{# https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2 #} {# #} apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration {# TODO: this is ugly but we want to create our own token so we can #} {# better control it's lifetime #} bootstrapTokens: - ttl: "1s" localAPIEndpoint: bindPort: 6442 {% if kubernetes_overlay_node_ip is defined %} advertiseAddress: {{ kubernetes_overlay_node_ip }} {% endif %} nodeRegistration: criSocket: {{ kubernetes_cri_socket }} --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: {{ kubernetes_version }} clusterName: {{ kubernetes.cluster_name }} imageRepository: k8s.gcr.io controlPlaneEndpoint: 127.0.0.1:6443 networking: dnsDomain: {{ kubernetes.dns_domain | default('cluster.local') }} podSubnet: {{ kubernetes.pod_ip_range }} serviceSubnet: {{ kubernetes.service_ip_range }} apiServer: extraArgs: encryption-provider-config: /etc/kubernetes/encryption/config extraVolumes: - name: encryption-config hostPath: /etc/kubernetes/encryption mountPath: /etc/kubernetes/encryption readOnly: true pathType: Directory {% if (kubernetes.api_extra_sans | default([]) | length) == 0 %} certSANs: [] {% else %} certSANs: {{ kubernetes.api_extra_sans | to_nice_yaml | indent(width=2) }} {% endif %} controllerManager: extraArgs: node-cidr-mask-size: "{{ kubernetes.pod_ip_range_size }}" scheduler: {} dns: type: CoreDNS --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration clusterDNS: - {{ kubernetes_nodelocal_dnscache_ip }} cgroupDriver: systemd