add-kube-profile-to-scheduler (#9993)

docs/hardening.md

@@ -76,8 +76,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true"]
 
 ## kube-scheduler
 kube_scheduler_bind_address: 127.0.0.1
-kube_kubeadm_scheduler_extra_args:
-  profiling: false
 # AppArmor-based OS
 # kube_scheduler_feature_gates: ["AppArmor=true"]
 

roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2

@@ -351,6 +351,7 @@ scheduler:
 {% if kube_scheduler_feature_gates or kube_feature_gates %}
     feature-gates: "{{ kube_scheduler_feature_gates | default(kube_feature_gates, true) | join(',') }}"
 {% endif %}
+    profiling: "{{ kube_profiling }}"
 {% if kube_kubeadm_scheduler_extra_args|length > 0 %}
 {% for key in kube_kubeadm_scheduler_extra_args %}
     {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"

tests/files/packet_ubuntu20-calico-aio-hardening.yml

@@ -70,8 +70,6 @@ kube_controller_feature_gates: ["RotateKubeletServerCertificate=true", "AppArmor
 
 ## kube-scheduler
 kube_scheduler_bind_address: 127.0.0.1
-kube_kubeadm_scheduler_extra_args:
-  profiling: false
 # AppArmor-based OS
 kube_scheduler_feature_gates: ["AppArmor=true"]