Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apiVersion: kubeadm.k8s.io/v1beta2
- kind: InitConfiguration
- localAPIEndpoint:
- advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }}
- bindPort: {{ kube_apiserver_port }}
- {% if kubeadm_certificate_key is defined %}
- certificateKey: {{ kubeadm_certificate_key }}
- {% endif %}
- nodeRegistration:
- {% if kube_override_hostname|default('') %}
- name: {{ kube_override_hostname }}
- {% endif %}
- {% if inventory_hostname in groups['kube-master'] and inventory_hostname not in groups['kube-node'] %}
- taints:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- {% else %}
- taints: []
- {% endif %}
- criSocket: {{ cri_socket }}
- ---
- apiVersion: kubeadm.k8s.io/v1beta2
- kind: ClusterConfiguration
- clusterName: {{ cluster_name }}
- etcd:
- {% if not etcd_kubeadm_enabled %}
- external:
- endpoints:
- {% for endpoint in etcd_access_addresses.split(',') %}
- - {{ endpoint }}
- {% endfor %}
- caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }}
- certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }}
- keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }}
- {% elif etcd_kubeadm_enabled %}
- local:
- imageRepository: "{{ etcd_image_repo | regex_replace("/etcd$","") }}"
- imageTag: "{{ etcd_image_tag }}"
- dataDir: "/var/lib/etcd"
- extraArgs:
- metrics: {{ etcd_metrics }}
- election-timeout: "{{ etcd_election_timeout }}"
- heartbeat-interval: "{{ etcd_heartbeat_interval }}"
- auto-compaction-retention: "{{ etcd_compaction_retention }}"
- {% if etcd_snapshot_count is defined %}
- snapshot-count: "{{ etcd_snapshot_count }}"
- {% endif %}
- {% if etcd_quota_backend_bytes is defined %}
- quota-backend-bytes: "{{ etcd_quota_backend_bytes }}"
- {% endif %}
- {% if etcd_log_package_levels is defined %}
- log-package_levels: "{{ etcd_log_package_levels }}"
- {% endif %}
- {% for key, value in etcd_extra_vars.items() %}
- {{ key }}: "{{ value }}"
- {% endfor %}
- {% if host_architecture != "amd64" -%}
- etcd-unsupported-arch: {{host_architecture}}
- {% endif %}
- serverCertSANs:
- {% for san in etcd_cert_alt_names %}
- - {{ san }}
- {% endfor %}
- {% for san in etcd_cert_alt_ips %}
- - {{ san }}
- {% endfor %}
- peerCertSANs:
- {% for san in etcd_cert_alt_names %}
- - {{ san }}
- {% endfor %}
- {% for san in etcd_cert_alt_ips %}
- - {{ san }}
- {% endfor %}
- {% endif %}
- {% if dns_mode in ['coredns', 'coredns_dual'] %}
- dns:
- type: CoreDNS
- imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }}
- imageTag: {{ coredns_image_tag }}
- {% endif %}
- networking:
- dnsDomain: {{ dns_domain }}
- serviceSubnet: {{ kube_service_addresses }}
- podSubnet: {{ kube_pods_subnet }}
- kubernetesVersion: {{ kube_version }}
- {% if kubeadm_config_api_fqdn is defined %}
- controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
- {% else %}
- controlPlaneEndpoint: {{ ip | default(fallback_ips[inventory_hostname]) }}:{{ kube_apiserver_port }}
- {% endif %}
- certificatesDir: {{ kube_cert_dir }}
- imageRepository: {{ kube_image_repo }}
- useHyperKubeImage: false
- apiServer:
- extraArgs:
- {% if kube_api_anonymous_auth is defined %}
- anonymous-auth: "{{ kube_api_anonymous_auth }}"
- {% endif %}
- authorization-mode: {{ authorization_modes | join(',') }}
- bind-address: {{ kube_apiserver_bind_address }}
- {% if kube_apiserver_insecure_port|string != "0" %}
- insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
- {% endif %}
- insecure-port: "{{ kube_apiserver_insecure_port }}"
- {% if kube_apiserver_enable_admission_plugins|length > 0 %}
- enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}
- {% endif %}
- {% if kube_apiserver_disable_admission_plugins|length > 0 %}
- disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}
- {% endif %}
- apiserver-count: "{{ kube_apiserver_count }}"
- endpoint-reconciler-type: lease
- {% if etcd_events_cluster_enabled %}
- etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}"
- {% endif %}
- service-node-port-range: {{ kube_apiserver_node_port_range }}
- kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}"
- profiling: "{{ kube_profiling }}"
- request-timeout: "{{ kube_apiserver_request_timeout }}"
- enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
- {% if kube_basic_auth|default(true) %}
- basic-auth-file: {{ kube_users_dir }}/known_users.csv
- {% endif %}
- {% if kube_token_auth|default(true) %}
- token-auth-file: {{ kube_token_dir }}/known_tokens.csv
- {% endif %}
- {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
- oidc-issuer-url: {{ kube_oidc_url }}
- oidc-client-id: {{ kube_oidc_client_id }}
- {% if kube_oidc_ca_file is defined %}
- oidc-ca-file: {{ kube_oidc_ca_file }}
- {% endif %}
- {% if kube_oidc_username_claim is defined %}
- oidc-username-claim: {{ kube_oidc_username_claim }}
- {% endif %}
- {% if kube_oidc_groups_claim is defined %}
- oidc-groups-claim: {{ kube_oidc_groups_claim }}
- {% endif %}
- {% if kube_oidc_username_prefix is defined %}
- oidc-username-prefix: "{{ kube_oidc_username_prefix }}"
- {% endif %}
- {% if kube_oidc_groups_prefix is defined %}
- oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}"
- {% endif %}
- {% endif %}
- {% if kube_webhook_token_auth|default(false) %}
- authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml
- {% endif %}
- {% if kube_encrypt_secret_data %}
- encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml
- {% endif %}
- storage-backend: {{ kube_apiserver_storage_backend }}
- {% if kube_api_runtime_config is defined %}
- runtime-config: {{ kube_api_runtime_config | join(',') }}
- {% endif %}
- allow-privileged: "true"
- {% if kubernetes_audit %}
- audit-log-path: "{{ audit_log_path }}"
- audit-log-maxage: "{{ audit_log_maxage }}"
- audit-log-maxbackup: "{{ audit_log_maxbackups }}"
- audit-log-maxsize: "{{ audit_log_maxsize }}"
- audit-policy-file: {{ audit_policy_file }}
- {% endif %}
- {% for key in kube_kubeadm_apiserver_extra_args %}
- {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
- {% endfor %}
- {% if kube_feature_gates %}
- feature-gates: {{ kube_feature_gates|join(',') }}
- {% endif %}
- {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
- cloud-provider: {{ cloud_provider }}
- cloud-config: {{ kube_config_dir }}/cloud_config
- {% elif cloud_provider is defined and cloud_provider in ["external"] %}
- cloud-config: {{ kube_config_dir }}/cloud_config
- {% endif %}
- {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
- extraVolumes:
- {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- - name: cloud-config
- hostPath: {{ kube_config_dir }}/cloud_config
- mountPath: {{ kube_config_dir }}/cloud_config
- {% endif %}
- {% if kube_basic_auth|default(true) %}
- - name: basic-auth-config
- hostPath: {{ kube_users_dir }}
- mountPath: {{ kube_users_dir }}
- {% endif %}
- {% if kube_token_auth|default(true) %}
- - name: token-auth-config
- hostPath: {{ kube_token_dir }}
- mountPath: {{ kube_token_dir }}
- {% endif %}
- {% if kube_webhook_token_auth|default(false) %}
- - name: webhook-token-auth-config
- hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
- mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
- {% endif %}
- {% if kubernetes_audit %}
- - name: {{ audit_policy_name }}
- hostPath: {{ audit_policy_hostpath }}
- mountPath: {{ audit_policy_mountpath }}
- {% if audit_log_path != "-" %}
- - name: {{ audit_log_name }}
- hostPath: {{ audit_log_hostpath }}
- mountPath: {{ audit_log_mountpath }}
- readOnly: false
- {% endif %}
- {% endif %}
- {% for volume in apiserver_extra_volumes %}
- - name: {{ volume.name }}
- hostPath: {{ volume.hostPath }}
- mountPath: {{ volume.mountPath }}
- readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
- {% endfor %}
- {% if ssl_ca_dirs|length %}
- {% for dir in ssl_ca_dirs %}
- - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
- hostPath: {{ dir }}
- mountPath: {{ dir }}
- readOnly: true
- {% endfor %}
- {% endif %}
- {% endif %}
- certSANs:
- {% for san in apiserver_sans %}
- - {{ san }}
- {% endfor %}
- timeoutForControlPlane: 5m0s
- controllerManager:
- extraArgs:
- node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
- node-monitor-period: {{ kube_controller_node_monitor_period }}
- pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
- node-cidr-mask-size: "{{ kube_network_node_prefix }}"
- profiling: "{{ kube_profiling }}"
- terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"
- bind-address: {{ kube_controller_manager_bind_address }}
- {% if kube_feature_gates %}
- feature-gates: {{ kube_feature_gates|join(',') }}
- {% endif %}
- {% for key in kube_kubeadm_controller_extra_args %}
- {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
- {% endfor %}
- {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
- cloud-provider: {{ cloud_provider }}
- cloud-config: {{ kube_config_dir }}/cloud_config
- {% elif cloud_provider is defined and cloud_provider in ["external"] %}
- cloud-config: {{ kube_config_dir }}/cloud_config
- {% endif %}
- {% if kube_network_plugin is defined and kube_network_plugin not in ["cloud"] %}
- configure-cloud-routes: "false"
- {% endif %}
- {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
- extraVolumes:
- {% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
- - name: openstackcacert
- hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
- mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
- {% endif %}
- {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- - name: cloud-config
- hostPath: {{ kube_config_dir }}/cloud_config
- mountPath: {{ kube_config_dir }}/cloud_config
- {% endif %}
- {% for volume in controller_manager_extra_volumes %}
- - name: {{ volume.name }}
- hostPath: {{ volume.hostPath }}
- mountPath: {{ volume.mountPath }}
- readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
- {% endfor %}
- {% endif %}
- scheduler:
- extraArgs:
- bind-address: {{ kube_scheduler_bind_address }}
- {% if kube_feature_gates %}
- feature-gates: {{ kube_feature_gates|join(',') }}
- {% endif %}
- {% if kube_kubeadm_scheduler_extra_args|length > 0 %}
- {% for key in kube_kubeadm_scheduler_extra_args %}
- {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
- {% endfor %}
- {% endif %}
- extraVolumes:
- {% if scheduler_extra_volumes %}
- extraVolumes:
- {% for volume in scheduler_extra_volumes %}
- - name: {{ volume.name }}
- hostPath: {{ volume.hostPath }}
- mountPath: {{ volume.mountPath }}
- readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
- {% endfor %}
- {% endif %}
- ---
- apiVersion: kubeproxy.config.k8s.io/v1alpha1
- kind: KubeProxyConfiguration
- bindAddress: {{ kube_proxy_bind_address }}
- clientConnection:
- acceptContentTypes: {{ kube_proxy_client_accept_content_types }}
- burst: {{ kube_proxy_client_burst }}
- contentType: {{ kube_proxy_client_content_type }}
- kubeconfig: {{ kube_proxy_client_kubeconfig }}
- qps: {{ kube_proxy_client_qps }}
- clusterCIDR: {{ kube_pods_subnet }}
- configSyncPeriod: {{ kube_proxy_config_sync_period }}
- conntrack:
- maxPerCore: {{ kube_proxy_conntrack_max_per_core }}
- min: {{ kube_proxy_conntrack_min }}
- tcpCloseWaitTimeout: {{ kube_proxy_conntrack_tcp_close_wait_timeout }}
- tcpEstablishedTimeout: {{ kube_proxy_conntrack_tcp_established_timeout }}
- enableProfiling: {{ kube_proxy_enable_profiling }}
- healthzBindAddress: {{ kube_proxy_healthz_bind_address }}
- hostnameOverride: {{ kube_override_hostname }}
- iptables:
- masqueradeAll: {{ kube_proxy_masquerade_all }}
- masqueradeBit: {{ kube_proxy_masquerade_bit }}
- minSyncPeriod: {{ kube_proxy_min_sync_period }}
- syncPeriod: {{ kube_proxy_sync_period }}
- ipvs:
- excludeCIDRs: {{ kube_proxy_exclude_cidrs }}
- minSyncPeriod: {{ kube_proxy_min_sync_period }}
- scheduler: {{ kube_proxy_scheduler }}
- syncPeriod: {{ kube_proxy_sync_period }}
- metricsBindAddress: {{ kube_proxy_metrics_bind_address }}
- mode: {{ kube_proxy_mode }}
- nodePortAddresses: {{ kube_proxy_nodeport_addresses }}
- oomScoreAdj: {{ kube_proxy_oom_score_adj }}
- portRange: {{ kube_proxy_port_range }}
- resourceContainer: {{ kube_proxy_resource_container }}
- udpIdleTimeout: {{ kube_proxy_udp_idle_timeout }}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement