add gce support (#8179)
Author: lmercl <lubos.mercl@gmail.com> Date: Wed Nov 10 15:30:04 2021 +0000 fix markdown
This commit is contained in:
parent
2c87170ccf
commit
424163c7d3
5 changed files with 27 additions and 8 deletions
16
docs/gcp-lb.md
Normal file
16
docs/gcp-lb.md
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# GCP Load Balancers for type=LoadBalacer of Kubernetes Services
|
||||||
|
|
||||||
|
Google Cloud Platform can be used for creation of Kubernetes Service Load Balancer.
|
||||||
|
|
||||||
|
This feature is able to deliver by adding parameters to kube-controller-manager and kubelet. You need specify:
|
||||||
|
|
||||||
|
--cloud-provider=gce
|
||||||
|
--cloud-config=/etc/kubernetes/cloud-config
|
||||||
|
|
||||||
|
To get working it in kubespray, you need to add tag to GCE instances and specify it in kubespray group vars and also set cloud_provider to gce. So for example, in file group_vars/all/gcp.yml:
|
||||||
|
|
||||||
|
cloud_provider: gce
|
||||||
|
gce_node_tags: k8s-lb
|
||||||
|
|
||||||
|
When you will setup it and create SVC in Kubernetes with type=LoadBalancer, cloud provider will create public IP and will set firewall.
|
||||||
|
Note: Cloud provider run under VM service account, so this account needs to have correct permissions to be able to create all GCP resources.
|
|
@ -197,7 +197,7 @@ apiServer:
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
|
||||||
cloud-provider: {{ cloud_provider }}
|
cloud-provider: {{ cloud_provider }}
|
||||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -214,9 +214,9 @@ apiServer:
|
||||||
{% if kubelet_rotate_server_certificates %}
|
{% if kubelet_rotate_server_certificates %}
|
||||||
kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
|
kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
|
{% if kubernetes_audit or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
hostPath: {{ kube_config_dir }}/cloud_config
|
hostPath: {{ kube_config_dir }}/cloud_config
|
||||||
mountPath: {{ kube_config_dir }}/cloud_config
|
mountPath: {{ kube_config_dir }}/cloud_config
|
||||||
|
@ -290,7 +290,7 @@ controllerManager:
|
||||||
{% for key in kube_kubeadm_controller_extra_args %}
|
{% for key in kube_kubeadm_controller_extra_args %}
|
||||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
|
||||||
cloud-provider: {{ cloud_provider }}
|
cloud-provider: {{ cloud_provider }}
|
||||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -307,14 +307,14 @@ controllerManager:
|
||||||
tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %}
|
tls-cipher-suites: {% for tls in tls_cipher_suites %}{{ tls }}{{ "," if not loop.last else "" }}{% endfor %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] or controller_manager_extra_volumes %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] or controller_manager_extra_volumes %}
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
- name: openstackcacert
|
- name: openstackcacert
|
||||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
hostPath: {{ kube_config_dir }}/cloud_config
|
hostPath: {{ kube_config_dir }}/cloud_config
|
||||||
mountPath: {{ kube_config_dir }}/cloud_config
|
mountPath: {{ kube_config_dir }}/cloud_config
|
||||||
|
|
|
@ -173,7 +173,7 @@
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when:
|
when:
|
||||||
- cloud_provider is defined
|
- cloud_provider is defined
|
||||||
- cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws' ]
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ]
|
||||||
notify: Node | restart kubelet
|
notify: Node | restart kubelet
|
||||||
tags:
|
tags:
|
||||||
- cloud-provider
|
- cloud-provider
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
[global]
|
||||||
|
node-tags = {{ gce_node_tags }}
|
||||||
|
|
|
@ -43,7 +43,7 @@ KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni
|
||||||
{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
|
{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
|
||||||
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
|
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "gce", "external"] %}
|
||||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
|
||||||
{% else %}
|
{% else %}
|
||||||
KUBELET_CLOUDPROVIDER=""
|
KUBELET_CLOUDPROVIDER=""
|
||||||
|
|
Loading…
Reference in a new issue