6fa44458db
* Implement kubeadm init,join for Debian OS family (PoC) with the external etcd option set. * Make certs/tokens management optional and depending on the use_kubeadm var * Do not delegate static pods and config management to kubeadm and remove produced artifacts to be regenerated by ansible. * Add new set of system pods manifests templates based on that kubeadm produces by default and parametrize it by ansible vars * Fix apiserver container logging to follow 12-factor apps and scheduler/controller-manager logging setup Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
98 lines
3.2 KiB
Django/Jinja
98 lines
3.2 KiB
Django/Jinja
{
|
|
"kind": "Pod",
|
|
"apiVersion": "v1",
|
|
"metadata": {
|
|
"name": "kube-apiserver",
|
|
"namespace": "kube-system",
|
|
"creationTimestamp": null,
|
|
"labels": {
|
|
"component": "kube-apiserver",
|
|
"tier": "control-plane"
|
|
}
|
|
},
|
|
"spec": {
|
|
"volumes": [
|
|
{
|
|
"name": "certs",
|
|
"hostPath": {
|
|
"path": "/etc/ssl/certs"
|
|
}
|
|
},
|
|
{
|
|
"name": "pki",
|
|
"hostPath": {
|
|
"path": "{{ kube_config_dir }}"
|
|
}
|
|
}
|
|
],
|
|
"containers": [
|
|
{
|
|
"name": "kube-apiserver",
|
|
"image": "{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}",
|
|
"command": [
|
|
"/hyperkube",
|
|
"apiserver",
|
|
"--v={{ kube_log_level | default('2') }}",
|
|
"--advertise-address={{ ip | default(ansible_default_ipv4.address) }}",
|
|
"--apiserver-count={{ kube_apiserver_count }}",
|
|
"--insecure-bind-address={{ kube_apiserver_insecure_bind_address }}",
|
|
"--etcd-servers={{ etcd_access_endpoint }}",
|
|
"--etcd-quorum-read=true",
|
|
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
|
|
"--service-cluster-ip-range={{ kube_service_addresses }}",
|
|
"--service-account-key-file={{ kubeadm_certs_dir }}/apiserver-key.pem",
|
|
"--client-ca-file={{ kubeadm_certs_dir }}/ca.pem",
|
|
"--tls-cert-file={{ kubeadm_certs_dir }}/apiserver.pem",
|
|
"--tls-private-key-file={{ kubeadm_certs_dir }}/apiserver-key.pem",
|
|
"--token-auth-file={{ kubeadm_certs_dir }}/tokens.csv",
|
|
"--basic-auth-file={{ kubeadm_certs_dir }}/tokens.csv",
|
|
"--secure-port={{ kube_apiserver_port }}",
|
|
{% if kube_api_runtime_config is defined %}
|
|
{% for conf in kube_api_runtime_config %}
|
|
"--runtime-config={{ conf }}",
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if enable_network_policy is defined and enable_network_policy == True %}
|
|
"--runtime-config=extensions/v1beta1/networkpolicies=true",
|
|
{% endif %}
|
|
"--v={{ kube_log_level | default('2') }}",
|
|
"--allow-privileged=true",
|
|
{% if cloud_provider is defined and cloud_provider == "openstack" %}
|
|
"--cloud-provider={{ cloud_provider }}",
|
|
"--cloud-config={{ kube_config_dir }}/cloud_config",
|
|
{% elif cloud_provider is defined and cloud_provider == "aws" %}
|
|
"--cloud-provider={{ cloud_provider }},"
|
|
{% endif %}
|
|
"--insecure-port={{ kube_apiserver_insecure_port }}"
|
|
],
|
|
"resources": {
|
|
"requests": {
|
|
"cpu": "250m"
|
|
}
|
|
},
|
|
"volumeMounts": [
|
|
{
|
|
"name": "certs",
|
|
"mountPath": "/etc/ssl/certs"
|
|
},
|
|
{
|
|
"name": "pki",
|
|
"readOnly": true,
|
|
"mountPath": "{{ kube_config_dir }}"
|
|
}
|
|
],
|
|
"livenessProbe": {
|
|
"httpGet": {
|
|
"path": "/healthz",
|
|
"port": {{ kube_apiserver_insecure_port }},
|
|
"host": "{{ kube_apiserver_insecure_bind_address }}"
|
|
},
|
|
"initialDelaySeconds": 15,
|
|
"timeoutSeconds": 15
|
|
}
|
|
}
|
|
],
|
|
"hostNetwork": true
|
|
},
|
|
"status": {}
|
|
}
|