Document how to use kubeadm patches

7 months ago · c87097fc35
5 changed files with 32 additions and 21 deletions
--- a/docs/ansible/vars.md
+++ b/docs/ansible/vars.md
@ -337,6 +337,13 @@ in the form of dicts of key-value pairs of configuration parameters that will be
 * *kube_kubeadm_controller_extra_args*
 * *kube_kubeadm_scheduler_extra_args*
 ### Kubeadm patches
 When extra flags are not sufficient and there is a need to further customize kubernetes components,
 [kubeadm patches](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches)
 can be used.
 You should use the [`kubeadm_patches` variable](../../roles/kubernetes/kubeadm_common/defaults/main.yml) for that purpose.
 ## App variables
 * *helm_version* - Only supports v3.x. Existing v2 installs (with Tiller) will not be modified and need to be removed manually.
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@ -366,11 +366,25 @@ auto_renew_certificates: false
 # First Monday of each month
 # auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
 # kubeadm patches path
 kubeadm_patches:
  enabled: false
  source_dir: "{{ inventory_dir }}/patches"
  dest_dir: "{{ kube_config_dir }}/patches"
 kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
 kubeadm_patches: []
 # See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
 # Correspondance with this link
 # patchtype = type
 # target = target
 # suffix -> managed automatically
 # extension -> always "yaml"
 # kubeadm_patches:
 # - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
 #   type: strategic(default)|json|merge
 #   patch:
 #    metadata:
 #      annotations:
 #        example.com/test: "true"
 #      labels:
 #        example.com/prod_level: "{{ prod_level }}"
 # - ...
 # Patches are applied in the order they are specified.
 # Set to true to remove the role binding to anonymous users created by kubeadm
 remove_anonymous_access: false
--- a/inventory/sample/patches/kube-controller-manager+merge.yaml
+++ b/inventory/sample/patches/kube-controller-manager+merge.yaml
@ -1,8 +0,0 @@
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: kube-controller-manager
  annotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: '10257'
--- a/inventory/sample/patches/kube-scheduler+merge.yaml
+++ b/inventory/sample/patches/kube-scheduler+merge.yaml
@ -1,8 +0,0 @@
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: kube-scheduler
  annotations:
    prometheus.io/scrape: 'true'
    prometheus.io/port: '10259'
--- a/roles/kubernetes/kubeadm_common/defaults/main.yml
+++ b/roles/kubernetes/kubeadm_common/defaults/main.yml
@ -1,6 +1,12 @@
 ---
 kubeadm_patches_dir: "{{ kube_config_dir }}/patches"
 kubeadm_patches: []
 # See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/control-plane-flags/#patches
 # Correspondance with this link
 # patchtype = type
 # target = target
 # suffix -> managed automatically
 # extension -> always "yaml"
 # kubeadm_patches:
 # - target: kube-apiserver|kube-controller-manager|kube-scheduler|etcd|kubeletconfiguration
 #   type: strategic(default)|json|merge