ansible-role-kubernetes/templates/kubeadm-config.yaml.j2

apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
{% if kubetoken is defined %} %}
bootstrapTokens:
- token: "{{ kubetoken.stdout }}"
  description: "kubeadm bootstrap token"
  ttl: "24h"
{% endif %}
nodeRegistration:
{% if  kubernetes_cri == "containerd" %}
  criSocket: "/run/containerd/containerd.sock"
{% elseif  kubernetes_cri == "docker" %}
  criSocket: "/var/run/docker.sock"
{% endif %}
{% if false %}
  name: "ec2-10-100-0-1"
  taints:
  - key: "kubeadmNode"
    value: "master"
    effect: "NoSchedule"
{% endif %}
  kubeletExtraArgs:
{% if  kubernetes_cri == "containerd" %}
    cgroup-driver: "systemd"
    container-runtime: "remote"
    runtime-request-timeout: "15m"
    container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
{% endif %}
    node-ip: {{ ansible_host }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
{% if true == false %}
  - IsPrivilegedUser
{% endif %}
localAPIEndpoint:
  advertiseAddress: "{{ ansible_host }}"
  bindPort: 6443
{% if kubernetes_certificateKey is defined %}
certificateKey: "{{ kubernetes_certificateKey.stdout }}"
{% endif %}
{% if kubecertskey is defined %}
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: JoinConfiguration
controlPlane:
  localAPIEndpoint:
    advertiseAddress: "{{ ansible_host }}"
    bindPort: 6443
  certificateKey: "{{ kubecertskey.stdout }}"
discovery:
  bootstrapToken:
    apiServerEndpoint: "{{ lb_kubemaster }}:6443"
    caCertHashes:
    - sha256:{{ cacerthash.stdout }} 
    token: "{{ kubetoken.stdout }}"
nodeRegistration:
  kubeletExtraArgs:
    node-ip: {{ ansible_host }}
    read-only-port: "10255"
  ignorePreflightErrors:
  - SystemVerification
{% endif %}
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
controlPlaneEndpoint: "{{ lb_kubemaster }}:6443"
apiServer:
  certSANs:
  - "{{ lbip_kubeapiserver }}"
networking:
  podSubnet: "10.244.0.0/16"