refactor: Unifi feature-gate handling in kubeadm chart

This commit is contained in:
Stefan Reimer 2021-03-30 14:50:37 +02:00
parent c1a1aea29f
commit 9391958a3a
5 changed files with 24 additions and 10 deletions

View File

@ -23,12 +23,14 @@ controllerManager:
terminated-pod-gc-threshold: "300" terminated-pod-gc-threshold: "300"
leader-elect: {{ .Values.clusterHighAvailable | quote }} leader-elect: {{ .Values.clusterHighAvailable | quote }}
logging-format: json logging-format: json
feature-gates: "{{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," }}"
scheduler: scheduler:
extraArgs: extraArgs:
profiling: "false" profiling: "false"
bind-address: {{ .Values.listenAddress }} bind-address: {{ .Values.listenAddress }}
leader-elect: {{ .Values.clusterHighAvailable | quote }} leader-elect: {{ .Values.clusterHighAvailable | quote }}
logging-format: json logging-format: json
feature-gates: "{{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," }}"
apiServer: apiServer:
certSANs: certSANs:
- {{ regexSplit ":" .Values.apiEndpoint -1 | first }} - {{ regexSplit ":" .Values.apiEndpoint -1 | first }}
@ -44,10 +46,8 @@ apiServer:
admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml
{{- if eq .Values.platform "aws" }} {{- if eq .Values.platform "aws" }}
authentication-token-webhook-config-file: /etc/kubernetes/apiserver/aws-iam-authenticator.yaml authentication-token-webhook-config-file: /etc/kubernetes/apiserver/aws-iam-authenticator.yaml
feature-gates: "CSIMigrationAWS=true,CSIMigrationAWSComplete=true,DefaultPodTopologySpread=true"
{{- else }}
feature-gates: "DefaultPodTopologySpread=true"
{{- end }} {{- end }}
feature-gates: "{{ include "kubeadm.featuregates" ( dict "return" "csv" "platform" .Values.platform ) | trimSuffix "," }}"
enable-admission-plugins: NodeRestriction,EventRateLimit enable-admission-plugins: NodeRestriction,EventRateLimit
{{- if .Values.clusterHighAvailable }} {{- if .Values.clusterHighAvailable }}
# goaway-chance: ".001" # goaway-chance: ".001"

View File

@ -17,12 +17,7 @@ eventRecordQPS: 0
# tlsCertFile: /var/lib/kubelet/pki/kubelet.crt # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt
# tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key
tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256]
featureGates: featureGates: {{ include "kubeadm.featuregates" ( dict "return" "map" "platform" .Values.platform ) }}
CustomCPUCFSQuotaPeriod: true
{{- if eq .Values.platform "aws" }}
CSIMigrationAWS: true
CSIMigrationAWSComplete: true
{{- end }}
# Minimal unit is 50m per pod # Minimal unit is 50m per pod
podsPerCore: 20 podsPerCore: 20
# Basic OS on Ubuntu 20.04 incl. crio # Basic OS on Ubuntu 20.04 incl. crio

View File

@ -0,0 +1,18 @@
{{- /*
Feature gates for all control plane components
*/ -}}
{{- define "kubeadm.featuregates" -}}
{{- $gates := dict "DefaultPodTopologySpread" "true" "CustomCPUCFSQuotaPeriod" "true" }}
{{- if eq .platform "aws" }}
{{- $gates = merge $gates ( dict "CSIMigrationAWS" "true" "CSIMigrationAWSComplete" "true") }}
{{- end }}
{{- if eq .return "csv" }}
{{- range $key, $val := $gates }}
{{- $key }}={{- $val }},
{{- end }}
{{- else }}
{{- range $key, $val := $gates }}
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}
{{- end -}}

@ -0,0 +1 @@
Subproject commit 25b8ebe3cc2af88643a4674a63e651e9c31245cb

View File

@ -52,7 +52,7 @@ git status
if [ "$GIT_PUSH" == "true" ] if [ "$GIT_PUSH" == "true" ]
then then
git add . && git commit -m "Publish charts" && git push ssh://git@git.zero-downtime.net:22000/ZeroDownTime/KubeZero.git gh-pages git add . && git commit -m "ci: Publish charts" && git push ssh://git@git.zero-downtime.net:22000/ZeroDownTime/KubeZero.git gh-pages
fi fi
cd - cd -