fcb1735c09
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver vars and usecases. * Add loadbalancer_apiserver_localhost (default false). If enabled, override the external LB and expect localhost:443/8080 to be new internal only frontends. * Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients to access the apiservers as a comma-separated list of access_ip/ip/ansible ip (a default mode). When disabled, allow clients to use the given loadbalancers. * Define connections security mode for kube controllers, schedulers, proxies. It is insecure be default, which is the current deployment choice. * Rework the groups['kube-master'][0] hardcode defining the apiserver endpoints. * Improve grouping of vars and add facts for kube_apiserver. * Define kube_apiserver_insecure_bind_address as a fact, add more facts for ease of use. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
58 lines
1.7 KiB
Django/Jinja
58 lines
1.7 KiB
Django/Jinja
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-controller-manager
|
|
namespace: kube-system
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-controller-manager
|
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
|
command:
|
|
- /hyperkube
|
|
- controller-manager
|
|
{% if kube_controller_insecure %}
|
|
- --master={{ kube_apiserver_insecure_endpoint }}
|
|
{% else %}
|
|
- --master={{ kube_apiserver_endpoint }}
|
|
{% endif %}
|
|
- --leader-elect=true
|
|
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
|
|
- --root-ca-file={{ kube_cert_dir }}/ca.pem
|
|
- --enable-hostpath-provisioner={{ kube_hostpath_dynamic_provisioner }}
|
|
- --v={{ kube_log_level | default('2') }}
|
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
- --cloud-provider=openstack
|
|
- --cloud-config={{ kube_config_dir }}/cloud_config
|
|
{% endif %}
|
|
livenessProbe:
|
|
httpGet:
|
|
host: 127.0.0.1
|
|
path: /healthz
|
|
port: 10252
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 10
|
|
volumeMounts:
|
|
- mountPath: {{ kube_cert_dir }}
|
|
name: ssl-certs-kubernetes
|
|
readOnly: true
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
- mountPath: {{ kube_config_dir }}/cloud_config
|
|
name: cloudconfig
|
|
readOnly: true
|
|
{% endif %}
|
|
volumes:
|
|
- hostPath:
|
|
path: {{ kube_cert_dir }}
|
|
name: ssl-certs-kubernetes
|
|
- hostPath:
|
|
path: /etc/ssl/certs/
|
|
name: ssl-certs-host
|
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
- hostPath:
|
|
path: {{ kube_config_dir }}/cloud_config
|
|
name: cloudconfig
|
|
{% endif %}
|