{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3 #} {# #} apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration {# it's easier to extract the bootstap token from separate `kubeadm token create` call #} {# so make sure the token created by init expires fast #} bootstrapTokens: - ttl: "1s" localAPIEndpoint: bindPort: 6442 {% if kubernetes_overlay_node_ip is defined %} advertiseAddress: "{{ kubernetes_overlay_node_ip }}" {% endif %} skipPhases: - show-join-command {% if kubernetes_network_plugin_replaces_kube_proxy %} - addon/kube-proxy {% endif %} nodeRegistration: name: "{{ kubernetes_node_name }}" criSocket: "{{ kubernetes_cri_socket }}" kubeletExtraArgs: node-labels: "ansible.spreadsapce.org/inventory_hostname={{ inventory_hostname }}" {% if kubernetes_overlay_node_ip is defined %} node-ip: "{{ kubernetes_overlay_node_ip }}" {% endif %} --- apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: "{{ kubernetes.cluster_name }}" controlPlaneEndpoint: 127.0.0.1:6443 networking: dnsDomain: "{{ kubernetes.dns_domain | default('cluster.local') }}" podSubnet: "{{ kubernetes.pod_ip_range }}" serviceSubnet: "{{ kubernetes.service_ip_range }}" apiServer: extraArgs: encryption-provider-config: /etc/kubernetes/encryption/config encryption-provider-config-automatic-reload: "true" extraVolumes: - name: encryption-config hostPath: /etc/kubernetes/encryption mountPath: /etc/kubernetes/encryption readOnly: true pathType: Directory {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %} certSANs: [] {% else %} certSANs: {{ kubernetes.api_extra_sans | to_nice_yaml | indent(width=2) }} {% endif %} controllerManager: extraArgs: node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}" scheduler: {} --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd {% if kubernetes_enable_nodelocal_dnscache %} clusterDNS: - "{{ kubernetes_nodelocal_dnscache_ip }}" {% endif %}