You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
apiVersion: kubeadm.k8s.io/v1alpha1kind: MasterConfigurationapi:{% if groups['kube-master'] | length > 1 and kubeadm_config_api_fqdn is defined %} controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }} bindPort: {{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}{% else %} advertiseAddress: {{ ip | default(ansible_default_ipv4.address) }} bindPort: {{ kube_apiserver_port }}{% endif %}etcd: endpoints:{% for endpoint in etcd_access_addresses.split(',') %} - {{ endpoint }}{% endfor %} caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem certFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}.pem keyFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}-key.pemnetworking: dnsDomain: {{ dns_domain }} serviceSubnet: {{ kube_service_addresses }} podSubnet: {{ kube_pods_subnet }}kubernetesVersion: {{ kube_version }}{% if cloud_provider is defined and cloud_provider not in ["gce", "oci"] %}cloudProvider: {{ cloud_provider }}{% endif %}{% if kube_proxy_mode == 'ipvs' %}kubeProxy: config:{% if kube_version is version('v1.10', '<') %} featureGates: SupportIPVSProxyMode=true{% endif %}{% if kube_version is version('v1.10', '>=') %} featureGates: SupportIPVSProxyMode: true{% endif %} mode: ipvs{% endif %}{% if kube_proxy_nodeport_addresses %} nodePortAddresses: [{{ kube_proxy_nodeport_addresses_cidr }}]{% endif %}authorizationModes:{% for mode in authorization_modes %}- {{ mode }}{% endfor %}selfHosted: falseapiServerExtraArgs: bind-address: {{ kube_apiserver_bind_address }}{% if kube_apiserver_insecure_port|string != "0" %} insecure-bind-address: {{ kube_apiserver_insecure_bind_address }}{% endif %} insecure-port: "{{ kube_apiserver_insecure_port }}"{% if kube_version is version('v1.10', '<') %} admission-control: {{ kube_apiserver_admission_control | join(',') }}{% else %}{% if kube_apiserver_enable_admission_plugins|length > 0 %} enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }}{% endif %}{% if kube_apiserver_disable_admission_plugins|length > 0 %} disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }}{% endif %}{% endif %} apiserver-count: "{{ kube_apiserver_count }}"{% if kube_version is version('v1.9', '>=') %} endpoint-reconciler-type: lease{% endif %}{% if etcd_events_cluster_enabled %} etcd-servers-overrides: "/events#{{ etcd_events_access_addresses }}"{% endif %} service-node-port-range: {{ kube_apiserver_node_port_range }} kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}" profiling: "{{ kube_profiling }}" request-timeout: "{{ kube_apiserver_request_timeout }}" repair-malformed-updates: "false" enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %} anonymous-auth: "{{ kube_api_anonymous_auth }}"{% endif %}{% if kube_basic_auth|default(true) %} basic-auth-file: {{ kube_users_dir }}/known_users.csv{% endif %}{% if kube_token_auth|default(true) %} token-auth-file: {{ kube_token_dir }}/known_tokens.csv{% endif %}{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} oidc-issuer-url: {{ kube_oidc_url }} oidc-client-id: {{ kube_oidc_client_id }}{% if kube_oidc_ca_file is defined %} oidc-ca-file: {{ kube_oidc_ca_file }}{% endif %}{% if kube_oidc_username_claim is defined %} oidc-username-claim: {{ kube_oidc_username_claim }}{% endif %}{% if kube_oidc_groups_claim is defined %} oidc-groups-claim: {{ kube_oidc_groups_claim }}{% endif %}{% endif %}{% if kube_encrypt_secret_data %} experimental-encryption-provider-config: {{ kube_config_dir }}/ssl/secrets_encryption.yaml{% endif %} storage-backend: {{ kube_apiserver_storage_backend }}{% if kube_api_runtime_config is defined %} runtime-config: {{ kube_api_runtime_config | join(',') }}{% endif %} allow-privileged: "true"{% for key in kube_kubeadm_apiserver_extra_args %} {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"{% endfor %}{% if kube_feature_gates %} feature-gates: {{ kube_feature_gates|join(',') }}{% endif %}controllerManagerExtraArgs: node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-period: {{ kube_controller_node_monitor_period }} pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }} profiling: "{{ kube_profiling }}" terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}"{% if kube_feature_gates %} feature-gates: {{ kube_feature_gates|join(',') }}{% endif %}{% for key in kube_kubeadm_controller_extra_args %} {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"{% endfor %}{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %}controllerManagerExtraVolumes:- name: openstackcacert hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"{% endif %}schedulerExtraArgs: profiling: "{{ kube_profiling }}"{% if kube_feature_gates %} feature-gates: {{ kube_feature_gates|join(',') }}{% endif %}{% if kube_kubeadm_scheduler_extra_args|length > 0 %}{% for key in kube_kubeadm_scheduler_extra_args %} {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"{% endfor %}{% endif %}{% if kube_basic_auth|default(true) or kube_token_auth|default(true) %}apiServerExtraVolumes:{% if kube_basic_auth|default(true) %}- name: basic-auth-config hostPath: {{ kube_users_dir }} mountPath: {{ kube_users_dir }}{% endif %}{% if kube_token_auth|default(true) %}- name: token-auth-config hostPath: {{ kube_token_dir }} mountPath: {{ kube_token_dir }}{% endif %}{% endif %}apiServerCertSANs:{% for san in apiserver_sans.split(' ') | unique %} - {{ san }}{% endfor %}certificatesDir: {{ kube_config_dir }}/sslimageRepository: {{ kube_image_repo }}unifiedControlPlaneImage: ""{% if kube_override_hostname|default('') %}nodeName: {{ kube_override_hostname }}{% endif %}
|
