Browse Source
Use K8s 1.15 (#4905)
Use K8s 1.15 (#4905)
* Use K8s 1.15 * Use Kubernetes 1.15 and use kubeadm.k8s.io/v1beta2 for InitConfiguration. * bump to v1.15.0 * Remove k8s 1.13 checksums. * Update README kubernetes version 1.15.0. * Update metrics server 0.3.3 for k8s 1.15 * Remove less than k8s 1.14 related code * Use kubeadm with --upload-certs instead of --experimental-upload-certs due to depricate * Update dnsautoscaler 1.6.0 * Skip certificateKey if it's not defined * Add kubeadm-conftolplane.v2beta2 for k8s 1.15 or later * Support kubeadm control plane for k8s 1.15 * Update sonobuoy version 0.15.0 for k8s 1.15pull/4940/head
okamototk
5 years ago
committed by
Kubernetes Prow Robot
Kubernetes Prow Robot
20 changed files with 199 additions and 716 deletions
Unified View
Diff Options
-
2README.md
-
2inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
-
60roles/download/defaults/main.yml
-
22roles/download/templates/kubeadm-images.yaml.j2
-
47roles/kubernetes-apps/cluster_roles/tasks/main.yml
-
19roles/kubernetes/kubeadm/tasks/main.yml
-
8roles/kubernetes/master/defaults/main/main.yml
-
11roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml
-
4roles/kubernetes/master/tasks/kubeadm-setup.yml
-
19roles/kubernetes/master/tasks/kubeadm-version.yml
-
235roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
-
12roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
-
280roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
-
25roles/kubernetes/master/templates/kubeadm-controlplane.v1beta2.yaml.j2
-
3roles/kubernetes/node/defaults/main.yml
-
11roles/kubernetes/node/tasks/kubelet.yml
-
133roles/kubernetes/node/templates/kubelet.env.j2
-
12roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
-
8roles/kubespray-defaults/defaults/main.yaml
-
2tests/testcases/100_check-k8s-conformance.yml
@ -1,235 +0,0 @@ |
|||||
apiVersion: kubeadm.k8s.io/v1alpha2 |
|
||||
kind: MasterConfiguration |
|
||||
api: |
|
||||
{% if kubeadm_config_api_fqdn is defined %} |
|
||||
controlPlaneEndpoint: {{ kubeadm_config_api_fqdn }} |
|
||||
bindPort: {{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} |
|
||||
{% else %} |
|
||||
advertiseAddress: {{ ip | default(fallback_ips[inventory_hostname]) }} |
|
||||
bindPort: {{ kube_apiserver_port }} |
|
||||
{% endif %} |
|
||||
etcd: |
|
||||
external: |
|
||||
endpoints: |
|
||||
{% for endpoint in etcd_access_addresses.split(',') %} |
|
||||
- {{ endpoint }} |
|
||||
{% endfor %} |
|
||||
caFile: {{ etcd_cert_dir }}/{{ kube_etcd_cacert_file }} |
|
||||
certFile: {{ etcd_cert_dir }}/{{ kube_etcd_cert_file }} |
|
||||
keyFile: {{ etcd_cert_dir }}/{{ kube_etcd_key_file }} |
|
||||
networking: |
|
||||
dnsDomain: {{ dns_domain }} |
|
||||
serviceSubnet: {{ kube_service_addresses }} |
|
||||
podSubnet: {{ kube_pods_subnet }} |
|
||||
kubernetesVersion: {{ kube_version }} |
|
||||
kubeProxy: |
|
||||
config: |
|
||||
mode: {{ kube_proxy_mode }} |
|
||||
{% if kube_proxy_nodeport_addresses %} |
|
||||
nodePortAddresses: {{ kube_proxy_nodeport_addresses }} |
|
||||
{% endif %} |
|
||||
resourceContainer: "" |
|
||||
authorizationModes: |
|
||||
{% for mode in authorization_modes %} |
|
||||
- {{ mode }} |
|
||||
{% endfor %} |
|
||||
apiServerExtraArgs: |
|
||||
bind-address: {{ kube_apiserver_bind_address }} |
|
||||
{% if kube_apiserver_insecure_port|string != "0" %} |
|
||||
insecure-bind-address: {{ kube_apiserver_insecure_bind_address }} |
|
||||
{% endif %} |
|
||||
insecure-port: "{{ kube_apiserver_insecure_port }}" |
|
||||
{% if kube_version is version('v1.10', '<') %} |
|
||||
admission-control: {{ kube_apiserver_admission_control | join(',') }} |
|
||||
{% else %} |
|
||||
{% if kube_apiserver_enable_admission_plugins|length > 0 %} |
|
||||
enable-admission-plugins: {{ kube_apiserver_enable_admission_plugins | join(',') }} |
|
||||
{% endif %} |
|
||||
{% if kube_apiserver_disable_admission_plugins|length > 0 %} |
|
||||
disable-admission-plugins: {{ kube_apiserver_disable_admission_plugins | join(',') }} |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
apiserver-count: "{{ kube_apiserver_count }}" |
|
||||
{% if kube_version is version('v1.9', '>=') %} |
|
||||
endpoint-reconciler-type: lease |
|
||||
{% endif %} |
|
||||
{% if etcd_events_cluster_enabled %} |
|
||||
etcd-servers-overrides: "/events#{{ etcd_events_access_addresses_semicolon }}" |
|
||||
{% endif %} |
|
||||
service-node-port-range: {{ kube_apiserver_node_port_range }} |
|
||||
kubelet-preferred-address-types: "{{ kubelet_preferred_address_types }}" |
|
||||
profiling: "{{ kube_profiling }}" |
|
||||
request-timeout: "{{ kube_apiserver_request_timeout }}" |
|
||||
repair-malformed-updates: "false" |
|
||||
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}" |
|
||||
{% if kube_api_anonymous_auth is defined and kube_version is version('v1.5', '>=') %} |
|
||||
anonymous-auth: "{{ kube_api_anonymous_auth }}" |
|
||||
{% endif %} |
|
||||
{% if kube_basic_auth|default(true) %} |
|
||||
basic-auth-file: {{ kube_users_dir }}/known_users.csv |
|
||||
{% endif %} |
|
||||
{% if kube_token_auth|default(true) %} |
|
||||
token-auth-file: {{ kube_token_dir }}/known_tokens.csv |
|
||||
{% endif %} |
|
||||
{% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} |
|
||||
oidc-issuer-url: {{ kube_oidc_url }} |
|
||||
oidc-client-id: {{ kube_oidc_client_id }} |
|
||||
{% if kube_oidc_ca_file is defined %} |
|
||||
oidc-ca-file: {{ kube_oidc_ca_file }} |
|
||||
{% endif %} |
|
||||
{% if kube_oidc_username_claim is defined %} |
|
||||
oidc-username-claim: {{ kube_oidc_username_claim }} |
|
||||
{% endif %} |
|
||||
{% if kube_oidc_groups_claim is defined %} |
|
||||
oidc-groups-claim: {{ kube_oidc_groups_claim }} |
|
||||
{% endif %} |
|
||||
{% if kube_oidc_username_prefix is defined %} |
|
||||
oidc-username-prefix: "{{ kube_oidc_username_prefix }}" |
|
||||
{% endif %} |
|
||||
{% if kube_oidc_groups_prefix is defined %} |
|
||||
oidc-groups-prefix: "{{ kube_oidc_groups_prefix }}" |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
{% if kube_webhook_token_auth|default(false) %} |
|
||||
authentication-token-webhook-config-file: {{ kube_config_dir }}/webhook-token-auth-config.yaml |
|
||||
{% endif %} |
|
||||
{% if kube_encrypt_secret_data %} |
|
||||
experimental-encryption-provider-config: {{ kube_cert_dir }}/secrets_encryption.yaml |
|
||||
{% endif %} |
|
||||
storage-backend: {{ kube_apiserver_storage_backend }} |
|
||||
{% if kube_api_runtime_config is defined %} |
|
||||
runtime-config: {{ kube_api_runtime_config | join(',') }} |
|
||||
{% endif %} |
|
||||
allow-privileged: "true" |
|
||||
{% if kubernetes_audit %} |
|
||||
audit-log-path: "{{ audit_log_path }}" |
|
||||
audit-log-maxage: "{{ audit_log_maxage }}" |
|
||||
audit-log-maxbackup: "{{ audit_log_maxbackups }}" |
|
||||
audit-log-maxsize: "{{ audit_log_maxsize }}" |
|
||||
audit-policy-file: {{ audit_policy_file }} |
|
||||
{% endif %} |
|
||||
{% for key in kube_kubeadm_apiserver_extra_args %} |
|
||||
{{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}" |
|
||||
{% endfor %} |
|
||||
{% if kube_feature_gates %} |
|
||||
feature-gates: {{ kube_feature_gates|join(',') }} |
|
||||
{% endif %} |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} |
|
||||
cloud-provider: {{cloud_provider}} |
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config |
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %} |
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config |
|
||||
{% endif %} |
|
||||
{% if kube_network_plugin is defined and kube_network_plugin == 'cloud' %} |
|
||||
configure-cloud-routes: "true" |
|
||||
{% endif %} |
|
||||
controllerManagerExtraArgs: |
|
||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} |
|
||||
node-monitor-period: {{ kube_controller_node_monitor_period }} |
|
||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }} |
|
||||
node-cidr-mask-size: "{{ kube_network_node_prefix }}" |
|
||||
profiling: "{{ kube_profiling }}" |
|
||||
terminated-pod-gc-threshold: "{{ kube_controller_terminated_pod_gc_threshold }}" |
|
||||
{% if kube_feature_gates %} |
|
||||
feature-gates: {{ kube_feature_gates|join(',') }} |
|
||||
{% endif %} |
|
||||
{% for key in kube_kubeadm_controller_extra_args %} |
|
||||
{{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" |
|
||||
{% endfor %} |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} |
|
||||
cloud-provider: {{cloud_provider}} |
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config |
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %} |
|
||||
cloud-config: {{ kube_config_dir }}/cloud_config |
|
||||
{% endif %} |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} |
|
||||
controllerManagerExtraVolumes: |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined and openstack_cacert != "" %} |
|
||||
- name: openstackcacert |
|
||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" |
|
||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" |
|
||||
{% endif %} |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} |
|
||||
- name: cloud-config |
|
||||
hostPath: {{ kube_config_dir }}/cloud_config |
|
||||
mountPath: {{ kube_config_dir }}/cloud_config |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %} |
|
||||
apiServerExtraVolumes: |
|
||||
{% if kube_basic_auth|default(true) %} |
|
||||
- name: basic-auth-config |
|
||||
hostPath: {{ kube_users_dir }} |
|
||||
mountPath: {{ kube_users_dir }} |
|
||||
{% endif %} |
|
||||
{% if kube_token_auth|default(true) %} |
|
||||
- name: token-auth-config |
|
||||
hostPath: {{ kube_token_dir }} |
|
||||
mountPath: {{ kube_token_dir }} |
|
||||
{% endif %} |
|
||||
{% if kube_webhook_token_auth|default(false) %} |
|
||||
- name: webhook-token-auth-config |
|
||||
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml |
|
||||
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml |
|
||||
{% endif %} |
|
||||
{% if kubernetes_audit %} |
|
||||
- name: {{ audit_policy_name }} |
|
||||
hostPath: {{ audit_policy_hostpath }} |
|
||||
mountPath: {{ audit_policy_mountpath }} |
|
||||
{% if audit_log_path != "-" %} |
|
||||
- name: {{ audit_log_name }} |
|
||||
hostPath: {{ audit_log_hostpath }} |
|
||||
mountPath: {{ audit_log_mountpath }} |
|
||||
writable: true |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
{% if ssl_ca_dirs|length %} |
|
||||
{% for dir in ssl_ca_dirs %} |
|
||||
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }} |
|
||||
hostPath: {{ dir }} |
|
||||
mountPath: {{ dir }} |
|
||||
writable: false |
|
||||
{% endfor %} |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} |
|
||||
- name: cloud-config |
|
||||
hostPath: {{ kube_config_dir }}/cloud_config |
|
||||
mountPath: {{ kube_config_dir }}/cloud_config |
|
||||
{% endif %} |
|
||||
schedulerExtraArgs: |
|
||||
profiling: "{{ kube_profiling }}" |
|
||||
{% if kube_feature_gates %} |
|
||||
feature-gates: {{ kube_feature_gates|join(',') }} |
|
||||
{% endif %} |
|
||||
{% if volume_cross_zone_attachment %} |
|
||||
policy-config-file: {{ kube_config_dir }}/kube-scheduler-policy.yaml |
|
||||
{% endif %} |
|
||||
{% if kube_kubeadm_scheduler_extra_args|length > 0 %} |
|
||||
{% for key in kube_kubeadm_scheduler_extra_args %} |
|
||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" |
|
||||
{% endfor %} |
|
||||
{% endif %} |
|
||||
apiServerCertSANs: |
|
||||
{% for san in apiserver_sans %} |
|
||||
- {{ san }} |
|
||||
{% endfor %} |
|
||||
certificatesDir: {{ kube_cert_dir }} |
|
||||
imageRepository: {{ kube_image_repo }} |
|
||||
unifiedControlPlaneImage: "" |
|
||||
nodeRegistration: |
|
||||
{% if kube_override_hostname|default('') %} |
|
||||
name: {{ kube_override_hostname }} |
|
||||
{% endif %} |
|
||||
{% if inventory_hostname not in groups['kube-node'] %} |
|
||||
taints: |
|
||||
- effect: NoSchedule |
|
||||
key: node-role.kubernetes.io/master |
|
||||
{% else %} |
|
||||
taints: {} |
|
||||
{% endif %} |
|
||||
criSocket: {{ cri_socket }} |
|
||||
{% if dynamic_kubelet_configuration %} |
|
||||
featureGates: |
|
||||
DynamicKubeletConfig: true |
|
||||
{% endif %} |
|
||||
@ -0,0 +1,25 @@ |
|||||
|
apiVersion: kubeadm.k8s.io/v1beta2 |
||||
|
kind: JoinConfiguration |
||||
|
discovery: |
||||
|
bootstrapToken: |
||||
|
{% if kubeadm_config_api_fqdn is defined %} |
||||
|
apiServerEndpoint: {{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }} |
||||
|
{% else %} |
||||
|
apiServerEndpoint: {{ kubeadm_discovery_address | replace("https://", "")}} |
||||
|
{% endif %} |
||||
|
token: {{ kubeadm_token }} |
||||
|
unsafeSkipCAVerification: true |
||||
|
timeout: {{ discovery_timeout }} |
||||
|
tlsBootstrapToken: {{ kubeadm_token }} |
||||
|
controlPlane: |
||||
|
localAPIEndpoint: |
||||
|
advertiseAddress: {{ kube_apiserver_address }} |
||||
|
bindPort: {{ kube_apiserver_port }} |
||||
|
certificateKey: {{ kubeadm_certificate_key }} |
||||
|
nodeRegistration: |
||||
|
name: {{ kube_override_hostname|default(inventory_hostname) }} |
||||
|
{% if container_manager == 'crio' %} |
||||
|
criSocket: /var/run/crio/crio.sock |
||||
|
{% else %} |
||||
|
criSocket: /var/run/dockershim.sock |
||||
|
{% endif %} |
||||
@ -1,133 +0,0 @@ |
|||||
### Upstream source https://github.com/kubernetes/release/blob/master/debian/xenial/kubeadm/channel/stable/etc/systemd/system/kubelet.service.d/ |
|
||||
### All upstream values should be present in this file |
|
||||
|
|
||||
# logging to stderr means we get it in the systemd journal |
|
||||
KUBE_LOGTOSTDERR="--logtostderr=true" |
|
||||
KUBE_LOG_LEVEL="--v={{ kube_log_level }}" |
|
||||
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces) |
|
||||
KUBELET_ADDRESS="--address={{ kubelet_bind_address }} --node-ip={{ kubelet_address }}" |
|
||||
# The port for the info server to serve on |
|
||||
# KUBELET_PORT="--port=10250" |
|
||||
{% if kube_override_hostname|default('') %} |
|
||||
# You may leave this blank to use the actual hostname |
|
||||
KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}" |
|
||||
{% endif %} |
|
||||
{# Base kubelet args #} |
|
||||
{% set kubelet_args_base -%} |
|
||||
{# start kubeadm specific settings #} |
|
||||
--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ |
|
||||
--kubeconfig={{ kube_config_dir }}/kubelet.conf \ |
|
||||
{% if kube_version is version('v1.8', '<') %} |
|
||||
--require-kubeconfig \ |
|
||||
{% endif %} |
|
||||
{% if kubelet_authentication_token_webhook %} |
|
||||
--authentication-token-webhook \ |
|
||||
{% endif %} |
|
||||
{% if kubelet_authorization_mode_webhook %} |
|
||||
--authorization-mode=Webhook \ |
|
||||
{% endif %} |
|
||||
--enforce-node-allocatable={{ kubelet_enforce_node_allocatable }} \ |
|
||||
--client-ca-file={{ kube_cert_dir }}/ca.crt \ |
|
||||
{% if kubelet_rotate_certificates %} |
|
||||
--rotate-certificates \ |
|
||||
{% endif %} |
|
||||
--pod-manifest-path={{ kube_manifest_dir }} \ |
|
||||
{% if kube_version is version('v1.12.0', '<') %} |
|
||||
--cadvisor-port={{ kube_cadvisor_port }} \ |
|
||||
{% endif %} |
|
||||
{# end kubeadm specific settings #} |
|
||||
--pod-infra-container-image={{ pod_infra_image_repo }}:{{ pod_infra_image_tag }} \ |
|
||||
--node-status-update-frequency={{ kubelet_status_update_frequency }} \ |
|
||||
--cgroup-driver={{ kubelet_cgroup_driver|default(kubelet_cgroup_driver_detected) }} \ |
|
||||
--max-pods={{ kubelet_max_pods }} \ |
|
||||
{% if container_manager == 'docker' and kube_version is version('v1.12.0', '<') %} |
|
||||
--docker-disable-shared-pid={{ kubelet_disable_shared_pid }} \ |
|
||||
{% endif %} |
|
||||
{% if container_manager != 'docker' %} |
|
||||
--container-runtime=remote \ |
|
||||
--container-runtime-endpoint={{ cri_socket }} \ |
|
||||
{% endif %} |
|
||||
--anonymous-auth=false \ |
|
||||
--read-only-port={{ kube_read_only_port }} \ |
|
||||
{% if kube_version is version('v1.8', '<') %} |
|
||||
--experimental-fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \ |
|
||||
{% else %} |
|
||||
--fail-swap-on={{ kubelet_fail_swap_on|default(true)}} \ |
|
||||
{% endif %} |
|
||||
{% if dynamic_kubelet_configuration %} |
|
||||
--dynamic-config-dir={{ dynamic_kubelet_configuration_dir }} \ |
|
||||
{% endif %} |
|
||||
--runtime-cgroups={{ kubelet_runtime_cgroups }} --kubelet-cgroups={{ kubelet_kubelet_cgroups }} \ |
|
||||
{% endset %} |
|
||||
|
|
||||
{# Node reserved CPU/memory #} |
|
||||
{% if is_kube_master|bool %} |
|
||||
{% set kube_reserved %}--kube-reserved cpu={{ kube_master_cpu_reserved }},memory={{ kube_master_memory_reserved|regex_replace('Mi', 'M') }}{% endset %} |
|
||||
{% else %} |
|
||||
{% set kube_reserved %}--kube-reserved cpu={{ kube_cpu_reserved }},memory={{ kube_memory_reserved|regex_replace('Mi', 'M') }}{% endset %} |
|
||||
{% endif %} |
|
||||
|
|
||||
{# DNS settings for kubelet #} |
|
||||
{% if dns_mode == 'coredns' %} |
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }}{% endset %} |
|
||||
{% elif dns_mode == 'coredns_dual' %} |
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ skydns_server }},{{ skydns_server_secondary }}{% endset %} |
|
||||
{% elif dns_mode == 'manual' %} |
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ manual_dns_server }}{% endset %} |
|
||||
{% else %} |
|
||||
{% set kubelet_args_cluster_dns %}{% endset %} |
|
||||
{% endif %} |
|
||||
{% if enable_nodelocaldns %} |
|
||||
{% set kubelet_args_cluster_dns %}--cluster-dns={{ nodelocaldns_ip }}{% endset %} |
|
||||
{% endif %} |
|
||||
{% set kubelet_args_dns %}{{ kubelet_args_cluster_dns }} --cluster-domain={{ dns_domain }} --resolv-conf={{ kube_resolv_conf }}{% endset %} |
|
||||
|
|
||||
{# Kubelet node labels #} |
|
||||
{% set role_node_labels = [] %} |
|
||||
{% if nvidia_gpu_nodes is defined and nvidia_accelerator_enabled|bool %} |
|
||||
{% if inventory_hostname in nvidia_gpu_nodes %} |
|
||||
{% set dummy = role_node_labels.append('nvidia.com/gpu=true') %} |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
|
|
||||
{% set inventory_node_labels = [] %} |
|
||||
{% if node_labels is defined %} |
|
||||
{% if node_labels is mapping %} |
|
||||
{% for labelname, labelvalue in node_labels.items() %} |
|
||||
{% set dummy = inventory_node_labels.append('%s=%s'|format(labelname, labelvalue)) %} |
|
||||
{% endfor %} |
|
||||
{% else %} |
|
||||
{% for label in node_labels.split(",") %} |
|
||||
{% set dummy = inventory_node_labels.append(label) %} |
|
||||
{% endfor %} |
|
||||
{% endif %} |
|
||||
{% set all_node_labels = role_node_labels + inventory_node_labels %} |
|
||||
|
|
||||
{# Kubelet node taints for gpu #} |
|
||||
{% if nvidia_gpu_nodes is defined and nvidia_accelerator_enabled|bool %} |
|
||||
{% if inventory_hostname in nvidia_gpu_nodes and node_taints is defined %} |
|
||||
{% set dummy = node_taints.append('nvidia.com/gpu=:NoSchedule') %} |
|
||||
{% elif inventory_hostname in nvidia_gpu_nodes and node_taints is not defined %} |
|
||||
{% set node_taints = [] %} |
|
||||
{% set dummy = node_taints.append('nvidia.com/gpu=:NoSchedule') %} |
|
||||
{% endif %} |
|
||||
{% endif %} |
|
||||
|
|
||||
KUBELET_ARGS="{{ kubelet_args_base }} {{ kubelet_args_dns }} {{ kube_reserved }} {% if node_taints|default([]) %}--register-with-taints={{ node_taints | join(',') }} {% endif %}--node-labels={{ all_node_labels | join(',') }} {% if kube_feature_gates %} --feature-gates={{ kube_feature_gates|join(',') }} {% endif %} {% if kubelet_custom_flags is string %} {{kubelet_custom_flags}} {% else %}{% for flag in kubelet_custom_flags %} {{flag}} {% endfor %}{% endif %}{% if inventory_hostname in groups['kube-node'] %}{% if kubelet_node_custom_flags is string %} {{kubelet_node_custom_flags}} {% else %}{% for flag in kubelet_node_custom_flags %} {{flag}} {% endfor %}{% endif %}{% endif %}" |
|
||||
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-router", "macvlan"] %} |
|
||||
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" |
|
||||
{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %} |
|
||||
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet" |
|
||||
{% endif %} |
|
||||
KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}" |
|
||||
# Should this cluster be allowed to run privileged docker containers |
|
||||
KUBE_ALLOW_PRIV="--allow-privileged=true" |
|
||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %} |
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider={{ cloud_provider }} --cloud-config={{ kube_config_dir }}/cloud_config" |
|
||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %} |
|
||||
KUBELET_CLOUDPROVIDER="--cloud-provider=external --cloud-config={{ kube_config_dir }}/cloud_config" |
|
||||
{% else %} |
|
||||
KUBELET_CLOUDPROVIDER="" |
|
||||
{% endif %} |
|
||||
|
|
||||
PATH={{ bin_dir }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
|
||||
Write
Preview
Loading…
Cancel
Save