-
Notifications
You must be signed in to change notification settings - Fork 127
/
Copy pathdefaultconfig.yaml
48 lines (48 loc) · 1.75 KB
/
defaultconfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
apiVersion: kubecontrolplane.config.openshift.io/v1
kind: KubeControllerManagerConfig
extendedArguments:
enable-dynamic-provisioning:
- "true"
allocate-node-cidrs:
- "false"
use-service-account-credentials:
- "true"
flex-volume-plugin-dir:
- "/etc/kubernetes/kubelet-plugins/volume/exec" # created by machine-config-operator, owned by storage team/[email protected]
pv-recycler-pod-template-filepath-nfs: # owned by storage team/[email protected]
- "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml"
pv-recycler-pod-template-filepath-hostpath: # owned by storage team/[email protected]
- "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml"
leader-elect:
- "true"
leader-elect-retry-period:
- "3s"
leader-elect-resource-lock:
- "leases"
leader-elect-renew-deadline:
- "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail.
controllers:
- "*"
- "-ttl" # TODO: this is excluded in kube-core, but not in #21092
- "-bootstrapsigner"
- "-tokencleaner"
cloud-provider:
- "external"
cluster-signing-duration:
- "720h"
secure-port:
- "10257"
cert-dir:
- "/var/run/kubernetes"
root-ca-file:
- "/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt"
service-account-private-key-file:
- "/etc/kubernetes/static-pod-resources/secrets/service-account-private-key/service-account.key"
cluster-signing-cert-file:
- "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.crt"
cluster-signing-key-file:
- "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.key"
kube-api-qps:
- "150" # this is a historical values
kube-api-burst:
- "300" # this is a historical values