mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
cluster/gce: remove salt comments from manifests
This commit is contained in:
Mike Danese
parent
d6918bbbc0
commit
0d39648775
@ -1,16 +1,3 @@
|
||||
{% set base_metrics_memory = "140Mi" -%}
|
||||
{% set base_metrics_cpu = "80m" -%}
|
||||
{% set base_eventer_memory = "190Mi" -%}
|
||||
{% set metrics_memory_per_node = 4 -%}
|
||||
{% set metrics_cpu_per_node = 0.5 -%}
|
||||
{% set eventer_memory_per_node = 500 -%}
|
||||
{% set num_nodes = pillar.get('num_nodes', -1) -%}
|
||||
{% set nanny_memory = "90Mi" -%}
|
||||
{% set nanny_memory_per_node = 200 -%}
|
||||
{% if num_nodes >= 0 -%}
|
||||
{% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%}
|
||||
{% endif -%}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
||||
@ -1,16 +1,3 @@
|
||||
{% set base_metrics_memory = "140Mi" -%}
|
||||
{% set base_metrics_cpu = "80m" -%}
|
||||
{% set base_eventer_memory = "190Mi" -%}
|
||||
{% set metrics_memory_per_node = 4 -%}
|
||||
{% set metrics_cpu_per_node = 0.5 -%}
|
||||
{% set eventer_memory_per_node = 500 -%}
|
||||
{% set num_nodes = pillar.get('num_nodes', -1) -%}
|
||||
{% set nanny_memory = "90Mi" -%}
|
||||
{% set nanny_memory_per_node = 200 -%}
|
||||
{% if num_nodes >= 0 -%}
|
||||
{% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%}
|
||||
{% endif -%}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
||||
@ -1,16 +1,3 @@
|
||||
{% set base_metrics_memory = "140Mi" -%}
|
||||
{% set base_metrics_cpu = "80m" -%}
|
||||
{% set base_eventer_memory = "190Mi" -%}
|
||||
{% set metrics_memory_per_node = 4 -%}
|
||||
{% set metrics_cpu_per_node = 0.5|float -%}
|
||||
{% set eventer_memory_per_node = 500 -%}
|
||||
{% set num_nodes = pillar.get('num_nodes', -1) -%}
|
||||
{% set nanny_memory = "90Mi" -%}
|
||||
{% set nanny_memory_per_node = 200 -%}
|
||||
{% if num_nodes >= 0 -%}
|
||||
{% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%}
|
||||
{% endif -%}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
||||
@ -1,14 +1,3 @@
|
||||
{% set base_metrics_memory = "140Mi" -%}
|
||||
{% set base_metrics_cpu = "80m" -%}
|
||||
{% set metrics_memory_per_node = 4 -%}
|
||||
{% set metrics_cpu_per_node = 0.5 -%}
|
||||
{% set num_nodes = pillar.get('num_nodes', -1) -%}
|
||||
{% set nanny_memory = "90Mi" -%}
|
||||
{% set nanny_memory_per_node = 200 -%}
|
||||
{% if num_nodes >= 0 -%}
|
||||
{% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%}
|
||||
{% endif -%}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
||||
@ -1,14 +1,3 @@
|
||||
{% set base_metrics_memory = "140Mi" -%}
|
||||
{% set metrics_memory_per_node = 4 -%}
|
||||
{% set base_metrics_cpu = "80m" -%}
|
||||
{% set metrics_cpu_per_node = 0.5 -%}
|
||||
{% set num_nodes = pillar.get('num_nodes', -1) -%}
|
||||
{% set nanny_memory = "90Mi" -%}
|
||||
{% set nanny_memory_per_node = 200 -%}
|
||||
{% if num_nodes >= 0 -%}
|
||||
{% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%}
|
||||
{% endif -%}
|
||||
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
||||
@ -1287,8 +1287,6 @@ function prepare-log-file {
|
||||
function prepare-kube-proxy-manifest-variables {
|
||||
local -r src_file=$1;
|
||||
|
||||
remove-salt-config-comments "${src_file}"
|
||||
|
||||
local -r kubeconfig="--kubeconfig=/var/lib/kube-proxy/kubeconfig"
|
||||
local kube_docker_registry="gcr.io/google_containers"
|
||||
if [[ -n "${KUBE_DOCKER_REGISTRY:-}" ]]; then
|
||||
@ -1374,7 +1372,6 @@ function prepare-etcd-manifest {
|
||||
|
||||
local -r temp_file="/tmp/$5"
|
||||
cp "${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd.manifest" "${temp_file}"
|
||||
remove-salt-config-comments "${temp_file}"
|
||||
sed -i -e "s@{{ *suffix *}}@$1@g" "${temp_file}"
|
||||
sed -i -e "s@{{ *port *}}@$2@g" "${temp_file}"
|
||||
sed -i -e "s@{{ *server_port *}}@$3@g" "${temp_file}"
|
||||
@ -1491,17 +1488,6 @@ function prepare-mounter-rootfs {
|
||||
cp /etc/resolv.conf "${CONTAINERIZED_MOUNTER_ROOTFS}/etc/"
|
||||
}
|
||||
|
||||
# A helper function for removing salt configuration and comments from a file.
|
||||
# This is mainly for preparing a manifest file.
|
||||
#
|
||||
# $1: Full path of the file to manipulate
|
||||
function remove-salt-config-comments {
|
||||
# Remove salt configuration.
|
||||
sed -i "/^[ |\t]*{[#|%]/d" $1
|
||||
# Remove comments.
|
||||
sed -i "/^[ |\t]*#/d" $1
|
||||
}
|
||||
|
||||
# Starts kubernetes apiserver.
|
||||
# It prepares the log file, loads the docker image, calculates variables, sets them
|
||||
# in the manifest file, and then copies the manifest file to /etc/kubernetes/manifests.
|
||||
@ -1713,7 +1699,6 @@ function start-kube-apiserver {
|
||||
# Create the ABAC file if it doesn't exist yet, or if we have a KUBE_USER set (to ensure the right user is given permissions)
|
||||
if [[ -n "${KUBE_USER:-}" || ! -e /etc/srv/kubernetes/abac-authz-policy.jsonl ]]; then
|
||||
local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl"
|
||||
remove-salt-config-comments "${abac_policy_json}"
|
||||
if [[ -n "${KUBE_USER:-}" ]]; then
|
||||
sed -i -e "s/{{kube_user}}/${KUBE_USER}/g" "${abac_policy_json}"
|
||||
else
|
||||
@ -1758,7 +1743,6 @@ function start-kube-apiserver {
|
||||
fi
|
||||
|
||||
src_file="${src_dir}/kube-apiserver.manifest"
|
||||
remove-salt-config-comments "${src_file}"
|
||||
# Evaluate variables.
|
||||
local -r kube_apiserver_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-apiserver.docker_tag)
|
||||
sed -i -e "s@{{params}}@${params}@g" "${src_file}"
|
||||
@ -1868,7 +1852,6 @@ function start-kube-controller-manager {
|
||||
fi
|
||||
|
||||
local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/kube-controller-manager.manifest"
|
||||
remove-salt-config-comments "${src_file}"
|
||||
# Evaluate variables.
|
||||
sed -i -e "s@{{srv_kube_path}}@/etc/srv/kubernetes@g" "${src_file}"
|
||||
sed -i -e "s@{{pillar\['kube_docker_registry'\]}}@${DOCKER_REGISTRY}@g" "${src_file}"
|
||||
@ -1916,7 +1899,6 @@ function start-kube-scheduler {
|
||||
|
||||
# Remove salt comments and replace variables with values.
|
||||
local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/kube-scheduler.manifest"
|
||||
remove-salt-config-comments "${src_file}"
|
||||
|
||||
sed -i -e "s@{{srv_kube_path}}@/etc/srv/kubernetes@g" "${src_file}"
|
||||
sed -i -e "s@{{params}}@${params}@g" "${src_file}"
|
||||
@ -1937,7 +1919,6 @@ function start-cluster-autoscaler {
|
||||
|
||||
# Remove salt comments and replace variables with values
|
||||
local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/cluster-autoscaler.manifest"
|
||||
remove-salt-config-comments "${src_file}"
|
||||
|
||||
local params="${AUTOSCALER_MIG_CONFIG} ${CLOUD_CONFIG_OPT} ${AUTOSCALER_EXPANDER_CONFIG:---expander=price}"
|
||||
sed -i -e "s@{{params}}@${params}@g" "${src_file}"
|
||||
@ -2146,7 +2127,6 @@ EOF
|
||||
else
|
||||
controller_yaml="${controller_yaml}/heapster-controller.yaml"
|
||||
fi
|
||||
remove-salt-config-comments "${controller_yaml}"
|
||||
|
||||
sed -i -e "s@{{ cluster_name }}@${CLUSTER_NAME}@g" "${controller_yaml}"
|
||||
sed -i -e "s@{{ *base_metrics_memory *}}@${base_metrics_memory}@g" "${controller_yaml}"
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
{% set kube_user = grains.kube_user -%}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"{{kube_user}}", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kube_proxy", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubecfg", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"client", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:serviceaccounts", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:serviceaccounts", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}}
|
||||
|
||||
@ -1,14 +1,3 @@
|
||||
{% if pillar.get('enable_cluster_autoscaler', '').lower() == 'true' %}
|
||||
{% set cloud_config = "" -%}
|
||||
{% set cloud_config_mount = "" -%}
|
||||
{% set cloud_config_volume = "" -%}
|
||||
{% if grains.cloud == 'gce' and grains.cloud_config is defined -%}
|
||||
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
|
||||
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
|
||||
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif -%}
|
||||
{% set params = pillar['autoscaler_mig_config'] + " " + cloud_config + " " + pillar.get('autoscaler_expander_config', '') -%}
|
||||
|
||||
{
|
||||
"kind": "Pod",
|
||||
"apiVersion": "v1",
|
||||
@ -103,4 +92,3 @@
|
||||
"restartPolicy": "Always"
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
@ -1,30 +1,3 @@
|
||||
{% set etcd_protocol = 'http' -%}
|
||||
{% set etcd_creds = '' -%}
|
||||
{% if pillar.get('etcd_over_ssl', '').lower() == 'true' -%}
|
||||
{% set etcd_protocol = 'https' -%}
|
||||
{% set etcd_creds = '--peer-trusted-ca-file /srv/kubernetes/etcd-ca.crt --peer-cert-file /srv/kubernetes/etcd-peer.crt --peer-key-file /srv/kubernetes/etcd-peer.key -peer-client-cert-auth' -%}
|
||||
{% endif -%}
|
||||
{% set hostname = pillar.get('hostname', '') -%}
|
||||
{% set cluster_state = (pillar.get('initial_etcd_cluster_state') or 'new') -%}
|
||||
{% set etcd_cluster_array = (pillar.get('initial_etcd_cluster') or hostname).split(',') -%}
|
||||
{% set etcd_cluster = '' -%}
|
||||
{# We use vars dictionary to pass variables set inside the for loop, because jinja defines new variables inside the for loop that hide variables from the outside. #}
|
||||
{% set vars = {'etcd_cluster': ''} -%}
|
||||
{% for host in etcd_cluster_array -%}
|
||||
{% if etcd_cluster != '' -%}
|
||||
{% set etcd_cluster = etcd_cluster ~ ',' -%}
|
||||
{% endif -%}
|
||||
{% set etcd_cluster = etcd_cluster ~ 'etcd-' ~ host ~ '=' ~ etcd_protocol ~'://' ~ host ~ ':' ~ server_port -%}
|
||||
{% do vars.update({'etcd_cluster': etcd_cluster}) -%}
|
||||
{% endfor -%}
|
||||
{% set etcd_cluster = vars.etcd_cluster -%}
|
||||
{% set quota_bytes = '' -%}
|
||||
{% if pillar.get('storage_backend', 'etcd3') == 'etcd3' -%}
|
||||
{% set quota_bytes = '--quota-backend-bytes=4294967296' -%}
|
||||
{% endif -%}
|
||||
{% set liveness_probe_initial_delay = pillar.get('etcd_liveness_probe_initial_delay', 15) -%}
|
||||
{% set srv_kube_path = "/srv/kubernetes" -%}
|
||||
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Pod",
|
||||
|
||||
@ -1,213 +1,3 @@
|
||||
{% set daemon_args = "$DAEMON_ARGS" -%}
|
||||
{% if grains['os_family'] == 'RedHat' -%}
|
||||
{% set daemon_args = "" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set cloud_provider = "" -%}
|
||||
{% set cloud_config = "" -%}
|
||||
{% set cloud_config_mount = "" -%}
|
||||
{% set cloud_config_volume = "" -%}
|
||||
{% set additional_cloud_config_mount = "{\"name\": \"usrsharessl\",\"mountPath\": \"/usr/share/ssl\", \"readOnly\": true}, {\"name\": \"usrssl\",\"mountPath\": \"/usr/ssl\", \"readOnly\": true}, {\"name\": \"usrlibssl\",\"mountPath\": \"/usr/lib/ssl\", \"readOnly\": true}, {\"name\": \"usrlocalopenssl\",\"mountPath\": \"/usr/local/openssl\", \"readOnly\": true}," -%}
|
||||
{% set additional_cloud_config_volume = "{\"name\": \"usrsharessl\",\"hostPath\": {\"path\": \"/usr/share/ssl\"}}, {\"name\": \"usrssl\",\"hostPath\": {\"path\": \"/usr/ssl\"}}, {\"name\": \"usrlibssl\",\"hostPath\": {\"path\": \"/usr/lib/ssl\"}}, {\"name\": \"usrlocalopenssl\",\"hostPath\": {\"path\": \"/usr/local/openssl\"}}," -%}
|
||||
|
||||
{% set srv_kube_path = "/srv/kubernetes" -%}
|
||||
{% set srv_sshproxy_path = "/srv/sshproxy" -%}
|
||||
|
||||
{% if grains.cloud is defined -%}
|
||||
{% set cloud_provider = "--cloud-provider=" + grains.cloud -%}
|
||||
|
||||
{% if grains.cloud == 'gce' and grains.cloud_config is defined -%}
|
||||
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
|
||||
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
|
||||
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif -%}
|
||||
|
||||
{% endif -%}
|
||||
|
||||
{% set advertise_address = "" -%}
|
||||
{% if grains.advertise_address is defined -%}
|
||||
{% set advertise_address = "--advertise-address=" + grains.advertise_address -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set proxy_ssh_options = "" -%}
|
||||
{% if grains.proxy_ssh_user is defined -%}
|
||||
{% set proxy_ssh_options = "--ssh-user=" + grains.proxy_ssh_user + " --ssh-keyfile=/srv/sshproxy/.sshkeyfile" -%}
|
||||
{# Append 40 characters onto command to work around #9822. #}
|
||||
{# If mount list changes, this may also need to change. #}
|
||||
{% set proxy_ssh_options = proxy_ssh_options + " " -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set address = "--address=127.0.0.1" -%}
|
||||
|
||||
{% set bind_address = "" -%}
|
||||
{% if grains.publicAddressOverride is defined -%}
|
||||
{% set bind_address = "--bind-address=" + grains.publicAddressOverride -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set storage_backend = "" -%}
|
||||
{% if pillar['storage_backend'] is defined -%}
|
||||
{% set storage_backend = "--storage-backend=" + pillar['storage_backend'] -%}
|
||||
{% endif -%}
|
||||
{% set etcd_servers = "--etcd-servers=http://127.0.0.1:2379" -%}
|
||||
{% set etcd_servers_overrides = "--etcd-servers-overrides=/events#http://127.0.0.1:4002" -%}
|
||||
|
||||
{% set storage_media_type = "" -%}
|
||||
{% if pillar['storage_media_type'] is defined -%}
|
||||
{% set storage_media_type = "--storage-media-type=" + pillar['storage_media_type'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set liveness_probe_initial_delay = pillar.get('kube_apiserver_liveness_probe_initial_delay', 15) -%}
|
||||
|
||||
{% set request_timeout = "" -%}
|
||||
{% if pillar['kube_apiserver_request_timeout_sec'] is defined -%}
|
||||
{% set request_timeout = "--request-timeout=" + pillar['kube_apiserver_request_timeout_sec'] + "s" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set max_requests_inflight = "" -%}
|
||||
{% set target_ram_mb = "" -%}
|
||||
{% if pillar['num_nodes'] is defined -%}
|
||||
# If the cluster is large, increase max-requests-inflight limit in apiserver.
|
||||
{% if pillar['num_nodes']|int >= 1000 -%}
|
||||
{% set max_requests_inflight = "--max-requests-inflight=1500 --max-mutating-requests-inflight=500" -%}
|
||||
{% endif -%}
|
||||
# Set amount of memory available for apiserver based on number of nodes.
|
||||
# TODO: Once we start setting proper requests and limits for apiserver
|
||||
# we should reuse the same logic here instead of current heuristic.
|
||||
{% set tmp_ram_mb = pillar['num_nodes']|int * 60 %}
|
||||
{% set target_ram_mb = "--target-ram-mb=" + tmp_ram_mb|string -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set service_cluster_ip_range = "" -%}
|
||||
{% if pillar['service_cluster_ip_range'] is defined -%}
|
||||
{% set service_cluster_ip_range = "--service-cluster-ip-range=" + pillar['service_cluster_ip_range'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set cert_file = "--tls-cert-file=/srv/kubernetes/server.cert" -%}
|
||||
{% set key_file = "--tls-private-key-file=/srv/kubernetes/server.key" -%}
|
||||
{% set kubelet_cert_file = "--kubelet-client-certificate=/srv/kubernetes/kubeapiserver.cert" -%}
|
||||
{% set kubelet_key_file = "--kubelet-client-key=/srv/kubernetes/kubeapiserver.key" -%}
|
||||
{% set client_ca_file = "" -%}
|
||||
|
||||
{% set secure_port = "6443" -%}
|
||||
{% if grains['cloud'] is defined and grains.cloud == 'gce' %}
|
||||
{% set secure_port = "443" -%}
|
||||
{% set client_ca_file = "--client-ca-file=/srv/kubernetes/ca.crt" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set min_request_timeout = "" -%}
|
||||
{% if grains.minRequestTimeout is defined -%}
|
||||
{% set min_request_timeout = "--min-request-timeout=" + grains.minRequestTimeout -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set token_auth_file = " --token-auth-file=/dev/null" -%}
|
||||
{% set basic_auth_file = "" -%}
|
||||
{% set authz_mode = "" -%}
|
||||
{% set abac_policy_file = "" -%}
|
||||
{% if grains['cloud'] is defined and grains.cloud == 'gce' %}
|
||||
{% set token_auth_file = " --token-auth-file=/srv/kubernetes/known_tokens.csv" -%}
|
||||
{% set basic_auth_file = " --basic-auth-file=/srv/kubernetes/basic_auth.csv" -%}
|
||||
{% set authz_mode = " --authorization-mode=ABAC" -%}
|
||||
{% set abac_policy_file = " --authorization-policy-file=/srv/kubernetes/abac-authz-policy.jsonl" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set webhook_authentication_config = "" -%}
|
||||
{% set webhook_authn_config_mount = "" -%}
|
||||
{% set webhook_authn_config_volume = "" -%}
|
||||
{% if grains.webhook_authentication_config is defined -%}
|
||||
{% set webhook_authentication_config = " --authentication-token-webhook-config-file=" + grains.webhook_authentication_config -%}
|
||||
{% set webhook_authn_config_mount = "{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"" + grains.webhook_authentication_config + "\", \"readOnly\": false}," -%}
|
||||
{% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set webhook_authorization_config = "" -%}
|
||||
{% set webhook_config_mount = "" -%}
|
||||
{% set webhook_config_volume = "" -%}
|
||||
{% if grains.webhook_authorization_config is defined -%}
|
||||
{% set webhook_authorization_config = " --authorization-webhook-config-file=" + grains.webhook_authorization_config -%}
|
||||
{% set webhook_config_mount = "{\"name\": \"webhookconfigmount\",\"mountPath\": \"" + grains.webhook_authorization_config + "\", \"readOnly\": false}," -%}
|
||||
{% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% set authz_mode = authz_mode + ",Webhook" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set image_review_config = "" -%}
|
||||
{% set admission_controller_config_mount = "" -%}
|
||||
{% set admission_controller_config_volume = "" -%}
|
||||
{% set image_policy_webhook_config_mount = "" -%}
|
||||
{% set image_policy_webhook_config_volume = "" -%}
|
||||
{% if grains.image_review_config is defined -%}
|
||||
{% set image_review_config = " --admission-control-config-file=" + grains.image_review_config -%}
|
||||
{% set admission_controller_config_mount = "{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"" + grains.image_review_config + "\", \"readOnly\": false}," -%}
|
||||
{% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% set image_policy_webhook_config_mount = "{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," -%}
|
||||
{% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set admission_control = "" -%}
|
||||
{% if pillar['admission_control'] is defined -%}
|
||||
{% set admission_control = "--admission-control=" + pillar['admission_control'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set runtime_config = "" -%}
|
||||
{% if grains.runtime_config is defined -%}
|
||||
{% set runtime_config = "--runtime-config=" + grains.runtime_config -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set feature_gates = "" -%}
|
||||
{% if grains.feature_gates is defined -%}
|
||||
{% set feature_gates = "--feature-gates=" + grains.feature_gates -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set log_level = pillar['log_level'] -%}
|
||||
{% if pillar['api_server_test_log_level'] is defined -%}
|
||||
{% set log_level = pillar['api_server_test_log_level'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set enable_garbage_collector = "" -%}
|
||||
{% if pillar['enable_garbage_collector'] is defined -%}
|
||||
{% set enable_garbage_collector = "--enable-garbage-collector=" + pillar['enable_garbage_collector'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set etcd_compaction_interval = "" %}
|
||||
{% if pillar['etcd_compaction_interval_sec'] is defined -%}
|
||||
{% set etcd_compaction_interval = "--etcd-compaction-interval=" + pillar['etcd_compaction_interval_sec'] + "s" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set etcd_quorum_read = "" %}
|
||||
{% if pillar['etcd_quorum_read'] is defined -%}
|
||||
{% set etcd_quorum_read = "--etcd_quorum_read=" + pillar['etcd_quorum_read'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set audit_log = "" -%}
|
||||
{% set audit_policy_config_mount = "" -%}
|
||||
{% set audit_policy_config_volume = "" -%}
|
||||
{% set audit_webhook_config_mount = "" -%}
|
||||
{% set audit_webhook_config_volume = "" -%}
|
||||
{% if pillar['enable_apiserver_basic_audit'] is defined and pillar['enable_apiserver_basic_audit'] in ['true'] -%}
|
||||
{% set audit_log = "--audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%}
|
||||
{% elif pillar['enable_apiserver_advanced_audit'] is defined and pillar['enable_apiserver_advanced_audit'] in ['true'] -%}
|
||||
{% set audit_log = "--audit-policy-file=/etc/audit_policy.config" -%}
|
||||
{% set audit_policy_config_mount = "{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"/etc/audit_policy.config\", \"readOnly\": true}," -%}
|
||||
{% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% if pillar['advanced_audit_backend'] is defined and 'log' in pillar['advanced_audit_backend'] -%}
|
||||
{% set audit_log = audit_log + " --audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%}
|
||||
{% endif %}
|
||||
{% if pillar['advanced_audit_backend'] is defined and 'webhook' in pillar['advanced_audit_backend'] -%}
|
||||
{% set audit_log = audit_log + " --audit-webhook-mode=batch" -%}
|
||||
{% set audit_webhook_config_mount = "{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"/etc/audit_webhook.config\", \"readOnly\": true}," -%}
|
||||
{% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif %}
|
||||
{% endif -%}
|
||||
|
||||
{% set params = address + " " + storage_backend + " " + storage_media_type + " " + etcd_servers + " " + etcd_servers_overrides + " " + cloud_provider + " " + cloud_config + " " + runtime_config + " " + feature_gates + " " + admission_control + " " + max_requests_inflight + " " + target_ram_mb + " " + service_cluster_ip_range + " " + client_ca_file + basic_auth_file + " " + min_request_timeout + " " + enable_garbage_collector + " " + etcd_quorum_read + " " + etcd_compaction_interval + " " + audit_log + " " + request_timeout -%}
|
||||
{% set params = params + " " + cert_file + " " + key_file + " " + kubelet_cert_file + " " + kubelet_key_file + " --secure-port=" + secure_port + token_auth_file + " " + bind_address + " " + log_level + " " + advertise_address + " " + proxy_ssh_options + authz_mode + abac_policy_file + webhook_authentication_config + webhook_authorization_config + image_review_config -%}
|
||||
|
||||
# test_args has to be kept at the end, so they'll overwrite any prior configuration
|
||||
{% if pillar['apiserver_test_args'] is defined -%}
|
||||
{% set params = params + " " + pillar['apiserver_test_args'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set container_env = "" -%}
|
||||
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Pod",
|
||||
|
||||
@ -1,86 +1,3 @@
|
||||
{% set cluster_name = "" -%}
|
||||
{% set cluster_cidr = "" -%}
|
||||
{% set allocate_node_cidrs = "" -%}
|
||||
{% set service_cluster_ip_range = "" %}
|
||||
{% set terminated_pod_gc = "" -%}
|
||||
|
||||
|
||||
{% if pillar['instance_prefix'] is defined -%}
|
||||
{% set cluster_name = "--cluster-name=" + pillar['instance_prefix'] -%}
|
||||
{% endif -%}
|
||||
{% if pillar['cluster_cidr'] is defined and pillar['cluster_cidr'] != "" -%}
|
||||
{% set cluster_cidr = "--cluster-cidr=" + pillar['cluster_cidr'] -%}
|
||||
{% endif -%}
|
||||
{% if pillar['service_cluster_ip_range'] is defined and pillar['service_cluster_ip_range'] != "" -%}
|
||||
{% set service_cluster_ip_range = "--service_cluster_ip_range=" + pillar['service_cluster_ip_range'] -%}
|
||||
{% endif -%}
|
||||
{% if pillar.get('network_provider', '').lower() == 'kubenet' %}
|
||||
{% set allocate_node_cidrs = "--allocate-node-cidrs=true" -%}
|
||||
{% elif pillar['allocate_node_cidrs'] is defined -%}
|
||||
{% set allocate_node_cidrs = "--allocate-node-cidrs=" + pillar['allocate_node_cidrs'] -%}
|
||||
{% endif -%}
|
||||
{% if pillar['terminated_pod_gc_threshold'] is defined -%}
|
||||
{% set terminated_pod_gc = "--terminated-pod-gc-threshold=" + pillar['terminated_pod_gc_threshold'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set enable_garbage_collector = "" -%}
|
||||
{% if pillar['enable_garbage_collector'] is defined -%}
|
||||
{% set enable_garbage_collector = "--enable-garbage-collector=" + pillar['enable_garbage_collector'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set cloud_provider = "" -%}
|
||||
{% set cloud_config = "" -%}
|
||||
{% set cloud_config_mount = "" -%}
|
||||
{% set cloud_config_volume = "" -%}
|
||||
{% set additional_cloud_config_mount = "{\"name\": \"usrsharessl\",\"mountPath\": \"/usr/share/ssl\", \"readOnly\": true}, {\"name\": \"usrssl\",\"mountPath\": \"/usr/ssl\", \"readOnly\": true}, {\"name\": \"usrlibssl\",\"mountPath\": \"/usr/lib/ssl\", \"readOnly\": true}, {\"name\": \"usrlocalopenssl\",\"mountPath\": \"/usr/local/openssl\", \"readOnly\": true}," -%}
|
||||
{% set additional_cloud_config_volume = "{\"name\": \"usrsharessl\",\"hostPath\": {\"path\": \"/usr/share/ssl\"}}, {\"name\": \"usrssl\",\"hostPath\": {\"path\": \"/usr/ssl\"}}, {\"name\": \"usrlibssl\",\"hostPath\": {\"path\": \"/usr/lib/ssl\"}}, {\"name\": \"usrlocalopenssl\",\"hostPath\": {\"path\": \"/usr/local/openssl\"}}," -%}
|
||||
{% set pv_recycler_mount = "" -%}
|
||||
{% set pv_recycler_volume = "" -%}
|
||||
{% set srv_kube_path = "/srv/kubernetes" -%}
|
||||
{% flex_vol_plugin_dir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec" -%}
|
||||
|
||||
{% if grains.cloud is defined -%}
|
||||
{% set cloud_provider = "--cloud-provider=" + grains.cloud -%}
|
||||
{% set service_account_key = "--service-account-private-key-file=/srv/kubernetes/server.key" -%}
|
||||
|
||||
{% if grains.cloud == 'gce' and grains.cloud_config is defined -%}
|
||||
{% set cloud_config = "--cloud-config=" + grains.cloud_config -%}
|
||||
{% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%}
|
||||
{% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%}
|
||||
{% endif -%}
|
||||
|
||||
{% endif -%}
|
||||
|
||||
{% set root_ca_file = "" -%}
|
||||
|
||||
{% if grains.cloud is defined and grains.cloud == 'gce' %}
|
||||
{% set root_ca_file = "--root-ca-file=/srv/kubernetes/ca.crt" -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set log_level = pillar['log_level'] -%}
|
||||
{% if pillar['controller_manager_test_log_level'] is defined -%}
|
||||
{% set log_level = pillar['controller_manager_test_log_level'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set feature_gates = "" -%}
|
||||
{% if grains.feature_gates is defined -%}
|
||||
{% set feature_gates = "--feature-gates=" + grains.feature_gates -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set params = "--master=127.0.0.1:8080" + " " + cluster_name + " " + cluster_cidr + " " + allocate_node_cidrs + " " + service_cluster_ip_range + " " + terminated_pod_gc + " " + enable_garbage_collector + " " + cloud_provider + " " + cloud_config + " " + service_account_key + " " + log_level + " " + root_ca_file -%}
|
||||
{% set params = params + " " + feature_gates -%}
|
||||
|
||||
{% if pillar.get('enable_hostpath_provisioner', '').lower() == 'true' -%}
|
||||
{% set params = params + " --enable-hostpath-provisioner" %}
|
||||
{% endif -%}
|
||||
|
||||
# test_args has to be kept at the end, so they'll overwrite any prior configuration
|
||||
{% if pillar['controller_manager_test_args'] is defined -%}
|
||||
{% set params = params + " " + pillar['controller_manager_test_args'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set container_env = "" -%}
|
||||
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Pod",
|
||||
|
||||
@ -1,52 +1,3 @@
|
||||
# Please keep kube-proxy configuration in-sync with:
|
||||
# cluster/addons/kube-proxy/kube-proxy-ds.yaml
|
||||
|
||||
{% set kubeconfig = "--kubeconfig=/var/lib/kube-proxy/kubeconfig" -%}
|
||||
{% if grains.api_servers is defined -%}
|
||||
{% set api_servers = "--master=https://" + grains.api_servers -%}
|
||||
{% else -%}
|
||||
{% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() -%}
|
||||
{% set api_servers = "--master=https://" + ips[0][0] -%}
|
||||
{% endif -%}
|
||||
{% if grains['cloud'] is defined and grains.cloud == 'gce' %}
|
||||
{% set api_servers_with_port = api_servers -%}
|
||||
{% else -%}
|
||||
{% set api_servers_with_port = api_servers + ":6443" -%}
|
||||
{% endif -%}
|
||||
{% set test_args = "" -%}
|
||||
{% if pillar['kubeproxy_test_args'] is defined -%}
|
||||
{% set test_args=pillar['kubeproxy_test_args'] %}
|
||||
{% endif -%}
|
||||
{% set cluster_cidr = "" -%}
|
||||
{% if pillar['cluster_cidr'] is defined -%}
|
||||
{% set cluster_cidr=" --cluster-cidr=" + pillar['cluster_cidr'] %}
|
||||
{% endif -%}
|
||||
|
||||
{% set log_level = pillar['log_level'] -%}
|
||||
{% if pillar['kubeproxy_test_log_level'] is defined -%}
|
||||
{% set log_level = pillar['kubeproxy_test_log_level'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set feature_gates = "" -%}
|
||||
{% if grains.feature_gates is defined -%}
|
||||
{% set feature_gates = "--feature-gates=" + grains.feature_gates -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set throttles = "--iptables-sync-period=1m --iptables-min-sync-period=10s --ipvs-sync-period=1m --ipvs-min-sync-period=10s" -%}
|
||||
|
||||
{% set pod_priority = "" -%}
|
||||
{% if pillar.get('enable_pod_priority', '').lower() == 'true' -%}
|
||||
{% set pod_priority = "priorityClassName: system-node-critical" -%}
|
||||
{% endif -%}
|
||||
|
||||
# test_args should always go last to overwrite prior configuration
|
||||
{% set params = log_level + " " + throttles + " " + feature_gates + " " + test_args -%}
|
||||
|
||||
{% set container_env = "" -%}
|
||||
{% set kube_cache_mutation_detector_env_name = "" -%}
|
||||
{% set kube_cache_mutation_detector_env_value = "" -%}
|
||||
|
||||
# kube-proxy podspec
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
|
||||
@ -1,28 +1,3 @@
|
||||
{% set params = "--master=127.0.0.1:8080" -%}
|
||||
{% set srv_kube_path = "/srv/kubernetes" -%}
|
||||
|
||||
{% set log_level = pillar['log_level'] -%}
|
||||
{% if pillar['scheduler_test_log_level'] is defined -%}
|
||||
{% set log_level = pillar['scheduler_test_log_level'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set feature_gates = "" -%}
|
||||
{% if grains.feature_gates is defined -%}
|
||||
{% set feature_gates = "--feature-gates=" + grains.feature_gates -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set scheduling_algorithm_provider = "" -%}
|
||||
{% if grains.scheduling_algorithm_provider is defined -%}
|
||||
{% set scheduling_algorithm_provider = "--algorithm-provider=" + grains.scheduling_algorithm_provider -%}
|
||||
{% endif -%}
|
||||
|
||||
{% set params = params + log_level + " " + feature_gates + " " + scheduling_algorithm_provider -%}
|
||||
|
||||
# test_args has to be kept at the end, so they'll overwrite any prior configuration
|
||||
{% if pillar['scheduler_test_args'] is defined -%}
|
||||
{% set params = params + " " + pillar['scheduler_test_args'] -%}
|
||||
{% endif -%}
|
||||
|
||||
{
|
||||
"apiVersion": "v1",
|
||||
"kind": "Pod",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user