ad6fecefa8
Update checksum for kubeadm Use v1.9.0 kubeadm params Include hash of ca.crt for kubeadm join Update tag for testing upgrades Add workaround for testing upgrades Remove scale CI scenarios because of slow inventory parsing in ansible 2.4.x. Change region for tests to us-central1 to improve ansible performance
69 lines
2.6 KiB
Django/Jinja
69 lines
2.6 KiB
Django/Jinja
apiVersion: kubeadm.k8s.io/v1alpha1
|
|
kind: MasterConfiguration
|
|
api:
|
|
advertiseAddress: {{ ip | default(ansible_default_ipv4.address) }}
|
|
bindPort: {{ kube_apiserver_port }}
|
|
etcd:
|
|
endpoints:
|
|
{% for endpoint in etcd_access_addresses.split(',') %}
|
|
- {{ endpoint }}
|
|
{% endfor %}
|
|
caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem
|
|
certFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}.pem
|
|
keyFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}-key.pem
|
|
networking:
|
|
dnsDomain: {{ dns_domain }}
|
|
serviceSubnet: {{ kube_service_addresses }}
|
|
podSubnet: {{ kube_pods_subnet }}
|
|
kubernetesVersion: {{ kube_version }}
|
|
{% if cloud_provider is defined and cloud_provider != "gce" %}
|
|
cloudProvider: {{ cloud_provider }}
|
|
{% endif %}
|
|
authorizationModes:
|
|
{% for mode in authorization_modes %}
|
|
- {{ mode }}
|
|
{% endfor %}
|
|
token: {{ kubeadm_token }}
|
|
tokenTTL: "{{ kubeadm_token_ttl }}"
|
|
selfHosted: false
|
|
apiServerExtraArgs:
|
|
bind-address: {{ kube_apiserver_bind_address }}
|
|
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}
|
|
insecure-port: "{{ kube_apiserver_insecure_port }}"
|
|
admission-control: {{ kube_apiserver_admission_control | join(',') }}
|
|
apiserver-count: "{{ kube_apiserver_count }}"
|
|
service-node-port-range: {{ kube_apiserver_node_port_range }}
|
|
{% if kube_basic_auth|default(true) %}
|
|
basic-auth-file: {{ kube_users_dir }}/known_users.csv
|
|
{% endif %}
|
|
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
|
|
oidc-issuer-url: {{ kube_oidc_url }}
|
|
oidc-client-id: {{ kube_oidc_client_id }}
|
|
{% if kube_oidc_ca_file is defined %}
|
|
oidc-ca-file: {{ kube_oidc_ca_file }}
|
|
{% endif %}
|
|
{% if kube_oidc_username_claim is defined %}
|
|
oidc-username-claim: {{ kube_oidc_username_claim }}
|
|
{% endif %}
|
|
{% if kube_oidc_groups_claim is defined %}
|
|
oidc-groups-claim: {{ kube_oidc_groups_claim }}
|
|
{% endif %}
|
|
{% endif %}
|
|
storage-backend: {{ kube_apiserver_storage_backend }}
|
|
{% if kube_api_runtime_config is defined %}
|
|
runtime-config: {{ kube_api_runtime_config | join(',') }}
|
|
{% endif %}
|
|
allow-privileged: "true"
|
|
controllerManagerExtraArgs:
|
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
|
{% if kube_feature_gates %}
|
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
|
{% endif %}
|
|
apiServerCertSANs:
|
|
{% for san in apiserver_sans.split(' ') | unique %}
|
|
- {{ san }}
|
|
{% endfor %}
|
|
certificatesDir: {{ kube_config_dir }}/ssl
|
|
unifiedControlPlaneImage: "{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}"
|