kubernetes: kubeadm/master node some more cleanup (WIP)

1 files changed, 41 insertions, 0 deletions

diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
new file mode 100644
index 00000000..e03ea6f6
--- /dev/null
+++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2
@@ -0,0 +1,41 @@
+{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #}
+{#  #}
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: InitConfiguration
+{# TODO: this is ugly but we want to create our own token so we can #}
+{# better control it's lifetime #}
+bootstrapTokens:
+- ttl: "1s"
+---
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
+kubernetesVersion: {{ kubernetes_version }}
+clusterName: {{ kubernetes.cluster_name }}
+imageRepository: k8s.gcr.io
+controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443"
+networking:
+  dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }}
+  podSubnet: {{ kubernetes.pod_ip_range }}
+  serviceSubnet: {{ kubernetes.service_ip_range }}
+apiServer:
+  extraArgs:
+    advertise-address: {{ kubernetes_kubelet_node_ip }}
+  #   encryption-provider-config: /etc/kubernetes/encryption/config
+  # extraVolumes:
+  # - name: encryption-config
+  #   hostPath: /etc/kubernetes/encryption
+  #   mountPath: /etc/kubernetes/encryption
+  #   readOnly: true
+  #   pathType: Directory
+{% if (kubernetes.api_extra_sans | default([]) | length) == 0 %}
+  certSANs: []
+{% else %}
+  certSANs:
+  {{ kubernetes.api_extra_sans | to_nice_yaml | indent(width=2) }}
+{% endif %}
+controllerManager:
+  extraArgs:
+    node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}"
+scheduler: {}
+dns:
+  type: CoreDNS