6fa44458db
* Implement kubeadm init,join for Debian OS family (PoC) with the external etcd option set. * Make certs/tokens management optional and depending on the use_kubeadm var * Do not delegate static pods and config management to kubeadm and remove produced artifacts to be regenerated by ansible. * Add new set of system pods manifests templates based on that kubeadm produces by default and parametrize it by ansible vars * Fix apiserver container logging to follow 12-factor apps and scheduler/controller-manager logging setup Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
46 lines
1.2 KiB
Django/Jinja
46 lines
1.2 KiB
Django/Jinja
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: kube-proxy
|
|
namespace: kube-system
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-proxy
|
|
image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
|
|
command:
|
|
- /hyperkube
|
|
- proxy
|
|
- --v={{ kube_log_level | default('2') }}
|
|
- --master={{ kube_apiserver_endpoint }}
|
|
{% if not is_kube_master %}
|
|
- --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml
|
|
{% endif %}
|
|
- --bind-address={{ ip | default(ansible_default_ipv4.address) }}
|
|
- --cluster-cidr={{ kube_pods_subnet }}
|
|
- --proxy-mode={{ kube_proxy_mode }}
|
|
{% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
|
|
- --masquerade-all
|
|
{% endif %}
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /etc/ssl/certs
|
|
name: ssl-certs-host
|
|
readOnly: true
|
|
- mountPath: /etc/kubernetes/node-kubeconfig.yaml
|
|
name: "kubeconfig"
|
|
readOnly: true
|
|
- mountPath: /etc/kubernetes/ssl
|
|
name: "etc-kube-ssl"
|
|
readOnly: true
|
|
volumes:
|
|
- name: ssl-certs-host
|
|
hostPath:
|
|
path: /usr/share/ca-certificates
|
|
- name: "kubeconfig"
|
|
hostPath:
|
|
path: "/etc/kubernetes/node-kubeconfig.yaml"
|
|
- name: "etc-kube-ssl"
|
|
hostPath:
|
|
path: "/etc/kubernetes/ssl"
|