feat: kubeadm for v1.20.1
This commit is contained in:
parent
94165efff3
commit
7e61463b21
@ -1,2 +1,2 @@
|
||||
*.sh
|
||||
*.md
|
||||
*.md.gotmpl
|
||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubeadm
|
||||
description: KubeZero Kubeadm golden config
|
||||
type: application
|
||||
version: 1.20.0
|
||||
version: 1.20.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -35,3 +35,7 @@ Installs the Istio control plane
|
||||
- https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
|
||||
|
||||
- https://github.com/awslabs/amazon-eks-ami
|
||||
|
||||
### Etcd
|
||||
- https://itnext.io/breaking-down-and-fixing-etcd-cluster-d81e35b9260d
|
||||
|
||||
|
3
charts/kubeadm/scripts/minor.sh
Executable file
3
charts/kubeadm/scripts/minor.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Minor uppgrade from 1.19!"
|
3
charts/kubeadm/scripts/patch.sh
Executable file
3
charts/kubeadm/scripts/patch.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Patch upgrade within 1.20"
|
@ -2,40 +2,61 @@ apiVersion: kubeadm.k8s.io/v1beta2
|
||||
kind: ClusterConfiguration
|
||||
metadata:
|
||||
name: kubezero-clusterconfiguration
|
||||
kubernetesVersion: {{ .Values.clusterVersion }}
|
||||
kubernetesVersion: {{ .Chart.Version }}
|
||||
clusterName: {{ .Values.clusterName }}
|
||||
controlPlaneEndpoint: {{ .Values.apiEndpoint }}
|
||||
controlPlaneEndpoint: {{ .Values.api.endpoint }}
|
||||
networking:
|
||||
podSubnet: 10.244.0.0/16
|
||||
etcd:
|
||||
local:
|
||||
extraArgs:
|
||||
#name: {{ .Values.etcd.nodeName }}
|
||||
### DNS discovery
|
||||
#discovery-srv: {{ .Values.domain }}
|
||||
#discovery-srv-name: {{ .Values.clusterName }}
|
||||
#initial-cluster:
|
||||
### Regular
|
||||
#{{- if .Values.etcd.initialCluster }}
|
||||
#initial-cluster: {{ .Values.etcd.initialCluster }}
|
||||
#{{- end }}
|
||||
#initial-advertise-peer-urls: "https://{{ .Values.etcd.nodeName }}:2380"
|
||||
#advertise-client-urls: "https://{{ .Values.etcd.nodeName }}:2379"
|
||||
initial-cluster-token: etcd-{{ .Values.clusterName }}
|
||||
listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
|
||||
logger: "zap"
|
||||
# log-level: "warn"
|
||||
{{- with .Values.etcdExtraArgs }}
|
||||
{{- with .Values.etcd.extraArgs }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
# These will only be used to create the etcd certs but removed for Init/Join kudeadm calls allowing us to sneak in aliases for etcd nodes
|
||||
serverCertSANs:
|
||||
- "{{ .Values.etcd.nodeName }}"
|
||||
- "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
|
||||
- "{{ .Values.domain }}"
|
||||
peerCertSANs:
|
||||
- "{{ .Values.etcd.nodeName }}"
|
||||
- "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
|
||||
- "{{ .Values.domain }}"
|
||||
controllerManager:
|
||||
extraArgs:
|
||||
profiling: "false"
|
||||
bind-address: {{ .Values.listenAddress }}
|
||||
terminated-pod-gc-threshold: "300"
|
||||
leader-elect: {{ .Values.clusterHighAvailable | quote }}
|
||||
leader-elect: {{ .Values.highAvailable | quote }}
|
||||
logging-format: json
|
||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||
scheduler:
|
||||
extraArgs:
|
||||
profiling: "false"
|
||||
bind-address: {{ .Values.listenAddress }}
|
||||
leader-elect: {{ .Values.clusterHighAvailable | quote }}
|
||||
leader-elect: {{ .Values.highAvailable | quote }}
|
||||
logging-format: json
|
||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||
apiServer:
|
||||
certSANs:
|
||||
- {{ regexSplit ":" .Values.apiEndpoint -1 | first }}
|
||||
- {{ regexSplit ":" .Values.api.endpoint -1 | first }}
|
||||
extraArgs:
|
||||
etcd-servers: {{ .Values.allEtcdEndpoints }}
|
||||
etcd-servers: {{ ternary .Values.api.allEtcdEndpoints "https://127.0.0.1:2379" .Values.highAvailable }}
|
||||
profiling: "false"
|
||||
audit-log-path: "/var/log/kubernetes/audit.log"
|
||||
audit-policy-file: /etc/kubernetes/apiserver/audit-policy.yaml
|
||||
@ -50,11 +71,11 @@ apiServer:
|
||||
{{- end }}
|
||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||
enable-admission-plugins: NodeRestriction,EventRateLimit
|
||||
{{- if .Values.clusterHighAvailable }}
|
||||
{{- if .Values.highAvailable }}
|
||||
goaway-chance: ".001"
|
||||
{{- end }}
|
||||
logging-format: json
|
||||
{{- with .Values.apiExtraArgs }}
|
||||
{{- with .Values.api.extraArgs }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
extraVolumes:
|
||||
|
@ -3,10 +3,11 @@ kind: InitConfiguration
|
||||
metadata:
|
||||
name: kubezero-initconfiguration
|
||||
localAPIEndpoint:
|
||||
bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
|
||||
bindPort: {{ .Values.api.listenPort }}
|
||||
nodeRegistration:
|
||||
ignorePreflightErrors:
|
||||
- Swap
|
||||
- DirAvailable--var-lib-etcd
|
||||
- KubeletVersion
|
||||
kubeletExtraArgs:
|
||||
node-labels: {{ .Values.nodeLabels | quote }}
|
||||
|
@ -5,12 +5,13 @@ discovery:
|
||||
kubeConfigPath: /root/.kube/config
|
||||
controlPlane:
|
||||
localAPIEndpoint:
|
||||
advertiseAddress: IP_ADDRESS
|
||||
bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
|
||||
advertiseAddress: {{ .Values.serviceIp }}
|
||||
bindPort: {{ .Values.api.listenPort }}
|
||||
nodeRegistration:
|
||||
ignorePreflightErrors:
|
||||
- DirAvailable--var-lib-etcd
|
||||
- FileAvailable--etc-kubernetes-pki-ca.crt
|
||||
- Swap
|
||||
- KubeletVersion
|
||||
kubeletExtraArgs:
|
||||
node-labels: {{ .Values.nodeLabels | quote }}
|
||||
|
@ -3,7 +3,7 @@ apiVersion: v1
|
||||
kind: Config
|
||||
clusters:
|
||||
- cluster:
|
||||
server: https://{{ .Values.apiEndpoint }}
|
||||
server: https://{{ .Values.api.endpoint }}
|
||||
name: {{ .Values.clusterName }}
|
||||
contexts:
|
||||
- context:
|
||||
|
@ -1,5 +1,5 @@
|
||||
spec:
|
||||
replicas: {{ ternary 3 1 .Values.clusterHighAvailable }}
|
||||
replicas: {{ ternary 3 1 .Values.highAvailable }}
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
|
@ -5,3 +5,4 @@ spec:
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 192Mi
|
||||
ephemeral-storage: 1Gi
|
||||
|
@ -5,7 +5,7 @@ kind: IAMIdentityMapping
|
||||
metadata:
|
||||
name: kubezero-worker-nodes
|
||||
spec:
|
||||
arn: {{ .Values.WorkerNodeRole }}
|
||||
arn: {{ .Values.workerNodeRole }}
|
||||
username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
|
||||
groups:
|
||||
# For now use masters, define properly with 1.20
|
||||
|
@ -1,16 +1,26 @@
|
||||
clusterVersion: 1.19.0
|
||||
listenAddress: 0.0.0.0
|
||||
clusterName: pleasechangeme
|
||||
apiEndpoint: kube-api.changeme.org:6443
|
||||
etcdExtraArgs: {}
|
||||
apiExtraArgs: {}
|
||||
clusterHighAvailable: false
|
||||
allEtcdEndpoints: ""
|
||||
domain: changeme.org
|
||||
|
||||
serviceIp: set_via_cmdline
|
||||
|
||||
api:
|
||||
endpoint: kube-api.changeme.org:6443
|
||||
listenPort: 6443
|
||||
allEtcdEndpoints: ""
|
||||
extraArgs: {}
|
||||
|
||||
etcd:
|
||||
nodeName: set_via_cmdline
|
||||
extraArgs: {}
|
||||
|
||||
highAvailable: false
|
||||
listenAddress: 0.0.0.0
|
||||
|
||||
# supported values aws,bare-metal
|
||||
platform: "aws"
|
||||
# Set to false for openrc, eg. on Gentoo or Alpine
|
||||
systemd: true
|
||||
protectKernelDefaults: true
|
||||
|
||||
WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||
KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||
workerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||
kubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||
|
Loading…
Reference in New Issue
Block a user