/
master-manifest.j2
148 lines (142 loc) · 4.21 KB
/
master-manifest.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
kind: "Pod"
apiVersion: "v1"
metadata:
name: "kube-master-services"
spec:
hostNetwork: true
containers:
-
name: "kube-etcd"
image: "{{etcd_container_registry}}:{{ etcd_version }}"
command:
- "/bin/sh"
- "-c"
- "/usr/local/bin/etcd --listen-peer-urls=http://127.0.0.1:2380 --addr 127.0.0.1:{{ etcd_port }} --bind-addr 0.0.0.0:{{ etcd_port }} --data-dir /var/etcd/data "
livenessProbe:
httpGet:
host: "127.0.0.1"
port: {{ etcd_port }}
path: "/health"
initialDelaySeconds: 15
timeoutSeconds: 15
ports:
-
name: "serverport"
containerPort: 2380
hostPort: 2380
-
name: "clientport"
containerPort: {{ etcd_port }}
hostPort: {{ etcd_port }}
volumeMounts:
-
name: "varetcd"
mountPath: "/var/etcd/data"
readOnly: false
-
name: "varlogetcd"
mountPath: "/var/log/etcd.log"
readOnly: false
-
name: "kube-apiserver"
image: "{{ k8s_apiserver_container_registry }}:v{{ k8s_version }}"
args:
- "/hyperkube"
- "apiserver"
- "--cluster-name={{ cluster_name }}"
- "--insecure-bind-address=0.0.0.0"
- "--insecure-port={{ api_server_port }}"
- "--secure-port={{ api_server_secure_port }}"
- "--etcd-servers=http://127.0.0.1:{{ etcd_port }}"
- "--tls-cert-file={{ k8s_certs_location }}/server.cert"
- "--tls-private-key-file={{ k8s_certs_location }}/server.key"
- "--client-ca-file={{ k8s_certs_location }}/ca.pem"
- "--service-cluster-ip-range={{ service_cluster_ip_range }}"
- "--token_auth_file={{ token_auth_file }}"
- "--allow-privileged=true"
ports:
-
name: "https"
hostPort: {{ api_server_secure_port }}
containerPort: {{ api_server_secure_port }}
-
name: "local"
hostPort: {{ api_server_port }}
containerPort: {{ api_server_port }}
volumeMounts:
-
name: "srvkube"
mountPath: "{{ k8s_certs_location }}"
readOnly: true
-
name: "etcssl"
mountPath: "/etc/ssl"
readOnly: true
-
name: "tokenfile"
mountPath: "{{ token_auth_file }}"
livenessProbe:
httpGet:
path: "/healthz"
port: {{ api_server_port }}
initialDelaySeconds: 15
timeoutSeconds: 15
-
name: "kube-scheduler"
image: "{{ k8s_scheduler_container_registry }}:v{{ k8s_version }}"
{% for host in groups['k8s_master'] -%}
args:
- "/hyperkube"
- "scheduler"
- "--address=127.0.0.1"
- "--master=http://{{ hostvars[host]['ansible_cbr0']['ipv4']['address'] }}:{{ api_server_port }}"
- "--kubeconfig={{ kube_config_file }}"
{% endfor -%}
volumeMounts:
-
name: "kubeconfig"
mountPath: "{{kube_config_file}}"
readOnly: true
-
name: "kube-controller-manager"
image: "{{k8s_controller_manager_container_registry}}:v{{ k8s_version }}"
{% for host in groups['k8s_master'] -%}
args:
- "/hyperkube"
- "controller-manager"
- "--cluster-name={{ cluster_name }}"
- "--cluster-cidr={{ cluster_cidr }}"
- "--address=127.0.0.1"
- "--master=http://{{ hostvars[host]['ansible_cbr0']['ipv4']['address'] }}:{{ api_server_port }}"
- "--kubeconfig={{ kube_config_file }}"
{% endfor -%}
volumeMounts:
-
name: "kubeconfig"
mountPath: "{{ kube_config_file }}"
readOnly: true
volumes:
-
name: "kubeconfig"
hostPath:
path: "{{ kube_config_file }}"
-
name: "varetcd"
hostPath:
path: "/var/etcd/data"
-
name: "varlogetcd"
hostPath:
path: "/var/log/etcd.log"
-
name: "srvkube"
hostPath:
path: "{{ k8s_certs_location }}"
-
name: "etcssl"
hostPath:
path: "/etc/ssl"
-
name: "tokenfile"
hostPath:
path: "{{ token_auth_file }}"