a70c3b661e
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver vars and usecases. * Add loadbalancer_apiserver_localhost (default false). If enabled, override the external LB and expect localhost:443/8080 to be new internal only frontends. * Add kube_apiserver_multiaccess to ignore loadbalancers, and make clients to access the apiservers as a comma-separated list of access_ip/ip/ansible ip (a default mode). When disabled, allow clients to use the given loadbalancers. * Define connections security mode for kube controllers, schedulers, proxies. It is insecure be default, which is the current deployment choice. * Rework the groups['kube-master'][0] hardcode defining the apiserver endpoints. * Improve grouping of vars and add facts for kube_apiserver. * Define kube_apiserver_insecure_bind_address as a fact, add more facts for ease of use. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
19 lines
415 B
Django/Jinja
19 lines
415 B
Django/Jinja
apiVersion: v1
|
|
kind: Config
|
|
current-context: kubectl-to-{{ cluster_name }}
|
|
preferences: {}
|
|
clusters:
|
|
- cluster:
|
|
certificate-authority-data: {{ kube_node_cert|b64encode }}
|
|
server: {{ kube_apiserver_endpoint }}
|
|
name: {{ cluster_name }}
|
|
contexts:
|
|
- context:
|
|
cluster: {{ cluster_name }}
|
|
user: kubectl
|
|
name: kubectl-to-{{ cluster_name }}
|
|
users:
|
|
- name: kubectl
|
|
user:
|
|
token: {{ kubectl_token }}
|