apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
{% if kubetoken is defined %}
bootstrapTokens:
- token: "{{ kubetoken.stdout }}"
  description: "kubeadm bootstrap token"
  ttl: "24h"
{% endif %}
nodeRegistration:
{% if  kubernetes_cri == "containerd" %}
  criSocket: "/run/containerd/containerd.sock"
{% elif kubernetes_cri == "cri-o" %}
  criSocket: "/var/run/crio/crio.sock"
{% elif  kubernetes_cri == "docker" %}
  criSocket: "/var/run/docker.sock"
{% endif %}
{% if false %}
  name: "ec2-10-100-0-1"
  taints:
  - key: "kubeadmNode"
    value: "master"
    effect: "NoSchedule"
{% endif %}
  kubeletExtraArgs:
{% if ansible_service_mgr == "systemd" %}
    cgroup-driver: "systemd"
{% endif %}
    container-runtime: "remote"
    runtime-request-timeout: "5m"
{% if kubernetes_cri == "containerd" %}
    container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
{% elif kubernetes_cri == "cri-o" %}
    container-runtime-endpoint: "unix:///var/run/crio/crio.sock"
{% endif %}
    node-ip: {{ ansible_default_ipv4.address }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
{% if true == false %}
  - IsPrivilegedUser
{% endif %}
localAPIEndpoint:
  advertiseAddress: "{{ ansible_default_ipv4.address }}"
  bindPort: 6443
{% if kubernetes_master|bool %}
certificateKey: "{{ kubernetes_certificateKey.stdout }}"
{% endif %}
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: JoinConfiguration
{% if kubernetes_master|bool %}
controlPlane:
  localAPIEndpoint:
    advertiseAddress: "{{ ansible_default_ipv4.address }}"
    bindPort: 6443
  certificateKey: "{{ kubernetes_certificateKey.stdout }}"
{% endif %}
discovery:
  bootstrapToken:
    apiServerEndpoint: "{{ lb_kubemaster }}:6443"
    caCertHashes:
    - sha256:{{ cacerthash.stdout }} 
    token: "{{ kubetoken.stdout }}"
nodeRegistration:
  kubeletExtraArgs:
    node-ip: {{ ansible_default_ipv4.address }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
{% if lbip_kubeapiserver is defined %}
controlPlaneEndpoint: "{{ lbip_kubeapiserver }}:6443"
{% else %}
controlPlaneEndpoint: "{{ ansible_default_ipv4.address }}:6443"
{% endif %}
apiServer:
  extraArgs:
    enable-admission-plugins: NodeRestriction,PodSecurityPolicy
    authorization-mode: "Node,RBAC"
    audit-policy-file: "/etc/kubernetes/policies/audit-policy.yaml"
    audit-log-path: "/var/log/apiserver/audit.log"
    audit-log-maxage: "30"
    audit-log-maxbackup: "10"
    audit-log-maxsize: "100"
  extraVolumes:
  - name: "audit-log"
    hostPath: "/var/log/apiserver"
    mountPath: "/var/log/apiserver"
    readOnly: false
    pathType: DirectoryOrCreate
  - name: "audit-policies"
    hostPath: "/etc/kubernetes/policies"
    mountPath: "/etc/kubernetes/policies"
    readOnly: false
    pathType: DirectoryOrCreate
{% if lb_kubemaster is defined %}
  certSANs:
  - "{{ lb_kubemaster }}"
{% endif %}
{% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
networking:
{% if kubernetes_network == "flannel" %}
  podSubnet: "10.244.0.0/16"
{% elif kubernetes_network == "calico" %}
  podSubnet: "192.168.0.0/16"
{% endif %}
{% endif %}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
{% if kubernetes_kubeproxy_mode is defined %}
mode: {{ kubernetes_kubeproxy_mode }}
{% endif %}
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration