feat: kubeadm for v1.20.1
This commit is contained in:
parent
94165efff3
commit
7e61463b21
@ -1,2 +1,2 @@
|
|||||||
*.sh
|
|
||||||
*.md
|
*.md
|
||||||
|
*.md.gotmpl
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubeadm
|
name: kubeadm
|
||||||
description: KubeZero Kubeadm golden config
|
description: KubeZero Kubeadm golden config
|
||||||
type: application
|
type: application
|
||||||
version: 1.20.0
|
version: 1.20.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -35,3 +35,7 @@ Installs the Istio control plane
|
|||||||
- https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
|
- https://godoc.org/k8s.io/kube-proxy/config/v1alpha1#KubeProxyConfiguration
|
||||||
|
|
||||||
- https://github.com/awslabs/amazon-eks-ami
|
- https://github.com/awslabs/amazon-eks-ami
|
||||||
|
|
||||||
|
### Etcd
|
||||||
|
- https://itnext.io/breaking-down-and-fixing-etcd-cluster-d81e35b9260d
|
||||||
|
|
||||||
|
3
charts/kubeadm/scripts/minor.sh
Executable file
3
charts/kubeadm/scripts/minor.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Minor uppgrade from 1.19!"
|
3
charts/kubeadm/scripts/patch.sh
Executable file
3
charts/kubeadm/scripts/patch.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Patch upgrade within 1.20"
|
@ -2,40 +2,61 @@ apiVersion: kubeadm.k8s.io/v1beta2
|
|||||||
kind: ClusterConfiguration
|
kind: ClusterConfiguration
|
||||||
metadata:
|
metadata:
|
||||||
name: kubezero-clusterconfiguration
|
name: kubezero-clusterconfiguration
|
||||||
kubernetesVersion: {{ .Values.clusterVersion }}
|
kubernetesVersion: {{ .Chart.Version }}
|
||||||
clusterName: {{ .Values.clusterName }}
|
clusterName: {{ .Values.clusterName }}
|
||||||
controlPlaneEndpoint: {{ .Values.apiEndpoint }}
|
controlPlaneEndpoint: {{ .Values.api.endpoint }}
|
||||||
networking:
|
networking:
|
||||||
podSubnet: 10.244.0.0/16
|
podSubnet: 10.244.0.0/16
|
||||||
etcd:
|
etcd:
|
||||||
local:
|
local:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
|
#name: {{ .Values.etcd.nodeName }}
|
||||||
|
### DNS discovery
|
||||||
|
#discovery-srv: {{ .Values.domain }}
|
||||||
|
#discovery-srv-name: {{ .Values.clusterName }}
|
||||||
|
#initial-cluster:
|
||||||
|
### Regular
|
||||||
|
#{{- if .Values.etcd.initialCluster }}
|
||||||
|
#initial-cluster: {{ .Values.etcd.initialCluster }}
|
||||||
|
#{{- end }}
|
||||||
|
#initial-advertise-peer-urls: "https://{{ .Values.etcd.nodeName }}:2380"
|
||||||
|
#advertise-client-urls: "https://{{ .Values.etcd.nodeName }}:2379"
|
||||||
|
initial-cluster-token: etcd-{{ .Values.clusterName }}
|
||||||
listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
|
listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
|
||||||
logger: "zap"
|
logger: "zap"
|
||||||
# log-level: "warn"
|
# log-level: "warn"
|
||||||
{{- with .Values.etcdExtraArgs }}
|
{{- with .Values.etcd.extraArgs }}
|
||||||
{{- toYaml . | nindent 6 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
# These will only be used to create the etcd certs but removed for Init/Join kudeadm calls allowing us to sneak in aliases for etcd nodes
|
||||||
|
serverCertSANs:
|
||||||
|
- "{{ .Values.etcd.nodeName }}"
|
||||||
|
- "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
|
||||||
|
- "{{ .Values.domain }}"
|
||||||
|
peerCertSANs:
|
||||||
|
- "{{ .Values.etcd.nodeName }}"
|
||||||
|
- "{{ .Values.etcd.nodeName }}.{{ .Values.domain }}"
|
||||||
|
- "{{ .Values.domain }}"
|
||||||
controllerManager:
|
controllerManager:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
profiling: "false"
|
profiling: "false"
|
||||||
bind-address: {{ .Values.listenAddress }}
|
bind-address: {{ .Values.listenAddress }}
|
||||||
terminated-pod-gc-threshold: "300"
|
terminated-pod-gc-threshold: "300"
|
||||||
leader-elect: {{ .Values.clusterHighAvailable | quote }}
|
leader-elect: {{ .Values.highAvailable | quote }}
|
||||||
logging-format: json
|
logging-format: json
|
||||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||||
scheduler:
|
scheduler:
|
||||||
extraArgs:
|
extraArgs:
|
||||||
profiling: "false"
|
profiling: "false"
|
||||||
bind-address: {{ .Values.listenAddress }}
|
bind-address: {{ .Values.listenAddress }}
|
||||||
leader-elect: {{ .Values.clusterHighAvailable | quote }}
|
leader-elect: {{ .Values.highAvailable | quote }}
|
||||||
logging-format: json
|
logging-format: json
|
||||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||||
apiServer:
|
apiServer:
|
||||||
certSANs:
|
certSANs:
|
||||||
- {{ regexSplit ":" .Values.apiEndpoint -1 | first }}
|
- {{ regexSplit ":" .Values.api.endpoint -1 | first }}
|
||||||
extraArgs:
|
extraArgs:
|
||||||
etcd-servers: {{ .Values.allEtcdEndpoints }}
|
etcd-servers: {{ ternary .Values.api.allEtcdEndpoints "https://127.0.0.1:2379" .Values.highAvailable }}
|
||||||
profiling: "false"
|
profiling: "false"
|
||||||
audit-log-path: "/var/log/kubernetes/audit.log"
|
audit-log-path: "/var/log/kubernetes/audit.log"
|
||||||
audit-policy-file: /etc/kubernetes/apiserver/audit-policy.yaml
|
audit-policy-file: /etc/kubernetes/apiserver/audit-policy.yaml
|
||||||
@ -50,11 +71,11 @@ apiServer:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," | quote }}
|
||||||
enable-admission-plugins: NodeRestriction,EventRateLimit
|
enable-admission-plugins: NodeRestriction,EventRateLimit
|
||||||
{{- if .Values.clusterHighAvailable }}
|
{{- if .Values.highAvailable }}
|
||||||
goaway-chance: ".001"
|
goaway-chance: ".001"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
logging-format: json
|
logging-format: json
|
||||||
{{- with .Values.apiExtraArgs }}
|
{{- with .Values.api.extraArgs }}
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
|
@ -3,10 +3,11 @@ kind: InitConfiguration
|
|||||||
metadata:
|
metadata:
|
||||||
name: kubezero-initconfiguration
|
name: kubezero-initconfiguration
|
||||||
localAPIEndpoint:
|
localAPIEndpoint:
|
||||||
bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
|
bindPort: {{ .Values.api.listenPort }}
|
||||||
nodeRegistration:
|
nodeRegistration:
|
||||||
ignorePreflightErrors:
|
ignorePreflightErrors:
|
||||||
- Swap
|
- Swap
|
||||||
- DirAvailable--var-lib-etcd
|
- DirAvailable--var-lib-etcd
|
||||||
|
- KubeletVersion
|
||||||
kubeletExtraArgs:
|
kubeletExtraArgs:
|
||||||
node-labels: {{ .Values.nodeLabels | quote }}
|
node-labels: {{ .Values.nodeLabels | quote }}
|
||||||
|
@ -5,12 +5,13 @@ discovery:
|
|||||||
kubeConfigPath: /root/.kube/config
|
kubeConfigPath: /root/.kube/config
|
||||||
controlPlane:
|
controlPlane:
|
||||||
localAPIEndpoint:
|
localAPIEndpoint:
|
||||||
advertiseAddress: IP_ADDRESS
|
advertiseAddress: {{ .Values.serviceIp }}
|
||||||
bindPort: {{ regexSplit ":" .Values.apiEndpoint -1 | last }}
|
bindPort: {{ .Values.api.listenPort }}
|
||||||
nodeRegistration:
|
nodeRegistration:
|
||||||
ignorePreflightErrors:
|
ignorePreflightErrors:
|
||||||
- DirAvailable--var-lib-etcd
|
- DirAvailable--var-lib-etcd
|
||||||
- FileAvailable--etc-kubernetes-pki-ca.crt
|
- FileAvailable--etc-kubernetes-pki-ca.crt
|
||||||
- Swap
|
- Swap
|
||||||
|
- KubeletVersion
|
||||||
kubeletExtraArgs:
|
kubeletExtraArgs:
|
||||||
node-labels: {{ .Values.nodeLabels | quote }}
|
node-labels: {{ .Values.nodeLabels | quote }}
|
||||||
|
@ -3,7 +3,7 @@ apiVersion: v1
|
|||||||
kind: Config
|
kind: Config
|
||||||
clusters:
|
clusters:
|
||||||
- cluster:
|
- cluster:
|
||||||
server: https://{{ .Values.apiEndpoint }}
|
server: https://{{ .Values.api.endpoint }}
|
||||||
name: {{ .Values.clusterName }}
|
name: {{ .Values.clusterName }}
|
||||||
contexts:
|
contexts:
|
||||||
- context:
|
- context:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
spec:
|
spec:
|
||||||
replicas: {{ ternary 3 1 .Values.clusterHighAvailable }}
|
replicas: {{ ternary 3 1 .Values.highAvailable }}
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
|
@ -5,3 +5,4 @@ spec:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 200m
|
cpu: 200m
|
||||||
memory: 192Mi
|
memory: 192Mi
|
||||||
|
ephemeral-storage: 1Gi
|
||||||
|
@ -5,7 +5,7 @@ kind: IAMIdentityMapping
|
|||||||
metadata:
|
metadata:
|
||||||
name: kubezero-worker-nodes
|
name: kubezero-worker-nodes
|
||||||
spec:
|
spec:
|
||||||
arn: {{ .Values.WorkerNodeRole }}
|
arn: {{ .Values.workerNodeRole }}
|
||||||
username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
|
username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
|
||||||
groups:
|
groups:
|
||||||
# For now use masters, define properly with 1.20
|
# For now use masters, define properly with 1.20
|
||||||
|
@ -1,16 +1,26 @@
|
|||||||
clusterVersion: 1.19.0
|
|
||||||
listenAddress: 0.0.0.0
|
|
||||||
clusterName: pleasechangeme
|
clusterName: pleasechangeme
|
||||||
apiEndpoint: kube-api.changeme.org:6443
|
domain: changeme.org
|
||||||
etcdExtraArgs: {}
|
|
||||||
apiExtraArgs: {}
|
serviceIp: set_via_cmdline
|
||||||
clusterHighAvailable: false
|
|
||||||
|
api:
|
||||||
|
endpoint: kube-api.changeme.org:6443
|
||||||
|
listenPort: 6443
|
||||||
allEtcdEndpoints: ""
|
allEtcdEndpoints: ""
|
||||||
|
extraArgs: {}
|
||||||
|
|
||||||
|
etcd:
|
||||||
|
nodeName: set_via_cmdline
|
||||||
|
extraArgs: {}
|
||||||
|
|
||||||
|
highAvailable: false
|
||||||
|
listenAddress: 0.0.0.0
|
||||||
|
|
||||||
# supported values aws,bare-metal
|
# supported values aws,bare-metal
|
||||||
platform: "aws"
|
platform: "aws"
|
||||||
# Set to false for openrc, eg. on Gentoo or Alpine
|
# Set to false for openrc, eg. on Gentoo or Alpine
|
||||||
systemd: true
|
systemd: true
|
||||||
protectKernelDefaults: true
|
protectKernelDefaults: true
|
||||||
|
|
||||||
WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
workerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
kubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
|
Loading…
Reference in New Issue
Block a user