diff --git a/cluster/addons/cluster-monitoring/google/heapster-controller.yaml b/cluster/addons/cluster-monitoring/google/heapster-controller.yaml index 769e36112e9..429be0da773 100644 --- a/cluster/addons/cluster-monitoring/google/heapster-controller.yaml +++ b/cluster/addons/cluster-monitoring/google/heapster-controller.yaml @@ -1,16 +1,3 @@ -{% set base_metrics_memory = "140Mi" -%} -{% set base_metrics_cpu = "80m" -%} -{% set base_eventer_memory = "190Mi" -%} -{% set metrics_memory_per_node = 4 -%} -{% set metrics_cpu_per_node = 0.5 -%} -{% set eventer_memory_per_node = 500 -%} -{% set num_nodes = pillar.get('num_nodes', -1) -%} -{% set nanny_memory = "90Mi" -%} -{% set nanny_memory_per_node = 200 -%} -{% if num_nodes >= 0 -%} - {% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%} -{% endif -%} - apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml b/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml index 6896fccc232..90e3ca32302 100644 --- a/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml +++ b/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml @@ -1,16 +1,3 @@ -{% set base_metrics_memory = "140Mi" -%} -{% set base_metrics_cpu = "80m" -%} -{% set base_eventer_memory = "190Mi" -%} -{% set metrics_memory_per_node = 4 -%} -{% set metrics_cpu_per_node = 0.5 -%} -{% set eventer_memory_per_node = 500 -%} -{% set num_nodes = pillar.get('num_nodes', -1) -%} -{% set nanny_memory = "90Mi" -%} -{% set nanny_memory_per_node = 200 -%} -{% if num_nodes >= 0 -%} - {% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%} -{% endif -%} - apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml b/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml index 2c389a340b8..46a8e36813e 100644 --- a/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml +++ b/cluster/addons/cluster-monitoring/influxdb/heapster-controller.yaml @@ -1,16 +1,3 @@ -{% set base_metrics_memory = "140Mi" -%} -{% set base_metrics_cpu = "80m" -%} -{% set base_eventer_memory = "190Mi" -%} -{% set metrics_memory_per_node = 4 -%} -{% set metrics_cpu_per_node = 0.5|float -%} -{% set eventer_memory_per_node = 500 -%} -{% set num_nodes = pillar.get('num_nodes', -1) -%} -{% set nanny_memory = "90Mi" -%} -{% set nanny_memory_per_node = 200 -%} -{% if num_nodes >= 0 -%} - {% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%} -{% endif -%} - apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml b/cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml index 85e8383adf8..c035d51a7a0 100644 --- a/cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml +++ b/cluster/addons/cluster-monitoring/stackdriver/heapster-controller.yaml @@ -1,14 +1,3 @@ -{% set base_metrics_memory = "140Mi" -%} -{% set base_metrics_cpu = "80m" -%} -{% set metrics_memory_per_node = 4 -%} -{% set metrics_cpu_per_node = 0.5 -%} -{% set num_nodes = pillar.get('num_nodes', -1) -%} -{% set nanny_memory = "90Mi" -%} -{% set nanny_memory_per_node = 200 -%} -{% if num_nodes >= 0 -%} - {% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%} -{% endif -%} - apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml b/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml index f82d1b70f22..ff994966d5f 100644 --- a/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml +++ b/cluster/addons/cluster-monitoring/standalone/heapster-controller.yaml @@ -1,14 +1,3 @@ -{% set base_metrics_memory = "140Mi" -%} -{% set metrics_memory_per_node = 4 -%} -{% set base_metrics_cpu = "80m" -%} -{% set metrics_cpu_per_node = 0.5 -%} -{% set num_nodes = pillar.get('num_nodes', -1) -%} -{% set nanny_memory = "90Mi" -%} -{% set nanny_memory_per_node = 200 -%} -{% if num_nodes >= 0 -%} - {% set nanny_memory = (90 * 1024 + num_nodes * nanny_memory_per_node)|string + "Ki" -%} -{% endif -%} - apiVersion: v1 kind: ServiceAccount metadata: diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index 88029dad582..6bf21f76952 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -1287,8 +1287,6 @@ function prepare-log-file { function prepare-kube-proxy-manifest-variables { local -r src_file=$1; - remove-salt-config-comments "${src_file}" - local -r kubeconfig="--kubeconfig=/var/lib/kube-proxy/kubeconfig" local kube_docker_registry="gcr.io/google_containers" if [[ -n "${KUBE_DOCKER_REGISTRY:-}" ]]; then @@ -1374,7 +1372,6 @@ function prepare-etcd-manifest { local -r temp_file="/tmp/$5" cp "${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd.manifest" "${temp_file}" - remove-salt-config-comments "${temp_file}" sed -i -e "s@{{ *suffix *}}@$1@g" "${temp_file}" sed -i -e "s@{{ *port *}}@$2@g" "${temp_file}" sed -i -e "s@{{ *server_port *}}@$3@g" "${temp_file}" @@ -1491,17 +1488,6 @@ function prepare-mounter-rootfs { cp /etc/resolv.conf "${CONTAINERIZED_MOUNTER_ROOTFS}/etc/" } -# A helper function for removing salt configuration and comments from a file. -# This is mainly for preparing a manifest file. -# -# $1: Full path of the file to manipulate -function remove-salt-config-comments { - # Remove salt configuration. - sed -i "/^[ |\t]*{[#|%]/d" $1 - # Remove comments. - sed -i "/^[ |\t]*#/d" $1 -} - # Starts kubernetes apiserver. # It prepares the log file, loads the docker image, calculates variables, sets them # in the manifest file, and then copies the manifest file to /etc/kubernetes/manifests. @@ -1713,7 +1699,6 @@ function start-kube-apiserver { # Create the ABAC file if it doesn't exist yet, or if we have a KUBE_USER set (to ensure the right user is given permissions) if [[ -n "${KUBE_USER:-}" || ! -e /etc/srv/kubernetes/abac-authz-policy.jsonl ]]; then local -r abac_policy_json="${src_dir}/abac-authz-policy.jsonl" - remove-salt-config-comments "${abac_policy_json}" if [[ -n "${KUBE_USER:-}" ]]; then sed -i -e "s/{{kube_user}}/${KUBE_USER}/g" "${abac_policy_json}" else @@ -1758,7 +1743,6 @@ function start-kube-apiserver { fi src_file="${src_dir}/kube-apiserver.manifest" - remove-salt-config-comments "${src_file}" # Evaluate variables. local -r kube_apiserver_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-apiserver.docker_tag) sed -i -e "s@{{params}}@${params}@g" "${src_file}" @@ -1868,7 +1852,6 @@ function start-kube-controller-manager { fi local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/kube-controller-manager.manifest" - remove-salt-config-comments "${src_file}" # Evaluate variables. sed -i -e "s@{{srv_kube_path}}@/etc/srv/kubernetes@g" "${src_file}" sed -i -e "s@{{pillar\['kube_docker_registry'\]}}@${DOCKER_REGISTRY}@g" "${src_file}" @@ -1916,7 +1899,6 @@ function start-kube-scheduler { # Remove salt comments and replace variables with values. local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/kube-scheduler.manifest" - remove-salt-config-comments "${src_file}" sed -i -e "s@{{srv_kube_path}}@/etc/srv/kubernetes@g" "${src_file}" sed -i -e "s@{{params}}@${params}@g" "${src_file}" @@ -1937,7 +1919,6 @@ function start-cluster-autoscaler { # Remove salt comments and replace variables with values local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/cluster-autoscaler.manifest" - remove-salt-config-comments "${src_file}" local params="${AUTOSCALER_MIG_CONFIG} ${CLOUD_CONFIG_OPT} ${AUTOSCALER_EXPANDER_CONFIG:---expander=price}" sed -i -e "s@{{params}}@${params}@g" "${src_file}" @@ -2146,7 +2127,6 @@ EOF else controller_yaml="${controller_yaml}/heapster-controller.yaml" fi - remove-salt-config-comments "${controller_yaml}" sed -i -e "s@{{ cluster_name }}@${CLUSTER_NAME}@g" "${controller_yaml}" sed -i -e "s@{{ *base_metrics_memory *}}@${base_metrics_memory}@g" "${controller_yaml}" diff --git a/cluster/gce/manifests/abac-authz-policy.jsonl b/cluster/gce/manifests/abac-authz-policy.jsonl index f0cbce7d45f..72307283c1e 100644 --- a/cluster/gce/manifests/abac-authz-policy.jsonl +++ b/cluster/gce/manifests/abac-authz-policy.jsonl @@ -1,8 +1,7 @@ -{% set kube_user = grains.kube_user -%} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"{{kube_user}}", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kube_proxy", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubecfg", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"client", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} -{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:serviceaccounts", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} \ No newline at end of file +{"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"group":"system:serviceaccounts", "namespace": "*", "resource": "*", "apiGroup": "*", "nonResourcePath": "*"}} diff --git a/cluster/gce/manifests/cluster-autoscaler.manifest b/cluster/gce/manifests/cluster-autoscaler.manifest index 6e6ed2c2508..992e08b6801 100644 --- a/cluster/gce/manifests/cluster-autoscaler.manifest +++ b/cluster/gce/manifests/cluster-autoscaler.manifest @@ -1,14 +1,3 @@ -{% if pillar.get('enable_cluster_autoscaler', '').lower() == 'true' %} -{% set cloud_config = "" -%} -{% set cloud_config_mount = "" -%} -{% set cloud_config_volume = "" -%} -{% if grains.cloud == 'gce' and grains.cloud_config is defined -%} - {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} - {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} -{% endif -%} -{% set params = pillar['autoscaler_mig_config'] + " " + cloud_config + " " + pillar.get('autoscaler_expander_config', '') -%} - { "kind": "Pod", "apiVersion": "v1", @@ -103,4 +92,3 @@ "restartPolicy": "Always" } } -{% endif %} diff --git a/cluster/gce/manifests/etcd.manifest b/cluster/gce/manifests/etcd.manifest index 8c16bd15cee..f45e744a5cf 100644 --- a/cluster/gce/manifests/etcd.manifest +++ b/cluster/gce/manifests/etcd.manifest @@ -1,30 +1,3 @@ -{% set etcd_protocol = 'http' -%} -{% set etcd_creds = '' -%} -{% if pillar.get('etcd_over_ssl', '').lower() == 'true' -%} - {% set etcd_protocol = 'https' -%} - {% set etcd_creds = '--peer-trusted-ca-file /srv/kubernetes/etcd-ca.crt --peer-cert-file /srv/kubernetes/etcd-peer.crt --peer-key-file /srv/kubernetes/etcd-peer.key -peer-client-cert-auth' -%} -{% endif -%} -{% set hostname = pillar.get('hostname', '') -%} -{% set cluster_state = (pillar.get('initial_etcd_cluster_state') or 'new') -%} -{% set etcd_cluster_array = (pillar.get('initial_etcd_cluster') or hostname).split(',') -%} -{% set etcd_cluster = '' -%} -{# We use vars dictionary to pass variables set inside the for loop, because jinja defines new variables inside the for loop that hide variables from the outside. #} -{% set vars = {'etcd_cluster': ''} -%} -{% for host in etcd_cluster_array -%} - {% if etcd_cluster != '' -%} - {% set etcd_cluster = etcd_cluster ~ ',' -%} - {% endif -%} - {% set etcd_cluster = etcd_cluster ~ 'etcd-' ~ host ~ '=' ~ etcd_protocol ~'://' ~ host ~ ':' ~ server_port -%} - {% do vars.update({'etcd_cluster': etcd_cluster}) -%} -{% endfor -%} -{% set etcd_cluster = vars.etcd_cluster -%} -{% set quota_bytes = '' -%} -{% if pillar.get('storage_backend', 'etcd3') == 'etcd3' -%} - {% set quota_bytes = '--quota-backend-bytes=4294967296' -%} -{% endif -%} -{% set liveness_probe_initial_delay = pillar.get('etcd_liveness_probe_initial_delay', 15) -%} -{% set srv_kube_path = "/srv/kubernetes" -%} - { "apiVersion": "v1", "kind": "Pod", diff --git a/cluster/gce/manifests/kube-apiserver.manifest b/cluster/gce/manifests/kube-apiserver.manifest index 93172d4276c..188a10b8155 100644 --- a/cluster/gce/manifests/kube-apiserver.manifest +++ b/cluster/gce/manifests/kube-apiserver.manifest @@ -1,213 +1,3 @@ -{% set daemon_args = "$DAEMON_ARGS" -%} -{% if grains['os_family'] == 'RedHat' -%} - {% set daemon_args = "" -%} -{% endif -%} - -{% set cloud_provider = "" -%} -{% set cloud_config = "" -%} -{% set cloud_config_mount = "" -%} -{% set cloud_config_volume = "" -%} -{% set additional_cloud_config_mount = "{\"name\": \"usrsharessl\",\"mountPath\": \"/usr/share/ssl\", \"readOnly\": true}, {\"name\": \"usrssl\",\"mountPath\": \"/usr/ssl\", \"readOnly\": true}, {\"name\": \"usrlibssl\",\"mountPath\": \"/usr/lib/ssl\", \"readOnly\": true}, {\"name\": \"usrlocalopenssl\",\"mountPath\": \"/usr/local/openssl\", \"readOnly\": true}," -%} -{% set additional_cloud_config_volume = "{\"name\": \"usrsharessl\",\"hostPath\": {\"path\": \"/usr/share/ssl\"}}, {\"name\": \"usrssl\",\"hostPath\": {\"path\": \"/usr/ssl\"}}, {\"name\": \"usrlibssl\",\"hostPath\": {\"path\": \"/usr/lib/ssl\"}}, {\"name\": \"usrlocalopenssl\",\"hostPath\": {\"path\": \"/usr/local/openssl\"}}," -%} - -{% set srv_kube_path = "/srv/kubernetes" -%} -{% set srv_sshproxy_path = "/srv/sshproxy" -%} - -{% if grains.cloud is defined -%} - {% set cloud_provider = "--cloud-provider=" + grains.cloud -%} - - {% if grains.cloud == 'gce' and grains.cloud_config is defined -%} - {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} - {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} - {% endif -%} - -{% endif -%} - -{% set advertise_address = "" -%} -{% if grains.advertise_address is defined -%} - {% set advertise_address = "--advertise-address=" + grains.advertise_address -%} -{% endif -%} - -{% set proxy_ssh_options = "" -%} -{% if grains.proxy_ssh_user is defined -%} - {% set proxy_ssh_options = "--ssh-user=" + grains.proxy_ssh_user + " --ssh-keyfile=/srv/sshproxy/.sshkeyfile" -%} - {# Append 40 characters onto command to work around #9822. #} - {# If mount list changes, this may also need to change. #} - {% set proxy_ssh_options = proxy_ssh_options + " " -%} -{% endif -%} - -{% set address = "--address=127.0.0.1" -%} - -{% set bind_address = "" -%} -{% if grains.publicAddressOverride is defined -%} - {% set bind_address = "--bind-address=" + grains.publicAddressOverride -%} -{% endif -%} - -{% set storage_backend = "" -%} -{% if pillar['storage_backend'] is defined -%} - {% set storage_backend = "--storage-backend=" + pillar['storage_backend'] -%} -{% endif -%} -{% set etcd_servers = "--etcd-servers=http://127.0.0.1:2379" -%} -{% set etcd_servers_overrides = "--etcd-servers-overrides=/events#http://127.0.0.1:4002" -%} - -{% set storage_media_type = "" -%} -{% if pillar['storage_media_type'] is defined -%} - {% set storage_media_type = "--storage-media-type=" + pillar['storage_media_type'] -%} -{% endif -%} - -{% set liveness_probe_initial_delay = pillar.get('kube_apiserver_liveness_probe_initial_delay', 15) -%} - -{% set request_timeout = "" -%} -{% if pillar['kube_apiserver_request_timeout_sec'] is defined -%} - {% set request_timeout = "--request-timeout=" + pillar['kube_apiserver_request_timeout_sec'] + "s" -%} -{% endif -%} - -{% set max_requests_inflight = "" -%} -{% set target_ram_mb = "" -%} -{% if pillar['num_nodes'] is defined -%} - # If the cluster is large, increase max-requests-inflight limit in apiserver. - {% if pillar['num_nodes']|int >= 1000 -%} - {% set max_requests_inflight = "--max-requests-inflight=1500 --max-mutating-requests-inflight=500" -%} - {% endif -%} - # Set amount of memory available for apiserver based on number of nodes. - # TODO: Once we start setting proper requests and limits for apiserver - # we should reuse the same logic here instead of current heuristic. - {% set tmp_ram_mb = pillar['num_nodes']|int * 60 %} - {% set target_ram_mb = "--target-ram-mb=" + tmp_ram_mb|string -%} -{% endif -%} - -{% set service_cluster_ip_range = "" -%} -{% if pillar['service_cluster_ip_range'] is defined -%} - {% set service_cluster_ip_range = "--service-cluster-ip-range=" + pillar['service_cluster_ip_range'] -%} -{% endif -%} - -{% set cert_file = "--tls-cert-file=/srv/kubernetes/server.cert" -%} -{% set key_file = "--tls-private-key-file=/srv/kubernetes/server.key" -%} -{% set kubelet_cert_file = "--kubelet-client-certificate=/srv/kubernetes/kubeapiserver.cert" -%} -{% set kubelet_key_file = "--kubelet-client-key=/srv/kubernetes/kubeapiserver.key" -%} -{% set client_ca_file = "" -%} - -{% set secure_port = "6443" -%} -{% if grains['cloud'] is defined and grains.cloud == 'gce' %} - {% set secure_port = "443" -%} - {% set client_ca_file = "--client-ca-file=/srv/kubernetes/ca.crt" -%} -{% endif -%} - -{% set min_request_timeout = "" -%} -{% if grains.minRequestTimeout is defined -%} - {% set min_request_timeout = "--min-request-timeout=" + grains.minRequestTimeout -%} -{% endif -%} - -{% set token_auth_file = " --token-auth-file=/dev/null" -%} -{% set basic_auth_file = "" -%} -{% set authz_mode = "" -%} -{% set abac_policy_file = "" -%} -{% if grains['cloud'] is defined and grains.cloud == 'gce' %} - {% set token_auth_file = " --token-auth-file=/srv/kubernetes/known_tokens.csv" -%} - {% set basic_auth_file = " --basic-auth-file=/srv/kubernetes/basic_auth.csv" -%} - {% set authz_mode = " --authorization-mode=ABAC" -%} - {% set abac_policy_file = " --authorization-policy-file=/srv/kubernetes/abac-authz-policy.jsonl" -%} -{% endif -%} - -{% set webhook_authentication_config = "" -%} -{% set webhook_authn_config_mount = "" -%} -{% set webhook_authn_config_volume = "" -%} -{% if grains.webhook_authentication_config is defined -%} - {% set webhook_authentication_config = " --authentication-token-webhook-config-file=" + grains.webhook_authentication_config -%} - {% set webhook_authn_config_mount = "{\"name\": \"webhookauthnconfigmount\",\"mountPath\": \"" + grains.webhook_authentication_config + "\", \"readOnly\": false}," -%} - {% set webhook_authn_config_volume = "{\"name\": \"webhookauthnconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authentication_config + "\", \"type\": \"FileOrCreate\"}}," -%} -{% endif -%} - -{% set webhook_authorization_config = "" -%} -{% set webhook_config_mount = "" -%} -{% set webhook_config_volume = "" -%} -{% if grains.webhook_authorization_config is defined -%} - {% set webhook_authorization_config = " --authorization-webhook-config-file=" + grains.webhook_authorization_config -%} - {% set webhook_config_mount = "{\"name\": \"webhookconfigmount\",\"mountPath\": \"" + grains.webhook_authorization_config + "\", \"readOnly\": false}," -%} - {% set webhook_config_volume = "{\"name\": \"webhookconfigmount\",\"hostPath\": {\"path\": \"" + grains.webhook_authorization_config + "\", \"type\": \"FileOrCreate\"}}," -%} - {% set authz_mode = authz_mode + ",Webhook" -%} -{% endif -%} - -{% set image_review_config = "" -%} -{% set admission_controller_config_mount = "" -%} -{% set admission_controller_config_volume = "" -%} -{% set image_policy_webhook_config_mount = "" -%} -{% set image_policy_webhook_config_volume = "" -%} -{% if grains.image_review_config is defined -%} - {% set image_review_config = " --admission-control-config-file=" + grains.image_review_config -%} - {% set admission_controller_config_mount = "{\"name\": \"admissioncontrollerconfigmount\",\"mountPath\": \"" + grains.image_review_config + "\", \"readOnly\": false}," -%} - {% set admission_controller_config_volume = "{\"name\": \"admissioncontrollerconfigmount\",\"hostPath\": {\"path\": \"" + grains.image_review_config + "\", \"type\": \"FileOrCreate\"}}," -%} - {% set image_policy_webhook_config_mount = "{\"name\": \"imagepolicywebhookconfigmount\",\"mountPath\": \"/etc/gcp_image_review.config\", \"readOnly\": false}," -%} - {% set image_policy_webhook_config_volume = "{\"name\": \"imagepolicywebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/gcp_image_review.config\", \"type\": \"FileOrCreate\"}}," -%} -{% endif -%} - -{% set admission_control = "" -%} -{% if pillar['admission_control'] is defined -%} - {% set admission_control = "--admission-control=" + pillar['admission_control'] -%} -{% endif -%} - -{% set runtime_config = "" -%} -{% if grains.runtime_config is defined -%} - {% set runtime_config = "--runtime-config=" + grains.runtime_config -%} -{% endif -%} - -{% set feature_gates = "" -%} -{% if grains.feature_gates is defined -%} - {% set feature_gates = "--feature-gates=" + grains.feature_gates -%} -{% endif -%} - -{% set log_level = pillar['log_level'] -%} -{% if pillar['api_server_test_log_level'] is defined -%} - {% set log_level = pillar['api_server_test_log_level'] -%} -{% endif -%} - -{% set enable_garbage_collector = "" -%} -{% if pillar['enable_garbage_collector'] is defined -%} - {% set enable_garbage_collector = "--enable-garbage-collector=" + pillar['enable_garbage_collector'] -%} -{% endif -%} - -{% set etcd_compaction_interval = "" %} -{% if pillar['etcd_compaction_interval_sec'] is defined -%} - {% set etcd_compaction_interval = "--etcd-compaction-interval=" + pillar['etcd_compaction_interval_sec'] + "s" -%} -{% endif -%} - -{% set etcd_quorum_read = "" %} -{% if pillar['etcd_quorum_read'] is defined -%} - {% set etcd_quorum_read = "--etcd_quorum_read=" + pillar['etcd_quorum_read'] -%} -{% endif -%} - -{% set audit_log = "" -%} -{% set audit_policy_config_mount = "" -%} -{% set audit_policy_config_volume = "" -%} -{% set audit_webhook_config_mount = "" -%} -{% set audit_webhook_config_volume = "" -%} -{% if pillar['enable_apiserver_basic_audit'] is defined and pillar['enable_apiserver_basic_audit'] in ['true'] -%} - {% set audit_log = "--audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%} -{% elif pillar['enable_apiserver_advanced_audit'] is defined and pillar['enable_apiserver_advanced_audit'] in ['true'] -%} - {% set audit_log = "--audit-policy-file=/etc/audit_policy.config" -%} - {% set audit_policy_config_mount = "{\"name\": \"auditpolicyconfigmount\",\"mountPath\": \"/etc/audit_policy.config\", \"readOnly\": true}," -%} - {% set audit_policy_config_volume = "{\"name\": \"auditpolicyconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_policy.config\", \"type\": \"FileOrCreate\"}}," -%} - {% if pillar['advanced_audit_backend'] is defined and 'log' in pillar['advanced_audit_backend'] -%} - {% set audit_log = audit_log + " --audit-log-path=/var/log/kube-apiserver-audit.log --audit-log-maxage=0 --audit-log-maxbackup=0 --audit-log-maxsize=2000000000" -%} - {% endif %} - {% if pillar['advanced_audit_backend'] is defined and 'webhook' in pillar['advanced_audit_backend'] -%} - {% set audit_log = audit_log + " --audit-webhook-mode=batch" -%} - {% set audit_webhook_config_mount = "{\"name\": \"auditwebhookconfigmount\",\"mountPath\": \"/etc/audit_webhook.config\", \"readOnly\": true}," -%} - {% set audit_webhook_config_volume = "{\"name\": \"auditwebhookconfigmount\",\"hostPath\": {\"path\": \"/etc/audit_webhook.config\", \"type\": \"FileOrCreate\"}}," -%} - {% endif %} -{% endif -%} - -{% set params = address + " " + storage_backend + " " + storage_media_type + " " + etcd_servers + " " + etcd_servers_overrides + " " + cloud_provider + " " + cloud_config + " " + runtime_config + " " + feature_gates + " " + admission_control + " " + max_requests_inflight + " " + target_ram_mb + " " + service_cluster_ip_range + " " + client_ca_file + basic_auth_file + " " + min_request_timeout + " " + enable_garbage_collector + " " + etcd_quorum_read + " " + etcd_compaction_interval + " " + audit_log + " " + request_timeout -%} -{% set params = params + " " + cert_file + " " + key_file + " " + kubelet_cert_file + " " + kubelet_key_file + " --secure-port=" + secure_port + token_auth_file + " " + bind_address + " " + log_level + " " + advertise_address + " " + proxy_ssh_options + authz_mode + abac_policy_file + webhook_authentication_config + webhook_authorization_config + image_review_config -%} - -# test_args has to be kept at the end, so they'll overwrite any prior configuration -{% if pillar['apiserver_test_args'] is defined -%} - {% set params = params + " " + pillar['apiserver_test_args'] -%} -{% endif -%} - -{% set container_env = "" -%} - { "apiVersion": "v1", "kind": "Pod", diff --git a/cluster/gce/manifests/kube-controller-manager.manifest b/cluster/gce/manifests/kube-controller-manager.manifest index 74353d07f6f..353958642e9 100644 --- a/cluster/gce/manifests/kube-controller-manager.manifest +++ b/cluster/gce/manifests/kube-controller-manager.manifest @@ -1,86 +1,3 @@ -{% set cluster_name = "" -%} -{% set cluster_cidr = "" -%} -{% set allocate_node_cidrs = "" -%} -{% set service_cluster_ip_range = "" %} -{% set terminated_pod_gc = "" -%} - - -{% if pillar['instance_prefix'] is defined -%} - {% set cluster_name = "--cluster-name=" + pillar['instance_prefix'] -%} -{% endif -%} -{% if pillar['cluster_cidr'] is defined and pillar['cluster_cidr'] != "" -%} - {% set cluster_cidr = "--cluster-cidr=" + pillar['cluster_cidr'] -%} -{% endif -%} -{% if pillar['service_cluster_ip_range'] is defined and pillar['service_cluster_ip_range'] != "" -%} - {% set service_cluster_ip_range = "--service_cluster_ip_range=" + pillar['service_cluster_ip_range'] -%} -{% endif -%} -{% if pillar.get('network_provider', '').lower() == 'kubenet' %} - {% set allocate_node_cidrs = "--allocate-node-cidrs=true" -%} -{% elif pillar['allocate_node_cidrs'] is defined -%} - {% set allocate_node_cidrs = "--allocate-node-cidrs=" + pillar['allocate_node_cidrs'] -%} -{% endif -%} -{% if pillar['terminated_pod_gc_threshold'] is defined -%} - {% set terminated_pod_gc = "--terminated-pod-gc-threshold=" + pillar['terminated_pod_gc_threshold'] -%} -{% endif -%} - -{% set enable_garbage_collector = "" -%} -{% if pillar['enable_garbage_collector'] is defined -%} -{% set enable_garbage_collector = "--enable-garbage-collector=" + pillar['enable_garbage_collector'] -%} -{% endif -%} - -{% set cloud_provider = "" -%} -{% set cloud_config = "" -%} -{% set cloud_config_mount = "" -%} -{% set cloud_config_volume = "" -%} -{% set additional_cloud_config_mount = "{\"name\": \"usrsharessl\",\"mountPath\": \"/usr/share/ssl\", \"readOnly\": true}, {\"name\": \"usrssl\",\"mountPath\": \"/usr/ssl\", \"readOnly\": true}, {\"name\": \"usrlibssl\",\"mountPath\": \"/usr/lib/ssl\", \"readOnly\": true}, {\"name\": \"usrlocalopenssl\",\"mountPath\": \"/usr/local/openssl\", \"readOnly\": true}," -%} -{% set additional_cloud_config_volume = "{\"name\": \"usrsharessl\",\"hostPath\": {\"path\": \"/usr/share/ssl\"}}, {\"name\": \"usrssl\",\"hostPath\": {\"path\": \"/usr/ssl\"}}, {\"name\": \"usrlibssl\",\"hostPath\": {\"path\": \"/usr/lib/ssl\"}}, {\"name\": \"usrlocalopenssl\",\"hostPath\": {\"path\": \"/usr/local/openssl\"}}," -%} -{% set pv_recycler_mount = "" -%} -{% set pv_recycler_volume = "" -%} -{% set srv_kube_path = "/srv/kubernetes" -%} -{% flex_vol_plugin_dir = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec" -%} - -{% if grains.cloud is defined -%} - {% set cloud_provider = "--cloud-provider=" + grains.cloud -%} - {% set service_account_key = "--service-account-private-key-file=/srv/kubernetes/server.key" -%} - - {% if grains.cloud == 'gce' and grains.cloud_config is defined -%} - {% set cloud_config = "--cloud-config=" + grains.cloud_config -%} - {% set cloud_config_mount = "{\"name\": \"cloudconfigmount\",\"mountPath\": \"" + grains.cloud_config + "\", \"readOnly\": true}," -%} - {% set cloud_config_volume = "{\"name\": \"cloudconfigmount\",\"hostPath\": {\"path\": \"" + grains.cloud_config + "\", \"type\": \"FileOrCreate\"}}," -%} - {% endif -%} - -{% endif -%} - -{% set root_ca_file = "" -%} - -{% if grains.cloud is defined and grains.cloud == 'gce' %} - {% set root_ca_file = "--root-ca-file=/srv/kubernetes/ca.crt" -%} -{% endif -%} - -{% set log_level = pillar['log_level'] -%} -{% if pillar['controller_manager_test_log_level'] is defined -%} - {% set log_level = pillar['controller_manager_test_log_level'] -%} -{% endif -%} - -{% set feature_gates = "" -%} -{% if grains.feature_gates is defined -%} - {% set feature_gates = "--feature-gates=" + grains.feature_gates -%} -{% endif -%} - -{% set params = "--master=127.0.0.1:8080" + " " + cluster_name + " " + cluster_cidr + " " + allocate_node_cidrs + " " + service_cluster_ip_range + " " + terminated_pod_gc + " " + enable_garbage_collector + " " + cloud_provider + " " + cloud_config + " " + service_account_key + " " + log_level + " " + root_ca_file -%} -{% set params = params + " " + feature_gates -%} - -{% if pillar.get('enable_hostpath_provisioner', '').lower() == 'true' -%} -{% set params = params + " --enable-hostpath-provisioner" %} -{% endif -%} - -# test_args has to be kept at the end, so they'll overwrite any prior configuration -{% if pillar['controller_manager_test_args'] is defined -%} -{% set params = params + " " + pillar['controller_manager_test_args'] -%} -{% endif -%} - -{% set container_env = "" -%} - { "apiVersion": "v1", "kind": "Pod", diff --git a/cluster/gce/manifests/kube-proxy.manifest b/cluster/gce/manifests/kube-proxy.manifest index 6e9af81b78f..fe4dd6c61c7 100644 --- a/cluster/gce/manifests/kube-proxy.manifest +++ b/cluster/gce/manifests/kube-proxy.manifest @@ -1,52 +1,3 @@ -# Please keep kube-proxy configuration in-sync with: -# cluster/addons/kube-proxy/kube-proxy-ds.yaml - -{% set kubeconfig = "--kubeconfig=/var/lib/kube-proxy/kubeconfig" -%} -{% if grains.api_servers is defined -%} - {% set api_servers = "--master=https://" + grains.api_servers -%} -{% else -%} - {% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() -%} - {% set api_servers = "--master=https://" + ips[0][0] -%} -{% endif -%} -{% if grains['cloud'] is defined and grains.cloud == 'gce' %} - {% set api_servers_with_port = api_servers -%} -{% else -%} - {% set api_servers_with_port = api_servers + ":6443" -%} -{% endif -%} -{% set test_args = "" -%} -{% if pillar['kubeproxy_test_args'] is defined -%} - {% set test_args=pillar['kubeproxy_test_args'] %} -{% endif -%} -{% set cluster_cidr = "" -%} -{% if pillar['cluster_cidr'] is defined -%} - {% set cluster_cidr=" --cluster-cidr=" + pillar['cluster_cidr'] %} -{% endif -%} - -{% set log_level = pillar['log_level'] -%} -{% if pillar['kubeproxy_test_log_level'] is defined -%} - {% set log_level = pillar['kubeproxy_test_log_level'] -%} -{% endif -%} - -{% set feature_gates = "" -%} -{% if grains.feature_gates is defined -%} - {% set feature_gates = "--feature-gates=" + grains.feature_gates -%} -{% endif -%} - -{% set throttles = "--iptables-sync-period=1m --iptables-min-sync-period=10s --ipvs-sync-period=1m --ipvs-min-sync-period=10s" -%} - -{% set pod_priority = "" -%} -{% if pillar.get('enable_pod_priority', '').lower() == 'true' -%} - {% set pod_priority = "priorityClassName: system-node-critical" -%} -{% endif -%} - -# test_args should always go last to overwrite prior configuration -{% set params = log_level + " " + throttles + " " + feature_gates + " " + test_args -%} - -{% set container_env = "" -%} -{% set kube_cache_mutation_detector_env_name = "" -%} -{% set kube_cache_mutation_detector_env_value = "" -%} - -# kube-proxy podspec apiVersion: v1 kind: Pod metadata: diff --git a/cluster/gce/manifests/kube-scheduler.manifest b/cluster/gce/manifests/kube-scheduler.manifest index 26436657ede..a7d496fddd6 100644 --- a/cluster/gce/manifests/kube-scheduler.manifest +++ b/cluster/gce/manifests/kube-scheduler.manifest @@ -1,28 +1,3 @@ -{% set params = "--master=127.0.0.1:8080" -%} -{% set srv_kube_path = "/srv/kubernetes" -%} - -{% set log_level = pillar['log_level'] -%} -{% if pillar['scheduler_test_log_level'] is defined -%} - {% set log_level = pillar['scheduler_test_log_level'] -%} -{% endif -%} - -{% set feature_gates = "" -%} -{% if grains.feature_gates is defined -%} - {% set feature_gates = "--feature-gates=" + grains.feature_gates -%} -{% endif -%} - -{% set scheduling_algorithm_provider = "" -%} -{% if grains.scheduling_algorithm_provider is defined -%} - {% set scheduling_algorithm_provider = "--algorithm-provider=" + grains.scheduling_algorithm_provider -%} -{% endif -%} - -{% set params = params + log_level + " " + feature_gates + " " + scheduling_algorithm_provider -%} - -# test_args has to be kept at the end, so they'll overwrite any prior configuration -{% if pillar['scheduler_test_args'] is defined -%} -{% set params = params + " " + pillar['scheduler_test_args'] -%} -{% endif -%} - { "apiVersion": "v1", "kind": "Pod",