apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration metadata: name: kubezero-clusterconfiguration kubernetesVersion: {{ .Values.clusterVersion }} clusterName: {{ .Values.clusterName }} controlPlaneEndpoint: {{ .Values.apiEndpoint }} networking: podSubnet: 10.244.0.0/16 etcd: local: extraArgs: listen-metrics-urls: "http://0.0.0.0:2381" unsafe-no-fsync: "true" logger: "zap" {{- with .Values.etcdExtraArgs }} {{- toYaml . | nindent 6 }} {{- end }} controllerManager: extraArgs: profiling: "false" bind-address: 0.0.0.0 terminated-pod-gc-threshold: "300" leader-elect: {{ .Values.clusterHighAvailable | quote }} logging-format: json scheduler: extraArgs: profiling: "false" bind-address: 0.0.0.0 leader-elect: {{ .Values.clusterHighAvailable | quote }} logging-format: json apiServer: certSANs: - {{ regexSplit ":" .Values.apiEndpoint -1 | first }} extraArgs: etcd-servers: {{ .Values.allEtcdEndpoints }} profiling: "false" feature-gates: "CSIMigrationAWS=true,CSIMigrationAWSComplete=true,DefaultPodTopologySpread=true" audit-log-path: "/var/log/kubernetes/audit.log" audit-policy-file: /etc/kubernetes/apiserver/audit-policy.yaml audit-log-maxage: "7" audit-log-maxsize: "100" audit-log-maxbackup: "3" tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" admission-control-config-file: /etc/kubernetes/apiserver/admission-configuration.yaml authentication-token-webhook-config-file: /etc/kubernetes/apiserver/aws-iam-authenticator.yaml enable-admission-plugins: NodeRestriction,EventRateLimit {{- if .Values.clusterHighAvailable }} goaway-chance: ".001" {{- end }} logging-format: json {{- with .Values.apiExtraArgs }} {{- toYaml . | nindent 4 }} {{- end }} extraVolumes: - name: kubezero-apiserver hostPath: /etc/kubernetes/apiserver mountPath: /etc/kubernetes/apiserver readOnly: true pathType: DirectoryOrCreate - name: audit-log hostPath: /var/log/kubernetes mountPath: /var/log/kubernetes pathType: DirectoryOrCreate