The fields for ExtraEnv, extraVolumes and extraVolumeMounts for ingress
addon refer the k8s native types EnvVar, Volume and VolumeMounts.
The k8s native types have json tags, so this commit adds a template func to
first marshal and get json encoding and then convert to yaml.
**Problem:**
Cluster fails to come up when the nodes have taints with effect
`NoExecute`.
**Solution:**
RKE deploy job should have tolerate all toleration to execute.
And this job should be only scheduled in linux node.
Kubernetes doesn't accept any other value but string in nodeSelector,
but if we specified ambiguous value like true, it's treated as a
non-string like bool and then failed to create resource because of type
mis-match, that's why we should make value of nodeSelector enclosed by
double quotations to ensure value is always string
**Problem:**
Schedule default-http-backend and metrics-server to Windows node will be failed.
**Solution:**
Add nodeAffinity to default-http-backend and metrics-server workload
spec
**Issue:**
https://github.com/rancher/rancher/issues/19929
- Add `flannel_backend_port` and `canal_flannel_backend_port` to config
the port of Flannel
- Add `flanneld_backend_vni` and `canal_flannel_backend_vni` to config
the VxLan network identify of Flannel
**Problem:**
Schedule kubedns component to Windows node will cause DNS doesn't work
well
**Solution:**
Add nodeAffinity to kubedns
**Issue:**
https://github.com/rancher/rancher/issues/17423
**Problem:**
The nginx ingress daemonSet securityContext can not be applied to
version before 0.16.0
**Solution:**
When the nginx controller version is older than 0.16.0, we use the old
way to set it up.
Allow multiple authn strategies to be defined, including new 'webhook'
strategy. Webhook strategy configuration contains the contents of the
authentication webhook file as well as the cache timeout period.
This change allows a Kubernetes API Auth service to authenticate
user requests without proxying through the Rancher server.
1. Support to configure Flannel as "host-gw" backend
2. Define the network component yaml and ingress
controller yaml only schedule to non-Windows node
3. Support to configure Docker container's port publishing
