={{ caas.audit_log_file_size }}" + - "--audit-log-maxbackup={{ ((audit_disc_size.stdout|int*caas.caas_max_audit_size)/caas.audit_log_file_size)|int }}" - "--audit-log-path=/var/log/audit/kube_apiserver/kube-apiserver-audit.log" - "--authorization-mode=Node,RBAC" - "--bind-address={{ apiserver }}" - "--client-ca-file=/etc/openssl/ca.pem" - "--enable-bootstrap-token-auth=true" - - "--etcd-servers=http://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},http://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% endfor %}" + - "--etcd-cafile=/etc/etcd/ssl/ca.pem" + - "--etcd-certfile=/etc/etcd/ssl/etcd{{ nodeindex }}.pem" + - "--etcd-keyfile=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem" + - "--etcd-servers=https://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},https://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% endfor %}" - "--experimental-encryption-provider-config={{ caas.cert_path }}/{{ caas._secrets_conf }}" - "--feature-gates={{ apiserver_feature_gates | get_kube_options }}" - "--insecure-port=0"