Browse Source

add-kube-profile-to-scheduler (#9993)

pull/9999/head
Kay Yan 1 year ago
committed by GitHub
parent
commit
c98e1d1b5b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1 additions and 4 deletions
  1. 2
      docs/hardening.md
  2. 1
      roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2
  3. 2
      tests/files/packet_ubuntu20-calico-aio-hardening.yml

2
docs/hardening.md

@ -76,8 +76,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true"]
## kube-scheduler
kube_scheduler_bind_address: 127.0.0.1
kube_kubeadm_scheduler_extra_args:
profiling: false
# AppArmor-based OS
# kube_scheduler_feature_gates: ["AppArmor=true"]

1
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@ -351,6 +351,7 @@ scheduler:
{% if kube_scheduler_feature_gates or kube_feature_gates %}
feature-gates: "{{ kube_scheduler_feature_gates | default(kube_feature_gates, true) | join(',') }}"
{% endif %}
profiling: "{{ kube_profiling }}"
{% if kube_kubeadm_scheduler_extra_args|length > 0 %}
{% for key in kube_kubeadm_scheduler_extra_args %}
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"

2
tests/files/packet_ubuntu20-calico-aio-hardening.yml

@ -70,8 +70,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true", "AppArmor
## kube-scheduler
kube_scheduler_bind_address: 127.0.0.1
kube_kubeadm_scheduler_extra_args:
profiling: false
# AppArmor-based OS
kube_scheduler_feature_gates: ["AppArmor=true"]

Loading…
Cancel
Save