From 7dbf0cae4e1a8d77e79b8aafd5bb08780977481f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 11 Jan 2020 04:38:08 +0100 Subject: kubernetes: kubeadm/master node some more cleanup (WIP) --- .../kubeadm/master/templates/encryption-config.j2 | 2 +- .../master/templates/kubeadm-cluster.config.j2 | 47 ---------------------- .../kubeadm/master/templates/kubeadm.config.j2 | 41 +++++++++++++++++++ 3 files changed, 42 insertions(+), 48 deletions(-) delete mode 100644 roles/kubernetes/kubeadm/master/templates/kubeadm-cluster.config.j2 create mode 100644 roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 (limited to 'roles/kubernetes/kubeadm/master/templates') diff --git a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 b/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 index a69ae84b..345c9bf9 100644 --- a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 +++ b/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 @@ -6,7 +6,7 @@ resources: providers: - secretbox: keys: -{% for key in kubernetes.encryption_config_keys %} +{% for key in kubernetes_secrets.encryption_config_keys %} - name: key{{ loop.index }} secret: {{ key }} {% endfor %} diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm-cluster.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm-cluster.config.j2 deleted file mode 100644 index 78e9d7a7..00000000 --- a/roles/kubernetes/kubeadm/master/templates/kubeadm-cluster.config.j2 +++ /dev/null @@ -1,47 +0,0 @@ -{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #} -{# #} -apiVersion: kubeadm.k8s.io/v1beta1 -kind: InitConfiguration -{# TODO: this is ugly but we want to create our own token so we can #} -{# better control it's lifetime #} -bootstrapTokens: -- ttl: "1s" ---- -apiVersion: kubeadm.k8s.io/v1beta1 -kind: ClusterConfiguration -kubernetesVersion: {{ kubernetes_version }} -clusterName: {{ kubernetes.cluster_name }} -imageRepository: k8s.gcr.io -{% if kubernetes.api_advertise_ip %} -controlPlaneEndpoint: "{{ kubernetes.api_advertise_ip }}:6443" -{% endif %} -networking: - dnsDomain: cluster.local - podSubnet: {{ kubernetes.pod_ip_range }} - serviceSubnet: {{ kubernetes.service_ip_range }} -apiServer: - extraArgs: -{% if kubernetes.api_advertise_ip %} - advertise-address: {{ kubernetes.api_advertise_ip }} -{% endif %} - encryption-provider-config: /etc/kubernetes/encryption/config - extraVolumes: - - name: encryption-config - hostPath: /etc/kubernetes/encryption - mountPath: /etc/kubernetes/encryption - readOnly: true - pathType: Directory -{% if (kubernetes.api_extra_sans | length) == 0 %} - certSANs: [] -{% else %} - certSANs: -{% for san in kubernetes.api_extra_sans %} - - {{ san }} -{% endfor %} -{% endif %} -controllerManager: - extraArgs: - node-cidr-mask-size: "{{ kubernetes_network_node_cidr_size }}" -scheduler: {} -dns: - type: CoreDNS diff --git a/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 new file mode 100644 index 00000000..e03ea6f6 --- /dev/null +++ b/roles/kubernetes/kubeadm/master/templates/kubeadm.config.j2 @@ -0,0 +1,41 @@ +{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta1 #} +{# #} +apiVersion: kubeadm.k8s.io/v1beta1 +kind: InitConfiguration +{# TODO: this is ugly but we want to create our own token so we can #} +{# better control it's lifetime #} +bootstrapTokens: +- ttl: "1s" +--- +apiVersion: kubeadm.k8s.io/v1beta1 +kind: ClusterConfiguration +kubernetesVersion: {{ kubernetes_version }} +clusterName: {{ kubernetes.cluster_name }} +imageRepository: k8s.gcr.io +controlPlaneEndpoint: "{{ kubernetes_kubelet_node_ip }}:6443" +networking: + dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }} + podSubnet: {{ kubernetes.pod_ip_range }} + serviceSubnet: {{ kubernetes.service_ip_range }} +apiServer: + extraArgs: + advertise-address: {{ kubernetes_kubelet_node_ip }} + # encryption-provider-config: /etc/kubernetes/encryption/config + # extraVolumes: + # - name: encryption-config + # hostPath: /etc/kubernetes/encryption + # mountPath: /etc/kubernetes/encryption + # readOnly: true + # pathType: Directory +{% if (kubernetes.api_extra_sans | default([]) | length) == 0 %} + certSANs: [] +{% else %} + certSANs: + {{ kubernetes.api_extra_sans | to_nice_yaml | indent(width=2) }} +{% endif %} +controllerManager: + extraArgs: + node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}" +scheduler: {} +dns: + type: CoreDNS -- cgit v1.2.3