diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-08-15 19:24:03 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-08-15 19:24:03 +0200 |
commit | e13a8fec52694d16da2066f4f4d13942a203a601 (patch) | |
tree | 3075a1023ddf2239e95d50683d56e7537b58a977 /roles/kubernetes/kubeadm/control-plane/templates | |
parent | cosmetic change (diff) |
kubernetes/kubeadm: only use config files for init and join
Diffstat (limited to 'roles/kubernetes/kubeadm/control-plane/templates')
-rw-r--r-- | roles/kubernetes/kubeadm/control-plane/templates/kubeadm-init.config.j2 (renamed from roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2) | 19 | ||||
-rw-r--r-- | roles/kubernetes/kubeadm/control-plane/templates/kubeadm-join.config.j2 | 20 |
2 files changed, 30 insertions, 9 deletions
diff --git a/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm-init.config.j2 index a0f3efe7..d4fb26cf 100644 --- a/roles/kubernetes/kubeadm/control-plane/templates/kubeadm.config.j2 +++ b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm-init.config.j2 @@ -2,32 +2,33 @@ {# #} apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration -{# TODO: this is ugly but we want to create our own token so we can #} -{# better control it's lifetime #} +{# it's easier to extract the bootstap token from separate `kubeadm token create` call #} +{# so make sure the token created by init expires fast #} bootstrapTokens: - ttl: "1s" localAPIEndpoint: bindPort: 6442 {% if kubernetes_overlay_node_ip is defined %} - advertiseAddress: {{ kubernetes_overlay_node_ip }} + advertiseAddress: "{{ kubernetes_overlay_node_ip }}" {% endif %} {% if kubernetes_network_plugin_replaces_kube_proxy %} skipPhases: - addon/kube-proxy {% endif %} nodeRegistration: - criSocket: {{ kubernetes_cri_socket }} + name: "{{ inventory_hostname }}" + criSocket: "{{ kubernetes_cri_socket }}" --- apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} -clusterName: {{ kubernetes.cluster_name }} +clusterName: "{{ kubernetes.cluster_name }}" imageRepository: k8s.gcr.io controlPlaneEndpoint: 127.0.0.1:6443 networking: - dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }} - podSubnet: {{ kubernetes.pod_ip_range }} - serviceSubnet: {{ kubernetes.service_ip_range }} + dnsDomain: "{{ kubernetes.dns_domain | default('cluster.local') }}" + podSubnet: "{{ kubernetes.pod_ip_range }}" + serviceSubnet: "{{ kubernetes.service_ip_range }}" apiServer: extraArgs: encryption-provider-config: /etc/kubernetes/encryption/config @@ -51,5 +52,5 @@ scheduler: {} apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration clusterDNS: -- {{ kubernetes_nodelocal_dnscache_ip }} +- "{{ kubernetes_nodelocal_dnscache_ip }}" cgroupDriver: systemd diff --git a/roles/kubernetes/kubeadm/control-plane/templates/kubeadm-join.config.j2 b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm-join.config.j2 new file mode 100644 index 00000000..553463bb --- /dev/null +++ b/roles/kubernetes/kubeadm/control-plane/templates/kubeadm-join.config.j2 @@ -0,0 +1,20 @@ +{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3 #} +{# #} +apiVersion: kubeadm.k8s.io/v1beta3 +kind: JoinConfiguration +discovery: + bootstrapToken: + apiServerEndpoint: "127.0.0.1:6443" + token: "{{ kube_bootstrap_token }}" + caCertHashes: + - "{{ kube_bootstrap_ca_cert_hash }}" +controlPlane: + certificateKey: "{{ kubeadm_upload_certs_key }}" + localAPIEndpoint: + bindPort: 6442 +{% if kubernetes_overlay_node_ip is defined %} + advertiseAddress: "{{ kubernetes_overlay_node_ip }}" +{% endif %} +nodeRegistration: + name: "{{ inventory_hostname }}" + criSocket: "{{ kubernetes_cri_socket }}" |