Adrien Reslinger
b5f5566b7a
All checks were successful
continuous-integration/drone/push Build is passing
140 lines
4 KiB
Django/Jinja
140 lines
4 KiB
Django/Jinja
apiVersion: kubeadm.k8s.io/v1beta2
|
|
kind: InitConfiguration
|
|
{% if kubetoken is defined %}
|
|
bootstrapTokens:
|
|
- token: "{{ kubetoken.stdout }}"
|
|
description: "kubeadm bootstrap token"
|
|
ttl: "24h"
|
|
{% endif %}
|
|
nodeRegistration:
|
|
{% if kubernetes_cri == "containerd" %}
|
|
criSocket: "/run/containerd/containerd.sock"
|
|
{% elif kubernetes_cri == "cri-o" %}
|
|
criSocket: "/var/run/crio/crio.sock"
|
|
{% elif kubernetes_cri == "docker" %}
|
|
criSocket: "/var/run/docker.sock"
|
|
{% endif %}
|
|
{% if false %}
|
|
name: "ec2-10-100-0-1"
|
|
taints:
|
|
- key: "kubeadmNode"
|
|
value: "master"
|
|
effect: "NoSchedule"
|
|
{% endif %}
|
|
kubeletExtraArgs:
|
|
{% if ansible_service_mgr == "systemd" %}
|
|
cgroup-driver: "systemd"
|
|
{% endif %}
|
|
container-runtime: "remote"
|
|
runtime-request-timeout: "5m"
|
|
{% if kubernetes_cri == "containerd" %}
|
|
container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
|
|
{% elif kubernetes_cri == "cri-o" %}
|
|
container-runtime-endpoint: "unix:///var/run/crio/crio.sock"
|
|
{% endif %}
|
|
node-ip: {{ ansible_default_ipv4.address }}
|
|
read-only-port: "10255"
|
|
ignorePreflightErrors:
|
|
- SystemVerification
|
|
{% if true == false %}
|
|
- IsPrivilegedUser
|
|
{% endif %}
|
|
localAPIEndpoint:
|
|
advertiseAddress: "{{ ansible_default_ipv4.address }}"
|
|
bindPort: 6443
|
|
{% if kubernetes_master|bool and groups['KubernetesMasterConfigured'] is defined %}
|
|
certificateKey: "{{ kubernetes_certificateKey.stdout }}"
|
|
{% endif %}
|
|
---
|
|
apiVersion: kubeadm.k8s.io/v1beta2
|
|
kind: JoinConfiguration
|
|
{% if kubernetes_master|bool %}
|
|
controlPlane:
|
|
localAPIEndpoint:
|
|
advertiseAddress: "{{ ansible_default_ipv4.address }}"
|
|
bindPort: 6443
|
|
{% if groups['KubernetesMasterConfigured'] is defined %}
|
|
certificateKey: "{{ kubernetes_certificateKey.stdout }}"
|
|
{% endif %}
|
|
{% endif %}
|
|
discovery:
|
|
bootstrapToken:
|
|
apiServerEndpoint: "{{ lb_kubemaster }}:6443"
|
|
{% if groups['KubernetesMasterConfigured'] is defined %}
|
|
caCertHashes:
|
|
- sha256:{{ cacerthash.stdout }}
|
|
token: "{{ kubetoken.stdout }}"
|
|
{% endif %}
|
|
nodeRegistration:
|
|
kubeletExtraArgs:
|
|
node-ip: {{ ansible_default_ipv4.address }}
|
|
read-only-port: "10255"
|
|
ignorePreflightErrors:
|
|
- SystemVerification
|
|
---
|
|
apiVersion: kubeadm.k8s.io/v1beta2
|
|
kind: ClusterConfiguration
|
|
kubernetesVersion: stable
|
|
{% if lbip_kubeapiserver is defined %}
|
|
controlPlaneEndpoint: "{{ lbip_kubeapiserver }}:6443"
|
|
{% else %}
|
|
controlPlaneEndpoint: "{{ ansible_default_ipv4.address }}:6443"
|
|
{% endif %}
|
|
apiServer:
|
|
extraArgs:
|
|
enable-admission-plugins: NodeRestriction,PodSecurityPolicy
|
|
authorization-mode: "Node,RBAC"
|
|
audit-policy-file: "/etc/kubernetes/policies/audit-policy.yaml"
|
|
audit-log-path: "/var/log/apiserver/audit.log"
|
|
audit-log-maxage: "30"
|
|
audit-log-maxbackup: "10"
|
|
audit-log-maxsize: "100"
|
|
extraVolumes:
|
|
- name: "audit-log"
|
|
hostPath: "/var/log/apiserver"
|
|
mountPath: "/var/log/apiserver"
|
|
readOnly: false
|
|
pathType: DirectoryOrCreate
|
|
- name: "audit-policies"
|
|
hostPath: "/etc/kubernetes/policies"
|
|
mountPath: "/etc/kubernetes/policies"
|
|
readOnly: false
|
|
pathType: DirectoryOrCreate
|
|
{% if lb_kubemaster is defined %}
|
|
certSANs:
|
|
- "{{ lb_kubemaster }}"
|
|
{% endif %}
|
|
{% if kubernetes_network == "flannel" or kubernetes_network == "calico" %}
|
|
networking:
|
|
{% if kubernetes_network == "flannel" %}
|
|
podSubnet: "10.244.0.0/16"
|
|
{% elif kubernetes_network == "calico" %}
|
|
podSubnet: "192.168.0.0/16"
|
|
{% endif %}
|
|
{% endif %}
|
|
---
|
|
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
|
kind: KubeProxyConfiguration
|
|
{% if kubernetes_kubeproxy_mode is defined %}
|
|
mode: {{ kubernetes_kubeproxy_mode }}
|
|
{% endif %}
|
|
---
|
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
|
kind: KubeletConfiguration
|
|
runtimeRequestTimeout: 5m
|
|
{% if ansible_service_mgr == "systemd" %}
|
|
cgroupDriver: systemd
|
|
{% endif %}
|
|
|
|
{% if false %}
|
|
readOnlyPort: 1
|
|
systemReserved:
|
|
cpu=200m,memory=200M
|
|
|
|
containerRuntime: remote
|
|
{% if kubernetes_cri == "containerd" %}
|
|
containerRuntimeEndpoint: "unix:///run/containerd/containerd.sock"
|
|
{% elif kubernetes_cri == "cri-o" %}
|
|
containerRuntimeEndpoint: "unix:///var/run/crio/crio.sock"
|
|
{% endif %}
|
|
{% endif %}
|