Browse Source
Document how to use kubeadm patches
pull/11521/head
Max Gautier
2 weeks ago
Failed to extract signature
5 changed files with
32 additions and
21 deletions
-
docs/ansible/vars.md
-
inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
-
inventory/sample/patches/kube-controller-manager+merge.yaml
-
inventory/sample/patches/kube-scheduler+merge.yaml
-
roles/kubernetes/kubeadm_common/defaults/main.yml
|
|
|
@ -337,6 +337,13 @@ in the form of dicts of key-value pairs of configuration parameters that will be |
|
|
|
* *kube_kubeadm_controller_extra_args* |
|
|
|
* *kube_kubeadm_scheduler_extra_args* |
|
|
|
|
|
|
|
### Kubeadm patches |
|
|
|
|
|
|
|
When extra flags are not sufficient and there is a need to further customize kubernetes components, |
|
|
|
[kubeadm patches](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches) |
|
|
|
can be used. |
|
|
|
You should use the [`kubeadm_patches` variable](../../roles/kubernetes/kubeadm_common/defaults/main.yml) for that purpose. |
|
|
|
|
|
|
|
## App variables |
|
|
|
|
|
|
|
* *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually. |
|
|
|
@ -366,11 +366,25 @@ auto_renew_certificates: false |
|
|
|
# First Monday of each month |
|
|
|
# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00" |
|
|
|
|
|
|
|
# kubeadm patches path |
|
|
|
kubeadm_patches: |
|
|
|
enabled: false |
|
|
|
source_dir: "{{ inventory_dir }}/patches" |
|
|
|
dest_dir: "{{ kube_config_dir }}/patches" |
|
|
|
kubeadm_patches_dir: "{{ kube_config_dir }}/patches" |
|
|
|
kubeadm_patches: [] |
|
|
|
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches |
|
|
|
# Correspondance with this link |
|
|
|
# patchtype = type |
|
|
|
# target = target |
|
|
|
# suffix -> managed automatically |
|
|
|
# extension -> always "yaml" |
|
|
|
# kubeadm_patches: |
|
|
|
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration |
|
|
|
# type: strategic(default)|json|merge |
|
|
|
# patch: |
|
|
|
# metadata: |
|
|
|
# annotations: |
|
|
|
# example.com/test: "true" |
|
|
|
# labels: |
|
|
|
# example.com/prod_level: "{{ prod_level }}" |
|
|
|
# - ... |
|
|
|
# Patches are applied in the order they are specified. |
|
|
|
|
|
|
|
# Set to true to remove the role binding to anonymous users created by kubeadm |
|
|
|
remove_anonymous_access: false |
|
|
|
@ -1,8 +0,0 @@ |
|
|
|
--- |
|
|
|
apiVersion: v1 |
|
|
|
kind: Pod |
|
|
|
metadata: |
|
|
|
name: kube-controller-manager |
|
|
|
annotations: |
|
|
|
prometheus.io/scrape: 'true' |
|
|
|
prometheus.io/port: '10257' |
|
|
|
@ -1,8 +0,0 @@ |
|
|
|
--- |
|
|
|
apiVersion: v1 |
|
|
|
kind: Pod |
|
|
|
metadata: |
|
|
|
name: kube-scheduler |
|
|
|
annotations: |
|
|
|
prometheus.io/scrape: 'true' |
|
|
|
prometheus.io/port: '10259' |
|
|
|
@ -1,6 +1,12 @@ |
|
|
|
--- |
|
|
|
kubeadm_patches_dir: "{{ kube_config_dir }}/patches" |
|
|
|
kubeadm_patches: [] |
|
|
|
# See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches |
|
|
|
# Correspondance with this link |
|
|
|
# patchtype = type |
|
|
|
# target = target |
|
|
|
# suffix -> managed automatically |
|
|
|
# extension -> always "yaml" |
|
|
|
# kubeadm_patches: |
|
|
|
# - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration |
|
|
|
# type: strategic(default)|json|merge |
|
|
|
|
