{"id":20347523,"url":"https://github.com/evilmartians/chef-kubernetes","last_synced_at":"2025-04-12T00:56:21.489Z","repository":{"id":36456916,"uuid":"40761995","full_name":"evilmartians/chef-kubernetes","owner":"evilmartians","description":"Google Kubernetes installer for ubuntu \u003e= 16.04","archived":false,"fork":false,"pushed_at":"2023-04-12T05:41:40.000Z","size":1221,"stargazers_count":69,"open_issues_count":5,"forks_count":20,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-04-12T00:56:12.354Z","etag":null,"topics":["chef","from-zero-to-hero","kubernetes","ruby","setup"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evilmartians.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-15T13:44:52.000Z","updated_at":"2025-01-11T08:14:07.000Z","dependencies_parsed_at":"2023-02-10T17:40:11.148Z","dependency_job_id":null,"html_url":"https://github.com/evilmartians/chef-kubernetes","commit_stats":null,"previous_names":[],"tags_count":82,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilmartians%2Fchef-kubernetes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilmartians%2Fchef-kubernetes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilmartians%2Fchef-kubernetes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilmartians%2Fchef-kubernetes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evilmartians","download_url":"https://codeload.github.com/evilmartians/chef-kubernetes/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248501878,"owners_count":21114683,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","from-zero-to-hero","kubernetes","ruby","setup"],"created_at":"2024-11-14T22:17:00.971Z","updated_at":"2025-04-12T00:56:21.456Z","avatar_url":"https://github.com/evilmartians.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# kubernetes-cookbook\n![alt text](evil_k8s.png)\n\nGoogle Kubernetes installer for Ubuntu\n\n## Supported Platforms\n\n- Ubuntu\n\n### Attributes ###\n###### default\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['container_runtime']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etype of engine\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003edocker\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['roles']['master']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003erole name for master servers\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ekubernetes_master\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['roles']['node']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003erole name for minions\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ekubernetes_node\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['install_via']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etype of installation\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003esystemd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['databag']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edefault chef data_bag\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ekubernetes\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubernetes version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ev1.20.4\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['keep_versions']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e3\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['image']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ehyperkube image name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003egcr.io/google_containers/hyperkube\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['interface']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edefault interface\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eeth1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['enable_firewall']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eEnable firewall\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['register_as']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eip\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['proxy_mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eWhich proxy mode to use: iptables or ipvs.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eiptables\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['use_sdn']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eUse sdn\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['sdn']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eType of sdn\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eweave\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['master']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ek8s master address\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e127.0.0.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_name']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ekubernetes\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_dns']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003ecluster dns\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10.222.222.222\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_domain']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster dns name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ekubernetes.local\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_cidr']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecidr\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e192.168.0.0/16\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['node_cidr_mask_size']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003ecidr mask size\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e24\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['use_cluster_dns_systemwide']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003edns systemwide\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['ssl']['keypairs']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003essl keypairs\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e['apiserver', 'ca']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['ssl']['ca']['public_key']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eca public_key path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['ssl']['ca']['private_key']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eca private_key path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['ssl']['apiserver']['public_key']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eapiserver public_key path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['ssl']['apiserver']['private_key']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eapiserver private_key path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubeconfig']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubeconfig path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/kubeconfig.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['tls_cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etls_cert_file path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['tls_private_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etls private key file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['client_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eclient_ca_file path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['requestheader_client_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eRoot certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_signing_cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster_signing_cert_file path\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cluster_signing_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['token_auth']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003etoken auth\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['token_auth_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etokens file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/known_tokens.csv\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['docker']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003epath to docker socket\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eunix:///var/run/docker.sock\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes'][cgroupdriver']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eDriver that the kubelet uses to manipulate cgroups on the host.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003esystemd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eHash\u003c/td\u003e\n    \u003ctd\u003efeature gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e'APIServerIdentity' =\u003e true, 'CronJobControllerV2' =\u003e true, 'CSIStorageCapacity' =\u003e true, 'CustomCPUCFSQuotaPeriod' =\u003e true, EphemeralContainers =\u003e true, 'GenericEphemeralVolume' =\u003e true, 'GracefulNodeShutdown' =\u003e true, 'ServiceTopology' =\u003e true, 'TTLAfterFinished' =\u003e true\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable audit\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['policy_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to the file that defines the audit policy configuration\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/audit-policy.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['log_path']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eIf set, all requests coming to the apiserver will be logged to this file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/log/kubernetes/audit.log\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['log_format']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eFormat of saved audits. \"legacy\" indicates 1-line text format for each event. \"json\" indicates structured json format\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ejson\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['log_mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eStrategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eblocking\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['log_maxbackup']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003eThe maximum number of old audit log files to retain\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e3\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit']['log_maxsize']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003eThe maximum size in megabytes of the audit log file before it gets rotated\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook']['enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable [audit webhook backend](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#webhook-backend)\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook']['config_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to a kubeconfig formatted file that defines the audit webhook configuration.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/audit-webhook.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook']['initial_backoff']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eThe amount of time to wait before retrying the first failed request.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eAPI group and version used for serializing audit events written to webhook.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eaudit.k8s.io/v1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook']['mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eStrategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking,blocking-strict.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ebatch\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['audit_webhook_config']['server']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eAudit server URL.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e''\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['packages']['storage_url']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003epackages storage\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ehttps://storage.googleapis.com/kubernetes-release/release/#{node['kubernetes']['version']}/bin/linux/amd64/\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['apiserver']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e1852bfe86cfa96959ece2db5c70847c4e6b993caf0799ecc0d11c788ed366a56\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['controller-manager']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e114e7d1b6ff44bab03ecc84959b76455372445b703661863a9f222bf710e35f0\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['proxy']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e7670939861baeeca598bdfcbebc8f7e48f1c6fa73983c4d3f549e894757d2d2f\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['scheduler']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ead44f1c248ce0b6c35b7c7c66567d6e8085f785a130a6a26fd238411088fab5b\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['kubectl']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e1bb4d3793fb0f9e1cfee86599e0f43ae5f15578a01b61011fe7c9488e114a00b\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['checksums']['kubelet']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003echecksum\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e688d1167c5a8b37bb5f10e330ba43c15092f1d35dcc25929e84484c41a20319d\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addon_manager']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eaddon_manager version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ev9.1.3\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['multimaster']['access_via']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etype of access\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ehaproxy\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['multimaster']['haproxy_url']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ehaproxy url\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e127.0.0.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['multimaster']['haproxy_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003ehaproxy port\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e6443\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['multimaster']['dns_name']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003emultimaster dns_name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cni']['plugins']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eHash\u003c/td\u003e\n    \u003ctd\u003ecni plugins\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eSee attributes/default.rb for this big hash\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['cni']['plugins_version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecni plugins version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.9.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['encryption']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eencryption\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eaescbc\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['node']['packages']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eHash\u003c/td\u003e\n    \u003ctd\u003edefault node packages\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eSee attributes/default.rb for more information\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### kubelet\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['config']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubelet init config\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/kubeletconfig.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['bootstrap_kubeconfig']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ebootstrap config\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/kubeconfig-bootstrap.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['cert_dir']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecert dir\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['kubeconfig'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubeconfig\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/kubelet.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['allow_privileged']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow run privileged pods\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['v'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInteger\u003c/td\u003e\n    \u003ctd\u003elog veribosity\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['network_plugin']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003enetwork plugin\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ecni\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['register_node']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eregister node\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['daemon_flags']['cni_cache_dir']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eThe full path of the directory in which CNI should store cache files.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/lib/cni/cache\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['staticPodPath']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003epod manifests\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/manifests\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['authentication']['x509']['clientCAFile']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eclient ca file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['authentication']['webhook']['enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable webhook\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['authentication']['webhook']['cacheTTL']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ewebhook cacheTTL\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2m0s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['authentication']['anonymous']['enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eanonymous auth\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efase\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['authorization']['mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eauth mode\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eWebhook\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['clusterDNS']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003earray of cluster dns ips\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_dns']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['featureGates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eHash\u003c/td\u003e\n    \u003ctd\u003ehash of feature gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['NodeStatusUpdateFrequency']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eNodeStatusUpdateFrequency\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e4s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['clusterDomain']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster domain\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_domain']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['imageGCLowThresholdPercent']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInteger\u003c/td\u003e\n    \u003ctd\u003eimageGCLowThresholdPercent\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e70\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['imageGCHighThresholdPercent']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInteger\u003c/td\u003e\n    \u003ctd\u003eimageGCHighThresholdPercent\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e80\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['failSwapOn']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003efailSwapOn\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['ReadOnlyPort']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInteger\u003c/td\u003e\n    \u003ctd\u003eReadOnlyPort\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10255\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['serverTLSBootstrap]\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eServer certificate bootstrap\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['rotateCertificates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eAuto rotate the kubelet client certificates by requesting new certificates from the kube-apiserver when the certificate expiration approaches\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['kubelet']['config']['topologyManagerScope']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eScope to which topology hints applied. Topology Manager collects hints from Hint Providers and applies them to defined scope to ensure the pod admission. Possible values: 'container', 'pod'.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003econtainer\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### crio\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eCRIO binary version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e1.15.2\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['endpoint']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to UNIX socket for crio daemon to listen\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/run/crio/crio.sock\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['runtime']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eOCI compatible runtime used for trusted container workloads.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/usr/local/bin/runc\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['untrusted_runtime']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eOCI compatible runtime used for untrusted container workloads.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/usr/local/bin/runsc\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['conmon']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to conmon binary\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/usr/local/bin/conmon\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['storage_driver']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eStorage driver\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eaufs\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['stream_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003ePort on which the stream server will listen\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10010\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['runroot']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to the \"run directory\". CRIO stores all of its state in this directory.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/run/containers/storage\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['root']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ePath to the \"root directory\". CRIO stores all of its data, including container images, in this directory.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/lib/containers/storage\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['config']['log_level']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eLog messages above specified level: debug, info, warn, error, fatal or panic\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003einfo\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['daemon_flags']['log_format']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eFormat used by logs\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etext\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['daemon_flags']['profile']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eEnable pprof remote profiler on localhost:6060\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['daemon_flags']['enable_metrics']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eEnable prometheus-compatible metrics endpoint for the server\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['crio']['daemon_flags']['metrics_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003ePort for the metrics endpoint\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e9090\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n\n###### addons\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['dns']['controller']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edns controller\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ecoredns\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['dns']['antiaffinity_type']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eantiaffinity type\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003epreferredDuringSchedulingIgnoredDuringExecution\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['dns']['antiaffinity_weight']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003eantiaffinity weight\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e100\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['dns_forward_max']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003edns forward max\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e150\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubedns version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e1.14.10\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['limits']['cpu']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubedns cpu limits\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e100m\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['limits']['memory']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubedns memory limits\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e170Mi\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['requests']['cpu']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubedns requests cpu\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e100m\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['kubedns']['requests']['memory']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubedns requests memory\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e70Mi\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecoredns version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e'1.8.0'\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['limits']['cpu']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecoredns cpu limits\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e100m\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['limits']['memory']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecoredns memory limits\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e256Mi\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['requests']['cpu']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecoredns cpu requests\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e100m\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['requests']['memory']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecoredns memory requests\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e256Mi\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['log']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable coredns log\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['coredns']['hosts']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003eEnable CoreDNS `hosts` pluging and add array elements as inline host entries\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e[]\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable node problem detector addon\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003enode problem detector version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.8.7\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['address']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eaddress to bind the node problem detector server\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.0.0.0\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003eport to bind the node problem detector server\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e20256\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['log_level']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003elog level for V logs\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['addons']['npd']['system_log_monitors']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003eList of paths to system log monitor config files\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e['/config/kernel-monitor.json', '/config/kernel-monitor-filelog.json', '/config/docker-monitor.json', '/config/docker-monitor-filelog.json']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### authorization\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['authorization']['admin_groups']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003eadmin groups\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e['admins']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['authorization']['mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eauthorization mode\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eNone,RBAC\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['authorization']['policies']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eArray\u003c/td\u003e\n    \u003ctd\u003eauth policies\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eSee attributes/authorization.rb\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### docker\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['built-in']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eenable built-in docker installation\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edefault daemon version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e19.03.12~3-0\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['deb_version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eDebian package version number format\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e5\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['settings']['storage-driver']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edefalt storage driver\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eaufs\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['settings']['live-restore']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003elive restore\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['settings']['iptables']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eiptables\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['docker']['settings']['ip-masq']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eip masq\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### etcd\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eversion\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ev3.4.14\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['image']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eimage\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003equay.io/coreos/etcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['trusted_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etrusted_ca_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['client_cert_auth']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eclient_cert_auth\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekey file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecert file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['peer_trusted_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etrusted ca\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['peer_client_cert_auth']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecert auth\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['peer_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekey file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['peer_cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecert file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['server_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003eserver port\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2380\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['client_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInt\u003c/td\u003e\n    \u003ctd\u003eclient port\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2379\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['interface']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eeth1\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003edefault etcd interface\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['data_dir']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003edata dir\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/lib/etcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['wal_dir']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ewal_dir\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/lib/etcd/member/wal\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['proto']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eproto\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ehttp\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['binary']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ebinary\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/usr/local/bin/etcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['user']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eetcd user\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eetcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['group']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eetcd group\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eetcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['initial_cluster_token']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003einitial cluster token\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eetcd-cluster\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['initial_cluster_state']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003einitial cluster state\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enew\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['role']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003erole name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eetcd\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['etcd']['default_service_name']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eSet default service name like etcd.service\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\n\u003c/table\u003e\n\n###### firewall\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['allow_ssh']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow_ssh\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['allow_loopback']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow loopback\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['allow_icmp']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow icmp\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['ubuntu_iptables']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eubuntu iptables\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003efalse\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['allow_established']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow established\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['firewall']['ipv6_enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eipv6_enabled\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003c/table\u003e\n\n###### weave\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eversion\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2.8.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['interface']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003einterfave\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eweave\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['use_scope']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003euse_scope\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['use_portmap']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003euse_portmap\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave'][no_masq_local]\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003epreserve the client source IP address when accessing Services\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['update_strategy']['type']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eupdate_strategy\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eRollingUpdate\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weave']['npc_enabled']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003etoggle weave-npc container\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weavescope']['version']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eweavespoce version\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.17.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['weavescope']['port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eweavescope port\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e4040\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### k8s_apiserver\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['bind_address']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ebind_address\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.0.0.0\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['secure_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eInteger\u003c/td\u003e\n    \u003ctd\u003esecure_port\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e8443\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['service_cluster_ip_range']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10.222.0.0/16\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['storage_backend']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003estorage_backend\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eetcd3\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['storage_media_type']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003estorage_media_type\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eapplication/vnd.kubernetes.protobuf\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['kubelet_https']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003ekubelet_https\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['kubelet_certificate_authority']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubelet_certificate_authority\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/ca.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api'][encryption_provider_config']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eThe file containing configuration for encryption providers to be used for storing secrets in etcd\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/encryption-config.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['kubelet_client_certificate']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubelet_client_certificate\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['kubelet_client_key']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ekubelet_client_key\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/ssl/apiserver-key.pem\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['kubelet_preferred_address_types']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eList of the preferred NodeAddressTypes to use for kubelet connections.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eInternalIP,ExternalIP,InternalDNS,ExternalDNS,Hostname\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['endpoint_reconciler_type']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eendpoint_reconciler_type\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003elease\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['etcd_certfile']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eetcd_certfile\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['etcd']['cert_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['etcd_keyfile']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eetcd_keyfile\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['etcd']['key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['etcd_cafile']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eetcd_cafile\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['etcd']['trusted_ca_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['etcd_healthcheck_timeout']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eDuration\u003c/td\u003e\n    \u003ctd\u003eThe timeout to use when checking etcd health.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['allow_privileged']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eallow privileged containers\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['authorization_mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eauthorization_mode\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['authorization']['mode']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['enable_bootstrap_token_auth']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003edefault nit, because option without params\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enil\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['tls_cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etls_cert_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['tls_cert_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['tls_private_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003etls_private_key_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['tls_private_key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['client_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eclient_ca_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['client_ca_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['service_account_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eservice_account_key_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['service_account_key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['service_account_signing_key_file']\u003c/tt\u003e\u003c/td\u003e\n\t\u003ctd\u003eString\u003c/td\u003e\n\t\u003ctd\u003ePath to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key.\u003c/td\u003e\n\t\u003ctd\u003e\u003ctt\u003enode['kubernetes']['service_account_key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['api_audiences']\u003c/tt\u003e\u003c/td\u003e\n\t\u003ctd\u003eString\u003c/td\u003e\n\t\u003ctd\u003eIdentifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. If the --service-account-issuer flag is configured and this flag is not, this field defaults to a single element list containing the issuer URL.\u003c/td\u003e\n\t\u003ctd\u003e\u003ctt\u003eapi\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['service_account_extend_token_expiration']\u003c/tt\u003e\u003c/td\u003e\n\t\u003ctd\u003eBoolean\u003c/td\u003e\n\t\u003ctd\u003eTurns on projected service account expiration extension during token generation, which helps safe transition from legacy token to bound service account token feature. If this flag is enabled, admission injected tokens would be extended up to 1 year to prevent unexpected failure during transition, ignoring value of service-account-max-token-expiration.\u003c/td\u003e\n\t\u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api'][service_account_issuer]\u003c/tt\u003e\u003c/td\u003e\n\t\u003ctd\u003eString\u003c/td\u003e\n\t\u003ctd\u003eIdentifier of the service account token issuer. The issuer will assert this identifier in \"iss\" claim of issued tokens. This value is a string or URI. If this option is not a valid URI per the OpenID Discovery 1.0 spec, the ServiceAccountIssuerDiscovery feature will remain disabled, even if the feature gate is set to true. It is highly recommended that this value comply with the OpenID spec: https://openid.net/specs/openid-connect-discovery-1_0.html. In practice, this means that service-account-issuer must be an https URL. It is also highly recommended that this URL be capable of serving OpenID discovery documents at {service-account-issuer}/.well-known/openid-configuration.\u003c/td\u003e\n\t\u003ctd\u003e\u003ctt\u003ekubernetes/serviceaccount\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['log_dir']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003elog_dir\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/var/log/kubernetes\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['audit_log_compress']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eIf set, the rotated log files will be compressed using gzip.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003efeature_gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['api']['enable_admission_plugins']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eplugins separated by comma\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003eDefaultStorageClass, DefaultTolerationSeconds, LimitRanger, MutatingAdmissionWebhook, NamespaceLifecycle, NodeRestriction, PersistentVolumeClaimResize, Priority, ResourceQuota, ServiceAccount, TaintNodesByCondition, ValidatingAdmissionWebhook\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### k8s_controller\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['secure_port'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003eThe port on which to serve HTTPS with authentication and authorization.If 0, don't serve HTTPS at all.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10257\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['leader_elect']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eleader_elect\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['cluster_cidr']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster cird\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_cidr']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['cluster_name']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster name\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_name']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['service_account_private_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eservice_account_key_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['service_account_key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['cluster_signing_cert_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster_signing_cert_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_signing_cert_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['cluster_signing_key_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003ecluster_signing_key_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['cluster_signing_key_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['root_ca_file']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eroot_ca_file\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['client_ca_file']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['master'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003emaster\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ehttp://127.0.0.1:#{node['kubernetes']['api']['insecure_port']}\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003efeature_gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['node_monitor_period']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003enode_monitor_period\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e2s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['node_monitor_grace_period']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003enode_monitor_grace_period\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e16s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['pod_eviction_timeout']  \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003epod_eviction_timeout\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e30s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['horizontal_pod_autoscaler_sync_period']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eThe period for syncing the number of pods in horizontal pod autoscaler\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e30s\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['controller_manager']['horizontal_pod_autoscaler_tolerance']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFloat\u003c/td\u003e\n    \u003ctd\u003eThe minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e0.1\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### k8s_proxy\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['proxy']['kubeconfig']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003epath to config\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e/etc/kubernetes/system:kube-proxy_config.yaml\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['proxy']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eHash\u003c/td\u003e\n    \u003ctd\u003ehash of feature gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['proxy']['global']['metrics_port']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003eThe port to bind the metrics server. Use 0 to disable\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10249\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['proxy']['global']['detect_local_mode']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003eMode to use to detect local traffic\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10249\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n###### scheduler\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003cth\u003eKey\u003c/th\u003e\n    \u003cth\u003eType\u003c/th\u003e\n    \u003cth\u003eDescription\u003c/th\u003e\n    \u003cth\u003eDefault\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['scheduler']['secure_port'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eFixnum\u003c/td\u003e\n    \u003ctd\u003eThe port on which to serve HTTPS with authentication and authorization.If 0, don't serve HTTPS at all.\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003e10259\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['scheduler']['leader_elect'] \u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eBoolean\u003c/td\u003e\n    \u003ctd\u003eleader_elect\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003etrue\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['scheduler']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003efeature_gates\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003enode['kubernetes']['feature_gates']\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003ctt\u003e['kubernetes']['scheduler']['master']\u003c/tt\u003e\u003c/td\u003e\n    \u003ctd\u003eString\u003c/td\u003e\n    \u003ctd\u003emaster\u003c/td\u003e\n    \u003ctd\u003e\u003ctt\u003ehttp://127.0.0.1:#{node['kubernetes']['api']['insecure_port']}\u003c/tt\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n\n## Usage\n\n### Certificates\n\nCreate ssl certificates for k8s.\n\n```\ncd ./lib/tasks/ssl\ncp config_example.yaml config.yaml\nbundler\nrake ca:generate\nrake apiserver:generate\n```\n\nAll keys will be generated at `./ssl` folder.\n\nAfter cluster installation weave pods can contain error about:\n```\nFATA: 2018/03/15 19:51:39.168435 [kube-peers] Could not get peers: Get https://192.168.128.1:443/api/v1/nodes:\nx509: certificate is valid for 127.0.0.1, 10.222.0.1, not 192.168.128.1\n\n```\n\nAdd `192.168.128.1` to `ssl/tasks/config.yaml` and recreate and upload new `apiserver-key.pem` and `apiserver.pem`\n\n### Prepare your data_bag\n\nYou need to create `kubernetes` data_bag in chef server.\n\nThen add next files:\n* apiserver_ssl\n* ca_ssl\n* encryption_keys\n* users\n\n###### Structure:\n`apiserver_ssl`\n```JSON\n{\n  \"id\": \"apiserver_ssl\",\n  \"private_key\": \"PUT apiserver-key.pem HERE\",\n  \"public_key\": \"PUT apiserver.pem HERE\"\n}\n```\n\n`ca_ssl`\n```JSON\n{\n  \"id\": \"ca_ssl\",\n  \"private_key\": \"PUT ca-key.pem HERE\",\n  \"public_key\": \"PUT ca.pem HERE\"\n}\n```\n\n`encryption_keys`\n```JSON\n{\n  \"id\": \"encryption_keys\",\n  \"aescbc\": [\n    {\n      \"name\": \"key1\",\n      \"secret\": \"baiBu8ais4bu3uRohqu6och5yai4wai8\"\n    }\n  ]\n}\n```\n\n`users`\n```JSON\n{\n  \"id\": \"users\",\n  \"users\": [\n    {\n      \"name\": \"exampleuser\",\n      \"token\": \"aenup6io4ciath7yaxu0vie6guaSie6goi3ahri0eemui3Ieghu4tuhaa3kisohv\",\n      \"uid\": \"10001\",\n      \"groups\": [\n        \"admins\"\n      ]\n    },\n    {\n      \"name\": \"kubelet-bootstrap\",\n      \"token\": \"nieJi3ooGh1ohy8sheowee7ohghei3Xaebeeve8Ooch3omex4cho2xuexuuzeeva\",\n      \"uid\": \"10100\",\n      \"groups\": [\n        \"system:bootstrappers\"\n      ]\n    },\n    {\n      \"name\": \"kubelet\",\n      \"token\": \"ieT5Oogecah6geengaeyai3ohNg6Fiecha6iemaifithah2ui3oChaixeThi5Shi\",\n      \"uid\": \"10101\",\n      \"groups\": [\n        \"kubelet\",\n        \"system:nodes\"\n      ]\n    },\n    {\n      \"name\": \"system:kube-proxy\",\n      \"token\": \"ka2thaijaek0oophoothahbahyaiphe6ahteegieyae8il9XohveeJahn3Aizohy\",\n      \"uid\": \"10102\",\n      \"groups\": [\n        \"system:node-proxier\"\n      ]\n    },\n    {\n      \"name\": \"system:kube-scheduler\",\n      \"token\": \"MoN7ohz2Aebeep2eeneGhie5Hikop9iroSahyezohchuthi8Iu1iVaetae5xaj3W\",\n      \"uid\": \"10103\",\n      \"groups\": [\n        \"system:kube-scheduler\"\n      ]\n    },\n    {\n      \"name\": \"system:kube-controller-manager\",\n      \"token\": \"waiKahbeegh3ooco0oa2oodi7mei5Sahboomahdaedu2ieha2queen0Aiwera7ui\",\n      \"uid\": \"10104\",\n      \"groups\": [\n        \"system:kube-controller-manager\"\n      ]\n    },\n    {\n      \"name\": \"evlms:addon-manager\",\n      \"token\": \"heiyais8Dolee8ma5toh8meetee8Ooyaecixoobai3quoo0phu2iife5ahkoo0ei\",\n      \"uid\": \"10105\",\n      \"groups\": [\n        \"system:masters\"\n      ]\n    }\n  ]\n}\n```\n\n### kubernetes::etcd\n\nRun `kubernetes::etcd` recipe or role on your nodes. Run it twice for normal `chef search`.\n\nOr you can add role without `kubernetes::etcd` for first servers registration in chef.\n\n```\nname 'etcd'\ndescription 'Etcd cluster node'\noverride_attributes(\n  'etcd' =\u003e {\n    initial_cluster_state: 'new',\n    initial_cluster_token: 'etcd-test-cluster',\n    wal_dir: '/var/lib/etcd/member/wal'\n  }\n)\nrun_list 'recipe[kubernetes::etcd]'\n```\n\n\n### kubernetes::master\n\nInclude `kubernetes::master` in your master node's `run_list`:\n\n```json\n{\n  \"run_list\": [\n    \"recipe[kubernetes::master]\"\n  ]\n}\n```\n\nOr role:\n```\nname 'kubernetes_master'\ndescription 'Kubernetes master node'\nrun_list 'recipe[kubernetes::master]'\noverride_attributes(\n  docker: {\n    build_in_enable: false\n  },\n  kubernetes: {\n    cluster_name: 'evilms',\n    cluster_dns: ['192.168.222.222'],\n    cluster_cidr: '192.168.0.0/17',\n    api: {\n      'service_cluster_ip_range' =\u003e '192.168.128.0/17'\n    },\n    dns: { deploy_via: 'deployment' },\n    token_auth: true,\n    addons: {\n      kubedns: {\n        node_selector: 'evl.ms/role=system'\n      },\n      coredns: {\n        node_selector: 'evl.ms/role=system',\n        requests: {\n          cpu: '200m'\n        },\n        limits: {\n          cpu: '200m'\n        }\n      },\n      dns: {\n        controller: 'coredns',\n        antiaffinity_type: 'requiredDuringSchedulingIgnoredDuringExecution'\n      }\n    }\n  }\n)\n```\n\nIf you use master nodes without minions on them add `kubernetes::packages` to you run_list.\n\nAnd add master node to role `kube_master`.\nThis is **obligatory** in multinode configuration - minions uses role to find master.\n\n### kubernetes::default\n\nInclude `kubernetes::default` in your minion node's `run_list`:\n\n```json\n{\n  \"run_list\": [\n    \"recipe[kubernetes]\"\n  ]\n}\n```\n\nOr role:\n```\nname 'kubernetes_node'\ndescription 'kubernetes node'\n#run_list 'recipe[kubernetes]'\nrun_list 'recipe[kubernetes]'\noverride_attributes(\n  kubernetes: {\n    cluster_name: 'evilms',\n    cluster_dns: ['192.168.222.222'],\n    token_auth: true,\n    api:   { 'service_cluster_ip_range' =\u003e '192.168.128.0/17' },\n    weave: {\n      network: '192.168.0.0/17',\n      use_scope: false\n    }\n  }\n)\n```\n\nIf you use custom docker installation you can disable built-in docker installation\n```\ndocker: {\n  'built-in' =\u003e false\n}\n```\nAlso you can use [CRIO](http://cri-o.io/) as a container runtime interface:\n```\nkubernetes: {\n  'container_runtime': 'crio'\n}\n```\nDon't forget to run ```docker rm -f `docker ps -aq` ``` after successful CRIO installation.\n\n### Dashboard\nStarting from release 1.11.0 we are no more ships [kubernetes-dashboard](https://github.com/kubernetes/dashboard/) with cookbook. From now on we recommends to use [helm](https://github.com/kubernetes/helm) and install [kubernetes-dashboard](https://github.com/kubernetes/dashboard/) from [official chart](https://github.com/kubernetes/charts/tree/master/stable/kubernetes-dashboard).\n\n## License and Authors\n\nLicense:: http://bregor.mit-license.org\n\nAuthor:: Maxim Filatov (\u003cbregor@evilmartians.com\u003e)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilmartians%2Fchef-kubernetes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevilmartians%2Fchef-kubernetes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilmartians%2Fchef-kubernetes/lists"}