You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
apiVersion: kubeadm.k8s.io/v1alpha1kind: MasterConfigurationapi: advertiseAddress: {{ ip | default(ansible_default_ipv4.address) }} bindPort: {{ kube_apiserver_port }}etcd: endpoints:{% for endpoint in etcd_access_addresses.split(',') %} - {{ endpoint }}{% endfor %} caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem certFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}.pem keyFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}-key.pemnetworking: dnsDomain: {{ dns_domain }} serviceSubnet: {{ kube_service_addresses }} podSubnet: {{ kube_pods_subnet }}kubernetesVersion: {{ kube_version }}{% if cloud_provider is defined and cloud_provider != "gce" %}cloudProvider: {{ cloud_provider }}{% endif %}{% if kube_proxy_mode == 'ipvs' %}kubeProxy: config: featureGates: SupportIPVSProxyMode=true mode: ipvs{% endif %}authorizationModes:{% for mode in authorization_modes %}- {{ mode }}{% endfor %}selfHosted: falseapiServerExtraArgs: bind-address: {{ kube_apiserver_bind_address }} insecure-bind-address: {{ kube_apiserver_insecure_bind_address }} insecure-port: "{{ kube_apiserver_insecure_port }}" admission-control: {{ kube_apiserver_admission_control | join(',') }} apiserver-count: "{{ kube_apiserver_count }}" service-node-port-range: {{ kube_apiserver_node_port_range }}{% if kube_basic_auth|default(true) %} basic-auth-file: {{ kube_users_dir }}/known_users.csv{% endif %}{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} oidc-issuer-url: {{ kube_oidc_url }} oidc-client-id: {{ kube_oidc_client_id }}{% if kube_oidc_ca_file is defined %} oidc-ca-file: {{ kube_oidc_ca_file }}{% endif %}{% if kube_oidc_username_claim is defined %} oidc-username-claim: {{ kube_oidc_username_claim }}{% endif %}{% if kube_oidc_groups_claim is defined %} oidc-groups-claim: {{ kube_oidc_groups_claim }}{% endif %}{% endif %} storage-backend: {{ kube_apiserver_storage_backend }}{% if kube_api_runtime_config is defined %} runtime-config: {{ kube_api_runtime_config | join(',') }}{% endif %} allow-privileged: "true"{% for key in kube_kubeadm_apiserver_extra_args %} {{ key }}: {{ kube_kubeadm_apiserver_extra_args[key] }}{% endfor %}controllerManagerExtraArgs: node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-period: {{ kube_controller_node_monitor_period }} pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}{% if kube_feature_gates %} feature-gates: {{ kube_feature_gates|join(',') }}{% endif %}{% for key in kube_kubeadm_controller_extra_args %} {{ key }}: {{ kube_kubeadm_controller_extra_args[key] }}{% endfor %}{% if kube_kubeadm_scheduler_extra_args|length > 0 %}schedulerExtraArgs:{% for key in kube_kubeadm_scheduler_extra_args %} {{ key }}: {{ kube_kubeadm_scheduler_extra_args[key] }}{% endfor %}{% endif %}apiServerCertSANs:{% for san in apiserver_sans.split(' ') | unique %} - {{ san }}{% endfor %}certificatesDir: {{ kube_config_dir }}/sslunifiedControlPlaneImage: "{{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}"
|
