Add cloud provider config to kubeadm deployments (#3766)

This commit is contained in:
Rong Zhang 2018-11-27 21:03:03 +08:00 committed by k8s-ci-robot
parent 993b8e2791
commit ddc19f43ba
5 changed files with 101 additions and 31 deletions

View file

@ -42,9 +42,10 @@ bin_dir: /usr/local/bin
## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or 'external' ## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', 'oci', or 'external'
## When openstack is used make sure to source in the openstack credentials ## When openstack is used make sure to source in the openstack credentials
## like you would do when using nova-client before starting the playbook. ## like you would do when using nova-client before starting the playbook.
## Note: The 'external' cloud provider is not supported.
## TODO(riverzhang): https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager
#cloud_provider: #cloud_provider:
## kubeadm deployment mode ## kubeadm deployment mode
kubeadm_enabled: true kubeadm_enabled: true

View file

@ -22,8 +22,11 @@ networking:
podSubnet: {{ kube_pods_subnet }} podSubnet: {{ kube_pods_subnet }}
podNetworkCidr: "{{ kube_network_node_prefix }}" podNetworkCidr: "{{ kube_network_node_prefix }}"
kubernetesVersion: {{ kube_version }} kubernetesVersion: {{ kube_version }}
{% if cloud_provider is defined and cloud_provider not in ["gce", "oci"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloudProvider: {{ cloud_provider }} cloudProvider: {{cloud_provider}}
cloudConfig: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloudConfig: {{ kube_config_dir }}/cloud_config
{% endif %} {% endif %}
{% if kube_proxy_mode == 'ipvs' %} {% if kube_proxy_mode == 'ipvs' %}
kubeProxy: kubeProxy:
@ -40,7 +43,7 @@ kubeProxy:
{% if kube_proxy_nodeport_addresses %} {% if kube_proxy_nodeport_addresses %}
nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}] nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]
{% endif %} {% endif %}
resourceContainer: "" resourceContainer: ""
authorizationModes: authorizationModes:
{% for mode in authorization_modes %} {% for mode in authorization_modes %}
- {{ mode }} - {{ mode }}
@ -111,6 +114,9 @@ apiServerExtraArgs:
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
configure-cloud-routes: "true"
{% endif %}
controllerManagerExtraArgs: controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }} node-monitor-period: {{ kube_controller_node_monitor_period }}
@ -123,12 +129,19 @@ controllerManagerExtraArgs:
{% for key in kube_kubeadm_controller_extra_args %} {% for key in kube_kubeadm_controller_extra_args %}
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
{% endfor %} {% endfor %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
controllerManagerExtraVolumes: controllerManagerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %}
- name: openstackcacert - name: openstackcacert
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
{% endif %}
schedulerExtraArgs: schedulerExtraArgs:
profiling: "{{ kube_profiling }}" profiling: "{{ kube_profiling }}"
{% if kube_feature_gates %} {% if kube_feature_gates %}
@ -141,6 +154,11 @@ schedulerExtraArgs:
{% endif %} {% endif %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) %} {% if kube_basic_auth|default(true) or kube_token_auth|default(true) %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
{% if kube_basic_auth|default(true) %} {% if kube_basic_auth|default(true) %}
- name: basic-auth-config - name: basic-auth-config
hostPath: {{ kube_users_dir }} hostPath: {{ kube_users_dir }}

View file

@ -23,9 +23,6 @@ networking:
podSubnet: {{ kube_pods_subnet }} podSubnet: {{ kube_pods_subnet }}
podNetworkCidr: "{{ kube_network_node_prefix }}" podNetworkCidr: "{{ kube_network_node_prefix }}"
kubernetesVersion: {{ kube_version }} kubernetesVersion: {{ kube_version }}
{% if cloud_provider is defined and cloud_provider != "gce" %}
cloudProvider: {{ cloud_provider }}
{% endif %}
kubeProxy: kubeProxy:
config: config:
mode: {{ kube_proxy_mode }} mode: {{ kube_proxy_mode }}
@ -109,6 +106,15 @@ apiServerExtraArgs:
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloud-provider: {{cloud_provider}}
cloud-config: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config
{% endif %}
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %}
configure-cloud-routes: "true"
{% endif %}
controllerManagerExtraArgs: controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }} node-monitor-period: {{ kube_controller_node_monitor_period }}
@ -121,12 +127,25 @@ controllerManagerExtraArgs:
{% for key in kube_kubeadm_controller_extra_args %} {% for key in kube_kubeadm_controller_extra_args %}
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
{% endfor %} {% endfor %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloud-provider: {{cloud_provider}}
cloud-config: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
controllerManagerExtraVolumes: controllerManagerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %}
- name: openstackcacert - name: openstackcacert
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
{% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %} {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if kube_basic_auth|default(true) %} {% if kube_basic_auth|default(true) %}
@ -151,11 +170,19 @@ apiServerExtraVolumes:
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
schedulerExtraArgs: schedulerExtraArgs:
profiling: "{{ kube_profiling }}" profiling: "{{ kube_profiling }}"
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if volume_cross_zone_attachment %}
policy-config-file: {{ kube_config_dir }}/kube-scheduler-policy.yaml
{% endif %}
{% if kube_kubeadm_scheduler_extra_args|length > 0 %} {% if kube_kubeadm_scheduler_extra_args|length > 0 %}
{% for key in kube_kubeadm_scheduler_extra_args %} {% for key in kube_kubeadm_scheduler_extra_args %}
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"

View file

@ -43,6 +43,13 @@ controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.po
{% else %} {% else %}
controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }} controlPlaneEndpoint: {{ ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port }}
{% endif %} {% endif %}
apiServerCertSANs:
{% for san in apiserver_sans.split(' ') | unique %}
- {{ san }}
{% endfor %}
certificatesDir: {{ kube_config_dir }}/ssl
imageRepository: {{ kube_image_repo }}
unifiedControlPlaneImage: ""
apiServerExtraArgs: apiServerExtraArgs:
authorization-mode: {{ authorization_modes | join(',') }} authorization-mode: {{ authorization_modes | join(',') }}
bind-address: {{ kube_apiserver_bind_address }} bind-address: {{ kube_apiserver_bind_address }}
@ -109,6 +116,12 @@ apiServerExtraArgs:
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
cloud-provider: {{cloud_provider}}
cloud-config: {{ kube_config_dir }}/cloud_config
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config
{% endif %}
controllerManagerExtraArgs: controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }} node-monitor-period: {{ kube_controller_node_monitor_period }}
@ -116,14 +129,28 @@ controllerManagerExtraArgs:
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
controllerManagerExtraVolumes: cloud-provider: {{cloud_provider}}
- name: openstackcacert cloud-config: {{ kube_config_dir }}/cloud_config
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" {% elif cloud_provider is defined and cloud_provider in ["external"] %}
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" cloud-config: {{ kube_config_dir }}/cloud_config
{% endif %} {% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %} schedulerExtraArgs:
{% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %}
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
{% for key in kube_kubeadm_scheduler_extra_args %}
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %}
{% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %}
{% if kube_basic_auth|default(true) %} {% if kube_basic_auth|default(true) %}
- name: basic-auth-config - name: basic-auth-config
hostPath: {{ kube_users_dir }} hostPath: {{ kube_users_dir }}
@ -149,22 +176,19 @@ apiServerExtraVolumes:
{% for key in kube_kubeadm_controller_extra_args %} {% for key in kube_kubeadm_controller_extra_args %}
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
{% endfor %} {% endfor %}
schedulerExtraArgs: {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
{% if kube_feature_gates %} controllerManagerExtraVolumes:
feature-gates: {{ kube_feature_gates|join(',') }} {% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
- name: openstackcacert
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config
hostPath: {{ kube_config_dir }}/cloud_config
mountPath: {{ kube_config_dir }}/cloud_config
{% endif %} {% endif %}
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
{% for key in kube_kubeadm_scheduler_extra_args %}
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %}
{% endif %} {% endif %}
apiServerCertSANs:
{% for san in apiserver_sans.split(' ') | unique %}
- {{ san }}
{% endfor %}
certificatesDir: {{ kube_config_dir }}/ssl
imageRepository: {{ kube_image_repo }}
unifiedControlPlaneImage: ""
--- ---
apiVersion: kubeproxy.config.k8s.io/v1alpha1 apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration kind: KubeProxyConfiguration

View file

@ -106,8 +106,8 @@ KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kuben
KUBE_ALLOW_PRIV="--allow-privileged=true" KUBE_ALLOW_PRIV="--allow-privileged=true"
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config" KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config"
{% elif cloud_provider is defined and cloud_provider in ["oci", "external"] %} {% elif cloud_provider is defined and cloud_provider in ["external"] %}
KUBELET_CLOUDPROVIDER="--cloud-provider=external" KUBELET_CLOUDPROVIDER="--cloud-provider=external --cloud-config={{ kube_config_dir }}/cloud_config"
{% else %} {% else %}
KUBELET_CLOUDPROVIDER="" KUBELET_CLOUDPROVIDER=""
{% endif %} {% endif %}