apiVersion: kubeadm.k8s.io/v1beta2kind: InitConfigurationlocalAPIEndpoint: a

1. apiVersion: kubeadm.k8s.io/v1beta2
2. kind: InitConfiguration
3. localAPIEndpoint:
4. advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }}
5. bindPort: {{ kube_apiserver_port }}
6. {% if kubeadm_certificate_key is defined %}
7. certificateKey: {{ kubeadm_certificate_key }}
8. {% endif %}
9. nodeRegistration:
10. {% if kube_override_hostname|default('') %}
11. name: {{ kube_override_hostname }}
12. {% endif %}
13. {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
14. taints:
15. - effect: NoSchedule
16. key: node-role.kubernetes.io/master
17. {% else %}
18. taints: []
19. {% endif %}
20. criSocket: {{ cri_socket }}
21. ---
22. apiVersion: kubeadm.k8s.io/v1beta2
23. kind: ClusterConfiguration
24. clusterName: {{ cluster_name }}
25. etcd:
26. {% if not etcd_kubeadm_enabled %}
27. external:
28. endpoints:
29. {% for endpoint in etcd_access_addresses.split(',') %}
30. - {{ endpoint }}
31. {% endfor %}
32. caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
33. certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
34. keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
35. {% elif etcd_kubeadm_enabled %}
36. local:
37. imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
38. imageTag: "{{ etcd_image_tag }}"
39. dataDir: "/var/lib/etcd"
40. extraArgs:
41. metrics: {{ etcd_metrics }}
42. election-timeout: "{{ etcd_election_timeout }}"
43. heartbeat-interval: "{{ etcd_heartbeat_interval }}"
44. auto-compaction-retention: "{{ etcd_compaction_retention }}"
45. {% if etcd_snapshot_count is defined %}
46. snapshot-count: "{{ etcd_snapshot_count }}"
47. {% endif %}
48. {% if etcd_quota_backend_bytes is defined %}
49. quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
50. {% endif %}
51. {% if etcd_log_package_levels is defined %}
52. log-package_levels: "{{ etcd_log_package_levels }}"
53. {% endif %}
54. {% for key, value in etcd_extra_vars.items() %}
55. {{ key }}: "{{ value }}"
56. {% endfor %}
57. {% if host_architecture != "amd64" -%}
58. etcd-unsupported-arch: {{host_architecture}}
59. {% endif %}
60. serverCertSANs:
61. {% for san in etcd_cert_alt_names %}
62. - {{ san }}
63. {% endfor %}
64. {% for san in etcd_cert_alt_ips %}
65. - {{ san }}
66. {% endfor %}
67. peerCertSANs:
68. {% for san in etcd_cert_alt_names %}
69. - {{ san }}
70. {% endfor %}
71. {% for san in etcd_cert_alt_ips %}
72. - {{ san }}
73. {% endfor %}
74. {% endif %}
75.  
76. {% if dns_mode in ['coredns', 'coredns_dual'] %}
77. dns:
78. type: CoreDNS
79. imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
80. imageTag: {{ coredns_image_tag }}
81. {% endif %}
82. networking:
83. dnsDomain: {{ dns_domain }}
84. serviceSubnet: {{ kube_service_addresses }}
85. podSubnet: {{ kube_pods_subnet }}
86. kubernetesVersion: {{ kube_version }}
87. {% if kubeadm_config_api_fqdn is defined %}
88. controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
89. {% else %}
90. controlPlaneEndpoint: {{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}
91. {% endif %}
92. certificatesDir: {{ kube_cert_dir }}
93. imageRepository: {{ kube_image_repo }}
94. useHyperKubeImage: false
95. apiServer:
96. extraArgs:
97. {% if kube_api_anonymous_auth is defined %}
98. anonymous-auth: "{{ kube_api_anonymous_auth }}"
99. {% endif %}
100. authorization-mode: {{ authorization_modes | join(',') }}
101. bind-address: {{ kube_apiserver_bind_address }}
102. {% if kube_apiserver_insecure_port|string != "0" %}
103. insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
104. {% endif %}
105. insecure-port: "{{ kube_apiserver_insecure_port }}"
106. {% if kube_apiserver_enable_admission_plugins|length > 0 %}
107. enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
108. {% endif %}
109. {% if kube_apiserver_disable_admission_plugins|length > 0 %}
110. disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
111. {% endif %}
112. apiserver-count: "{{ kube_apiserver_count }}"
113. endpoint-reconciler-type: lease
114. {% if etcd_events_cluster_enabled %}
115. etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
116. {% endif %}
117. service-node-port-range: {{ kube_apiserver_node_port_range }}
118. kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
119. profiling: "{{ kube_profiling }}"
120. request-timeout: "{{ kube_apiserver_request_timeout }}"
121. enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
122. {% if kube_basic_auth|default(true) %}
123. basic-auth-file: {{ kube_users_dir }}/known_users.csv
124. {% endif %}
125. {% if kube_token_auth|default(true) %}
126. token-auth-file: {{ kube_token_dir }}/known_tokens.csv
127. {% endif %}
128. {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
129. oidc-issuer-url: {{ kube_oidc_url }}
130. oidc-client-id: {{ kube_oidc_client_id }}
131. {% if kube_oidc_ca_file is defined %}
132. oidc-ca-file: {{ kube_oidc_ca_file }}
133. {% endif %}
134. {% if kube_oidc_username_claim is defined %}
135. oidc-username-claim: {{ kube_oidc_username_claim }}
136. {% endif %}
137. {% if kube_oidc_groups_claim is defined %}
138. oidc-groups-claim: {{ kube_oidc_groups_claim }}
139. {% endif %}
140. {% if kube_oidc_username_prefix is defined %}
141. oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
142. {% endif %}
143. {% if kube_oidc_groups_prefix is defined %}
144. oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
145. {% endif %}
146. {% endif %}
147. {% if kube_webhook_token_auth|default(false) %}
148. authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
149. {% endif %}
150. {% if kube_encrypt_secret_data %}
151. encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
152. {% endif %}
153. storage-backend: {{ kube_apiserver_storage_backend }}
154. {% if kube_api_runtime_config is defined %}
155. runtime-config: {{ kube_api_runtime_config | join(',') }}
156. {% endif %}
157. allow-privileged: "true"
158. {% if kubernetes_audit %}
159. audit-log-path: "{{ audit_log_path }}"
160. audit-log-maxage: "{{ audit_log_maxage }}"
161. audit-log-maxbackup: "{{ audit_log_maxbackups }}"
162. audit-log-maxsize: "{{ audit_log_maxsize }}"
163. audit-policy-file: {{ audit_policy_file }}
164. {% endif %}
165. {% for key in kube_kubeadm_apiserver_extra_args %}
166. {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
167. {% endfor %}
168. {% if kube_feature_gates %}
169. feature-gates: {{ kube_feature_gates|join(',') }}
170. {% endif %}
171. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
172. cloud-provider: {{ cloud_provider }}
173. cloud-config: {{ kube_config_dir }}/cloud_config
174. {% elif cloud_provider is defined and cloud_provider in ["external"] %}
175. cloud-config: {{ kube_config_dir }}/cloud_config
176. {% endif %}
177. {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
178. extraVolumes:
179. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
180. - name: cloud-config
181. hostPath: {{ kube_config_dir }}/cloud_config
182. mountPath: {{ kube_config_dir }}/cloud_config
183. {% endif %}
184. {% if kube_basic_auth|default(true) %}
185. - name: basic-auth-config
186. hostPath: {{ kube_users_dir }}
187. mountPath: {{ kube_users_dir }}
188. {% endif %}
189. {% if kube_token_auth|default(true) %}
190. - name: token-auth-config
191. hostPath: {{ kube_token_dir }}
192. mountPath: {{ kube_token_dir }}
193. {% endif %}
194. {% if kube_webhook_token_auth|default(false) %}
195. - name: webhook-token-auth-config
196. hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
197. mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
198. {% endif %}
199. {% if kubernetes_audit %}
200. - name: {{ audit_policy_name }}
201. hostPath: {{ audit_policy_hostpath }}
202. mountPath: {{ audit_policy_mountpath }}
203. {% if audit_log_path != "-" %}
204. - name: {{ audit_log_name }}
205. hostPath: {{ audit_log_hostpath }}
206. mountPath: {{ audit_log_mountpath }}
207. readOnly: false
208. {% endif %}
209. {% endif %}
210. {% for volume in apiserver_extra_volumes %}
211. - name: {{ volume.name }}
212. hostPath: {{ volume.hostPath }}
213. mountPath: {{ volume.mountPath }}
214. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
215. {% endfor %}
216. {% if ssl_ca_dirs|length %}
217. {% for dir in ssl_ca_dirs %}
218. - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
219. hostPath: {{ dir }}
220. mountPath: {{ dir }}
221. readOnly: true
222. {% endfor %}
223. {% endif %}
224. {% endif %}
225. certSANs:
226. {% for san in apiserver_sans %}
227. - {{ san }}
228. {% endfor %}
229. timeoutForControlPlane: 5m0s
230. controllerManager:
231. extraArgs:
232. node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
233. node-monitor-period: {{ kube_controller_node_monitor_period }}
234. pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
235. node-cidr-mask-size: "{{ kube_network_node_prefix }}"
236. profiling: "{{ kube_profiling }}"
237. terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
238. bind-address: {{ kube_controller_manager_bind_address }}
239. {% if kube_feature_gates %}
240. feature-gates: {{ kube_feature_gates|join(',') }}
241. {% endif %}
242. {% for key in kube_kubeadm_controller_extra_args %}
243. {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
244. {% endfor %}
245. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
246. cloud-provider: {{ cloud_provider }}
247. cloud-config: {{ kube_config_dir }}/cloud_config
248. {% elif cloud_provider is defined and cloud_provider in ["external"] %}
249. cloud-config: {{ kube_config_dir }}/cloud_config
250. {% endif %}
251. {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
252. configure-cloud-routes: "false"
253. {% endif %}
254. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
255. extraVolumes:
256. {% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
257. - name: openstackcacert
258. hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
259. mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
260. {% endif %}
261. {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
262. - name: cloud-config
263. hostPath: {{ kube_config_dir }}/cloud_config
264. mountPath: {{ kube_config_dir }}/cloud_config
265. {% endif %}
266. {% for volume in controller_manager_extra_volumes %}
267. - name: {{ volume.name }}
268. hostPath: {{ volume.hostPath }}
269. mountPath: {{ volume.mountPath }}
270. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
271. {% endfor %}
272. {% endif %}
273. scheduler:
274. extraArgs:
275. bind-address: {{ kube_scheduler_bind_address }}
276. {% if kube_feature_gates %}
277. feature-gates: {{ kube_feature_gates|join(',') }}
278. {% endif %}
279. {% if kube_kubeadm_scheduler_extra_args|length > 0 %}
280. {% for key in kube_kubeadm_scheduler_extra_args %}
281. {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
282. {% endfor %}
283. {% endif %}
284. extraVolumes:
285. {% if scheduler_extra_volumes %}
286. extraVolumes:
287. {% for volume in scheduler_extra_volumes %}
288. - name: {{ volume.name }}
289. hostPath: {{ volume.hostPath }}
290. mountPath: {{ volume.mountPath }}
291. readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
292. {% endfor %}
293. {% endif %}
294. ---
295. apiVersion: kubeproxy.config.k8s.io/v1alpha1
296. kind: KubeProxyConfiguration
297. bindAddress: {{ kube_proxy_bind_address }}
298. clientConnection:
299. acceptContentTypes: {{ kube_proxy_client_accept_content_types }}
300. burst: {{ kube_proxy_client_burst }}
301. contentType: {{ kube_proxy_client_content_type }}
302. kubeconfig: {{ kube_proxy_client_kubeconfig }}
303. qps: {{ kube_proxy_client_qps }}
304. clusterCIDR: {{ kube_pods_subnet }}
305. configSyncPeriod: {{ kube_proxy_config_sync_period }}
306. conntrack:
307. maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
308. min: {{ kube_proxy_conntrack_min }}
309. tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
310. tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
311. enableProfiling: {{ kube_proxy_enable_profiling }}
312. healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
313. hostnameOverride: {{ kube_override_hostname }}
314. iptables:
315. masqueradeAll: {{ kube_proxy_masquerade_all }}
316. masqueradeBit: {{ kube_proxy_masquerade_bit }}
317. minSyncPeriod: {{ kube_proxy_min_sync_period }}
318. syncPeriod: {{ kube_proxy_sync_period }}
319. ipvs:
320. excludeCIDRs: {{ kube_proxy_exclude_cidrs }}
321. minSyncPeriod: {{ kube_proxy_min_sync_period }}
322. scheduler: {{ kube_proxy_scheduler }}
323. syncPeriod: {{ kube_proxy_sync_period }}
324. metricsBindAddress: {{ kube_proxy_metrics_bind_address }}
325. mode: {{ kube_proxy_mode }}
326. nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
327. oomScoreAdj: {{ kube_proxy_oom_score_adj }}
328. portRange: {{ kube_proxy_port_range }}
329. resourceContainer: {{ kube_proxy_resource_container }}
330. udpIdleTimeout: {{ kube_proxy_udp_idle_timeout }}