API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 24th, 2019
309
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.92 KB | None | 0 0
raw download clone embed print report
  1. apiVersion: kubeadm.k8s.io/v1beta1
  2. kind: InitConfiguration
  3. localAPIEndpoint:
  4. advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }}
  5. bindPort: {{ kube_apiserver_port }}
  6. nodeRegistration:
  7. {% if kube_override_hostname|default('') %}
  8. name: {{ kube_override_hostname }}
  9. {% endif %}
  10. {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
  11. taints:
  12. - effect: NoSchedule
  13. key: node-role.kubernetes.io/master
  14. {% else %}
  15. taints: []
  16. {% endif %}
  17. criSocket: {{ cri_socket }}
  18. ---
  19. apiVersion: kubeadm.k8s.io/v1beta1
  20. kind: ClusterConfiguration
  21. clusterName: {{ cluster_name }}
  22. etcd:
  23. {% if not etcd_kubeadm_enabled %}
  24. external:
  25. endpoints:
  26. {% for endpoint in etcd_access_addresses.split(',') %}
  27. - {{ endpoint }}
  28. {% endfor %}
  29. caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
  30. certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
  31. keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
  32. {% elif etcd_kubeadm_enabled %}
  33. local:
  34. imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
  35. imageTag: "{{ etcd_image_tag }}"
  36. dataDir: "/var/lib/etcd"
  37. extraArgs:
  38. metrics: {{ etcd_metrics }}
  39. election-timeout: "{{ etcd_election_timeout }}"
  40. heartbeat-interval: "{{ etcd_heartbeat_interval }}"
  41. auto-compaction-retention: "{{ etcd_compaction_retention }}"
  42. {% if etcd_snapshot_count is defined %}
  43. snapshot-count: "{{ etcd_snapshot_count }}"
  44. {% endif %}
  45. {% if etcd_quota_backend_bytes is defined %}
  46. quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
  47. {% endif %}
  48. {% if etcd_log_package_levels is defined %}
  49. log-package_levels: "{{ etcd_log_package_levels }}"
  50. {% endif %}
  51. {% for key, value in etcd_extra_vars.items() %}
  52. {{ key }}: "{{ value }}"
  53. {% endfor %}
  54. {% if host_architecture != "amd64" -%}
  55. etcd-unsupported-arch: {{host_architecture}}
  56. {% endif %}
  57. serverCertSANs:
  58. {% for san in etcd_cert_alt_names %}
  59. - {{ san }}
  60. {% endfor %}
  61. {% for san in etcd_cert_alt_ips %}
  62. - {{ san }}
  63. {% endfor %}
  64. peerCertSANs:
  65. {% for san in etcd_cert_alt_names %}
  66. - {{ san }}
  67. {% endfor %}
  68. {% for san in etcd_cert_alt_ips %}
  69. - {{ san }}
  70. {% endfor %}
  71. {% endif %}
  72. {% if dns_mode in ['coredns', 'coredns_dual'] %}
  73. dns:
  74. type: CoreDNS
  75. imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
  76. imageTag: {{ coredns_image_tag }}
  77. {% endif %}
  78. networking:
  79. dnsDomain: {{ dns_domain }}
  80. serviceSubnet: {{ kube_service_addresses }}
  81. podSubnet: {{ kube_pods_subnet }}
  82. kubernetesVersion: {{ kube_version }}
  83. {% if kubeadm_config_api_fqdn is defined %}
  84. controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
  85. {% else %}
  86. controlPlaneEndpoint: {{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}
  87. {% endif %}
  88. certificatesDir: {{ kube_cert_dir }}
  89. imageRepository: {{ kube_image_repo }}
  90. useHyperKubeImage: false
  91. apiServer:
  92. extraArgs:
  93. {% if kube_api_anonymous_auth is defined %}
  94. anonymous-auth: "{{ kube_api_anonymous_auth }}"
  95. {% endif %}
  96. authorization-mode: {{ authorization_modes | join(',') }}
  97. bind-address: {{ kube_apiserver_bind_address }}
  98. {% if kube_apiserver_insecure_port|string != "0" %}
  99. insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
  100. {% endif %}
  101. insecure-port: "{{ kube_apiserver_insecure_port }}"
  102. {% if kube_apiserver_enable_admission_plugins|length > 0 %}
  103. enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
  104. {% endif %}
  105. {% if kube_apiserver_disable_admission_plugins|length > 0 %}
  106. disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
  107. {% endif %}
  108. apiserver-count: "{{ kube_apiserver_count }}"
  109. endpoint-reconciler-type: lease
  110. {% if etcd_events_cluster_enabled %}
  111. etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
  112. {% endif %}
  113. service-node-port-range: {{ kube_apiserver_node_port_range }}
  114. kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
  115. profiling: "{{ kube_profiling }}"
  116. request-timeout: "{{ kube_apiserver_request_timeout }}"
  117. enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
  118. {% if kube_basic_auth|default(true) %}
  119. basic-auth-file: {{ kube_users_dir }}/known_users.csv
  120. {% endif %}
  121. {% if kube_token_auth|default(true) %}
  122. token-auth-file: {{ kube_token_dir }}/known_tokens.csv
  123. {% endif %}
  124. {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
  125. oidc-issuer-url: {{ kube_oidc_url }}
  126. oidc-client-id: {{ kube_oidc_client_id }}
  127. {% if kube_oidc_ca_file is defined %}
  128. oidc-ca-file: {{ kube_oidc_ca_file }}
  129. {% endif %}
  130. {% if kube_oidc_username_claim is defined %}
  131. oidc-username-claim: {{ kube_oidc_username_claim }}
  132. {% endif %}
  133. {% if kube_oidc_groups_claim is defined %}
  134. oidc-groups-claim: {{ kube_oidc_groups_claim }}
  135. {% endif %}
  136. {% if kube_oidc_username_prefix is defined %}
  137. oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
  138. {% endif %}
  139. {% if kube_oidc_groups_prefix is defined %}
  140. oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
  141. {% endif %}
  142. {% endif %}
  143. {% if kube_webhook_token_auth|default(false) %}
  144. authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
  145. {% endif %}
  146. {% if kube_encrypt_secret_data %}
  147. encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
  148. {% endif %}
  149. storage-backend: {{ kube_apiserver_storage_backend }}
  150. {% if kube_api_runtime_config is defined %}
  151. runtime-config: {{ kube_api_runtime_config | join(',') }}
  152. {% endif %}
  153. allow-privileged: "true"
  154. {% if kubernetes_audit %}
  155. audit-log-path: "{{ audit_log_path }}"
  156. audit-log-maxage: "{{ audit_log_maxage }}"
  157. audit-log-maxbackup: "{{ audit_log_maxbackups }}"
  158. audit-log-maxsize: "{{ audit_log_maxsize }}"
  159. audit-policy-file: {{ audit_policy_file }}
  160. {% endif %}
  161. {% for key in kube_kubeadm_apiserver_extra_args %}
  162. {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
  163. {% endfor %}
  164. {% if kube_feature_gates %}
  165. feature-gates: {{ kube_feature_gates|join(',') }}
  166. {% endif %}
  167. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
  168. cloud-provider: {{cloud_provider}}
  169. cloud-config: {{ kube_config_dir }}/cloud_config
  170. {% elif cloud_provider is defined and cloud_provider in ["external"] %}
  171. cloud-config: {{ kube_config_dir }}/cloud_config
  172. {% endif %}
  173. {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
  174. extraVolumes:
  175. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
  176. - name: cloud-config
  177. hostPath: {{ kube_config_dir }}/cloud_config
  178. mountPath: {{ kube_config_dir }}/cloud_config
  179. {% endif %}
  180. {% if kube_basic_auth|default(true) %}
  181. - name: basic-auth-config
  182. hostPath: {{ kube_users_dir }}
  183. mountPath: {{ kube_users_dir }}
  184. {% endif %}
  185. {% if kube_token_auth|default(true) %}
  186. - name: token-auth-config
  187. hostPath: {{ kube_token_dir }}
  188. mountPath: {{ kube_token_dir }}
  189. {% endif %}
  190. {% if kube_webhook_token_auth|default(false) %}
  191. - name: webhook-token-auth-config
  192. hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
  193. mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
  194. {% endif %}
  195. {% if kubernetes_audit %}
  196. - name: {{ audit_policy_name }}
  197. hostPath: {{ audit_policy_hostpath }}
  198. mountPath: {{ audit_policy_mountpath }}
  199. {% if audit_log_path != "-" %}
  200. - name: {{ audit_log_name }}
  201. hostPath: {{ audit_log_hostpath }}
  202. mountPath: {{ audit_log_mountpath }}
  203. readOnly: false
  204. {% endif %}
  205. {% endif %}
  206. {% for volume in apiserver_extra_volumes %}
  207. - name: {{ volume.name }}
  208. hostPath: {{ volume.hostPath }}
  209. mountPath: {{ volume.mountPath }}
  210. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
  211. {% endfor %}
  212. {% if ssl_ca_dirs|length %}
  213. {% for dir in ssl_ca_dirs %}
  214. - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
  215. hostPath: {{ dir }}
  216. mountPath: {{ dir }}
  217. readOnly: true
  218. {% endfor %}
  219. {% endif %}
  220. {% endif %}
  221. certSANs:
  222. {% for san in apiserver_sans %}
  223. - {{ san }}
  224. {% endfor %}
  225. timeoutForControlPlane: 5m0s
  226. controllerManager:
  227. extraArgs:
  228. node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
  229. node-monitor-period: {{ kube_controller_node_monitor_period }}
  230. pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
  231. node-cidr-mask-size: "{{ kube_network_node_prefix }}"
  232. profiling: "{{ kube_profiling }}"
  233. terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
  234. bind-address: {{ kube_controller_manager_bind_address }}
  235. {% if kube_feature_gates %}
  236. feature-gates: {{ kube_feature_gates|join(',') }}
  237. {% endif %}
  238. {% for key in kube_kubeadm_controller_extra_args %}
  239. {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
  240. {% endfor %}
  241. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
  242. cloud-provider: {{cloud_provider}}
  243. cloud-config: {{ kube_config_dir }}/cloud_config
  244. {% elif cloud_provider is defined and cloud_provider in ["external"] %}
  245. cloud-config: {{ kube_config_dir }}/cloud_config
  246. {% endif %}
  247. {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
  248. configure-cloud-routes: "false"
  249. {% endif %}
  250. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
  251. extraVolumes:
  252. {% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
  253. - name: openstackcacert
  254. hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
  255. mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
  256. {% endif %}
  257. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
  258. - name: cloud-config
  259. hostPath: {{ kube_config_dir }}/cloud_config
  260. mountPath: {{ kube_config_dir }}/cloud_config
  261. {% endif %}
  262. {% for volume in controller_manager_extra_volumes %}
  263. - name: {{ volume.name }}
  264. hostPath: {{ volume.hostPath }}
  265. mountPath: {{ volume.mountPath }}
  266. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
  267. {% endfor %}
  268. {% endif %}
  269. scheduler:
  270. extraArgs:
  271. bind-address: {{ kube_scheduler_bind_address }}
  272. {% if kube_feature_gates %}
  273. feature-gates: {{ kube_feature_gates|join(',') }}
  274. {% endif %}
  275. {% if kube_kubeadm_scheduler_extra_args|length > 0 %}
  276. {% for key in kube_kubeadm_scheduler_extra_args %}
  277. {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
  278. {% endfor %}
  279. {% endif %}
  280. extraVolumes:
  281. {% if scheduler_extra_volumes %}
  282. extraVolumes:
  283. {% for volume in scheduler_extra_volumes %}
  284. - name: {{ volume.name }}
  285. hostPath: {{ volume.hostPath }}
  286. mountPath: {{ volume.mountPath }}
  287. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
  288. {% endfor %}
  289. {% endif %}
  290. ---
  291. apiVersion: kubeproxy.config.k8s.io/v1alpha1
  292. kind: KubeProxyConfiguration
  293. bindAddress: {{ kube_proxy_bind_address }}
  294. clientConnection:
  295. acceptContentTypes: {{ kube_proxy_client_accept_content_types }}
  296. burst: {{ kube_proxy_client_burst }}
  297. contentType: {{ kube_proxy_client_content_type }}
  298. kubeconfig: {{ kube_proxy_client_kubeconfig }}
  299. qps: {{ kube_proxy_client_qps }}
  300. clusterCIDR: {{ kube_pods_subnet }}
  301. configSyncPeriod: {{ kube_proxy_config_sync_period }}
  302. conntrack:
  303. max: {{ kube_proxy_conntrack_max }}
  304. maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
  305. min: {{ kube_proxy_conntrack_min }}
  306. tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
  307. tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
  308. enableProfiling: {{ kube_proxy_enable_profiling }}
  309. healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
  310. hostnameOverride: {{ kube_override_hostname }}
  311. iptables:
  312. masqueradeAll: {{ kube_proxy_masquerade_all }}
  313. masqueradeBit: {{ kube_proxy_masquerade_bit }}
  314. minSyncPeriod: {{ kube_proxy_min_sync_period }}
  315. syncPeriod: {{ kube_proxy_sync_period }}
  316. ipvs:
  317. excludeCIDRs: {{ "[]" if kube_proxy_exclude_cidrs is not defined or kube_proxy_exclude_cidrs == "null" or kube_proxy_exclude_cidrs | length == 0 else (kube_proxy_exclude_cidrs if kube_proxy_exclude_cidrs[0] == '[' else ("[" + kube_proxy_exclude_cidrs + "]" if (kube_proxy_exclude_cidrs[0] | length) == 1 else "[" + kube_proxy_exclude_cidrs | join(",") + "]")) }}
  318. minSyncPeriod: {{ kube_proxy_min_sync_period }}
  319. scheduler: {{ kube_proxy_scheduler }}
  320. syncPeriod: {{ kube_proxy_sync_period }}
  321. metricsBindAddress: {{ kube_proxy_metrics_bind_address }}
  322. mode: {{ kube_proxy_mode }}
  323. nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
  324. oomScoreAdj: {{ kube_proxy_oom_score_adj }}
  325. portRange: {{ kube_proxy_port_range }}
  326. resourceContainer: {{ kube_proxy_resource_container }}
  327. udpIdleTimeout: {{ kube_proxy_udp_idle_timeout }}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!