Merge pull request #3344 from woopstar/kubeadm-minor-fix
Sync manifests from non-kubeadm to kubeadm deploypull/3348/head
commit
e47eeb67ee
|
@ -68,9 +68,18 @@ apiServerExtraArgs:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
||||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
|
repair-malformed-updates: "false"
|
||||||
|
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||||
|
{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=') %}
|
||||||
|
anonymous-auth: "{{ kube_api_anonymous_auth }}"
|
||||||
|
{% endif %}
|
||||||
{% if kube_basic_auth|default(true) %}
|
{% if kube_basic_auth|default(true) %}
|
||||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_token_auth|default(true) %}
|
||||||
|
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
|
||||||
|
{% endif %}
|
||||||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
||||||
oidc-issuer-url: {{ kube_oidc_url }}
|
oidc-issuer-url: {{ kube_oidc_url }}
|
||||||
oidc-client-id: {{ kube_oidc_client_id }}
|
oidc-client-id: {{ kube_oidc_client_id }}
|
||||||
|
@ -92,6 +101,13 @@ apiServerExtraArgs:
|
||||||
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
allow-privileged: "true"
|
allow-privileged: "true"
|
||||||
|
{% if kubernetes_audit %}
|
||||||
|
audit-log-path: "{{ audit_log_path }}"
|
||||||
|
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||||
|
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||||
|
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||||
|
audit-policy-file: {{ audit_policy_file }}
|
||||||
|
{% endif %}
|
||||||
{% for key in kube_kubeadm_apiserver_extra_args %}
|
{% for key in kube_kubeadm_apiserver_extra_args %}
|
||||||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
|
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -102,19 +118,21 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% for key in kube_kubeadm_controller_extra_args %}
|
||||||
|
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||||
|
{% endfor %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
controllerManagerExtraVolumes:
|
controllerManagerExtraVolumes:
|
||||||
- name: openstackcacert
|
- name: openstackcacert
|
||||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for key in kube_kubeadm_controller_extra_args %}
|
|
||||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
|
||||||
{% endfor %}
|
|
||||||
schedulerExtraArgs:
|
schedulerExtraArgs:
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -60,9 +60,18 @@ apiServerExtraArgs:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
||||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
|
repair-malformed-updates: "false"
|
||||||
|
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||||
|
{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=') %}
|
||||||
|
anonymous-auth: "{{ kube_api_anonymous_auth }}"
|
||||||
|
{% endif %}
|
||||||
{% if kube_basic_auth|default(true) %}
|
{% if kube_basic_auth|default(true) %}
|
||||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_token_auth|default(true) %}
|
||||||
|
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
|
||||||
|
{% endif %}
|
||||||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
||||||
oidc-issuer-url: {{ kube_oidc_url }}
|
oidc-issuer-url: {{ kube_oidc_url }}
|
||||||
oidc-client-id: {{ kube_oidc_client_id }}
|
oidc-client-id: {{ kube_oidc_client_id }}
|
||||||
|
@ -101,9 +110,13 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% for key in kube_kubeadm_controller_extra_args %}
|
||||||
|
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||||
|
{% endfor %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
controllerManagerExtraVolumes:
|
controllerManagerExtraVolumes:
|
||||||
- name: openstackcacert
|
- name: openstackcacert
|
||||||
|
@ -122,10 +135,8 @@ apiServerExtraVolumes:
|
||||||
writable: true
|
writable: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for key in kube_kubeadm_controller_extra_args %}
|
|
||||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
|
||||||
{% endfor %}
|
|
||||||
schedulerExtraArgs:
|
schedulerExtraArgs:
|
||||||
|
profiling: "{{ kube_profiling }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -33,7 +33,7 @@ spec:
|
||||||
- --audit-log-maxage={{ audit_log_maxage }}
|
- --audit-log-maxage={{ audit_log_maxage }}
|
||||||
- --audit-log-maxbackup={{ audit_log_maxbackups }}
|
- --audit-log-maxbackup={{ audit_log_maxbackups }}
|
||||||
- --audit-log-maxsize={{ audit_log_maxsize }}
|
- --audit-log-maxsize={{ audit_log_maxsize }}
|
||||||
- --audit-policy-file={{ audit_policy_file }}
|
- --audit-policy-file={{ audit_policy_file }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
|
||||||
- --etcd-servers={{ etcd_access_addresses }}
|
- --etcd-servers={{ etcd_access_addresses }}
|
||||||
|
@ -58,16 +58,16 @@ spec:
|
||||||
- --admission-control={{ kube_apiserver_admission_control | join(',') }}
|
- --admission-control={{ kube_apiserver_admission_control | join(',') }}
|
||||||
{% else %}
|
{% else %}
|
||||||
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
|
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
|
||||||
- --enable-admission-plugins={{ kube_apiserver_enable_admission_plugins | join(',') }}
|
- --enable-admission-plugins={{ kube_apiserver_enable_admission_plugins | join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
|
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
|
||||||
- --disable-admission-plugins={{ kube_apiserver_disable_admission_plugins | join(',') }}
|
- --disable-admission-plugins={{ kube_apiserver_disable_admission_plugins | join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --service-cluster-ip-range={{ kube_service_addresses }}
|
- --service-cluster-ip-range={{ kube_service_addresses }}
|
||||||
- --service-node-port-range={{ kube_apiserver_node_port_range }}
|
- --service-node-port-range={{ kube_apiserver_node_port_range }}
|
||||||
- --client-ca-file={{ kube_cert_dir }}/ca.pem
|
- --client-ca-file={{ kube_cert_dir }}/ca.pem
|
||||||
- --profiling=false
|
- --profiling={{ kube_profiling }}
|
||||||
- --repair-malformed-updates=false
|
- --repair-malformed-updates=false
|
||||||
- --kubelet-client-certificate={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem
|
- --kubelet-client-certificate={{ kube_cert_dir }}/node-{{ inventory_hostname }}.pem
|
||||||
- --kubelet-client-key={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem
|
- --kubelet-client-key={{ kube_cert_dir }}/node-{{ inventory_hostname }}-key.pem
|
||||||
|
|
|
@ -37,7 +37,7 @@ spec:
|
||||||
- --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
|
- --node-monitor-grace-period={{ kube_controller_node_monitor_grace_period }}
|
||||||
- --node-monitor-period={{ kube_controller_node_monitor_period }}
|
- --node-monitor-period={{ kube_controller_node_monitor_period }}
|
||||||
- --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
|
- --pod-eviction-timeout={{ kube_controller_pod_eviction_timeout }}
|
||||||
- --profiling=false
|
- --profiling={{ kube_profiling }}
|
||||||
- --terminated-pod-gc-threshold=12500
|
- --terminated-pod-gc-threshold=12500
|
||||||
- --v={{ kube_log_level }}
|
- --v={{ kube_log_level }}
|
||||||
{% if rbac_enabled %}
|
{% if rbac_enabled %}
|
||||||
|
|
|
@ -32,7 +32,7 @@ spec:
|
||||||
- --use-legacy-policy-config
|
- --use-legacy-policy-config
|
||||||
- --policy-config-file={{ kube_config_dir }}/kube-scheduler-policy.yaml
|
- --policy-config-file={{ kube_config_dir }}/kube-scheduler-policy.yaml
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --profiling=false
|
- --profiling={{ kube_profiling }}
|
||||||
- --v={{ kube_log_level }}
|
- --v={{ kube_log_level }}
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
- --feature-gates={{ kube_feature_gates|join(',') }}
|
- --feature-gates={{ kube_feature_gates|join(',') }}
|
||||||
|
|
|
@ -26,6 +26,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||||
{% if kubelet_authorization_mode_webhook %}
|
{% if kubelet_authorization_mode_webhook %}
|
||||||
--authorization-mode=Webhook \
|
--authorization-mode=Webhook \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
--enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} \
|
||||||
--client-ca-file={{ kube_cert_dir }}/ca.crt \
|
--client-ca-file={{ kube_cert_dir }}/ca.crt \
|
||||||
--pod-manifest-path={{ kube_manifest_dir }} \
|
--pod-manifest-path={{ kube_manifest_dir }} \
|
||||||
--cadvisor-port={{ kube_cadvisor_port }} \
|
--cadvisor-port={{ kube_cadvisor_port }} \
|
||||||
|
|
|
@ -147,6 +147,9 @@ dynamic_kubelet_configuration_dir: "{{ kubelet_config_dir | default(default_kube
|
||||||
# Aggregator
|
# Aggregator
|
||||||
kube_api_aggregator_routing: false
|
kube_api_aggregator_routing: false
|
||||||
|
|
||||||
|
# Profiling
|
||||||
|
kube_profiling: false
|
||||||
|
|
||||||
# Container for runtime
|
# Container for runtime
|
||||||
container_manager: docker
|
container_manager: docker
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue