minor tune after merge @rajiteh's work
This commit is contained in:
parent
27a10c9623
commit
4cfffba749
6 changed files with 12 additions and 9 deletions
|
@ -67,7 +67,7 @@ following default cluster paramters:
|
||||||
OpenStack (default is unset)
|
OpenStack (default is unset)
|
||||||
* *kube_hostpath_dynamic_provisioner* - Required for use of PetSets type in
|
* *kube_hostpath_dynamic_provisioner* - Required for use of PetSets type in
|
||||||
Kubernetes
|
Kubernetes
|
||||||
* *authorization_mode* - A list of [authorization modes](
|
* *authorization_modes* - A list of [authorization mode](
|
||||||
https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
|
https://kubernetes.io/docs/admin/authorization/#using-flags-for-your-authorization-module)
|
||||||
that the cluster should be configured for. Defaults to `['AlwaysAllow']`.
|
that the cluster should be configured for. Defaults to `['AlwaysAllow']`.
|
||||||
Note: Only `AlwaysAllow`, `AlwaysDeny` and `RBAC` are tested.
|
Note: Only `AlwaysAllow`, `AlwaysDeny` and `RBAC` are tested.
|
||||||
|
|
|
@ -118,5 +118,5 @@ enable_network_policy: false
|
||||||
## List of authorization modes that must be configured for
|
## List of authorization modes that must be configured for
|
||||||
## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
|
## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
|
||||||
## 'RBAC' modes are tested.
|
## 'RBAC' modes are tested.
|
||||||
authorization_mode: ['AlwaysAllow']
|
authorization_modes: ['AlwaysAllow']
|
||||||
rbac_enabled: "{{ 'RBAC' in authorization_mode }}"
|
rbac_enabled: "{{ 'RBAC' in authorization_modes }}"
|
||||||
|
|
|
@ -42,7 +42,6 @@ etcd_cert_dir: "/etc/ssl/etcd/ssl"
|
||||||
canal_cert_dir: "/etc/canal/certs"
|
canal_cert_dir: "/etc/canal/certs"
|
||||||
|
|
||||||
kubedns_rbac_resources:
|
kubedns_rbac_resources:
|
||||||
- clusterrole,
|
- clusterrole
|
||||||
- clusterrolebinding,
|
- clusterrolebinding
|
||||||
- sa
|
- sa
|
||||||
- serviceaccount
|
|
||||||
|
|
|
@ -21,7 +21,9 @@
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler-clusterrolebinding.yml, type: clusterrolebinding}
|
||||||
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
|
- {name: kubedns-autoscaler, file: kubedns-autoscaler.yml, type: deployment}
|
||||||
register: manifests
|
register: manifests
|
||||||
when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and (item.type not in kubedns_rbac_resources or rbac_enabled)
|
when:
|
||||||
|
- dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
|
||||||
|
- rbac_enabled or item.type not in kubedns_rbac_resources
|
||||||
tags: dnsmasq
|
tags: dnsmasq
|
||||||
|
|
||||||
# see https://github.com/kubernetes/kubernetes/issues/45084
|
# see https://github.com/kubernetes/kubernetes/issues/45084
|
||||||
|
|
|
@ -46,4 +46,6 @@ spec:
|
||||||
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
|
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
|
||||||
- --logtostderr=true
|
- --logtostderr=true
|
||||||
- --v=2
|
- --v=2
|
||||||
|
{% if rbac_enabled %}
|
||||||
serviceAccountName: cluster-proportional-autoscaler
|
serviceAccountName: cluster-proportional-autoscaler
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -81,8 +81,8 @@ spec:
|
||||||
{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=') %}
|
{% if kube_api_anonymous_auth is defined and kube_version | version_compare('v1.5', '>=') %}
|
||||||
- --anonymous-auth={{ kube_api_anonymous_auth }}
|
- --anonymous-auth={{ kube_api_anonymous_auth }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if authorization_mode %}
|
{% if authorization_modes %}
|
||||||
- --authorization-mode={{ authorization_mode|join(',') }}
|
- --authorization-mode={{ authorization_modes|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if apiserver_custom_flags is string %}
|
{% if apiserver_custom_flags is string %}
|
||||||
- {{ apiserver_custom_flags }}
|
- {{ apiserver_custom_flags }}
|
||||||
|
|
Loading…
Reference in a new issue