From 50ce2bfaac5f08204bdcf7b43bdcaf9ac4cc4526 Mon Sep 17 00:00:00 2001 From: Vladimir Zhukov Date: Wed, 6 Nov 2019 11:17:46 +0300 Subject: [PATCH 1/2] Add support k8s version 1.16 --- manifests/config/kubeadm.pp | 1 + templates/v1beta2/config_kubeadm.yaml.erb | 135 ++++++++++++++++++++++ templates/v1beta2/config_worker.yaml.erb | 37 ++++++ 3 files changed, 173 insertions(+) create mode 100644 templates/v1beta2/config_kubeadm.yaml.erb create mode 100644 templates/v1beta2/config_worker.yaml.erb diff --git a/manifests/config/kubeadm.pp b/manifests/config/kubeadm.pp index 98a89271..6c709f6b 100644 --- a/manifests/config/kubeadm.pp +++ b/manifests/config/kubeadm.pp @@ -142,6 +142,7 @@ $config_version = $kubernetes_version ? { /1.1(0|1)/ => 'v1alpha1', /1.12/ => 'v1alpha3', + /1.16/ => 'v1beta2', default => 'v1beta1', } diff --git a/templates/v1beta2/config_kubeadm.yaml.erb b/templates/v1beta2/config_kubeadm.yaml.erb new file mode 100644 index 00000000..84cbab81 --- /dev/null +++ b/templates/v1beta2/config_kubeadm.yaml.erb @@ -0,0 +1,135 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: <%= @token %> + ttl: <%= @ttl_duration %> + usages: + - signing + - authentication +kind: InitConfiguration +localAPIEndpoint: + advertiseAddress: <%= @kube_api_advertise_address %> + bindPort: 6443 +nodeRegistration: + name: <%= @node_name %> + <%- if @container_runtime == "cri_containerd" -%> + criSocket: /run/containerd/containerd.sock + <%- end -%> + taints: + - effect: NoSchedule + key: node-role.kubernetes.io/master + kubeletExtraArgs: + cgroup-driver: <%= @cgroup_driver %> + <%- if @cloud_provider -%> + cloud-provider: <%= @cloud_provider %> + <%- end -%> + <%- if @cloud_config -%> + cloud-config: <%= @cloud_config %> + <%- end -%> + <%- @kubelet_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +--- +apiServer: + timeoutForControlPlane: 4m0s +<%- if @apiserver_cert_extra_sans -%> + certSANs: + <%- @apiserver_cert_extra_sans.each do |san| -%> + - <%= san %> + <%- end -%> +<%- end -%> +<%- if @apiserver_merged_extra_arguments -%> + extraArgs: + <%- @apiserver_merged_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<%- end -%> +<%- if @apiserver_merged_extra_volumes -%> + extraVolumes: + <%- @apiserver_merged_extra_volumes.each do |name, config| -%> + - name: <%= name %> + hostPath: <%= config['hostPath'] %> + mountPath: <%= config['mountPath'] %> + <%- end -%> +<%- end -%> +apiVersion: kubeadm.k8s.io/v1beta2 +certificatesDir: /etc/kubernetes/pki +<%- if @kubernetes_cluster_name != "kubernetes" -%> +clusterName: <%= @kubernetes_cluster_name %> +<%- end -%> +controlPlaneEndpoint: "<%= @controller_address %>" +controllerManager: +<%- if @controllermanager_merged_extra_arguments -%> + extraArgs: + <%- @controllermanager_merged_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end -%> +<%- end -%> +<%- if @controllermanager_merged_extra_volumes -%> + extraVolumes: + <%- @controllermanager_merged_extra_volumes.each do |name, config| -%> + - name: <%= name %> + hostPath: <%= config['hostPath'] %> + mountPath: <%= config['mountPath'] %> + <%- end -%> +<%- end -%> +dns: + type: CoreDNS +etcd: + external: + caFile: /etc/kubernetes/pki/etcd/ca.crt + certFile: /etc/kubernetes/pki/etcd/client.crt + endpoints: +<% @etcd_peers.each do |peer| -%> + - https://<%= peer %>:2379 +<% end -%> + keyFile: /etc/kubernetes/pki/etcd/client.key +imageRepository: <%= @image_repository %> +kind: ClusterConfiguration +kubernetesVersion: v<%= @kubernetes_version %> +networking: + dnsDomain: cluster.local + podSubnet: <%= @cni_pod_cidr %> + serviceSubnet: <%= @service_cidr %> +<%- if @kubeadm_extra_config -%> +<%= @kubeadm_extra_config_yaml %> +<%- end -%> +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +bindAddress: 0.0.0.0 +clientConnection: + acceptContentTypes: "" + burst: 10 + contentType: application/vnd.kubernetes.protobuf + kubeconfig: /var/lib/kube-proxy/kubeconfig.conf + qps: 5 +clusterCIDR: <%= @cni_pod_cidr %> +configSyncPeriod: 15m0s +conntrack: + max: null + maxPerCore: 32768 + min: 131072 + tcpCloseWaitTimeout: 1h0m0s + tcpEstablishedTimeout: 24h0m0s +enableProfiling: false +healthzBindAddress: 0.0.0.0:10256 +hostnameOverride: "" +iptables: + masqueradeAll: false + masqueradeBit: 14 + minSyncPeriod: 0s + syncPeriod: 30s +ipvs: + excludeCIDRs: null + minSyncPeriod: 0s + scheduler: "" + syncPeriod: 30s +kind: KubeProxyConfiguration +metricsBindAddress: 127.0.0.1:10249 +mode: "<%= @proxy_mode %>" +nodePortAddresses: null +oomScoreAdj: -999 +portRange: "" +resourceContainer: /kube-proxy +udpIdleTimeout: 250ms diff --git a/templates/v1beta2/config_worker.yaml.erb b/templates/v1beta2/config_worker.yaml.erb new file mode 100644 index 00000000..ae0eed83 --- /dev/null +++ b/templates/v1beta2/config_worker.yaml.erb @@ -0,0 +1,37 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +caCertPath: /etc/kubernetes/pki/ca.crt +kind: JoinConfiguration +<%- if @kubernetes_cluster_name != "kubernetes" -%> +clusterName: <%= @kubernetes_cluster_name %> +<%- end -%> + +discovery: + timeout: 5m0s + tlsBootstrapToken: <%= @tls_bootstrap_token %> + bootstrapToken: + token: <%= @discovery_token %> + apiServerEndpoint: '<%= @controller_address %>' + unsafeSkipCAVerification: false + caCertHashes: + - 'sha256:<%= @discovery_token_hash %>' +token: <%= @discovery_token %> +nodeRegistration: + name: <%= @node_name %> + <%- if @container_runtime == "cri_containerd" -%> + criSocket: /run/containerd/containerd.sock + taints: null + <%- end -%> + kubeletExtraArgs: + cgroup-driver: <%= @cgroup_driver %> + <%- if @cloud_provider -%> + cloud-provider: <%= @cloud_provider %> + <%- if @cloud_config -%> + cloud-config: <%= @cloud_config %> + <%- end -%> + <%- end -%> + <%- @kubelet_extra_arguments.each do |arg| -%> + <%= arg %> + <%- end %> +<% if @feature_gates -%> +featureGates: <%= @feature_gates %> +<% end -%> From e20846cffe99014bec3734fde7b821e5b329f93c Mon Sep 17 00:00:00 2001 From: Vladimir Zhukov Date: Wed, 6 Nov 2019 12:11:40 +0300 Subject: [PATCH 2/2] fix templates kubeadm conf --- templates/v1beta2/config_kubeadm.yaml.erb | 2 -- templates/v1beta2/config_worker.yaml.erb | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/v1beta2/config_kubeadm.yaml.erb b/templates/v1beta2/config_kubeadm.yaml.erb index 84cbab81..50b86688 100644 --- a/templates/v1beta2/config_kubeadm.yaml.erb +++ b/templates/v1beta2/config_kubeadm.yaml.erb @@ -107,7 +107,6 @@ clientConnection: clusterCIDR: <%= @cni_pod_cidr %> configSyncPeriod: 15m0s conntrack: - max: null maxPerCore: 32768 min: 131072 tcpCloseWaitTimeout: 1h0m0s @@ -131,5 +130,4 @@ mode: "<%= @proxy_mode %>" nodePortAddresses: null oomScoreAdj: -999 portRange: "" -resourceContainer: /kube-proxy udpIdleTimeout: 250ms diff --git a/templates/v1beta2/config_worker.yaml.erb b/templates/v1beta2/config_worker.yaml.erb index ae0eed83..47f9f204 100644 --- a/templates/v1beta2/config_worker.yaml.erb +++ b/templates/v1beta2/config_worker.yaml.erb @@ -7,14 +7,12 @@ clusterName: <%= @kubernetes_cluster_name %> discovery: timeout: 5m0s - tlsBootstrapToken: <%= @tls_bootstrap_token %> bootstrapToken: token: <%= @discovery_token %> apiServerEndpoint: '<%= @controller_address %>' unsafeSkipCAVerification: false caCertHashes: - 'sha256:<%= @discovery_token_hash %>' -token: <%= @discovery_token %> nodeRegistration: name: <%= @node_name %> <%- if @container_runtime == "cri_containerd" -%> @@ -35,3 +33,4 @@ nodeRegistration: <% if @feature_gates -%> featureGates: <%= @feature_gates %> <% end -%> +