Use K8s 1.15 (#4905)
* Use K8s 1.15 * Use Kubernetes 1.15 and use kubeadm.k8s.io/v1beta2 for InitConfiguration. * bump to v1.15.0 * Remove k8s 1.13 checksums. * Update README kubernetes version 1.15.0. * Update metrics server 0.3.3 for k8s 1.15 * Remove less than k8s 1.14 related code * Use kubeadm with --upload-certs instead of --experimental-upload-certs due to depricate * Update dnsautoscaler 1.6.0 * Skip certificateKey if it's not defined * Add kubeadm-conftolplane.v2beta2 for k8s 1.15 or later * Support kubeadm control plane for k8s 1.15 * Update sonobuoy version 0.15.0 for k8s 1.15pull/4940/head
parent
e89b47c7ee
commit
f2b8a3614d
|
@ -108,7 +108,7 @@ Supported Components
|
|||
--------------------
|
||||
|
||||
- Core
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.3
|
||||
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.15.0
|
||||
- [etcd](https://github.com/coreos/etcd) v3.3.10
|
||||
- [docker](https://www.docker.com/) v18.06 (see note)
|
||||
- [cri-o](http://cri-o.io/) v1.11.5 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
|
||||
|
|
|
@ -20,7 +20,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
|
|||
kube_api_anonymous_auth: true
|
||||
|
||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||
kube_version: v1.14.3
|
||||
kube_version: v1.15.0
|
||||
|
||||
# kubernetes image repo define
|
||||
kube_image_repo: "gcr.io/google-containers"
|
||||
|
|
|
@ -48,7 +48,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{ groups['kub
|
|||
image_arch: "{{host_architecture | default('amd64')}}"
|
||||
|
||||
# Versions
|
||||
kube_version: v1.14.3
|
||||
kube_version: v1.15.0
|
||||
kubeadm_version: "{{ kube_version }}"
|
||||
etcd_version: v3.3.10
|
||||
|
||||
|
@ -100,84 +100,42 @@ crictl_checksums:
|
|||
# Checksums
|
||||
hyperkube_checksums:
|
||||
arm:
|
||||
v1.15.0: d923c781031bfd97d0fbe50311e4d7c3616aa5b6d466b99049931f09d73d07b9
|
||||
v1.14.3: 3fac785261bcf79f7a80b12c4a1dda893ce8c0879caf57b36d4701730671b574
|
||||
v1.14.2: 6929a59850c8702c04d62cd343d1143b17456da040f32317e09f8c25a08d2346
|
||||
v1.14.1: 839a4abfeafbd5f5ab057ad0e8a0b0b488b3cde14a646eba040a7f579875f565
|
||||
v1.14.0: d090b1da23564a7e9bb8f1f4264f2116536c52611ae203fe2ca13eaad0a8003e
|
||||
v1.13.7: 48e0b381b8a01580dc0627dc52f67617c54c7b78451b46b4cc86d5fa0d5ee1f2
|
||||
v1.13.6: ec8dcfeb11e5ff9cb30873a0c2f0c75274eff5c916623ccdbb64533a1f0d3d67
|
||||
v1.13.5: 0bc1ecec81f94212a44427a8d9e717a523ea09d45886e641796fb20f41028b2f
|
||||
v1.13.4: 2530212d807b00c94109b84be42a7baaea97ba91e6bb6c8bca03ab3d5c343c4c
|
||||
v1.13.3: 4051e88174fedc0ea643466081ca461d9d175f714594dbe5208559fed0c4ae49
|
||||
v1.13.2: a981aa0950e86a4380526a3a53f465ce013b95f6d9d8139a9df4a6406b67316f
|
||||
v1.13.1: 1880ba36aae85474bcea42be0bf37dfa70eb23dd71eb8e956c474e004343f5a4
|
||||
v1.13.0: 41c05bf9b0272322fc947760030c21907c21dd8a88576b20cdb110003e818b8f
|
||||
arm64:
|
||||
v1.15.0: 824af7d925b87a5ade63575b98b59ee81005fc76eac1dc399602308d7a60bc3c
|
||||
v1.14.3: f29211d668cbcf1aa415dfa64aad95ffc53b5410482a23cddb680caec4e907a3
|
||||
v1.14.2: 959fb7d9c17fc8f7cb1a69920aaf08aefd62c0fbf6b5bdc46250f147ea6a5cd4
|
||||
v1.14.1: d5236efc2547fd07c7cc2ed9345dfbcd1204385847ca686cf1c62d15056de399
|
||||
v1.14.0: 708e00a41f6516d525dee00c91ebe3c3bf2feaf9b7f0af7689487e3e17e356c2
|
||||
v1.13.7: 5fc44231eb96d3a30c9001c6c64b28efb8db9015dcec1baf5032272cc6b674ca
|
||||
v1.13.6: 71cef67197517e22ee0cba1ca047905b9578e2cb1f6b7e43cefbf15d14ac3099
|
||||
v1.13.5: 8ffd84ba0cb6382a0ff96000458db8a83c92cac09458defe8496f0f0e155a6a8
|
||||
v1.13.4: b9e909e388634d103fe5376aafa313bed5e69293383b0c740de4fe8e18d42d12
|
||||
v1.13.3: 588037923b7f4090f5f7a3de23ea49a10345295f0b39bd0c1ebdaa24eaa76731
|
||||
v1.13.2: 7f2c2b0c6dcc81102a89fa41957db214416fc8a0cfae664fc0e150a7d3ad337b
|
||||
v1.13.1: 66205d99ec93090c6d814ab1de7c38cd84257d3dcf3a957618fad5878caea13d
|
||||
v1.13.0: 4391ea0d8d472c1737f1ce945756bf2a11395c708824c780d1a44fbddf031e59
|
||||
amd64:
|
||||
v1.15.0: 3cc72cc58517b97c608c7a59a20255675bc70f07217c9e11e58cac7746139283
|
||||
v1.14.3: 6c6cb5c118b2129ba4e56697f42567be3587eb636a477cd342b69f87b3b049d1
|
||||
v1.14.2: 05546057f2053e085fa8387ab82581c95fe4195cd783408ccbb4fc3487c50176
|
||||
v1.14.1: fb34b98da9325feca8daa09bb934dbe6a533aad69c2a5599bbed81b99bb9c267
|
||||
v1.14.0: af8b04504365dbe4ce6a1772f42eb390d4221a21149b522fc8a0c4b1cd3d97aa
|
||||
v1.13.7: 972cb9424d7d83660ea96e572520ecb76baecca0dacf61ed8896bcf46a9f63c9
|
||||
v1.13.6: 66ea574972d8b7dbe637e2f435f6b881895bc300fb532302587c0da30e47f2ae
|
||||
v1.13.5: 1a8a357ebfeab8ec62d0c6f11b59df1a93d6711c3a16e1501da32b55c144c73a
|
||||
v1.13.4: 6f2d755a350efec8b3b29e0ddf8362f60475cc10d42dea37f8f2159f7776867b
|
||||
v1.13.3: b238c772b5e4b9deed0cdc695fe86324660d037b38c6d6d7eeae7d7a657840c7
|
||||
v1.13.2: f159b587ec80ad03bf3b9bb09de5d64b773d01b0e34f2a4f1c816879c56aae6d
|
||||
v1.13.1: f64c4328d3853f3e5680e7d296b0f3ed25e67ff98321867309edea100ebb4fd7
|
||||
v1.13.0: 754f1baae5dc2ba29afc66e1f5d3b676ee59cd5c40ccce813092408d53bde3d9
|
||||
kubeadm_checksums:
|
||||
arm:
|
||||
v1.15.0: 9464030a1d4e101de5f47348f3514d5a9eb95cbce2e5e31f53ada1ca485cf75e
|
||||
v1.14.3: 270b8c346aeaa309d11d65695c4a90f6bff5b1ea14bdec3c417ca2dfb3de0db3
|
||||
v1.14.2: d2a59269aa68a4bace2a80b247b6f9a82f0542ec3004185fb0ba86e181fdfb29
|
||||
v1.14.1: 4bd111411208f1270ed3af8780b87d24a3c17c9fdbe4b0f8c7a9a21cd765543e
|
||||
v1.14.0: 11f2cfa8bf7ee177dbac8073ab0f039dc265536baaa8dc0c4dea699f981f6fd1
|
||||
v1.13.7: 13f6cac67616c2a0d54cb8ae46df67e98d0beab0633ff1f6a9188cb07eaf1b7a
|
||||
v1.13.6: 0e56c8b804263b0fca1ad2de06e6f0da3471e43f9839702564fa39c415badf74
|
||||
v1.13.5: 3eb413c6e7f3fc84ca81de2f725bae8618c65d92a50c6e1e89ce157828ca588c
|
||||
v1.13.4: 9281b57f0e62330b3905774e38dfad7430d0d54c50cd2a0f87e6c993bb784b17
|
||||
v1.13.3: 77afb511c895bc6fb0d2ee3198a0c15d89c0f19bf91fb1fb6274634e3e147d4a
|
||||
v1.13.2: 5bf5d766050245abde802fdea77a85586ce1477e538bcc4fa618bba854c18980
|
||||
v1.13.1: c92bc8672a31158e33489ec9285d0a5546cb5be5bdfdb8cd424fff08439fff9c
|
||||
v1.13.0: a35e9248fccddb3f2381fd3695c889a576e9ecc63f2b3c9bb0e8daf0308427ef
|
||||
arm64:
|
||||
v1.15.0: fe3c79070814fe847a23209b1027672fe5c5e7e5c9611e329225058926836f96
|
||||
v1.14.3: 8edcc07c65f81eea3fc47cd237dd6560c6907c5e0ca52d71eab53ca1164e7d01
|
||||
v1.14.2: bff0712b87796509129aa802ad3ac25b8cc83af01762b22b4dcca8dbdb26b520
|
||||
v1.14.1: 5cf05464168e45ee4719264a267c65f9319fae1ceb9923fedab97a9d6a629e0b
|
||||
v1.14.0: 7ed9d706e50cd6d3fc618a7af3d19b691b8a5343ddedaeccb4ea09af3ecfae2c
|
||||
v1.13.7: 372b33754f4dea201b9db559b2178a833dccd3393cd1a2beefd56ee761a5548d
|
||||
v1.13.6: 62ae7f2ad28026d4bd006b0307820db08b99e28787ec46641361be281d3f381f
|
||||
v1.13.5: 59a1995c171e5c1e74f5d02657eb2c155706f2d159ec1847b64dc866228c40d2
|
||||
v1.13.4: 4de71d4cfa4dc64127148d48f3a1a1fa7ea24cf0c4fa42957459d0e7f9c03799
|
||||
v1.13.3: bef1cbc2d199d32a1a31e70b864dc539b24e3c1cb87b50a1295cf03bec4832b0
|
||||
v1.13.2: 08279a3bfeff8c4f6768d6fd92ceff8276a555f9e81bf9d541112fc8eb29963e
|
||||
v1.13.1: 0f5c2c8a1ffe235785c0a38c9a6530d3d9e67b00e9a07c9d5dca4c36ede2e078
|
||||
v1.13.0: efc2669952b05161e181f0805bb0647308891259528a4868e69f4b1b68c70489
|
||||
amd64:
|
||||
v1.15.0: fc4aa44b96dc143d7c3062124e25fed671cab884ebb8b2446edd10abb45e88c2
|
||||
v1.14.3: 026700dfff3c78be1295417e96d882136e5e1f095eb843e6575e57ef9930b5d3
|
||||
v1.14.2: 77510f61352bb6e537e70730b670627963f2c314fbd36a644b0c435b97e9705a
|
||||
v1.14.1: c4fc478572b5623857f5d820e1c107ae02049ca02cf2993e512a091a0196957b
|
||||
v1.14.0: 03678f49ee4737f8b8c4f59ace0d140a36ffbc4f6035c59561f59f45b57d0c93
|
||||
v1.13.7: f591b4d9aade0ed9c54d097caad5c9a936b78fef7180d6436d3595fe6a984a7b
|
||||
v1.13.6: 347a84461040ea9898ef1e12813abc22c4259b78ac27a87f64908bceca50dbb4
|
||||
v1.13.5: 274bf887039a9993e30f96047a4a474c39e8471c4094acb75aea6beed793f079
|
||||
v1.13.4: c4300d1f3ebccad48c8e267e45a736c7d227b0e45ef36582fa8dcfe2ef7b1b10
|
||||
v1.13.3: ab767ea53e45aceba628977ef6c8c62eace72d6d232efeaf35ac50cbea5f3739
|
||||
v1.13.2: 7cb0ce57c1e6e2d85e05de3780a2f35a191fe93f89cfc5816b424efcf39834b9
|
||||
v1.13.1: 438173bfa0b7014ecae994c5b9e1f27e1328ab971a3fdb06a393a8095a176ba0
|
||||
v1.13.0: f5366206416dc4cfc840a7add2289957b56ccc479cc1b74f7397a4df995d6b06
|
||||
crictl_binary_checksums:
|
||||
amd64:
|
||||
v1.14.0: 483c90a9fe679590df4332ba807991c49232e8cd326c307c575ecef7fe22327b
|
||||
|
@ -282,7 +240,7 @@ nodelocaldns_version: "1.15.1"
|
|||
nodelocaldns_image_repo: "k8s.gcr.io/k8s-dns-node-cache"
|
||||
nodelocaldns_image_tag: "{{ nodelocaldns_version }}"
|
||||
|
||||
dnsautoscaler_version: 1.4.0
|
||||
dnsautoscaler_version: 1.6.0
|
||||
dnsautoscaler_image_repo: "k8s.gcr.io/cluster-proportional-autoscaler-{{ image_arch }}"
|
||||
dnsautoscaler_image_tag: "{{ dnsautoscaler_version }}"
|
||||
test_image_repo: docker.io/busybox
|
||||
|
@ -299,7 +257,7 @@ registry_image_repo: "docker.io/registry"
|
|||
registry_image_tag: "2.6"
|
||||
registry_proxy_image_repo: "gcr.io/google_containers/kube-registry-proxy"
|
||||
registry_proxy_image_tag: "0.4"
|
||||
metrics_server_version: "v0.3.2"
|
||||
metrics_server_version: "v0.3.3"
|
||||
metrics_server_image_repo: "gcr.io/google_containers/metrics-server-amd64"
|
||||
metrics_server_image_tag: "{{ metrics_server_version }}"
|
||||
local_volume_provisioner_image_repo: "quay.io/external_storage/local-volume-provisioner"
|
||||
|
|
|
@ -1,28 +1,10 @@
|
|||
{% if kube_version is version('v1.12.0', '>=') %}
|
||||
{% if kube_version is version('v1.12.0', '>=') and kube_version is version('v1.13.0', '<') %}
|
||||
apiVersion: kubeadm.k8s.io/v1alpha3
|
||||
{% else %}
|
||||
apiVersion: kubeadm.k8s.io/v1beta1
|
||||
{% endif %}
|
||||
kind: InitConfiguration
|
||||
nodeRegistration:
|
||||
criSocket: {{ cri_socket }}
|
||||
---
|
||||
{% endif %}
|
||||
{% if kube_version is version('v1.11.0', '<') %}
|
||||
apiVersion: kubeadm.k8s.io/v1alpha1
|
||||
{% elif kube_version is version('v1.11.0', '>=') and kube_version is version('v1.12.0', '<') %}
|
||||
apiVersion: kubeadm.k8s.io/v1alpha2
|
||||
{% elif kube_version is version('v1.12.0', '>=') and kube_version is version('v1.13.0', '<') %}
|
||||
apiVersion: kubeadm.k8s.io/v1alpha3
|
||||
{% else %}
|
||||
apiVersion: kubeadm.k8s.io/v1beta1
|
||||
{% endif %}
|
||||
{% if kube_version is version('v1.12.0', '<') %}
|
||||
kind: MasterConfiguration
|
||||
{% else %}
|
||||
kind: ClusterConfiguration
|
||||
{% endif %}
|
||||
imageRepository: {{ kube_image_repo }}
|
||||
kubernetesVersion: {{ kube_version }}
|
||||
etcd:
|
||||
|
@ -31,7 +13,3 @@ etcd:
|
|||
{% for endpoint in etcd_access_addresses.split(',') %}
|
||||
- {{ endpoint }}
|
||||
{% endfor %}
|
||||
{% if kube_version is version('v1.12.0', '<') %}
|
||||
nodeRegistration:
|
||||
criSocket: {{ cri_socket }}
|
||||
{% endif %}
|
||||
|
|
|
@ -132,53 +132,6 @@
|
|||
- inventory_hostname == groups['kube-master'][0]
|
||||
tags: node-webhook
|
||||
|
||||
- name: Check if vsphere-cloud-provider ClusterRole exists
|
||||
command: "{{ bin_dir }}/kubectl get clusterroles system:vsphere-cloud-provider"
|
||||
register: vsphere_cloud_provider
|
||||
ignore_errors: true
|
||||
when:
|
||||
- rbac_enabled
|
||||
- cloud_provider is defined
|
||||
- cloud_provider == 'vsphere'
|
||||
- kube_version is version('v1.9.0', '>=')
|
||||
- kube_version is version('v1.9.3', '<=')
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
tags: vsphere
|
||||
|
||||
- name: Write vsphere-cloud-provider ClusterRole manifest
|
||||
template:
|
||||
src: "vsphere-rbac.yml.j2"
|
||||
dest: "{{ kube_config_dir }}/vsphere-rbac.yml"
|
||||
register: vsphere_rbac_manifest
|
||||
when:
|
||||
- rbac_enabled
|
||||
- cloud_provider is defined
|
||||
- cloud_provider == 'vsphere'
|
||||
- vsphere_cloud_provider.rc is defined
|
||||
- vsphere_cloud_provider.rc != 0
|
||||
- kube_version is version('v1.9.0', '>=')
|
||||
- kube_version is version('v1.9.3', '<=')
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
tags: vsphere
|
||||
|
||||
- name: Apply vsphere-cloud-provider ClusterRole
|
||||
kube:
|
||||
name: "system:vsphere-cloud-provider"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "clusterrolebinding"
|
||||
filename: "{{ kube_config_dir }}/vsphere-rbac.yml"
|
||||
state: latest
|
||||
when:
|
||||
- rbac_enabled
|
||||
- cloud_provider is defined
|
||||
- cloud_provider == 'vsphere'
|
||||
- vsphere_cloud_provider.rc is defined
|
||||
- vsphere_cloud_provider.rc != 0
|
||||
- kube_version is version('v1.9.0', '>=')
|
||||
- kube_version is version('v1.9.3', '<=')
|
||||
- inventory_hostname == groups['kube-master'][0]
|
||||
tags: vsphere
|
||||
|
||||
- include_tasks: oci.yml
|
||||
tags: oci
|
||||
when:
|
||||
|
|
|
@ -38,25 +38,6 @@
|
|||
command: "{{ bin_dir }}/kubeadm version -o short"
|
||||
register: kubeadm_output
|
||||
|
||||
- name: sets kubeadm api version to v1alpha1
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1alpha1
|
||||
when: kubeadm_output.stdout is version('v1.11.0', '<')
|
||||
|
||||
- name: sets kubeadm api version to v1alpha2
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1alpha2
|
||||
when:
|
||||
- kubeadm_output.stdout is version('v1.11.0', '>=')
|
||||
- kubeadm_output.stdout is version('v1.12.0', '<')
|
||||
|
||||
- name: sets kubeadm api version to v1alpha3
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1alpha3
|
||||
when:
|
||||
- kubeadm_output.stdout is version('v1.12.0', '>=')
|
||||
- kubeadm_output.stdout is version('v1.13.0', '<')
|
||||
|
||||
- name: sets kubeadm api version to v1beta1
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1beta1
|
||||
|
|
|
@ -96,12 +96,8 @@ kube_apiserver_admission_control:
|
|||
- ServiceAccount
|
||||
- DefaultStorageClass
|
||||
- PersistentVolumeClaimResize
|
||||
- >-
|
||||
{%- if kube_version is version('v1.9', '<') -%}
|
||||
GenericAdmissionWebhook
|
||||
{%- else -%}
|
||||
MutatingAdmissionWebhook,ValidatingAdmissionWebhook
|
||||
{%- endif -%}
|
||||
- MutatingAdmissionWebhook
|
||||
- ValidatingAdmissionWebhook
|
||||
- ResourceQuota
|
||||
|
||||
# 1.10+ admission plugins
|
||||
|
|
|
@ -30,8 +30,13 @@
|
|||
command: >-
|
||||
{{ bin_dir }}/kubeadm init phase
|
||||
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
||||
upload-certs --experimental-upload-certs
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
upload-certs
|
||||
{% if kubeadm_version is version('v1.15.0', '<') %}
|
||||
--experimental-upload-certs
|
||||
{% else %}
|
||||
--upload-certs
|
||||
{% endif %}
|
||||
{% if kubeadm_certificate_key is defined and kubeadm_version is version('v1.15.0', '<') %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
{% endif %}
|
||||
register: kubeadm_upload_cert
|
||||
|
@ -52,7 +57,7 @@
|
|||
{{ bin_dir }}/kubeadm join
|
||||
--config {{ kube_config_dir }}/kubeadm-controlplane.yaml
|
||||
--ignore-preflight-errors=all
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
{% if kubeadm_certificate_key is defined and kubeadm_version is version('v1.15.0', '<') %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
{% endif %}
|
||||
register: kubeadm_join_control_plane
|
||||
|
|
|
@ -109,10 +109,14 @@
|
|||
--ignore-preflight-errors=all
|
||||
--skip-phases=addon/coredns
|
||||
{% if kubeadm_version is version('v1.14.0', '>=') %}
|
||||
{% if kubeadm_version is version('v1.15.0', '<') %}
|
||||
--experimental-upload-certs
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
--certificate-key={{ kubeadm_certificate_key }}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
--upload-certs
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
register: kubeadm_init
|
||||
# Retry is because upload config sometimes fails
|
||||
|
|
|
@ -3,25 +3,16 @@
|
|||
command: "{{ bin_dir }}/kubeadm version -o short"
|
||||
register: kubeadm_output
|
||||
|
||||
- name: sets kubeadm api version to v1alpha2
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1alpha2
|
||||
when:
|
||||
- kubeadm_output.stdout is version('v1.11.0', '>=')
|
||||
- kubeadm_output.stdout is version('v1.12.0', '<')
|
||||
|
||||
- name: sets kubeadm api version to v1alpha3
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1alpha3
|
||||
when:
|
||||
- kubeadm_output.stdout is version('v1.12.0', '>=')
|
||||
- kubeadm_output.stdout is version('v1.13.0', '<')
|
||||
|
||||
- name: sets kubeadm api version to v1beta1
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1beta1
|
||||
when: kubeadm_output.stdout is version('v1.13.0', '>=')
|
||||
|
||||
- name: sets kubeadm api version to v1beta2
|
||||
set_fact:
|
||||
kubeadmConfig_api_version: v1beta2
|
||||
when: kubeadm_output.stdout is version('v1.15.0', '>=')
|
||||
|
||||
- name: kubeadm | Create kubeadm config
|
||||
template:
|
||||
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
|
||||
|
|
|
@ -1,235 +0,0 @@
|
|||
apiVersion: kubeadm.k8s.io/v1alpha2
|
||||
kind: MasterConfiguration
|
||||
api:
|
||||
{% if kubeadm_config_api_fqdn is defined %}
|
||||
controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}
|
||||
bindPort: {{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
||||
{% else %}
|
||||
advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }}
|
||||
bindPort: {{ kube_apiserver_port }}
|
||||
{% endif %}
|
||||
etcd:
|
||||
external:
|
||||
endpoints:
|
||||
{% for endpoint in etcd_access_addresses.split(',') %}
|
||||
- {{ endpoint }}
|
||||
{% endfor %}
|
||||
caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
|
||||
certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
|
||||
keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
|
||||
networking:
|
||||
dnsDomain: {{ dns_domain }}
|
||||
serviceSubnet: {{ kube_service_addresses }}
|
||||
podSubnet: {{ kube_pods_subnet }}
|
||||
kubernetesVersion: {{ kube_version }}
|
||||
kubeProxy:
|
||||
config:
|
||||
mode: {{ kube_proxy_mode }}
|
||||
{% if kube_proxy_nodeport_addresses %}
|
||||
nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
|
||||
{% endif %}
|
||||
resourceContainer: ""
|
||||
authorizationModes:
|
||||
{% for mode in authorization_modes %}
|
||||
- {{ mode }}
|
||||
{% endfor %}
|
||||
apiServerExtraArgs:
|
||||
bind-address: {{ kube_apiserver_bind_address }}
|
||||
{% if kube_apiserver_insecure_port|string != "0" %}
|
||||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
|
||||
{% endif %}
|
||||
insecure-port: "{{ kube_apiserver_insecure_port }}"
|
||||
{% if kube_version is version('v1.10', '<') %}
|
||||
admission-control: {{ kube_apiserver_admission_control | join(',') }}
|
||||
{% else %}
|
||||
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
|
||||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
|
||||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
apiserver-count: "{{ kube_apiserver_count }}"
|
||||
{% if kube_version is version('v1.9', '>=') %}
|
||||
endpoint-reconciler-type: lease
|
||||
{% endif %}
|
||||
{% if etcd_events_cluster_enabled %}
|
||||
etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
|
||||
{% endif %}
|
||||
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
request-timeout: "{{ kube_apiserver_request_timeout }}"
|
||||
repair-malformed-updates: "false"
|
||||
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||
{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %}
|
||||
anonymous-auth: "{{ kube_api_anonymous_auth }}"
|
||||
{% endif %}
|
||||
{% if kube_basic_auth|default(true) %}
|
||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
||||
{% endif %}
|
||||
{% if kube_token_auth|default(true) %}
|
||||
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
|
||||
{% endif %}
|
||||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
||||
oidc-issuer-url: {{ kube_oidc_url }}
|
||||
oidc-client-id: {{ kube_oidc_client_id }}
|
||||
{% if kube_oidc_ca_file is defined %}
|
||||
oidc-ca-file: {{ kube_oidc_ca_file }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_username_claim is defined %}
|
||||
oidc-username-claim: {{ kube_oidc_username_claim }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_groups_claim is defined %}
|
||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_username_prefix is defined %}
|
||||
oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
|
||||
{% endif %}
|
||||
{% if kube_oidc_groups_prefix is defined %}
|
||||
oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if kube_webhook_token_auth|default(false) %}
|
||||
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
{% endif %}
|
||||
{% if kube_encrypt_secret_data %}
|
||||
experimental-encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
|
||||
{% endif %}
|
||||
storage-backend: {{ kube_apiserver_storage_backend }}
|
||||
{% if kube_api_runtime_config is defined %}
|
||||
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
||||
{% endif %}
|
||||
allow-privileged: "true"
|
||||
{% if kubernetes_audit %}
|
||||
audit-log-path: "{{ audit_log_path }}"
|
||||
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||
audit-policy-file: {{ audit_policy_file }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_apiserver_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
|
||||
configure-cloud-routes: "true"
|
||||
{% endif %}
|
||||
controllerManagerExtraArgs:
|
||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_controller_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||
controllerManagerExtraVolumes:
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %}
|
||||
- name: openstackcacert
|
||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
|
||||
apiServerExtraVolumes:
|
||||
{% if kube_basic_auth|default(true) %}
|
||||
- name: basic-auth-config
|
||||
hostPath: {{ kube_users_dir }}
|
||||
mountPath: {{ kube_users_dir }}
|
||||
{% endif %}
|
||||
{% if kube_token_auth|default(true) %}
|
||||
- name: token-auth-config
|
||||
hostPath: {{ kube_token_dir }}
|
||||
mountPath: {{ kube_token_dir }}
|
||||
{% endif %}
|
||||
{% if kube_webhook_token_auth|default(false) %}
|
||||
- name: webhook-token-auth-config
|
||||
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
{% endif %}
|
||||
{% if kubernetes_audit %}
|
||||
- name: {{ audit_policy_name }}
|
||||
hostPath: {{ audit_policy_hostpath }}
|
||||
mountPath: {{ audit_policy_mountpath }}
|
||||
{% if audit_log_path != "-" %}
|
||||
- name: {{ audit_log_name }}
|
||||
hostPath: {{ audit_log_hostpath }}
|
||||
mountPath: {{ audit_log_mountpath }}
|
||||
writable: true
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath: {{ dir }}
|
||||
mountPath: {{ dir }}
|
||||
writable: false
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
schedulerExtraArgs:
|
||||
profiling: "{{ kube_profiling }}"
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% if volume_cross_zone_attachment %}
|
||||
policy-config-file: {{ kube_config_dir }}/kube-scheduler-policy.yaml
|
||||
{% endif %}
|
||||
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
|
||||
{% for key in kube_kubeadm_scheduler_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
apiServerCertSANs:
|
||||
{% for san in apiserver_sans %}
|
||||
- {{ san }}
|
||||
{% endfor %}
|
||||
certificatesDir: {{ kube_cert_dir }}
|
||||
imageRepository: {{ kube_image_repo }}
|
||||
unifiedControlPlaneImage: ""
|
||||
nodeRegistration:
|
||||
{% if kube_override_hostname|default('') %}
|
||||
name: {{ kube_override_hostname }}
|
||||
{% endif %}
|
||||
{% if inventory_hostname not in groups['kube-node'] %}
|
||||
taints:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
{% else %}
|
||||
taints: {}
|
||||
{% endif %}
|
||||
criSocket: {{ cri_socket }}
|
||||
{% if dynamic_kubelet_configuration %}
|
||||
featureGates:
|
||||
DynamicKubeletConfig: true
|
||||
{% endif %}
|
|
@ -93,15 +93,11 @@ apiServer:
|
|||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
|
||||
{% endif %}
|
||||
insecure-port: "{{ kube_apiserver_insecure_port }}"
|
||||
{% if kube_version is version('v1.10', '<') %}
|
||||
admission-control: {{ kube_apiserver_admission_control | join(',') }}
|
||||
{% else %}
|
||||
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
|
||||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
|
||||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
apiserver-count: "{{ kube_apiserver_count }}"
|
||||
{% if kube_version is version('v1.9', '>=') %}
|
||||
|
@ -231,11 +227,7 @@ controllerManager:
|
|||
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||
{% if kube_version is version('v1.14', '<') %}
|
||||
address: {{ kube_controller_manager_bind_address }}
|
||||
{% else %}
|
||||
bind-address: {{ kube_controller_manager_bind_address }}
|
||||
{% endif %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
|
@ -272,11 +264,7 @@ controllerManager:
|
|||
{% endif %}
|
||||
scheduler:
|
||||
extraArgs:
|
||||
{% if kube_version is version('v1.14', '<') %}
|
||||
address: {{ kube_scheduler_bind_address }}
|
||||
{% else %}
|
||||
bind-address: {{ kube_scheduler_bind_address }}
|
||||
{% endif %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
|
|
|
@ -1,22 +1,29 @@
|
|||
apiVersion: kubeadm.k8s.io/v1alpha3
|
||||
apiVersion: kubeadm.k8s.io/v1beta2
|
||||
kind: InitConfiguration
|
||||
apiEndpoint:
|
||||
localAPIEndpoint:
|
||||
advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }}
|
||||
bindPort: {{ kube_apiserver_port }}
|
||||
{% if kubeadm_certificate_key is defined %}
|
||||
certificateKey: {{ kubeadm_certificate_key }}
|
||||
{% endif %}
|
||||
nodeRegistration:
|
||||
{% if kube_override_hostname|default('') %}
|
||||
name: {{ kube_override_hostname }}
|
||||
{% endif %}
|
||||
{% if inventory_hostname not in groups['kube-node'] %}
|
||||
{% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
|
||||
taints:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
{% else %}
|
||||
taints: {}
|
||||
taints: []
|
||||
{% endif %}
|
||||
{% if container_manager == 'crio' %}
|
||||
criSocket: /var/run/crio/crio.sock
|
||||
{% else %}
|
||||
criSocket: /var/run/dockershim.sock
|
||||
{% endif %}
|
||||
criSocket: {{ cri_socket }}
|
||||
---
|
||||
apiVersion: kubeadm.k8s.io/v1alpha3
|
||||
apiVersion: kubeadm.k8s.io/v1beta2
|
||||
kind: ClusterConfiguration
|
||||
clusterName: {{ cluster_name }}
|
||||
etcd:
|
||||
|
@ -38,212 +45,208 @@ controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.po
|
|||
{% else %}
|
||||
controlPlaneEndpoint: {{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}
|
||||
{% endif %}
|
||||
apiServerCertSANs:
|
||||
{% for san in apiserver_sans %}
|
||||
- {{ san }}
|
||||
{% endfor %}
|
||||
certificatesDir: {{ kube_cert_dir }}
|
||||
imageRepository: {{ kube_image_repo }}
|
||||
unifiedControlPlaneImage: ""
|
||||
apiServerExtraArgs:
|
||||
useHyperKubeImage: false
|
||||
apiServer:
|
||||
extraArgs:
|
||||
{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %}
|
||||
anonymous-auth: "{{ kube_api_anonymous_auth }}"
|
||||
anonymous-auth: "{{ kube_api_anonymous_auth }}"
|
||||
{% endif %}
|
||||
authorization-mode: {{ authorization_modes | join(',') }}
|
||||
bind-address: {{ kube_apiserver_bind_address }}
|
||||
authorization-mode: {{ authorization_modes | join(',') }}
|
||||
bind-address: {{ kube_apiserver_bind_address }}
|
||||
{% if kube_apiserver_insecure_port|string != "0" %}
|
||||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
|
||||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
|
||||
{% endif %}
|
||||
insecure-port: "{{ kube_apiserver_insecure_port }}"
|
||||
{% if kube_version is version('v1.10', '<') %}
|
||||
admission-control: {{ kube_apiserver_admission_control | join(',') }}
|
||||
{% else %}
|
||||
insecure-port: "{{ kube_apiserver_insecure_port }}"
|
||||
{% if kube_apiserver_enable_admission_plugins|length > 0 %}
|
||||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
|
||||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% if kube_apiserver_disable_admission_plugins|length > 0 %}
|
||||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
|
||||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
apiserver-count: "{{ kube_apiserver_count }}"
|
||||
apiserver-count: "{{ kube_apiserver_count }}"
|
||||
{% if kube_version is version('v1.9', '>=') %}
|
||||
endpoint-reconciler-type: lease
|
||||
endpoint-reconciler-type: lease
|
||||
{% endif %}
|
||||
{% if etcd_events_cluster_enabled %}
|
||||
etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
|
||||
etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
|
||||
{% endif %}
|
||||
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
request-timeout: "{{ kube_apiserver_request_timeout }}"
|
||||
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
request-timeout: "{{ kube_apiserver_request_timeout }}"
|
||||
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||
{% if kube_basic_auth|default(true) %}
|
||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
||||
{% endif %}
|
||||
{% if kube_token_auth|default(true) %}
|
||||
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
|
||||
token-auth-file: {{ kube_token_dir }}/known_tokens.csv
|
||||
{% endif %}
|
||||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
||||
oidc-issuer-url: {{ kube_oidc_url }}
|
||||
oidc-client-id: {{ kube_oidc_client_id }}
|
||||
oidc-issuer-url: {{ kube_oidc_url }}
|
||||
oidc-client-id: {{ kube_oidc_client_id }}
|
||||
{% if kube_oidc_ca_file is defined %}
|
||||
oidc-ca-file: {{ kube_oidc_ca_file }}
|
||||
oidc-ca-file: {{ kube_oidc_ca_file }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_username_claim is defined %}
|
||||
oidc-username-claim: {{ kube_oidc_username_claim }}
|
||||
oidc-username-claim: {{ kube_oidc_username_claim }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_groups_claim is defined %}
|
||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
||||
{% endif %}
|
||||
{% if kube_oidc_username_prefix is defined %}
|
||||
oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
|
||||
oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
|
||||
{% endif %}
|
||||
{% if kube_oidc_groups_prefix is defined %}
|
||||
oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
|
||||
oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if kube_webhook_token_auth|default(false) %}
|
||||
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
{% endif %}
|
||||
{% if kube_encrypt_secret_data %}
|
||||
experimental-encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
|
||||
encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
|
||||
{% endif %}
|
||||
storage-backend: {{ kube_apiserver_storage_backend }}
|
||||
storage-backend: {{ kube_apiserver_storage_backend }}
|
||||
{% if kube_api_runtime_config is defined %}
|
||||
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
||||
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
||||
{% endif %}
|
||||
allow-privileged: "true"
|
||||
allow-privileged: "true"
|
||||
{% if kubernetes_audit %}
|
||||
audit-log-path: "{{ audit_log_path }}"
|
||||
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||
audit-policy-file: {{ audit_policy_file }}
|
||||
audit-log-path: "{{ audit_log_path }}"
|
||||
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||
audit-policy-file: {{ audit_policy_file }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_apiserver_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
|
||||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
controllerManagerExtraArgs:
|
||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
|
||||
{% if kube_version is version('v1.14', '<') %}
|
||||
address: {{ kube_controller_manager_bind_address }}
|
||||
{% else %}
|
||||
bind-address: {{ kube_controller_manager_bind_address }}
|
||||
{% endif %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_controller_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
schedulerExtraArgs:
|
||||
{% if kube_version is version('v1.14', '<') %}
|
||||
address: {{ kube_scheduler_bind_address }}
|
||||
{% else %}
|
||||
bind-address: {{ kube_scheduler_bind_address }}
|
||||
{% endif %}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
|
||||
{% for key in kube_kubeadm_scheduler_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
|
||||
apiServerExtraVolumes:
|
||||
extraVolumes:
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% if kube_basic_auth|default(true) %}
|
||||
- name: basic-auth-config
|
||||
hostPath: {{ kube_users_dir }}
|
||||
mountPath: {{ kube_users_dir }}
|
||||
- name: basic-auth-config
|
||||
hostPath: {{ kube_users_dir }}
|
||||
mountPath: {{ kube_users_dir }}
|
||||
{% endif %}
|
||||
{% if kube_token_auth|default(true) %}
|
||||
- name: token-auth-config
|
||||
hostPath: {{ kube_token_dir }}
|
||||
mountPath: {{ kube_token_dir }}
|
||||
- name: token-auth-config
|
||||
hostPath: {{ kube_token_dir }}
|
||||
mountPath: {{ kube_token_dir }}
|
||||
{% endif %}
|
||||
{% if kube_webhook_token_auth|default(false) %}
|
||||
- name: webhook-token-auth-config
|
||||
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
- name: webhook-token-auth-config
|
||||
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||
{% endif %}
|
||||
{% if kubernetes_audit %}
|
||||
- name: {{ audit_policy_name }}
|
||||
hostPath: {{ audit_policy_hostpath }}
|
||||
mountPath: {{ audit_policy_mountpath }}
|
||||
- name: {{ audit_policy_name }}
|
||||
hostPath: {{ audit_policy_hostpath }}
|
||||
mountPath: {{ audit_policy_mountpath }}
|
||||
{% if audit_log_path != "-" %}
|
||||
- name: {{ audit_log_name }}
|
||||
hostPath: {{ audit_log_hostpath }}
|
||||
mountPath: {{ audit_log_mountpath }}
|
||||
writable: true
|
||||
- name: {{ audit_log_name }}
|
||||
hostPath: {{ audit_log_hostpath }}
|
||||
mountPath: {{ audit_log_mountpath }}
|
||||
readOnly: false
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% for volume in apiserver_extra_volumes %}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
writable: {{ volume.writable | default(false)}}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
|
||||
{% endfor %}
|
||||
{% if ssl_ca_dirs|length %}
|
||||
{% for dir in ssl_ca_dirs %}
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath: {{ dir }}
|
||||
mountPath: {{ dir }}
|
||||
writable: false
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||
hostPath: {{ dir }}
|
||||
mountPath: {{ dir }}
|
||||
readOnly: true
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
certSANs:
|
||||
{% for san in apiserver_sans %}
|
||||
- {{ san }}
|
||||
{% endfor %}
|
||||
timeoutForControlPlane: 5m0s
|
||||
controllerManager:
|
||||
extraArgs:
|
||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||
node-cidr-mask-size: "{{ kube_network_node_prefix }}"
|
||||
profiling: "{{ kube_profiling }}"
|
||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
|
||||
bind-address: {{ kube_controller_manager_bind_address }}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_controller_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
cloud-provider: {{cloud_provider}}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
|
||||
configure-cloud-routes: "false"
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
|
||||
controllerManagerExtraVolumes:
|
||||
extraVolumes:
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||
- name: openstackcacert
|
||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
- name: openstackcacert
|
||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||
{% endif %}
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
- name: cloud-config
|
||||
hostPath: {{ kube_config_dir }}/cloud_config
|
||||
mountPath: {{ kube_config_dir }}/cloud_config
|
||||
{% endif %}
|
||||
{% for volume in controller_manager_extra_volumes %}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
writable: {{ volume.writable | default(false)}}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
scheduler:
|
||||
extraArgs:
|
||||
bind-address: {{ kube_scheduler_bind_address }}
|
||||
{% if kube_feature_gates %}
|
||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||
{% endif %}
|
||||
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
|
||||
{% for key in kube_kubeadm_scheduler_extra_args %}
|
||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
extraVolumes:
|
||||
{% if scheduler_extra_volumes %}
|
||||
schedulerExtraVolumes:
|
||||
extraVolumes:
|
||||
{% for volume in scheduler_extra_volumes %}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
writable: {{ volume.writable | default(false)}}
|
||||
- name: {{ volume.name }}
|
||||
hostPath: {{ volume.hostPath }}
|
||||
mountPath: {{ volume.mountPath }}
|
||||
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
---
|
||||
|
@ -259,7 +262,6 @@ clientConnection:
|
|||
clusterCIDR: {{ kube_pods_subnet }}
|
||||
configSyncPeriod: {{ kube_proxy_config_sync_period }}
|
||||
conntrack:
|
||||
max: {{ kube_proxy_conntrack_max }}
|
||||
maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
|
||||
min: {{ kube_proxy_conntrack_min }}
|
||||
tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
|
||||
|
@ -273,7 +275,7 @@ iptables:
|
|||
minSyncPeriod: {{ kube_proxy_min_sync_period }}
|
||||
syncPeriod: {{ kube_proxy_sync_period }}
|
||||
ipvs:
|
||||
excludeCIDRs: {{ "[]" if kube_proxy_exclude_cidrs is not defined or kube_proxy_exclude_cidrs == "null" or kube_proxy_exclude_cidrs | length == 0 else (kube_proxy_exclude_cidrs if kube_proxy_exclude_cidrs[0] == '[' else ("[" + kube_proxy_exclude_cidrs + "]" if (kube_proxy_exclude_cidrs[0] | length) == 1 else "[" + kube_proxy_exclude_cidrs | join(",") + "]")) }}
|
||||
excludeCIDRs: {{ kube_proxy_exclude_cidrs }}
|
||||
minSyncPeriod: {{ kube_proxy_min_sync_period }}
|
||||
scheduler: {{ kube_proxy_scheduler }}
|
||||
syncPeriod: {{ kube_proxy_sync_period }}
|
|
@ -0,0 +1,25 @@
|
|||
apiVersion: kubeadm.k8s.io/v1beta2
|
||||
kind: JoinConfiguration
|
||||
discovery:
|
||||
bootstrapToken:
|
||||
{% if kubeadm_config_api_fqdn is defined %}
|
||||
apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
|
||||
{% else %}
|
||||
apiServerEndpoint: {{ kubeadm_discovery_address | replace("https://", "")}}
|
||||
{% endif %}
|
||||
token: {{ kubeadm_token }}
|
||||
unsafeSkipCAVerification: true
|
||||
timeout: {{ discovery_timeout }}
|
||||
tlsBootstrapToken: {{ kubeadm_token }}
|
||||
controlPlane:
|
||||
localAPIEndpoint:
|
||||
advertiseAddress: {{ kube_apiserver_address }}
|
||||
bindPort: {{ kube_apiserver_port }}
|
||||
certificateKey: {{ kubeadm_certificate_key }}
|
||||
nodeRegistration:
|
||||
name: {{ kube_override_hostname|default(inventory_hostname) }}
|
||||
{% if container_manager == 'crio' %}
|
||||
criSocket: /var/run/crio/crio.sock
|
||||
{% else %}
|
||||
criSocket: /var/run/dockershim.sock
|
||||
{% endif %}
|
|
@ -75,9 +75,6 @@ kube_override_hostname: >-
|
|||
{{ inventory_hostname }}
|
||||
{%- endif -%}
|
||||
|
||||
# cAdvisor port
|
||||
kube_cadvisor_port: 0
|
||||
|
||||
# The read-only port for the Kubelet to serve on with no authentication/authorization.
|
||||
kube_read_only_port: 0
|
||||
|
||||
|
|
|
@ -29,17 +29,6 @@
|
|||
- kubelet
|
||||
- kubeadm
|
||||
|
||||
- name: Write kubelet environment config file (kubeadm)
|
||||
template:
|
||||
src: "kubelet.env.j2"
|
||||
dest: "{{ kube_config_dir }}/kubelet.env"
|
||||
backup: yes
|
||||
notify: restart kubelet
|
||||
when: kubeadm_output.stdout is version('v1.13.0', '<')
|
||||
tags:
|
||||
- kubelet
|
||||
- kubeadm
|
||||
|
||||
- name: Write kubelet config file
|
||||
template:
|
||||
src: "kubelet-config.{{ kubeadmConfig_api_version }}.yaml.j2"
|
||||
|
|
|
@ -1,133 +0,0 @@
|
|||
### Upstream source https://github.com/kubernetes/release/blob/master/debian/xenial/kubeadm/channel/stable/etc/systemd/system/kubelet.service.d/
|
||||
### All upstream values should be present in this file
|
||||
|
||||
# logging to stderr means we get it in the systemd journal
|
||||
KUBE_LOGTOSTDERR="--logtostderr=true"
|
||||
KUBE_LOG_LEVEL="--v={{ kube_log_level }}"
|
||||
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
|
||||
KUBELET_ADDRESS="--address={{ kubelet_bind_address }} --node-ip={{ kubelet_address }}"
|
||||
# The port for the info server to serve on
|
||||
# KUBELET_PORT="--port=10250"
|
||||
{% if kube_override_hostname|default('') %}
|
||||
# You may leave this blank to use the actual hostname
|
||||
KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
||||
{% endif %}
|
||||
{# Base kubelet args #}
|
||||
{% set kubelet_args_base -%}
|
||||
{# start kubeadm specific settings #}
|
||||
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
|
||||
--kubeconfig={{ kube_config_dir }}/kubelet.conf \
|
||||
{% if kube_version is version('v1.8', '<') %}
|
||||
--require-kubeconfig \
|
||||
{% endif %}
|
||||
{% if kubelet_authentication_token_webhook %}
|
||||
--authentication-token-webhook \
|
||||
{% endif %}
|
||||
{% if kubelet_authorization_mode_webhook %}
|
||||
--authorization-mode=Webhook \
|
||||
{% endif %}
|
||||
--enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} \
|
||||
--client-ca-file={{ kube_cert_dir }}/ca.crt \
|
||||
{% if kubelet_rotate_certificates %}
|
||||
--rotate-certificates \
|
||||
{% endif %}
|
||||
--pod-manifest-path={{ kube_manifest_dir }} \
|
||||
{% if kube_version is version('v1.12.0', '<') %}
|
||||
--cadvisor-port={{ kube_cadvisor_port }} \
|
||||
{% endif %}
|
||||
{# end kubeadm specific settings #}
|
||||
--pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \
|
||||
--node-status-update-frequency={{ kubelet_status_update_frequency }} \
|
||||
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \
|
||||
--max-pods={{ kubelet_max_pods }} \
|
||||
{% if container_manager == 'docker' and kube_version is version('v1.12.0', '<') %}
|
||||
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
||||
{% endif %}
|
||||
{% if container_manager != 'docker' %}
|
||||
--container-runtime=remote \
|
||||
--container-runtime-endpoint={{ cri_socket }} \
|
||||
{% endif %}
|
||||
--anonymous-auth=false \
|
||||
--read-only-port={{ kube_read_only_port }} \
|
||||
{% if kube_version is version('v1.8', '<') %}
|
||||
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
||||
{% else %}
|
||||
--fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
||||
{% endif %}
|
||||
{% if dynamic_kubelet_configuration %}
|
||||
--dynamic-config-dir={{ dynamic_kubelet_configuration_dir }} \
|
||||
{% endif %}
|
||||
--runtime-cgroups={{ kubelet_runtime_cgroups }} --kubelet-cgroups={{ kubelet_kubelet_cgroups }} \
|
||||
{% endset %}
|
||||
|
||||
{# Node reserved CPU/memory #}
|
||||
{% if is_kube_master|bool %}
|
||||
{% set kube_reserved %}--kube-reserved cpu={{ kube_master_cpu_reserved }},memory={{ kube_master_memory_reserved|regex_replace('Mi', 'M') }}{% endset %}
|
||||
{% else %}
|
||||
{% set kube_reserved %}--kube-reserved cpu={{ kube_cpu_reserved }},memory={{ kube_memory_reserved|regex_replace('Mi', 'M') }}{% endset %}
|
||||
{% endif %}
|
||||
|
||||
{# DNS settings for kubelet #}
|
||||
{% if dns_mode == 'coredns' %}
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }}{% endset %}
|
||||
{% elif dns_mode == 'coredns_dual' %}
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }},{{ skydns_server_secondary }}{% endset %}
|
||||
{% elif dns_mode == 'manual' %}
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ manual_dns_server }}{% endset %}
|
||||
{% else %}
|
||||
{% set kubelet_args_cluster_dns %}{% endset %}
|
||||
{% endif %}
|
||||
{% if enable_nodelocaldns %}
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ nodelocaldns_ip }}{% endset %}
|
||||
{% endif %}
|
||||
{% set kubelet_args_dns %}{{ kubelet_args_cluster_dns }} --cluster-domain={{ dns_domain }} --resolv-conf={{ kube_resolv_conf }}{% endset %}
|
||||
|
||||
{# Kubelet node labels #}
|
||||
{% set role_node_labels = [] %}
|
||||
{% if nvidia_gpu_nodes is defined and nvidia_accelerator_enabled|bool %}
|
||||
{% if inventory_hostname in nvidia_gpu_nodes %}
|
||||
{% set dummy = role_node_labels.append('nvidia.com/gpu=true') %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% set inventory_node_labels = [] %}
|
||||
{% if node_labels is defined %}
|
||||
{% if node_labels is mapping %}
|
||||
{% for labelname, labelvalue in node_labels.items() %}
|
||||
{% set dummy = inventory_node_labels.append('%s=%s'|format(labelname, labelvalue)) %}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for label in node_labels.split(",") %}
|
||||
{% set dummy = inventory_node_labels.append(label) %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% set all_node_labels = role_node_labels + inventory_node_labels %}
|
||||
|
||||
{# Kubelet node taints for gpu #}
|
||||
{% if nvidia_gpu_nodes is defined and nvidia_accelerator_enabled|bool %}
|
||||
{% if inventory_hostname in nvidia_gpu_nodes and node_taints is defined %}
|
||||
{% set dummy = node_taints.append('nvidia.com/gpu=:NoSchedule') %}
|
||||
{% elif inventory_hostname in nvidia_gpu_nodes and node_taints is not defined %}
|
||||
{% set node_taints = [] %}
|
||||
{% set dummy = node_taints.append('nvidia.com/gpu=:NoSchedule') %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
KUBELET_ARGS="{{ kubelet_args_base }} {{ kubelet_args_dns }} {{ kube_reserved }} {% if node_taints|default([]) %}--register-with-taints={{ node_taints | join(',') }} {% endif %}--node-labels={{ all_node_labels | join(',') }} {% if kube_feature_gates %} --feature-gates={{ kube_feature_gates|join(',') }} {% endif %} {% if kubelet_custom_flags is string %} {{kubelet_custom_flags}} {% else %}{% for flag in kubelet_custom_flags %} {{flag}} {% endfor %}{% endif %}{% if inventory_hostname in groups['kube-node'] %}{% if kubelet_node_custom_flags is string %} {{kubelet_node_custom_flags}} {% else %}{% for flag in kubelet_node_custom_flags %} {{flag}} {% endfor %}{% endif %}{% endif %}"
|
||||
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-router", "macvlan"] %}
|
||||
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
|
||||
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
|
||||
{% endif %}
|
||||
KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}"
|
||||
# Should this cluster be allowed to run privileged docker containers
|
||||
KUBE_ALLOW_PRIV="--allow-privileged=true"
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider=external --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||
{% else %}
|
||||
KUBELET_CLOUDPROVIDER=""
|
||||
{% endif %}
|
||||
|
||||
PATH={{ bin_dir }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
@ -11,24 +11,12 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
|
|||
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
|
||||
--config={{ kube_config_dir }}/kubelet-config.yaml \
|
||||
--kubeconfig={{ kube_config_dir }}/kubelet.conf \
|
||||
{% if kube_version is version('v1.8', '<') %}
|
||||
--require-kubeconfig \
|
||||
{% endif %}
|
||||
{% if kube_version is version('v1.12.0', '<') %}
|
||||
--cadvisor-port={{ kube_cadvisor_port }} \
|
||||
{% endif %}
|
||||
{# end kubeadm specific settings #}
|
||||
--pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \
|
||||
{% if container_manager == 'docker' and kube_version is version('v1.12.0', '<') %}
|
||||
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \
|
||||
{% endif %}
|
||||
{% if container_manager != 'docker' %}
|
||||
--container-runtime=remote \
|
||||
--container-runtime-endpoint={{ cri_socket }} \
|
||||
{% endif %}
|
||||
{% if kube_version is version('v1.8', '<') %}
|
||||
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \
|
||||
{% endif %}
|
||||
{% if dynamic_kubelet_configuration %}
|
||||
--dynamic-config-dir={{ dynamic_kubelet_configuration_dir }} \
|
||||
{% endif %}
|
||||
|
|
|
@ -12,10 +12,10 @@ is_atomic: false
|
|||
disable_swap: true
|
||||
|
||||
## Change this to use another Kubernetes version, e.g. a current beta release
|
||||
kube_version: v1.14.3
|
||||
kube_version: v1.15.0
|
||||
|
||||
## The minimum version working
|
||||
kube_version_min_required: v1.13.0
|
||||
kube_version_min_required: v1.14.0
|
||||
|
||||
## Kube Proxy mode One of ['iptables','ipvs']
|
||||
kube_proxy_mode: ipvs
|
||||
|
@ -344,11 +344,7 @@ feature_gate_v1_12: []
|
|||
## List of key=value pairs that describe feature gates for
|
||||
## the k8s cluster.
|
||||
kube_feature_gates: |-
|
||||
{%- if kube_version is version('v1.12.0', '<') -%}
|
||||
{{ feature_gate_v1_11 }}
|
||||
{%- else -%}
|
||||
{{ feature_gate_v1_12 }}
|
||||
{%- endif %}
|
||||
|
||||
# Enable kubeadm experimental control plane
|
||||
kubeadm_control_plane: false
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- hosts: kube-master[0]
|
||||
vars:
|
||||
sonobuoy_version: 0.14.1
|
||||
sonobuoy_version: 0.15.0
|
||||
sonobuoy_arch: amd64
|
||||
sonobuoy_parallel: 30
|
||||
sonobuoy_path: /usr/local/bin/sonobuoy
|
||||
|
|
Loading…
Reference in New Issue